[Pkg-openssl-changes] r817 - in openssl/branches/1.1.0/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Aug 4 16:31:45 UTC 2016
Author: kroeckx
Date: 2016-08-04 16:31:42 +0000 (Thu, 04 Aug 2016)
New Revision: 817
Removed:
openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
Modified:
openssl/branches/1.1.0/debian/changelog
openssl/branches/1.1.0/debian/libssl1.1.symbols
openssl/branches/1.1.0/debian/patches/series
Log:
New usptream version.
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2016-08-02 20:05:58 UTC (rev 816)
+++ openssl/branches/1.1.0/debian/changelog 2016-08-04 16:31:42 UTC (rev 817)
@@ -1,10 +1,15 @@
-openssl (1.1.0~pre5-5) UNRELEASED; urgency=medium
+openssl (1.1.0~pre6-1) experimental; urgency=medium
- * Update snapshot to commit f37c159aed4bca0b7d3ea4657c450826850c8e75
- - drop engines-path.patch. Upstream uses a 1.1 suffixes now.
+ [ Sebastian Andrzej Siewior ]
+ * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
- -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 29 Jul 2016 21:35:42 +0200
+ [ Kurt Roeckx ]
+ * New upstream version
+ * Drop upstream snapshot
+ * Update symbols file
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 04 Aug 2016 18:14:05 +0200
+
openssl (1.1.0~pre5-5) experimental; urgency=medium
* Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
Modified: openssl/branches/1.1.0/debian/libssl1.1.symbols
===================================================================
--- openssl/branches/1.1.0/debian/libssl1.1.symbols 2016-08-02 20:05:58 UTC (rev 816)
+++ openssl/branches/1.1.0/debian/libssl1.1.symbols 2016-08-04 16:31:42 UTC (rev 817)
@@ -1,4 +1,4 @@
libcrypto.so.1.1 libssl1.1 #MINVER#
- *@OPENSSL_1_1_0 1.1.0~pre5
+ *@OPENSSL_1_1_0 1.1.0~pre6
libssl.so.1.1 libssl1.1 #MINVER#
- *@OPENSSL_1_1_0 1.1.0~pre5
+ *@OPENSSL_1_1_0 1.1.0~pre6
Deleted: openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-08-02 20:05:58 UTC (rev 816)
+++ openssl/branches/1.1.0/debian/patches/openssl_snapshot.patch 2016-08-04 16:31:42 UTC (rev 817)
@@ -1,211797 +0,0 @@
----
- .gitattributes | 2
- .gitignore | 117
- .travis.yml | 44
- AUTHORS | 21
- CHANGES | 179
- CONTRIBUTING | 101
- Configurations/00-base-templates.conf | 19
- Configurations/10-main.conf | 195
- Configurations/50-djgpp.conf | 15
- Configurations/50-haiku.conf | 29
- Configurations/50-masm.conf | 17
- Configurations/99-personal-ben.conf | 95
- Configurations/99-personal-bodo.conf | 21
- Configurations/99-personal-geoff.conf | 29
- Configurations/99-personal-levitte.conf | 21
- Configurations/99-personal-rse.conf | 12
- Configurations/99-personal-steve.conf | 50
- Configurations/README | 30
- Configurations/README.design | 204
- Configurations/common.tmpl | 66
- Configurations/descrip.mms.tmpl | 347
- Configurations/unix-Makefile.tmpl | 339
- Configurations/windows-makefile.tmpl | 364
- Configure | 518 -
- INSTALL | 277
- INSTALL.DJGPP | 48
- INSTALL.WCE | 93
- LICENSE | 4
- Makefile.in | 798 -
- Makefile.shared | 17
- NEWS | 22
- NOTES.DJGPP | 48
- NOTES.PERL | 119
- NOTES.WIN | 45
- README | 41
- README.PERL | 118
- VMS/VMSify-conf.pl | 9
- VMS/openssl_ivp.com.in | 40
- VMS/openssl_shutdown.com.in | 41
- VMS/openssl_startup.com.in | 90
- VMS/openssl_utils.com | 12
- VMS/openssl_utils.com.in | 14
- VMS/translatesyms.pl | 9
- apps/CA.pl.in | 15
- apps/Makefile.in | 159
- apps/app_rand.c | 117
- apps/apps.c | 190
- apps/apps.h | 146
- apps/asn1pars.c | 75
- apps/build.info | 9
- apps/ca.c | 303
- apps/ciphers.c | 82
- apps/cms.c | 83
- apps/crl.c | 74
- apps/crl2p7.c | 73
- apps/dgst.c | 60
- apps/dh1024.pem | 14
- apps/dh2048.pem | 20
- apps/dh4096.pem | 31
- apps/dhparam.c | 144
- apps/dsa.c | 68
- apps/dsaparam.c | 63
- apps/ec.c | 89
- apps/ecparam.c | 59
- apps/enc.c | 78
- apps/engine.c | 97
- apps/errstr.c | 62
- apps/gendsa.c | 62
- apps/genpkey.c | 60
- apps/genrsa.c | 62
- apps/nseq.c | 59
- apps/ocsp.c | 103
- apps/openssl-vms.cnf | 6
- apps/openssl.c | 136
- apps/openssl.cnf | 6
- apps/opt.c | 68
- apps/passwd.c | 162
- apps/pkcs12.c | 150
- apps/pkcs7.c | 120
- apps/pkcs8.c | 92
- apps/pkey.c | 80
- apps/pkeyparam.c | 60
- apps/pkeyutl.c | 61
- apps/prime.c | 80
- apps/progs.h | 27
- apps/progs.pl | 32
- apps/rand.c | 73
- apps/rehash.c | 109
- apps/req.c | 90
- apps/rsa.c | 118
- apps/rsautl.c | 61
- apps/s_apps.h | 114
- apps/s_cb.c | 117
- apps/s_client.c | 408
- apps/s_server.c | 344
- apps/s_socket.c | 110
- apps/s_time.c | 91
- apps/sess_id.c | 60
- apps/smime.c | 81
- apps/speed.c | 533 -
- apps/spkac.c | 60
- apps/srp.c | 105
- apps/testdsa.h | 52
- apps/testrsa.h | 61
- apps/timeouts.h | 59
- apps/ts.c | 100
- apps/tsget.in | 15
- apps/verify.c | 61
- apps/version.c | 113
- apps/vms_decc_init.c | 53
- apps/win32_init.c | 304
- apps/winrand.c | 145
- apps/x509.c | 89
- appveyor.yml | 16
- build.info | 29
- config | 99
- config.com | 8
- crypto/LPdir_nyi.c | 8
- crypto/LPdir_unix.c | 9
- crypto/LPdir_vms.c | 9
- crypto/LPdir_win.c | 121
- crypto/LPdir_win32.c | 9
- crypto/LPdir_wince.c | 9
- crypto/Makefile.in | 117
- crypto/aes/Makefile.in | 106
- crypto/aes/aes_cbc.c | 53
- crypto/aes/aes_cfb.c | 53
- crypto/aes/aes_core.c | 19
- crypto/aes/aes_ecb.c | 53
- crypto/aes/aes_ige.c | 53
- crypto/aes/aes_locl.h | 53
- crypto/aes/aes_misc.c | 53
- crypto/aes/aes_ofb.c | 53
- crypto/aes/aes_wrap.c | 54
- crypto/aes/aes_x86core.c | 19
- crypto/aes/asm/aes-586.pl | 9
- crypto/aes/asm/aes-armv4.pl | 9
- crypto/aes/asm/aes-c64xplus.pl | 9
- crypto/aes/asm/aes-ia64.S | 7
- crypto/aes/asm/aes-mips.pl | 23
- crypto/aes/asm/aes-parisc.pl | 9
- crypto/aes/asm/aes-ppc.pl | 9
- crypto/aes/asm/aes-s390x.pl | 38
- crypto/aes/asm/aes-sparcv9.pl | 9
- crypto/aes/asm/aes-x86_64.pl | 11
- crypto/aes/asm/aesfx-sparcv9.pl | 1270 ++
- crypto/aes/asm/aesni-mb-x86_64.pl | 11
- crypto/aes/asm/aesni-sha1-x86_64.pl | 11
- crypto/aes/asm/aesni-sha256-x86_64.pl | 11
- crypto/aes/asm/aesni-x86.pl | 9
- crypto/aes/asm/aesni-x86_64.pl | 11
- crypto/aes/asm/aesp8-ppc.pl | 1865 ++++
- crypto/aes/asm/aest4-sparcv9.pl | 9
- crypto/aes/asm/aesv8-armx.pl | 9
- crypto/aes/asm/bsaes-armv7.pl | 33
- crypto/aes/asm/bsaes-x86_64.pl | 11
- crypto/aes/asm/vpaes-armv8.pl | 9
- crypto/aes/asm/vpaes-ppc.pl | 9
- crypto/aes/asm/vpaes-x86.pl | 9
- crypto/aes/asm/vpaes-x86_64.pl | 11
- crypto/aes/build.info | 2
- crypto/alphacpuid.pl | 39
- crypto/arm64cpuid.pl | 60
- crypto/arm_arch.h | 9
- crypto/armcap.c | 9
- crypto/armv4cpuid.pl | 39
- crypto/asn1/Makefile.in | 78
- crypto/asn1/a_bitstr.c | 67
- crypto/asn1/a_d2i_fp.c | 107
- crypto/asn1/a_digest.c | 60
- crypto/asn1/a_dup.c | 60
- crypto/asn1/a_gentm.c | 97
- crypto/asn1/a_i2d_fp.c | 60
- crypto/asn1/a_int.c | 80
- crypto/asn1/a_mbstr.c | 59
- crypto/asn1/a_object.c | 66
- crypto/asn1/a_octet.c | 60
- crypto/asn1/a_print.c | 61
- crypto/asn1/a_sign.c | 113
- crypto/asn1/a_strex.c | 135
- crypto/asn1/a_strnid.c | 68
- crypto/asn1/a_time.c | 58
- crypto/asn1/a_type.c | 64
- crypto/asn1/a_utctm.c | 60
- crypto/asn1/a_utf8.c | 60
- crypto/asn1/a_verify.c | 60
- crypto/asn1/ameth_lib.c | 59
- crypto/asn1/asn1_err.c | 125
- crypto/asn1/asn1_gen.c | 71
- crypto/asn1/asn1_lib.c | 62
- crypto/asn1/asn1_locl.h | 59
- crypto/asn1/asn1_par.c | 65
- crypto/asn1/asn_mime.c | 115
- crypto/asn1/asn_moid.c | 66
- crypto/asn1/asn_mstbl.c | 59
- crypto/asn1/asn_pack.c | 80
- crypto/asn1/bio_asn1.c | 69
- crypto/asn1/bio_ndef.c | 65
- crypto/asn1/charmap.h | 41
- crypto/asn1/charmap.pl | 58
- crypto/asn1/d2i_pr.c | 68
- crypto/asn1/d2i_pu.c | 60
- crypto/asn1/evp_asn1.c | 64
- crypto/asn1/f_int.c | 72
- crypto/asn1/f_string.c | 74
- crypto/asn1/i2d_pr.c | 69
- crypto/asn1/i2d_pu.c | 60
- crypto/asn1/n_pkey.c | 60
- crypto/asn1/nsseq.c | 59
- crypto/asn1/p5_pbe.c | 59
- crypto/asn1/p5_pbev2.c | 61
- crypto/asn1/p5_scrypt.c | 59
- crypto/asn1/p8_pkey.c | 59
- crypto/asn1/t_bitst.c | 63
- crypto/asn1/t_pkey.c | 64
- crypto/asn1/t_spki.c | 59
- crypto/asn1/tasn_dec.c | 83
- crypto/asn1/tasn_enc.c | 61
- crypto/asn1/tasn_fre.c | 67
- crypto/asn1/tasn_new.c | 63
- crypto/asn1/tasn_prn.c | 90
- crypto/asn1/tasn_scn.c | 63
- crypto/asn1/tasn_typ.c | 60
- crypto/asn1/tasn_utl.c | 86
- crypto/asn1/x_algor.c | 59
- crypto/asn1/x_bignum.c | 77
- crypto/asn1/x_info.c | 60
- crypto/asn1/x_long.c | 63
- crypto/asn1/x_pkey.c | 60
- crypto/asn1/x_sig.c | 60
- crypto/asn1/x_spki.c | 60
- crypto/asn1/x_val.c | 60
- crypto/async/Makefile.in | 63
- crypto/async/arch/async_null.c | 57
- crypto/async/arch/async_null.h | 53
- crypto/async/arch/async_posix.c | 53
- crypto/async/arch/async_posix.h | 60
- crypto/async/arch/async_win.c | 55
- crypto/async/arch/async_win.h | 53
- crypto/async/async.c | 58
- crypto/async/async_err.c | 69
- crypto/async/async_locl.h | 57
- crypto/async/async_wait.c | 53
- crypto/bf/COPYRIGHT | 46
- crypto/bf/INSTALL | 14
- crypto/bf/Makefile.in | 51
- crypto/bf/VERSION | 6
- crypto/bf/asm/bf-586.pl | 9
- crypto/bf/bf_cbc.c | 60
- crypto/bf/bf_cfb64.c | 60
- crypto/bf/bf_ecb.c | 60
- crypto/bf/bf_enc.c | 60
- crypto/bf/bf_locl.h | 60
- crypto/bf/bf_ofb64.c | 60
- crypto/bf/bf_pi.h | 60
- crypto/bf/bf_skey.c | 60
- crypto/bf/bfs.cpp | 67
- crypto/bf/build.info | 3
- crypto/bio/Makefile.in | 55
- crypto/bio/b_addr.c | 111
- crypto/bio/b_dump.c | 60
- crypto/bio/b_print.c | 295
- crypto/bio/b_sock.c | 82
- crypto/bio/b_sock2.c | 61
- crypto/bio/bf_buff.c | 60
- crypto/bio/bf_lbuf.c | 60
- crypto/bio/bf_nbio.c | 60
- crypto/bio/bf_null.c | 60
- crypto/bio/bio_cb.c | 62
- crypto/bio/bio_err.c | 93
- crypto/bio/bio_lcl.h | 9
- crypto/bio/bio_lib.c | 114
- crypto/bio/bio_meth.c | 57
- crypto/bio/bss_acpt.c | 69
- crypto/bio/bss_bio.c | 77
- crypto/bio/bss_conn.c | 62
- crypto/bio/bss_dgram.c | 65
- crypto/bio/bss_fd.c | 60
- crypto/bio/bss_file.c | 115
- crypto/bio/bss_log.c | 57
- crypto/bio/bss_mem.c | 85
- crypto/bio/bss_null.c | 60
- crypto/bio/bss_sock.c | 66
- crypto/blake2/Makefile.in | 41
- crypto/blake2/blake2_impl.h | 9
- crypto/blake2/blake2_locl.h | 9
- crypto/blake2/blake2b.c | 13
- crypto/blake2/blake2s.c | 13
- crypto/blake2/m_blake2b.c | 11
- crypto/blake2/m_blake2s.c | 11
- crypto/bn/Makefile.in | 149
- crypto/bn/README.pod | 247
- crypto/bn/asm/alpha-mont.pl | 9
- crypto/bn/asm/armv4-gf2m.pl | 9
- crypto/bn/asm/armv4-mont.pl | 9
- crypto/bn/asm/armv8-mont.pl | 9
- crypto/bn/asm/bn-586.pl | 9
- crypto/bn/asm/bn-c64xplus.asm | 7
- crypto/bn/asm/c64xplus-gf2m.pl | 9
- crypto/bn/asm/co-586.pl | 8
- crypto/bn/asm/ia64-mont.pl | 9
- crypto/bn/asm/ia64.S | 7
- crypto/bn/asm/mips-mont.pl | 9
- crypto/bn/asm/mips.pl | 9
- crypto/bn/asm/pa-risc2.s | 6
- crypto/bn/asm/pa-risc2W.s | 7
- crypto/bn/asm/parisc-mont.pl | 9
- crypto/bn/asm/ppc-mont.pl | 9
- crypto/bn/asm/ppc.pl | 8
- crypto/bn/asm/ppc64-mont.pl | 9
- crypto/bn/asm/rsaz-avx2.pl | 11
- crypto/bn/asm/rsaz-x86_64.pl | 11
- crypto/bn/asm/s390x-gf2m.pl | 9
- crypto/bn/asm/s390x-mont.pl | 9
- crypto/bn/asm/s390x.S | 10
- crypto/bn/asm/sparct4-mont.pl | 9
- crypto/bn/asm/sparcv8.S | 10
- crypto/bn/asm/sparcv8plus.S | 10
- crypto/bn/asm/sparcv9-gf2m.pl | 9
- crypto/bn/asm/sparcv9-mont.pl | 9
- crypto/bn/asm/sparcv9a-mont.pl | 9
- crypto/bn/asm/via-mont.pl | 9
- crypto/bn/asm/vis3-mont.pl | 9
- crypto/bn/asm/vms.mar | 6440 --------------
- crypto/bn/asm/x86-gf2m.pl | 9
- crypto/bn/asm/x86-mont.pl | 9
- crypto/bn/asm/x86.pl | 8
- crypto/bn/asm/x86_64-gcc.c | 9
- crypto/bn/asm/x86_64-gf2m.pl | 11
- crypto/bn/asm/x86_64-mont.pl | 11
- crypto/bn/asm/x86_64-mont5.pl | 11
- crypto/bn/bn_add.c | 168
- crypto/bn/bn_asm.c | 60
- crypto/bn/bn_blind.c | 114
- crypto/bn/bn_const.c | 9
- crypto/bn/bn_ctx.c | 58
- crypto/bn/bn_depr.c | 58
- crypto/bn/bn_dh.c | 59
- crypto/bn/bn_div.c | 68
- crypto/bn/bn_err.c | 70
- crypto/bn/bn_exp.c | 123
- crypto/bn/bn_exp2.c | 113
- crypto/bn/bn_gcd.c | 117
- crypto/bn/bn_gf2m.c | 88
- crypto/bn/bn_intern.c | 57
- crypto/bn/bn_kron.c | 57
- crypto/bn/bn_lcl.h | 143
- crypto/bn/bn_lib.c | 88
- crypto/bn/bn_mod.c | 115
- crypto/bn/bn_mont.c | 113
- crypto/bn/bn_mpi.c | 85
- crypto/bn/bn_mul.c | 60
- crypto/bn/bn_nist.c | 58
- crypto/bn/bn_prime.c | 176
- crypto/bn/bn_prime.h | 66
- crypto/bn/bn_prime.pl | 74
- crypto/bn/bn_print.c | 78
- crypto/bn/bn_rand.c | 122
- crypto/bn/bn_recp.c | 60
- crypto/bn/bn_shift.c | 60
- crypto/bn/bn_sqr.c | 60
- crypto/bn/bn_sqrt.c | 59
- crypto/bn/bn_srp.c | 9
- crypto/bn/bn_word.c | 82
- crypto/bn/bn_x931p.c | 76
- crypto/bn/build.info | 5
- crypto/bn/rsaz_exp.c | 11
- crypto/bn/rsaz_exp.h | 9
- crypto/bn/vms-helper.c | 67
- crypto/buffer/Makefile.in | 43
- crypto/buffer/buf_err.c | 67
- crypto/buffer/buffer.c | 67
- crypto/build.info | 2
- crypto/c64xpluscpuid.pl | 31
- crypto/camellia/Makefile.in | 57
- crypto/camellia/asm/cmll-x86.pl | 9
- crypto/camellia/asm/cmll-x86_64.pl | 11
- crypto/camellia/asm/cmllt4-sparcv9.pl | 9
- crypto/camellia/build.info | 2
- crypto/camellia/camellia.c | 60
- crypto/camellia/cmll_cbc.c | 53
- crypto/camellia/cmll_cfb.c | 109
- crypto/camellia/cmll_ctr.c | 53
- crypto/camellia/cmll_ecb.c | 53
- crypto/camellia/cmll_locl.h | 60
- crypto/camellia/cmll_misc.c | 53
- crypto/camellia/cmll_ofb.c | 109
- crypto/cast/Makefile.in | 51
- crypto/cast/asm/cast-586.pl | 9
- crypto/cast/c_cfb64.c | 60
- crypto/cast/c_ecb.c | 60
- crypto/cast/c_enc.c | 60
- crypto/cast/c_ofb64.c | 60
- crypto/cast/c_skey.c | 60
- crypto/cast/cast_lcl.h | 60
- crypto/cast/cast_s.h | 61
- crypto/cast/casts.cpp | 70
- crypto/chacha/Makefile.in | 57
- crypto/chacha/asm/chacha-armv4.pl | 9
- crypto/chacha/asm/chacha-armv8.pl | 9
- crypto/chacha/asm/chacha-c64xplus.pl | 9
- crypto/chacha/asm/chacha-ppc.pl | 13
- crypto/chacha/asm/chacha-s390x.pl | 13
- crypto/chacha/asm/chacha-x86.pl | 13
- crypto/chacha/asm/chacha-x86_64.pl | 11
- crypto/chacha/chacha_enc.c | 62
- crypto/cmac/Makefile.in | 43
- crypto/cmac/cm_ameth.c | 54
- crypto/cmac/cm_pmeth.c | 54
- crypto/cmac/cmac.c | 54
- crypto/cms/Makefile.in | 49
- crypto/cms/cms_asn1.c | 54
- crypto/cms/cms_att.c | 54
- crypto/cms/cms_cd.c | 54
- crypto/cms/cms_dd.c | 54
- crypto/cms/cms_enc.c | 62
- crypto/cms/cms_env.c | 59
- crypto/cms/cms_err.c | 68
- crypto/cms/cms_ess.c | 54
- crypto/cms/cms_io.c | 54
- crypto/cms/cms_kari.c | 55
- crypto/cms/cms_lcl.h | 54
- crypto/cms/cms_lib.c | 60
- crypto/cms/cms_pwri.c | 64
- crypto/cms/cms_sd.c | 56
- crypto/cms/cms_smime.c | 56
- crypto/comp/Makefile.in | 46
- crypto/comp/c_zlib.c | 57
- crypto/comp/comp_err.c | 67
- crypto/comp/comp_lcl.h | 57
- crypto/comp/comp_lib.c | 57
- crypto/conf/Makefile.in | 46
- crypto/conf/conf_api.c | 62
- crypto/conf/conf_def.c | 60
- crypto/conf/conf_def.h | 89
- crypto/conf/conf_err.c | 71
- crypto/conf/conf_lib.c | 80
- crypto/conf/conf_mall.c | 59
- crypto/conf/conf_mod.c | 84
- crypto/conf/conf_sap.c | 69
- crypto/conf/keysets.pl | 97
- crypto/cpt_err.c | 77
- crypto/cryptlib.c | 127
- crypto/ct/Makefile.in | 45
- crypto/ct/ct_b64.c | 85
- crypto/ct/ct_err.c | 90
- crypto/ct/ct_locl.h | 55
- crypto/ct/ct_log.c | 128
- crypto/ct/ct_oct.c | 63
- crypto/ct/ct_policy.c | 58
- crypto/ct/ct_prn.c | 59
- crypto/ct/ct_sct.c | 61
- crypto/ct/ct_sct_ctx.c | 59
- crypto/ct/ct_vfy.c | 59
- crypto/ct/ct_x509v3.c | 61
- crypto/cversion.c | 60
- crypto/des/COPYRIGHT | 50
- crypto/des/Makefile.in | 72
- crypto/des/asm/crypt586.pl | 11
- crypto/des/asm/des-586.pl | 9
- crypto/des/asm/des_enc.m4 | 27
- crypto/des/asm/desboth.pl | 9
- crypto/des/asm/dest4-sparcv9.pl | 17
- crypto/des/asm/readme | 131
- crypto/des/build.info | 9
- crypto/des/cbc_cksm.c | 60
- crypto/des/cbc_enc.c | 60
- crypto/des/cfb64ede.c | 60
- crypto/des/cfb64enc.c | 60
- crypto/des/cfb_enc.c | 60
- crypto/des/des_enc.c | 60
- crypto/des/des_locl.h | 88
- crypto/des/ecb3_enc.c | 60
- crypto/des/ecb_enc.c | 60
- crypto/des/enc_read.c | 234
- crypto/des/enc_writ.c | 180
- crypto/des/fcrypt.c | 73
- crypto/des/fcrypt_b.c | 66
- crypto/des/ncbc_enc.c | 65
- crypto/des/ofb64ede.c | 60
- crypto/des/ofb64enc.c | 60
- crypto/des/ofb_enc.c | 60
- crypto/des/pcbc_enc.c | 60
- crypto/des/qud_cksm.c | 60
- crypto/des/rand_key.c | 57
- crypto/des/read2pwd.c | 146
- crypto/des/rpc_des.h | 60
- crypto/des/rpc_enc.c | 60
- crypto/des/set_key.c | 60
- crypto/des/spr.h | 60
- crypto/des/str2key.c | 68
- crypto/des/xcbc_enc.c | 60
- crypto/dh/Makefile.in | 45
- crypto/dh/dh_ameth.c | 64
- crypto/dh/dh_asn1.c | 59
- crypto/dh/dh_check.c | 81
- crypto/dh/dh_depr.c | 57
- crypto/dh/dh_err.c | 72
- crypto/dh/dh_gen.c | 60
- crypto/dh/dh_kdf.c | 57
- crypto/dh/dh_key.c | 96
- crypto/dh/dh_lib.c | 142
- crypto/dh/dh_locl.h | 7
- crypto/dh/dh_meth.c | 34
- crypto/dh/dh_pmeth.c | 86
- crypto/dh/dh_prn.c | 60
- crypto/dh/dh_rfc5114.c | 59
- crypto/dh/example | 50
- crypto/dh/generate | 65
- crypto/dllmain.c | 9
- crypto/dsa/Makefile.in | 47
- crypto/dsa/dsa_ameth.c | 69
- crypto/dsa/dsa_asn1.c | 102
- crypto/dsa/dsa_depr.c | 58
- crypto/dsa/dsa_err.c | 81
- crypto/dsa/dsa_gen.c | 62
- crypto/dsa/dsa_key.c | 81
- crypto/dsa/dsa_lib.c | 152
- crypto/dsa/dsa_locl.h | 70
- crypto/dsa/dsa_meth.c | 48
- crypto/dsa/dsa_ossl.c | 188
- crypto/dsa/dsa_pmeth.c | 59
- crypto/dsa/dsa_prn.c | 59
- crypto/dsa/dsa_sign.c | 61
- crypto/dsa/dsa_vrf.c | 60
- crypto/dsa/fips186a.txt | 122
- crypto/dso/Makefile.in | 45
- crypto/dso/README | 22
- crypto/dso/dso_dl.c | 67
- crypto/dso/dso_dlfcn.c | 59
- crypto/dso/dso_err.c | 67
- crypto/dso/dso_lib.c | 60
- crypto/dso/dso_locl.h | 11
- crypto/dso/dso_openssl.c | 59
- crypto/dso/dso_vms.c | 61
- crypto/dso/dso_win32.c | 59
- crypto/ebcdic.c | 90
- crypto/ec/Makefile.in | 73
- crypto/ec/asm/ecp_nistz256-armv4.pl | 9
- crypto/ec/asm/ecp_nistz256-armv8.pl | 9
- crypto/ec/asm/ecp_nistz256-avx2.pl | 9
- crypto/ec/asm/ecp_nistz256-sparcv9.pl | 44
- crypto/ec/asm/ecp_nistz256-x86.pl | 9
- crypto/ec/asm/ecp_nistz256-x86_64.pl | 11
- crypto/ec/curve25519.c | 105
- crypto/ec/ec2_mult.c | 62
- crypto/ec/ec2_oct.c | 72
- crypto/ec/ec2_smpl.c | 62
- crypto/ec/ec_25519.c | 60
- crypto/ec/ec_ameth.c | 98
- crypto/ec/ec_asn1.c | 90
- crypto/ec/ec_check.c | 62
- crypto/ec/ec_curve.c | 59
- crypto/ec/ec_cvt.c | 59
- crypto/ec/ec_err.c | 98
- crypto/ec/ec_key.c | 119
- crypto/ec/ec_kmeth.c | 84
- crypto/ec/ec_lcl.h | 63
- crypto/ec/ec_lib.c | 80
- crypto/ec/ec_mult.c | 61
- crypto/ec/ec_oct.c | 59
- crypto/ec/ec_pmeth.c | 59
- crypto/ec/ec_print.c | 57
- crypto/ec/ecdh_kdf.c | 56
- crypto/ec/ecdh_ossl.c | 64
- crypto/ec/ecdsa_ossl.c | 64
- crypto/ec/ecdsa_sign.c | 59
- crypto/ec/ecdsa_vrf.c | 60
- crypto/ec/eck_prn.c | 83
- crypto/ec/ecp_mont.c | 60
- crypto/ec/ecp_nist.c | 59
- crypto/ec/ecp_nistp224.c | 8
- crypto/ec/ecp_nistp256.c | 8
- crypto/ec/ecp_nistp521.c | 8
- crypto/ec/ecp_nistputil.c | 8
- crypto/ec/ecp_nistz256.c | 15
- crypto/ec/ecp_nistz256_table.c | 9
- crypto/ec/ecp_oct.c | 71
- crypto/ec/ecp_smpl.c | 61
- crypto/engine/Makefile.in | 53
- crypto/engine/eng_all.c | 61
- crypto/engine/eng_cnf.c | 71
- crypto/engine/eng_cryptodev.c | 99
- crypto/engine/eng_ctrl.c | 84
- crypto/engine/eng_dyn.c | 78
- crypto/engine/eng_err.c | 83
- crypto/engine/eng_fat.c | 58
- crypto/engine/eng_init.c | 62
- crypto/engine/eng_int.h | 66
- crypto/engine/eng_lib.c | 73
- crypto/engine/eng_list.c | 78
- crypto/engine/eng_openssl.c | 87
- crypto/engine/eng_pkey.c | 57
- crypto/engine/eng_rdrand.c | 52
- crypto/engine/eng_table.c | 57
- crypto/engine/tb_asnmth.c | 63
- crypto/engine/tb_cipher.c | 57
- crypto/engine/tb_dh.c | 57
- crypto/engine/tb_digest.c | 57
- crypto/engine/tb_dsa.c | 57
- crypto/engine/tb_eckey.c | 57
- crypto/engine/tb_pkmeth.c | 57
- crypto/engine/tb_rand.c | 57
- crypto/engine/tb_rsa.c | 57
- crypto/err/Makefile.in | 43
- crypto/err/README | 44
- crypto/err/err.c | 190
- crypto/err/err_all.c | 130
- crypto/err/err_prn.c | 61
- crypto/err/openssl.ec | 37
- crypto/evp/Makefile.in | 68
- crypto/evp/bio_b64.c | 74
- crypto/evp/bio_enc.c | 98
- crypto/evp/bio_md.c | 60
- crypto/evp/bio_ok.c | 66
- crypto/evp/c_allc.c | 64
- crypto/evp/c_alld.c | 60
- crypto/evp/cmeth_lib.c | 59
- crypto/evp/digest.c | 125
- crypto/evp/e_aes.c | 90
- crypto/evp/e_aes_cbc_hmac_sha1.c | 60
- crypto/evp/e_aes_cbc_hmac_sha256.c | 65
- crypto/evp/e_bf.c | 60
- crypto/evp/e_camellia.c | 57
- crypto/evp/e_cast.c | 60
- crypto/evp/e_chacha20_poly1305.c | 87
- crypto/evp/e_des.c | 60
- crypto/evp/e_des3.c | 62
- crypto/evp/e_idea.c | 68
- crypto/evp/e_null.c | 60
- crypto/evp/e_old.c | 59
- crypto/evp/e_rc2.c | 69
- crypto/evp/e_rc4.c | 60
- crypto/evp/e_rc4_hmac_md5.c | 57
- crypto/evp/e_rc5.c | 60
- crypto/evp/e_seed.c | 60
- crypto/evp/e_xcbc_d.c | 60
- crypto/evp/encode.c | 90
- crypto/evp/evp_cnf.c | 59
- crypto/evp/evp_enc.c | 131
- crypto/evp/evp_err.c | 117
- crypto/evp/evp_key.c | 60
- crypto/evp/evp_lib.c | 60
- crypto/evp/evp_locl.h | 59
- crypto/evp/evp_pbe.c | 64
- crypto/evp/evp_pkey.c | 59
- crypto/evp/m_md2.c | 60
- crypto/evp/m_md4.c | 60
- crypto/evp/m_md5.c | 60
- crypto/evp/m_md5_sha1.c | 54
- crypto/evp/m_mdc2.c | 60
- crypto/evp/m_null.c | 60
- crypto/evp/m_ripemd.c | 60
- crypto/evp/m_sha1.c | 60
- crypto/evp/m_sigver.c | 59
- crypto/evp/m_wp.c | 8
- crypto/evp/names.c | 60
- crypto/evp/p5_crpt.c | 59
- crypto/evp/p5_crpt2.c | 62
- crypto/evp/p_dec.c | 61
- crypto/evp/p_enc.c | 61
- crypto/evp/p_lib.c | 90
- crypto/evp/p_open.c | 60
- crypto/evp/p_seal.c | 60
- crypto/evp/p_sign.c | 60
- crypto/evp/p_verify.c | 60
- crypto/evp/pmeth_fn.c | 59
- crypto/evp/pmeth_gn.c | 59
- crypto/evp/pmeth_lib.c | 59
- crypto/evp/scrypt.c | 59
- crypto/ex_data.c | 127
- crypto/fips_err.h | 226
- crypto/fips_ers.c | 7
- crypto/hmac/Makefile.in | 43
- crypto/hmac/hm_ameth.c | 66
- crypto/hmac/hm_pmeth.c | 83
- crypto/hmac/hmac.c | 69
- crypto/hmac/hmac_lcl.h | 61
- crypto/ia64cpuid.S | 66
- crypto/idea/Makefile.in | 43
- crypto/idea/i_cbc.c | 60
- crypto/idea/i_cfb64.c | 60
- crypto/idea/i_ecb.c | 60
- crypto/idea/i_ofb64.c | 60
- crypto/idea/i_skey.c | 60
- crypto/idea/idea_lcl.h | 60
- crypto/idea/version | 12
- crypto/include/internal/asn1_int.h | 65
- crypto/include/internal/async.h | 58
- crypto/include/internal/bn_conf.h.in | 57
- crypto/include/internal/bn_dh.h | 9
- crypto/include/internal/bn_int.h | 57
- crypto/include/internal/bn_srp.h | 8
- crypto/include/internal/chacha.h | 53
- crypto/include/internal/cryptlib.h | 79
- crypto/include/internal/cryptlib_int.h | 60
- crypto/include/internal/dso_conf.h.in | 57
- crypto/include/internal/engine.h | 57
- crypto/include/internal/err_int.h | 10
- crypto/include/internal/evp_int.h | 96
- crypto/include/internal/md32_common.h | 65
- crypto/include/internal/objects.h | 9
- crypto/include/internal/poly1305.h | 54
- crypto/include/internal/rand.h | 9
- crypto/include/internal/x509_int.h | 72
- crypto/init.c | 194
- crypto/kdf/Makefile.in | 53
- crypto/kdf/hkdf.c | 51
- crypto/kdf/kdf_err.c | 67
- crypto/kdf/tls1_prf.c | 59
- crypto/lhash/Makefile.in | 43
- crypto/lhash/lh_stats.c | 92
- crypto/lhash/lhash.c | 191
- crypto/lhash/lhash_lcl.h | 42
- crypto/lhash/num.pl | 8
- crypto/md2/Makefile.in | 43
- crypto/md2/md2_dgst.c | 62
- crypto/md2/md2_one.c | 60
- crypto/md4/Makefile.in | 44
- crypto/md4/md4_dgst.c | 60
- crypto/md4/md4_locl.h | 60
- crypto/md4/md4_one.c | 60
- crypto/md4/md4s.cpp | 78
- crypto/md5/Makefile.in | 61
- crypto/md5/asm/md5-586.pl | 9
- crypto/md5/asm/md5-ia64.S | 10
- crypto/md5/asm/md5-sparcv9.pl | 9
- crypto/md5/asm/md5-x86_64.pl | 16
- crypto/md5/md5_dgst.c | 60
- crypto/md5/md5_locl.h | 62
- crypto/md5/md5_one.c | 60
- crypto/md5/md5s.cpp | 78
- crypto/mdc2/Makefile.in | 43
- crypto/mdc2/mdc2_one.c | 60
- crypto/mdc2/mdc2dgst.c | 60
- crypto/mem.c | 67
- crypto/mem_clr.c | 61
- crypto/mem_dbg.c | 150
- crypto/mem_sec.c | 80
- crypto/modes/Makefile.in | 76
- crypto/modes/asm/aesni-gcm-x86_64.pl | 52
- crypto/modes/asm/ghash-alpha.pl | 9
- crypto/modes/asm/ghash-armv4.pl | 9
- crypto/modes/asm/ghash-c64xplus.pl | 9
- crypto/modes/asm/ghash-ia64.pl | 9
- crypto/modes/asm/ghash-parisc.pl | 9
- crypto/modes/asm/ghash-s390x.pl | 13
- crypto/modes/asm/ghash-sparcv9.pl | 11
- crypto/modes/asm/ghash-x86.pl | 9
- crypto/modes/asm/ghash-x86_64.pl | 11
- crypto/modes/asm/ghashp8-ppc.pl | 478 +
- crypto/modes/asm/ghashv8-armx.pl | 9
- crypto/modes/build.info | 2
- crypto/modes/cbc128.c | 53
- crypto/modes/ccm128.c | 52
- crypto/modes/cfb128.c | 53
- crypto/modes/ctr128.c | 53
- crypto/modes/cts128.c | 10
- crypto/modes/gcm128.c | 52
- crypto/modes/modes_lcl.h | 10
- crypto/modes/ocb128.c | 62
- crypto/modes/ofb128.c | 53
- crypto/modes/wrap128.c | 55
- crypto/modes/xts128.c | 52
- crypto/o_dir.c | 59
- crypto/o_fips.c | 59
- crypto/o_fopen.c | 103
- crypto/o_init.c | 55
- crypto/o_str.c | 137
- crypto/o_time.c | 63
- crypto/objects/Makefile.in | 58
- crypto/objects/README | 44
- crypto/objects/o_names.c | 34
- crypto/objects/obj_dat.c | 110
- crypto/objects/obj_dat.h |10869 +++++++++++-------------
- crypto/objects/obj_dat.pl | 486 -
- crypto/objects/obj_err.c | 69
- crypto/objects/obj_lcl.h | 9
- crypto/objects/obj_lib.c | 119
- crypto/objects/obj_mac.num | 3
- crypto/objects/obj_xref.c | 59
- crypto/objects/obj_xref.h | 13
- crypto/objects/objects.README | 44
- crypto/objects/objects.pl | 73
- crypto/objects/objects.txt | 3
- crypto/objects/objxref.pl | 22
- crypto/ocsp/Makefile.in | 46
- crypto/ocsp/ocsp_asn.c | 60
- crypto/ocsp/ocsp_cl.c | 96
- crypto/ocsp/ocsp_err.c | 76
- crypto/ocsp/ocsp_ext.c | 70
- crypto/ocsp/ocsp_ht.c | 59
- crypto/ocsp/ocsp_lcl.h | 66
- crypto/ocsp/ocsp_lib.c | 67
- crypto/ocsp/ocsp_prn.c | 85
- crypto/ocsp/ocsp_srv.c | 60
- crypto/ocsp/ocsp_vfy.c | 60
- crypto/ocsp/v3_ocsp.c | 59
- crypto/pariscid.pl | 40
- crypto/pem/Makefile.in | 46
- crypto/pem/message | 16
- crypto/pem/pem_all.c | 113
- crypto/pem/pem_err.c | 74
- crypto/pem/pem_info.c | 60
- crypto/pem/pem_lib.c | 261
- crypto/pem/pem_oth.c | 61
- crypto/pem/pem_pk8.c | 61
- crypto/pem/pem_pkey.c | 72
- crypto/pem/pem_sign.c | 61
- crypto/pem/pem_x509.c | 59
- crypto/pem/pem_xaux.c | 59
- crypto/pem/pkcs7.lis | 22
- crypto/pem/pvkfmt.c | 115
- crypto/perlasm/README | 124
- crypto/perlasm/arm-xlate.pl | 12
- crypto/perlasm/cbc.pl | 9
- crypto/perlasm/ppc-xlate.pl | 10
- crypto/perlasm/readme | 124
- crypto/perlasm/sparcv9_modes.pl | 13
- crypto/perlasm/x86_64-xlate.pl | 289
- crypto/perlasm/x86asm.pl | 14
- crypto/perlasm/x86gas.pl | 9
- crypto/perlasm/x86masm.pl | 9
- crypto/perlasm/x86nasm.pl | 9
- crypto/pkcs12/Makefile.in | 49
- crypto/pkcs12/p12_add.c | 59
- crypto/pkcs12/p12_asn.c | 59
- crypto/pkcs12/p12_attr.c | 59
- crypto/pkcs12/p12_crpt.c | 59
- crypto/pkcs12/p12_crt.c | 65
- crypto/pkcs12/p12_decr.c | 59
- crypto/pkcs12/p12_init.c | 59
- crypto/pkcs12/p12_key.c | 63
- crypto/pkcs12/p12_kiss.c | 59
- crypto/pkcs12/p12_lcl.h | 59
- crypto/pkcs12/p12_mutl.c | 59
- crypto/pkcs12/p12_npas.c | 152
- crypto/pkcs12/p12_p8d.c | 59
- crypto/pkcs12/p12_p8e.c | 59
- crypto/pkcs12/p12_sbag.c | 60
- crypto/pkcs12/p12_utl.c | 59
- crypto/pkcs12/pk12err.c | 77
- crypto/pkcs7/Makefile.in | 50
- crypto/pkcs7/bio_pk7.c | 55
- crypto/pkcs7/pk7_asn1.c | 59
- crypto/pkcs7/pk7_attr.c | 80
- crypto/pkcs7/pk7_dgst.c | 61
- crypto/pkcs7/pk7_doit.c | 66
- crypto/pkcs7/pk7_enc.c | 61
- crypto/pkcs7/pk7_lib.c | 60
- crypto/pkcs7/pk7_mime.c | 56
- crypto/pkcs7/pk7_smime.c | 59
- crypto/pkcs7/pkcs7err.c | 107
- crypto/poly1305/Makefile.in | 61
- crypto/poly1305/asm/poly1305-armv4.pl | 66
- crypto/poly1305/asm/poly1305-armv8.pl | 41
- crypto/poly1305/asm/poly1305-c64xplus.pl | 9
- crypto/poly1305/asm/poly1305-mips.pl | 425
- crypto/poly1305/asm/poly1305-ppc.pl | 9
- crypto/poly1305/asm/poly1305-ppcfp.pl | 9
- crypto/poly1305/asm/poly1305-s390x.pl | 9
- crypto/poly1305/asm/poly1305-sparcv9.pl | 30
- crypto/poly1305/asm/poly1305-x86.pl | 14
- crypto/poly1305/asm/poly1305-x86_64.pl | 25
- crypto/poly1305/build.info | 1
- crypto/poly1305/poly1305.c | 62
- crypto/poly1305/poly1305_ieee754.c | 10
- crypto/ppc_arch.h | 13
- crypto/ppccap.c | 20
- crypto/ppccpuid.pl | 35
- crypto/rand/Makefile.in | 45
- crypto/rand/md_rand.c | 155
- crypto/rand/rand_egd.c | 58
- crypto/rand/rand_err.c | 80
- crypto/rand/rand_lcl.h | 113
- crypto/rand/rand_lib.c | 60
- crypto/rand/rand_unix.c | 116
- crypto/rand/rand_vms.c | 59
- crypto/rand/rand_win.c | 696 -
- crypto/rand/randfile.c | 247
- crypto/rc2/Makefile.in | 43
- crypto/rc2/rc2_cbc.c | 60
- crypto/rc2/rc2_ecb.c | 60
- crypto/rc2/rc2_locl.h | 60
- crypto/rc2/rc2_skey.c | 60
- crypto/rc2/rc2cfb64.c | 60
- crypto/rc2/rc2ofb64.c | 60
- crypto/rc2/rrc2.doc | 219
- crypto/rc2/tab.c | 9
- crypto/rc2/version | 22
- crypto/rc4/Makefile.in | 71
- crypto/rc4/asm/rc4-586.pl | 9
- crypto/rc4/asm/rc4-c64xplus.pl | 9
- crypto/rc4/asm/rc4-ia64.pl | 9
- crypto/rc4/asm/rc4-md5-x86_64.pl | 11
- crypto/rc4/asm/rc4-parisc.pl | 9
- crypto/rc4/asm/rc4-s390x.pl | 9
- crypto/rc4/asm/rc4-x86_64.pl | 11
- crypto/rc4/rc4_enc.c | 60
- crypto/rc4/rc4_locl.h | 9
- crypto/rc4/rc4_skey.c | 60
- crypto/rc5/Makefile.in | 51
- crypto/rc5/asm/rc5-586.pl | 9
- crypto/rc5/rc5_ecb.c | 60
- crypto/rc5/rc5_enc.c | 60
- crypto/rc5/rc5_locl.h | 60
- crypto/rc5/rc5_skey.c | 60
- crypto/rc5/rc5cfb64.c | 60
- crypto/rc5/rc5ofb64.c | 60
- crypto/rc5/rc5s.cpp | 70
- crypto/ripemd/Makefile.in | 51
- crypto/ripemd/asm/rmd-586.pl | 9
- crypto/ripemd/rmd_dgst.c | 60
- crypto/ripemd/rmd_locl.h | 62
- crypto/ripemd/rmd_one.c | 60
- crypto/ripemd/rmdconst.h | 61
- crypto/rsa/Makefile.in | 49
- crypto/rsa/rsa_ameth.c | 64
- crypto/rsa/rsa_asn1.c | 59
- crypto/rsa/rsa_chk.c | 52
- crypto/rsa/rsa_crpt.c | 81
- crypto/rsa/rsa_depr.c | 57
- crypto/rsa/rsa_err.c | 102
- crypto/rsa/rsa_gen.c | 121
- crypto/rsa/rsa_lib.c | 228
- crypto/rsa/rsa_locl.h | 7
- crypto/rsa/rsa_meth.c | 33
- crypto/rsa/rsa_none.c | 61
- crypto/rsa/rsa_null.c | 60
- crypto/rsa/rsa_oaep.c | 8
- crypto/rsa/rsa_ossl.c | 310
- crypto/rsa/rsa_pk1.c | 62
- crypto/rsa/rsa_pmeth.c | 59
- crypto/rsa/rsa_prn.c | 59
- crypto/rsa/rsa_pss.c | 59
- crypto/rsa/rsa_saos.c | 60
- crypto/rsa/rsa_sign.c | 60
- crypto/rsa/rsa_ssl.c | 60
- crypto/rsa/rsa_x931.c | 60
- crypto/rsa/rsa_x931g.c | 60
- crypto/s390xcap.c | 9
- crypto/s390xcpuid.S | 77
- crypto/seed/Makefile.in | 44
- crypto/seed/seed.c | 9
- crypto/seed/seed_cbc.c | 53
- crypto/seed/seed_cfb.c | 109
- crypto/seed/seed_ecb.c | 53
- crypto/seed/seed_locl.h | 9
- crypto/seed/seed_ofb.c | 109
- crypto/sha/Makefile.in | 106
- crypto/sha/asm/README | 1
- crypto/sha/asm/sha1-586.pl | 9
- crypto/sha/asm/sha1-alpha.pl | 11
- crypto/sha/asm/sha1-armv4-large.pl | 9
- crypto/sha/asm/sha1-armv8.pl | 9
- crypto/sha/asm/sha1-c64xplus.pl | 9
- crypto/sha/asm/sha1-ia64.pl | 9
- crypto/sha/asm/sha1-mb-x86_64.pl | 11
- crypto/sha/asm/sha1-mips.pl | 11
- crypto/sha/asm/sha1-parisc.pl | 9
- crypto/sha/asm/sha1-ppc.pl | 9
- crypto/sha/asm/sha1-s390x.pl | 16
- crypto/sha/asm/sha1-sparcv9.pl | 9
- crypto/sha/asm/sha1-sparcv9a.pl | 9
- crypto/sha/asm/sha1-thumb.pl | 9
- crypto/sha/asm/sha1-x86_64.pl | 11
- crypto/sha/asm/sha256-586.pl | 9
- crypto/sha/asm/sha256-armv4.pl | 9
- crypto/sha/asm/sha256-c64xplus.pl | 9
- crypto/sha/asm/sha256-mb-x86_64.pl | 11
- crypto/sha/asm/sha512-586.pl | 9
- crypto/sha/asm/sha512-armv4.pl | 9
- crypto/sha/asm/sha512-armv8.pl | 9
- crypto/sha/asm/sha512-c64xplus.pl | 9
- crypto/sha/asm/sha512-ia64.pl | 9
- crypto/sha/asm/sha512-mips.pl | 15
- crypto/sha/asm/sha512-parisc.pl | 9
- crypto/sha/asm/sha512-ppc.pl | 9
- crypto/sha/asm/sha512-s390x.pl | 16
- crypto/sha/asm/sha512-sparcv9.pl | 9
- crypto/sha/asm/sha512-x86_64.pl | 11
- crypto/sha/asm/sha512p8-ppc.pl | 9
- crypto/sha/build.info | 2
- crypto/sha/sha1_one.c | 60
- crypto/sha/sha1dgst.c | 60
- crypto/sha/sha256.c | 12
- crypto/sha/sha512.c | 12
- crypto/sha/sha_locl.h | 60
- crypto/sparc_arch.h | 19
- crypto/sparccpuid.S | 49
- crypto/sparcv9cap.c | 47
- crypto/srp/Makefile.in | 39
- crypto/srp/srp_lib.c | 170
- crypto/srp/srp_vfy.c | 88
- crypto/stack/Makefile.in | 43
- crypto/stack/stack.c | 205
- crypto/threads_none.c | 53
- crypto/threads_pthread.c | 53
- crypto/threads_win.c | 84
- crypto/ts/Makefile.in | 53
- crypto/ts/ts_asn1.c | 58
- crypto/ts/ts_conf.c | 59
- crypto/ts/ts_err.c | 70
- crypto/ts/ts_lcl.h | 60
- crypto/ts/ts_lib.c | 64
- crypto/ts/ts_req_print.c | 59
- crypto/ts/ts_req_utils.c | 59
- crypto/ts/ts_rsp_print.c | 59
- crypto/ts/ts_rsp_sign.c | 65
- crypto/ts/ts_rsp_utils.c | 59
- crypto/ts/ts_rsp_verify.c | 84
- crypto/ts/ts_verify_ctx.c | 59
- crypto/txt_db/Makefile.in | 43
- crypto/txt_db/txt_db.c | 64
- crypto/ui/Makefile.in | 43
- crypto/ui/ui_err.c | 69
- crypto/ui/ui_lib.c | 82
- crypto/ui/ui_locl.h | 59
- crypto/ui/ui_openssl.c | 210
- crypto/ui/ui_util.c | 57
- crypto/uid.c | 57
- crypto/vms_rms.h | 8
- crypto/whrlpool/Makefile.in | 56
- crypto/whrlpool/asm/wp-mmx.pl | 9
- crypto/whrlpool/asm/wp-x86_64.pl | 11
- crypto/whrlpool/wp_block.c | 9
- crypto/whrlpool/wp_dgst.c | 12
- crypto/whrlpool/wp_locl.h | 9
- crypto/x509/Makefile.in | 57
- crypto/x509/by_dir.c | 65
- crypto/x509/by_file.c | 60
- crypto/x509/t_crl.c | 59
- crypto/x509/t_req.c | 64
- crypto/x509/t_x509.c | 60
- crypto/x509/x509_att.c | 76
- crypto/x509/x509_cmp.c | 77
- crypto/x509/x509_d2.c | 60
- crypto/x509/x509_def.c | 60
- crypto/x509/x509_err.c | 73
- crypto/x509/x509_ext.c | 96
- crypto/x509/x509_lcl.h | 76
- crypto/x509/x509_lu.c | 438
- crypto/x509/x509_obj.c | 87
- crypto/x509/x509_r2x.c | 60
- crypto/x509/x509_req.c | 64
- crypto/x509/x509_set.c | 76
- crypto/x509/x509_trs.c | 82
- crypto/x509/x509_txt.c | 68
- crypto/x509/x509_v3.c | 64
- crypto/x509/x509_vfy.c | 364
- crypto/x509/x509_vpm.c | 71
- crypto/x509/x509cset.c | 79
- crypto/x509/x509name.c | 68
- crypto/x509/x509rset.c | 60
- crypto/x509/x509spki.c | 59
- crypto/x509/x509type.c | 60
- crypto/x509/x_all.c | 60
- crypto/x509/x_attrib.c | 60
- crypto/x509/x_crl.c | 60
- crypto/x509/x_exten.c | 59
- crypto/x509/x_name.c | 104
- crypto/x509/x_pubkey.c | 60
- crypto/x509/x_req.c | 60
- crypto/x509/x_x509.c | 130
- crypto/x509/x_x509a.c | 61
- crypto/x509v3/Makefile.in | 53
- crypto/x509v3/ext_dat.h | 63
- crypto/x509v3/pcy_cache.c | 62
- crypto/x509v3/pcy_data.c | 63
- crypto/x509v3/pcy_int.h | 61
- crypto/x509v3/pcy_lib.c | 59
- crypto/x509v3/pcy_map.c | 59
- crypto/x509v3/pcy_node.c | 59
- crypto/x509v3/pcy_tree.c | 61
- crypto/x509v3/tabtest.c | 59
- crypto/x509v3/v3_addr.c | 69
- crypto/x509v3/v3_akey.c | 63
- crypto/x509v3/v3_akeya.c | 59
- crypto/x509v3/v3_alt.c | 71
- crypto/x509v3/v3_asid.c | 58
- crypto/x509v3/v3_bcons.c | 59
- crypto/x509v3/v3_bitst.c | 59
- crypto/x509v3/v3_conf.c | 128
- crypto/x509v3/v3_cpols.c | 65
- crypto/x509v3/v3_crld.c | 65
- crypto/x509v3/v3_enum.c | 59
- crypto/x509v3/v3_extku.c | 59
- crypto/x509v3/v3_genn.c | 59
- crypto/x509v3/v3_ia5.c | 68
- crypto/x509v3/v3_info.c | 59
- crypto/x509v3/v3_int.c | 61
- crypto/x509v3/v3_lib.c | 62
- crypto/x509v3/v3_ncons.c | 109
- crypto/x509v3/v3_pci.c | 9
- crypto/x509v3/v3_pcia.c | 9
- crypto/x509v3/v3_pcons.c | 59
- crypto/x509v3/v3_pku.c | 59
- crypto/x509v3/v3_pmaps.c | 80
- crypto/x509v3/v3_prn.c | 62
- crypto/x509v3/v3_purp.c | 117
- crypto/x509v3/v3_skey.c | 59
- crypto/x509v3/v3_sxnet.c | 69
- crypto/x509v3/v3_tlsf.c | 60
- crypto/x509v3/v3_utl.c | 78
- crypto/x509v3/v3conf.c | 59
- crypto/x509v3/v3err.c | 78
- crypto/x509v3/v3prin.c | 59
- crypto/x86_64cpuid.pl | 106
- crypto/x86cpuid.pl | 86
- demos/bio/Makefile.in | 23
- demos/bio/client-arg.c | 9
- demos/bio/client-conf.c | 9
- demos/bio/saccept.c | 9
- demos/bio/sconnect.c | 9
- demos/bio/server-arg.c | 9
- demos/bio/server-cmod.c | 9
- demos/bio/server-conf.c | 9
- demos/cms/cms_comp.c | 9
- demos/cms/cms_ddec.c | 9
- demos/cms/cms_dec.c | 9
- demos/cms/cms_denc.c | 9
- demos/cms/cms_enc.c | 9
- demos/cms/cms_sign.c | 9
- demos/cms/cms_sign2.c | 9
- demos/cms/cms_uncomp.c | 9
- demos/cms/cms_ver.c | 9
- demos/evp/aesccm.c | 9
- demos/evp/aesgcm.c | 9
- demos/pkcs12/pkread.c | 8
- demos/pkcs12/pkwrite.c | 8
- demos/smime/smdec.c | 9
- demos/smime/smenc.c | 9
- demos/smime/smsign.c | 9
- demos/smime/smsign2.c | 9
- demos/smime/smver.c | 9
- doc/HOWTO/proxy_certificates.txt | 221
- doc/apps/CA.pl.pod | 16
- doc/apps/asn1parse.pod | 39
- doc/apps/ca.pod | 48
- doc/apps/ciphers.pod | 44
- doc/apps/cms.pod | 68
- doc/apps/config.pod | 32
- doc/apps/crl.pod | 11
- doc/apps/crl2pkcs7.pod | 15
- doc/apps/dgst.pod | 15
- doc/apps/dhparam.pod | 16
- doc/apps/dsa.pod | 13
- doc/apps/dsaparam.pod | 11
- doc/apps/ec.pod | 21
- doc/apps/ecparam.pod | 19
- doc/apps/enc.pod | 34
- doc/apps/engine.pod | 13
- doc/apps/errstr.pod | 17
- doc/apps/gendsa.pod | 9
- doc/apps/genpkey.pod | 28
- doc/apps/genrsa.pod | 10
- doc/apps/list.pod | 81
- doc/apps/nseq.pod | 11
- doc/apps/ocsp.pod | 62
- doc/apps/openssl.pod | 35
- doc/apps/passwd.pod | 9
- doc/apps/pkcs12.pod | 13
- doc/apps/pkcs7.pod | 13
- doc/apps/pkcs8.pod | 125
- doc/apps/pkey.pod | 25
- doc/apps/pkeyparam.pod | 14
- doc/apps/pkeyutl.pod | 19
- doc/apps/rand.pod | 9
- doc/apps/rehash.pod | 11
- doc/apps/req.pod | 106
- doc/apps/rsa.pod | 18
- doc/apps/rsautl.pod | 45
- doc/apps/s_client.pod | 19
- doc/apps/s_server.pod | 17
- doc/apps/s_time.pod | 10
- doc/apps/sess_id.pod | 14
- doc/apps/smime.pod | 46
- doc/apps/speed.pod | 37
- doc/apps/spkac.pod | 9
- doc/apps/ts.pod | 27
- doc/apps/tsget.pod | 41
- doc/apps/verify.pod | 293
- doc/apps/version.pod | 9
- doc/apps/x509.pod | 58
- doc/apps/x509v3_config.pod | 38
- doc/crypto/ASN1_INTEGER_get_int64.pod | 10
- doc/crypto/ASN1_OBJECT_new.pod | 9
- doc/crypto/ASN1_STRING_length.pod | 19
- doc/crypto/ASN1_STRING_new.pod | 9
- doc/crypto/ASN1_STRING_print_ex.pod | 15
- doc/crypto/ASN1_TIME_set.pod | 13
- doc/crypto/ASN1_TYPE_get.pod | 11
- doc/crypto/ASN1_generate_nconf.pod | 23
- doc/crypto/ASYNC_WAIT_CTX_new.pod | 20
- doc/crypto/ASYNC_start_job.pod | 31
- doc/crypto/BF_encrypt.pod | 117
- doc/crypto/BIO_ADDR.pod | 11
- doc/crypto/BIO_ADDRINFO.pod | 18
- doc/crypto/BIO_connect.pod | 11
- doc/crypto/BIO_ctrl.pod | 33
- doc/crypto/BIO_f_base64.pod | 21
- doc/crypto/BIO_f_buffer.pod | 33
- doc/crypto/BIO_f_cipher.pod | 21
- doc/crypto/BIO_f_md.pod | 43
- doc/crypto/BIO_f_null.pod | 13
- doc/crypto/BIO_f_ssl.pod | 197
- doc/crypto/BIO_find_type.pod | 64
- doc/crypto/BIO_get_data.pod | 9
- doc/crypto/BIO_get_ex_new_index.pod | 41
- doc/crypto/BIO_meth_new.pod | 15
- doc/crypto/BIO_new.pod | 41
- doc/crypto/BIO_new_CMS.pod | 11
- doc/crypto/BIO_parse_hostserv.pod | 22
- doc/crypto/BIO_push.pod | 13
- doc/crypto/BIO_read.pod | 19
- doc/crypto/BIO_s_accept.pod | 56
- doc/crypto/BIO_s_bio.pod | 39
- doc/crypto/BIO_s_connect.pod | 37
- doc/crypto/BIO_s_fd.pod | 37
- doc/crypto/BIO_s_file.pod | 29
- doc/crypto/BIO_s_mem.pod | 29
- doc/crypto/BIO_s_null.pod | 13
- doc/crypto/BIO_s_socket.pod | 27
- doc/crypto/BIO_set_callback.pod | 61
- doc/crypto/BIO_should_retry.pod | 34
- doc/crypto/BN_BLINDING_new.pod | 33
- doc/crypto/BN_CTX_new.pod | 11
- doc/crypto/BN_CTX_start.pod | 9
- doc/crypto/BN_add.pod | 9
- doc/crypto/BN_add_word.pod | 9
- doc/crypto/BN_bn2bin.pod | 26
- doc/crypto/BN_cmp.pod | 9
- doc/crypto/BN_copy.pod | 9
- doc/crypto/BN_generate_prime.pod | 17
- doc/crypto/BN_mod_inverse.pod | 9
- doc/crypto/BN_mod_mul_montgomery.pod | 31
- doc/crypto/BN_mod_mul_reciprocal.pod | 36
- doc/crypto/BN_new.pod | 20
- doc/crypto/BN_num_bytes.pod | 9
- doc/crypto/BN_rand.pod | 9
- doc/crypto/BN_set_bit.pod | 9
- doc/crypto/BN_swap.pod | 9
- doc/crypto/BN_zero.pod | 11
- doc/crypto/BUF_MEM_new.pod | 77
- doc/crypto/CMS_add0_cert.pod | 13
- doc/crypto/CMS_add1_recipient_cert.pod | 11
- doc/crypto/CMS_add1_signer.pod | 15
- doc/crypto/CMS_compress.pod | 9
- doc/crypto/CMS_decrypt.pod | 11
- doc/crypto/CMS_encrypt.pod | 13
- doc/crypto/CMS_final.pod | 13
- doc/crypto/CMS_get0_RecipientInfos.pod | 18
- doc/crypto/CMS_get0_SignerInfos.pod | 16
- doc/crypto/CMS_get0_type.pod | 13
- doc/crypto/CMS_get1_ReceiptRequest.pod | 13
- doc/crypto/CMS_sign.pod | 13
- doc/crypto/CMS_sign_receipt.pod | 11
- doc/crypto/CMS_uncompress.pod | 11
- doc/crypto/CMS_verify.pod | 17
- doc/crypto/CMS_verify_receipt.pod | 13
- doc/crypto/CONF_modules_free.pod | 13
- doc/crypto/CONF_modules_load_file.pod | 15
- doc/crypto/CRYPTO_THREAD_run_once.pod | 163
- doc/crypto/CRYPTO_get_ex_new_index.pod | 26
- doc/crypto/DEFINE_STACK_OF.pod | 233
- doc/crypto/DES_random_key.pod | 310
- doc/crypto/DH_generate_key.pod | 9
- doc/crypto/DH_generate_parameters.pod | 60
- doc/crypto/DH_get0_pqg.pod | 26
- doc/crypto/DH_get_1024_160.pod | 74
- doc/crypto/DH_meth_new.pod | 12
- doc/crypto/DH_new.pod | 9
- doc/crypto/DH_set_method.pod | 10
- doc/crypto/DH_size.pod | 9
- doc/crypto/DSA_SIG_new.pod | 25
- doc/crypto/DSA_do_sign.pod | 11
- doc/crypto/DSA_dup_DH.pod | 9
- doc/crypto/DSA_generate_key.pod | 9
- doc/crypto/DSA_generate_parameters.pod | 15
- doc/crypto/DSA_get0_pqg.pod | 26
- doc/crypto/DSA_meth_new.pod | 11
- doc/crypto/DSA_new.pod | 9
- doc/crypto/DSA_set_method.pod | 12
- doc/crypto/DSA_sign.pod | 19
- doc/crypto/DSA_size.pod | 25
- doc/crypto/ECDSA_SIG_new.pod | 207
- doc/crypto/ECPKParameters_print.pod | 44
- doc/crypto/EC_GFp_simple_method.pod | 11
- doc/crypto/EC_GROUP_copy.pod | 47
- doc/crypto/EC_GROUP_new.pod | 23
- doc/crypto/EC_KEY_get_enc_flags.pod | 59
- doc/crypto/EC_KEY_new.pod | 17
- doc/crypto/EC_POINT_add.pod | 12
- doc/crypto/EC_POINT_new.pod | 33
- doc/crypto/ENGINE_add.pod | 611 +
- doc/crypto/ERR_GET_LIB.pod | 9
- doc/crypto/ERR_clear_error.pod | 9
- doc/crypto/ERR_error_string.pod | 9
- doc/crypto/ERR_get_error.pod | 9
- doc/crypto/ERR_load_crypto_strings.pod | 11
- doc/crypto/ERR_load_strings.pod | 12
- doc/crypto/ERR_print_errors.pod | 18
- doc/crypto/ERR_put_error.pod | 37
- doc/crypto/ERR_remove_state.pod | 44
- doc/crypto/ERR_set_mark.pod | 9
- doc/crypto/EVP_BytesToKey.pod | 19
- doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod | 9
- doc/crypto/EVP_CIPHER_meth_new.pod | 60
- doc/crypto/EVP_DigestInit.pod | 38
- doc/crypto/EVP_DigestSignInit.pod | 15
- doc/crypto/EVP_DigestVerifyInit.pod | 15
- doc/crypto/EVP_EncodeInit.pod | 162
- doc/crypto/EVP_EncryptInit.pod | 223
- doc/crypto/EVP_MD_meth_new.pod | 22
- doc/crypto/EVP_OpenInit.pod | 15
- doc/crypto/EVP_PKEY_CTX_ctrl.pod | 16
- doc/crypto/EVP_PKEY_CTX_new.pod | 11
- doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod | 128
- doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md | 108
- doc/crypto/EVP_PKEY_HKDF.pod | 119
- doc/crypto/EVP_PKEY_TLS1_PRF.pod | 99
- doc/crypto/EVP_PKEY_cmp.pod | 18
- doc/crypto/EVP_PKEY_decrypt.pod | 31
- doc/crypto/EVP_PKEY_derive.pod | 25
- doc/crypto/EVP_PKEY_encrypt.pod | 35
- doc/crypto/EVP_PKEY_get_default_digest.pod | 41
- doc/crypto/EVP_PKEY_get_default_digest_nid.pod | 50
- doc/crypto/EVP_PKEY_keygen.pod | 58
- doc/crypto/EVP_PKEY_new.pod | 15
- doc/crypto/EVP_PKEY_print_private.pod | 21
- doc/crypto/EVP_PKEY_set1_RSA.pod | 40
- doc/crypto/EVP_PKEY_sign.pod | 31
- doc/crypto/EVP_PKEY_verify.pod | 25
- doc/crypto/EVP_PKEY_verify_recover.pod | 35
- doc/crypto/EVP_SealInit.pod | 13
- doc/crypto/EVP_SignInit.pod | 16
- doc/crypto/EVP_VerifyInit.pod | 19
- doc/crypto/HMAC.pod | 151
- doc/crypto/MD5.pod | 101
- doc/crypto/MDC2_Init.pod | 68
- doc/crypto/OBJ_nid2obj.pod | 56
- doc/crypto/OCSP_REQUEST_new.pod | 13
- doc/crypto/OCSP_cert_to_id.pod | 13
- doc/crypto/OCSP_request_add1_nonce.pod | 13
- doc/crypto/OCSP_resp_find_status.pod | 138
- doc/crypto/OCSP_response_find_status.pod | 109
- doc/crypto/OCSP_response_status.pod | 15
- doc/crypto/OCSP_sendreq_new.pod | 9
- doc/crypto/OPENSSL_Applink.pod | 12
- doc/crypto/OPENSSL_LH_COMPFUNC.pod | 239
- doc/crypto/OPENSSL_LH_stats.pod | 64
- doc/crypto/OPENSSL_VERSION_NUMBER.pod | 9
- doc/crypto/OPENSSL_config.pod | 20
- doc/crypto/OPENSSL_ia32cap.pod | 110
- doc/crypto/OPENSSL_init_crypto.pod | 42
- doc/crypto/OPENSSL_instrument_bus.pod | 19
- doc/crypto/OPENSSL_load_builtin_modules.pod | 15
- doc/crypto/OPENSSL_malloc.pod | 47
- doc/crypto/OPENSSL_secure_malloc.pod | 41
- doc/crypto/OpenSSL_add_all_algorithms.pod | 9
- doc/crypto/PEM_read.pod | 127
- doc/crypto/PEM_read_CMS.pod | 97
- doc/crypto/PEM_read_bio_PrivateKey.pod | 481 +
- doc/crypto/PEM_write_bio_CMS_stream.pod | 13
- doc/crypto/PEM_write_bio_PKCS7_stream.pod | 12
- doc/crypto/PKCS12_create.pod | 16
- doc/crypto/PKCS12_newpass.pod | 103
- doc/crypto/PKCS12_parse.pod | 9
- doc/crypto/PKCS5_PBKDF2_HMAC.pod | 15
- doc/crypto/PKCS7_decrypt.pod | 9
- doc/crypto/PKCS7_encrypt.pod | 13
- doc/crypto/PKCS7_sign.pod | 11
- doc/crypto/PKCS7_sign_add_signer.pod | 15
- doc/crypto/PKCS7_verify.pod | 15
- doc/crypto/RAND_add.pod | 36
- doc/crypto/RAND_bytes.pod | 9
- doc/crypto/RAND_cleanup.pod | 9
- doc/crypto/RAND_egd.pod | 9
- doc/crypto/RAND_load_file.pod | 37
- doc/crypto/RAND_set_rand_method.pod | 11
- doc/crypto/RC4_set_key.pod | 66
- doc/crypto/RIPEMD160_Init.pod | 72
- doc/crypto/RSA_blinding_on.pod | 9
- doc/crypto/RSA_check_key.pod | 12
- doc/crypto/RSA_generate_key.pod | 15
- doc/crypto/RSA_get0_key.pod | 38
- doc/crypto/RSA_meth_new.pod | 14
- doc/crypto/RSA_new.pod | 11
- doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 9
- doc/crypto/RSA_print.pod | 11
- doc/crypto/RSA_private_encrypt.pod | 13
- doc/crypto/RSA_public_encrypt.pod | 11
- doc/crypto/RSA_set_method.pod | 51
- doc/crypto/RSA_sign.pod | 13
- doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 11
- doc/crypto/RSA_size.pod | 11
- doc/crypto/SHA256_Init.pod | 108
- doc/crypto/SMIME_read_CMS.pod | 11
- doc/crypto/SMIME_read_PKCS7.pod | 11
- doc/crypto/SMIME_write_CMS.pod | 11
- doc/crypto/SMIME_write_PKCS7.pod | 11
- doc/crypto/UI_new.pod | 186
- doc/crypto/X509V3_get_d2i.pod | 38
- doc/crypto/X509_ALGOR_dup.pod | 48
- doc/crypto/X509_CRL_get0_by_serial.pod | 11
- doc/crypto/X509_EXTENSION_set_object.pod | 17
- doc/crypto/X509_LOOKUP_hash_dir.pod | 19
- doc/crypto/X509_NAME_ENTRY_get_object.pod | 23
- doc/crypto/X509_NAME_add_entry_by_txt.pod | 31
- doc/crypto/X509_NAME_get0_der.pod | 40
- doc/crypto/X509_NAME_get_index_by_NID.pod | 43
- doc/crypto/X509_NAME_print_ex.pod | 17
- doc/crypto/X509_PUBKEY.pod | 111
- doc/crypto/X509_PUBKEY_new.pod | 120
- doc/crypto/X509_SIG_get0.pod | 32
- doc/crypto/X509_STORE_CTX_get_error.pod | 59
- doc/crypto/X509_STORE_CTX_new.pod | 48
- doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 197
- doc/crypto/X509_STORE_get0_param.pod | 57
- doc/crypto/X509_STORE_new.pod | 26
- doc/crypto/X509_STORE_set_verify_cb_func.pod | 242
- doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 37
- doc/crypto/X509_check_ca.pod | 11
- doc/crypto/X509_check_host.pod | 15
- doc/crypto/X509_check_issued.pod | 11
- doc/crypto/X509_dup.pod | 301
- doc/crypto/X509_get0_signature.pod | 11
- doc/crypto/X509_get0_uids.pod | 9
- doc/crypto/X509_get_extension_flags.pod | 51
- doc/crypto/X509_get_notBefore.pod | 92
- doc/crypto/X509_get_pubkey.pod | 19
- doc/crypto/X509_get_serialNumber.pod | 11
- doc/crypto/X509_get_subject_name.pod | 23
- doc/crypto/X509_get_version.pod | 19
- doc/crypto/X509_new.pod | 14
- doc/crypto/X509_sign.pod | 13
- doc/crypto/X509_verify_cert.pod | 22
- doc/crypto/X509v3_get_ext_by_NID.pod | 60
- doc/crypto/bio.pod | 43
- doc/crypto/blowfish.pod | 108
- doc/crypto/bn.pod | 188
- doc/crypto/bn_internal.pod | 238
- doc/crypto/buffer.pod | 59
- doc/crypto/crypto.pod | 21
- doc/crypto/d2i_ASN1_OBJECT.pod | 29
- doc/crypto/d2i_CMS_ContentInfo.pod | 25
- doc/crypto/d2i_DHparams.pod | 11
- doc/crypto/d2i_DSAPublicKey.pod | 91
- doc/crypto/d2i_ECPKParameters.pod | 84
- doc/crypto/d2i_ECPrivateKey.pod | 67
- doc/crypto/d2i_Netscape_RSA.pod | 38
- doc/crypto/d2i_PKCS8PrivateKey.pod | 52
- doc/crypto/d2i_PKCS8PrivateKey_bio.pod | 61
- doc/crypto/d2i_PrivateKey.pod | 71
- doc/crypto/d2i_RSAPublicKey.pod | 78
- doc/crypto/d2i_X509.pod | 612 +
- doc/crypto/d2i_X509_ALGOR.pod | 55
- doc/crypto/d2i_X509_CRL.pod | 39
- doc/crypto/d2i_X509_NAME.pod | 45
- doc/crypto/d2i_X509_REQ.pod | 39
- doc/crypto/d2i_X509_SIG.pod | 36
- doc/crypto/des.pod | 320
- doc/crypto/des_modes.pod | 20
- doc/crypto/dh.pod | 61
- doc/crypto/dsa.pod | 109
- doc/crypto/ec.pod | 198
- doc/crypto/ecdsa.pod | 189
- doc/crypto/engine.pod | 566 -
- doc/crypto/err.pod | 199
- doc/crypto/evp.pod | 18
- doc/crypto/hmac.pod | 113
- doc/crypto/i2d_CMS_bio_stream.pod | 11
- doc/crypto/i2d_PKCS7_bio_stream.pod | 11
- doc/crypto/i2d_re_X509_tbs.pod | 79
- doc/crypto/lh_stats.pod | 54
- doc/crypto/lhash.pod | 246
- doc/crypto/md5.pod | 92
- doc/crypto/mdc2.pod | 59
- doc/crypto/pem.pod | 458 -
- doc/crypto/rand.pod | 77
- doc/crypto/rc4.pod | 57
- doc/crypto/ripemd.pod | 63
- doc/crypto/rsa.pod | 103
- doc/crypto/sha.pod | 99
- doc/crypto/sk_X509_num.pod | 200
- doc/crypto/threads.pod | 82
- doc/crypto/ui.pod | 186
- doc/crypto/x509.pod | 11
- doc/ssl/DTLSv1_listen.pod | 11
- doc/ssl/OPENSSL_init_ssl.pod | 9
- doc/ssl/SSL_CIPHER_get_name.pod | 15
- doc/ssl/SSL_COMP_add_compression_method.pod | 11
- doc/ssl/SSL_CONF_CTX_new.pod | 9
- doc/ssl/SSL_CONF_CTX_set1_prefix.pod | 11
- doc/ssl/SSL_CONF_CTX_set_flags.pod | 9
- doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod | 9
- doc/ssl/SSL_CONF_cmd.pod | 16
- doc/ssl/SSL_CONF_cmd_argv.pod | 11
- doc/ssl/SSL_CTX_add1_chain_cert.pod | 9
- doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 9
- doc/ssl/SSL_CTX_add_session.pod | 11
- doc/ssl/SSL_CTX_config.pod | 11
- doc/ssl/SSL_CTX_ctrl.pod | 9
- doc/ssl/SSL_CTX_dane_enable.pod | 114
- doc/ssl/SSL_CTX_flush_sessions.pod | 13
- doc/ssl/SSL_CTX_free.pod | 9
- doc/ssl/SSL_CTX_get0_param.pod | 9
- doc/ssl/SSL_CTX_get_verify_mode.pod | 9
- doc/ssl/SSL_CTX_has_client_custom_ext.pod | 9
- doc/ssl/SSL_CTX_load_verify_locations.pod | 22
- doc/ssl/SSL_CTX_new.pod | 26
- doc/ssl/SSL_CTX_sess_number.pod | 9
- doc/ssl/SSL_CTX_sess_set_cache_size.pod | 9
- doc/ssl/SSL_CTX_sess_set_get_cb.pod | 17
- doc/ssl/SSL_CTX_sessions.pod | 9
- doc/ssl/SSL_CTX_set1_curves.pod | 13
- doc/ssl/SSL_CTX_set1_sigalgs.pod | 9
- doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 11
- doc/ssl/SSL_CTX_set_alpn_select_cb.pod | 12
- doc/ssl/SSL_CTX_set_cert_cb.pod | 9
- doc/ssl/SSL_CTX_set_cert_store.pod | 11
- doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 17
- doc/ssl/SSL_CTX_set_cipher_list.pod | 9
- doc/ssl/SSL_CTX_set_client_CA_list.pod | 15
- doc/ssl/SSL_CTX_set_client_cert_cb.pod | 9
- doc/ssl/SSL_CTX_set_ct_validation_callback.pod | 40
- doc/ssl/SSL_CTX_set_ctlog_list_file.pod | 9
- doc/ssl/SSL_CTX_set_custom_cli_ext.pod | 133
- doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 43
- doc/ssl/SSL_CTX_set_generate_session_id.pod | 43
- doc/ssl/SSL_CTX_set_info_callback.pod | 77
- doc/ssl/SSL_CTX_set_max_cert_list.pod | 9
- doc/ssl/SSL_CTX_set_min_proto_version.pod | 11
- doc/ssl/SSL_CTX_set_mode.pod | 9
- doc/ssl/SSL_CTX_set_msg_callback.pod | 9
- doc/ssl/SSL_CTX_set_options.pod | 9
- doc/ssl/SSL_CTX_set_psk_client_callback.pod | 52
- doc/ssl/SSL_CTX_set_quiet_shutdown.pod | 9
- doc/ssl/SSL_CTX_set_read_ahead.pod | 29
- doc/ssl/SSL_CTX_set_security_level.pod | 23
- doc/ssl/SSL_CTX_set_session_cache_mode.pod | 11
- doc/ssl/SSL_CTX_set_session_id_context.pod | 9
- doc/ssl/SSL_CTX_set_split_send_fragment.pod | 31
- doc/ssl/SSL_CTX_set_ssl_version.pod | 9
- doc/ssl/SSL_CTX_set_timeout.pod | 9
- doc/ssl/SSL_CTX_set_tlsext_status_cb.pod | 71
- doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 43
- doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 12
- doc/ssl/SSL_CTX_set_verify.pod | 17
- doc/ssl/SSL_CTX_use_certificate.pod | 37
- doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 49
- doc/ssl/SSL_CTX_use_serverinfo.pod | 20
- doc/ssl/SSL_SESSION_free.pod | 9
- doc/ssl/SSL_SESSION_get0_hostname.pod | 37
- doc/ssl/SSL_SESSION_get_hostname.pod | 28
- doc/ssl/SSL_SESSION_get_protocol_version.pod | 44
- doc/ssl/SSL_SESSION_get_time.pod | 16
- doc/ssl/SSL_SESSION_has_ticket.pod | 15
- doc/ssl/SSL_accept.pod | 11
- doc/ssl/SSL_alert_type_string.pod | 11
- doc/ssl/SSL_check_chain.pod | 9
- doc/ssl/SSL_clear.pod | 9
- doc/ssl/SSL_connect.pod | 11
- doc/ssl/SSL_do_handshake.pod | 9
- doc/ssl/SSL_extension_supported.pod | 144
- doc/ssl/SSL_free.pod | 9
- doc/ssl/SSL_get0_peer_scts.pod | 9
- doc/ssl/SSL_get_SSL_CTX.pod | 9
- doc/ssl/SSL_get_all_async_fds.pod | 27
- doc/ssl/SSL_get_ciphers.pod | 13
- doc/ssl/SSL_get_client_CA_list.pod | 11
- doc/ssl/SSL_get_client_random.pod | 11
- doc/ssl/SSL_get_current_cipher.pod | 40
- doc/ssl/SSL_get_default_timeout.pod | 9
- doc/ssl/SSL_get_error.pod | 25
- doc/ssl/SSL_get_extms_support.pod | 9
- doc/ssl/SSL_get_fd.pod | 9
- doc/ssl/SSL_get_peer_cert_chain.pod | 9
- doc/ssl/SSL_get_peer_certificate.pod | 9
- doc/ssl/SSL_get_psk_identity.pod | 41
- doc/ssl/SSL_get_rbio.pod | 9
- doc/ssl/SSL_get_session.pod | 9
- doc/ssl/SSL_get_shared_sigalgs.pod | 11
- doc/ssl/SSL_get_verify_result.pod | 9
- doc/ssl/SSL_get_version.pod | 21
- doc/ssl/SSL_library_init.pod | 17
- doc/ssl/SSL_load_client_CA_file.pod | 11
- doc/ssl/SSL_new.pod | 13
- doc/ssl/SSL_pending.pod | 9
- doc/ssl/SSL_read.pod | 15
- doc/ssl/SSL_rstate_string.pod | 9
- doc/ssl/SSL_session_reused.pod | 9
- doc/ssl/SSL_set1_host.pod | 16
- doc/ssl/SSL_set_bio.pod | 89
- doc/ssl/SSL_set_connect_state.pod | 9
- doc/ssl/SSL_set_fd.pod | 9
- doc/ssl/SSL_set_session.pod | 15
- doc/ssl/SSL_set_shutdown.pod | 9
- doc/ssl/SSL_set_verify_result.pod | 9
- doc/ssl/SSL_shutdown.pod | 13
- doc/ssl/SSL_state_string.pod | 9
- doc/ssl/SSL_want.pod | 32
- doc/ssl/SSL_write.pod | 15
- doc/ssl/d2i_SSL_SESSION.pod | 53
- doc/ssl/ssl.pod | 63
- e_os.h | 96
- engines/Makefile.in | 119
- engines/afalg/Makefile.in | 75
- engines/afalg/build.info | 4
- engines/afalg/e_afalg.c | 84
- engines/afalg/e_afalg.h | 61
- engines/afalg/e_afalg_err.c | 57
- engines/afalg/e_afalg_err.h | 67
- engines/asm/e_padlock-x86.pl | 9
- engines/asm/e_padlock-x86_64.pl | 11
- engines/build.info | 12
- engines/capierr.bat | 1
- engines/e_capi.c | 159
- engines/e_capi_err.c | 57
- engines/e_capi_err.h | 67
- engines/e_chil.c | 72
- engines/e_chil_err.c | 57
- engines/e_chil_err.h | 69
- engines/e_dasync.c | 60
- engines/e_dasync_err.c | 57
- engines/e_dasync_err.h | 67
- engines/e_ossltest.c | 53
- engines/e_ossltest_err.c | 57
- engines/e_ossltest_err.h | 67
- engines/e_padlock.c | 70
- engines/vendor_defns/hwcryptohook.h | 11
- external/perl/transfer/Text/Template.pm | 7
- fuzz/README.md | 66
- fuzz/asn1.c | 222
- fuzz/asn1parse.c | 33
- fuzz/bignum.c | 94
- fuzz/bndiv.c | 107
- fuzz/build.info | 113
- fuzz/cms.c | 32
- fuzz/conf.c | 33
- fuzz/crl.c | 35
- fuzz/ct.c | 40
- fuzz/driver.c | 52
- fuzz/fuzzer.h | 12
- fuzz/helper.py | 52
- fuzz/server.c | 244
- fuzz/test-corpus.c | 46
- fuzz/x509.c | 36
- include/internal/bio.h | 57
- include/internal/comp.h | 9
- include/internal/conf.h | 44
- include/internal/constant_time_locl.h | 48
- include/internal/dane.h | 65
- include/internal/dso.h | 80
- include/internal/err.h | 58
- include/internal/numbers.h | 57
- include/internal/o_dir.h | 9
- include/internal/o_str.h | 61
- include/internal/thread_once.h | 42
- include/internal/threads.h | 92
- include/openssl/__DECC_INCLUDE_EPILOGUE.H | 16
- include/openssl/__DECC_INCLUDE_PROLOGUE.H | 20
- include/openssl/__decc_include_epilogue.h | 7
- include/openssl/__decc_include_prologue.h | 11
- include/openssl/aes.h | 53
- include/openssl/asn1.h | 172
- include/openssl/asn1_mac.h | 10
- include/openssl/asn1t.h | 71
- include/openssl/async.h | 68
- include/openssl/bio.h | 222
- include/openssl/blowfish.h | 60
- include/openssl/bn.h | 128
- include/openssl/buffer.h | 69
- include/openssl/camellia.h | 53
- include/openssl/cast.h | 60
- include/openssl/cmac.h | 58
- include/openssl/cms.h | 67
- include/openssl/comp.h | 66
- include/openssl/conf.h | 71
- include/openssl/conf_api.h | 60
- include/openssl/crypto.h | 203
- include/openssl/ct.h | 95
- include/openssl/des.h | 72
- include/openssl/dh.h | 89
- include/openssl/dsa.h | 118
- include/openssl/dtls1.h | 59
- include/openssl/e_os2.h | 73
- include/openssl/ebcdic.h | 10
- include/openssl/ec.h | 137
- include/openssl/ecdh.h | 9
- include/openssl/ecdsa.h | 9
- include/openssl/engine.h | 98
- include/openssl/err.h | 145
- include/openssl/evp.h | 130
- include/openssl/hmac.h | 64
- include/openssl/idea.h | 62
- include/openssl/kdf.h | 61
- include/openssl/lhash.h | 202
- include/openssl/md2.h | 60
- include/openssl/md4.h | 60
- include/openssl/md5.h | 60
- include/openssl/mdc2.h | 61
- include/openssl/modes.h | 10
- include/openssl/obj_mac.h | 77
- include/openssl/objects.h | 69
- include/openssl/ocsp.h | 228
- include/openssl/opensslconf.h.in | 7
- include/openssl/opensslv.h | 15
- include/openssl/ossl_typ.h | 60
- include/openssl/pem.h | 86
- include/openssl/pem2.h | 64
- include/openssl/pkcs12.h | 86
- include/openssl/pkcs7.h | 96
- include/openssl/rand.h | 94
- include/openssl/rc2.h | 60
- include/openssl/rc4.h | 60
- include/openssl/rc5.h | 60
- include/openssl/ripemd.h | 60
- include/openssl/rsa.h | 118
- include/openssl/safestack.h | 156
- include/openssl/seed.h | 63
- include/openssl/sha.h | 60
- include/openssl/srp.h | 94
- include/openssl/srtp.h | 114
- include/openssl/ssl.h | 308
- include/openssl/ssl2.h | 60
- include/openssl/ssl3.h | 114
- include/openssl/stack.h | 141
- include/openssl/symhacks.h | 57
- include/openssl/tls1.h | 130
- include/openssl/ts.h | 79
- include/openssl/txt_db.h | 62
- include/openssl/ui.h | 98
- include/openssl/whrlpool.h | 9
- include/openssl/x509.h | 172
- include/openssl/x509_vfy.h | 225
- include/openssl/x509v3.h | 152
- ms/applink.c | 9
- ms/cmp.pl | 8
- ms/segrenam.pl | 8
- ms/uplink-common.pl | 8
- ms/uplink-ia64.pl | 8
- ms/uplink-x86.pl | 8
- ms/uplink-x86_64.pl | 10
- ms/uplink.c | 9
- ms/uplink.h | 9
- openssl.spec | 210
- os-dep/haiku.h | 2
- ssl/Makefile.in | 81
- ssl/bio_ssl.c | 87
- ssl/d1_lib.c | 115
- ssl/d1_msg.c | 117
- ssl/d1_srtp.c | 131
- ssl/methods.c | 113
- ssl/packet_locl.h | 58
- ssl/pqueue.c | 59
- ssl/record/dtls1_bitmap.c | 115
- ssl/record/rec_layer_d1.c | 126
- ssl/record/rec_layer_s3.c | 187
- ssl/record/record.h | 122
- ssl/record/record_locl.h | 123
- ssl/record/ssl3_buffer.c | 146
- ssl/record/ssl3_record.c | 183
- ssl/s3_cbc.c | 65
- ssl/s3_enc.c | 183
- ssl/s3_lib.c | 223
- ssl/s3_msg.c | 115
- ssl/ssl_asn1.c | 61
- ssl/ssl_cert.c | 165
- ssl/ssl_ciph.c | 137
- ssl/ssl_conf.c | 60
- ssl/ssl_err.c | 329
- ssl/ssl_init.c | 78
- ssl/ssl_lib.c | 562 -
- ssl/ssl_locl.h | 179
- ssl/ssl_mcnf.c | 63
- ssl/ssl_rsa.c | 96
- ssl/ssl_sess.c | 186
- ssl/ssl_stat.c | 63
- ssl/ssl_txt.c | 65
- ssl/ssl_utst.c | 55
- ssl/statem/statem.c | 118
- ssl/statem/statem.h | 59
- ssl/statem/statem_clnt.c | 1525 +--
- ssl/statem/statem_dtls.c | 143
- ssl/statem/statem_lib.c | 171
- ssl/statem/statem_locl.h | 57
- ssl/statem/statem_srvr.c | 1436 +--
- ssl/t1_enc.c | 116
- ssl/t1_ext.c | 69
- ssl/t1_lib.c | 260
- ssl/t1_reneg.c | 114
- ssl/t1_trce.c | 61
- ssl/tls_srp.c | 60
- test/CAss.cnf | 2
- test/Makefile.in | 410
- test/README.ssltest.md | 59
- test/aborttest.c | 7
- test/afalgtest.c | 67
- test/asynciotest.c | 308
- test/asynctest.c | 64
- test/bftest.c | 62
- test/bioprinttest.c | 225
- test/bntest.c | 69
- test/build.info | 176
- test/casttest.c | 60
- test/certs/alt1-cert.pem | 22
- test/certs/alt1-key.pem | 28
- test/certs/alt2-cert.pem | 20
- test/certs/alt2-key.pem | 28
- test/certs/alt3-cert.pem | 21
- test/certs/alt3-key.pem | 28
- test/certs/bad-pc3-cert.pem | 21
- test/certs/bad-pc3-key.pem | 28
- test/certs/bad-pc4-cert.pem | 21
- test/certs/bad-pc4-key.pem | 28
- test/certs/bad-pc6-cert.pem | 21
- test/certs/bad-pc6-key.pem | 28
- test/certs/badalt1-cert.pem | 20
- test/certs/badalt1-key.pem | 28
- test/certs/badalt10-cert.pem | 21
- test/certs/badalt10-key.pem | 28
- test/certs/badalt2-cert.pem | 20
- test/certs/badalt2-key.pem | 28
- test/certs/badalt3-cert.pem | 21
- test/certs/badalt3-key.pem | 28
- test/certs/badalt4-cert.pem | 21
- test/certs/badalt4-key.pem | 28
- test/certs/badalt5-cert.pem | 20
- test/certs/badalt5-key.pem | 28
- test/certs/badalt6-cert.pem | 22
- test/certs/badalt6-key.pem | 28
- test/certs/badalt7-cert.pem | 23
- test/certs/badalt7-key.pem | 28
- test/certs/badalt8-cert.pem | 21
- test/certs/badalt8-key.pem | 28
- test/certs/badalt9-cert.pem | 21
- test/certs/badalt9-key.pem | 28
- test/certs/ee-client-chain.pem | 37
- test/certs/mkcert.sh | 76
- test/certs/ncca-cert.pem | 21
- test/certs/ncca-key.pem | 28
- test/certs/ncca1-cert.pem | 20
- test/certs/ncca1-key.pem | 28
- test/certs/ncca2-cert.pem | 20
- test/certs/ncca2-key.pem | 28
- test/certs/ncca3-cert.pem | 20
- test/certs/ncca3-key.pem | 28
- test/certs/pathlen.pem | 22
- test/certs/pc1-cert.pem | 20
- test/certs/pc1-key.pem | 28
- test/certs/pc2-cert.pem | 21
- test/certs/pc2-key.pem | 28
- test/certs/pc5-cert.pem | 21
- test/certs/pc5-key.pem | 28
- test/certs/setup.sh | 164
- test/cipherlist_test.c | 212
- test/clienthellotest.c | 58
- test/cms-examples.pl | 56
- test/constant_time_test.c | 48
- test/ct_test.c | 200
- test/d2i_test.c | 123
- test/danetest.c | 148
- test/danetest.in | 155
- test/destest.c | 81
- test/dhtest.c | 86
- test/dsatest.c | 69
- test/dtlsv1listentest.c | 64
- test/dummytest.c | 57
- test/ecdhtest.c | 62
- test/ecdhtest_cavs.h | 13
- test/ecdsatest.c | 98
- test/ectest.c | 155
- test/enginetest.c | 59
- test/evp_extra_test.c | 71
- test/evp_test.c | 153
- test/evptests.txt | 122
- test/exdatatest.c | 58
- test/exptest.c | 60
- test/generate_buildtest.pl | 27
- test/generate_ssl_tests.pl | 44
- test/gmdifftest.c | 57
- test/handshake_helper.c | 527 +
- test/handshake_helper.h | 28
- test/heartbeat_test.c | 11
- test/hmactest.c | 79
- test/ideatest.c | 60
- test/igetest.c | 53
- test/md2test.c | 67
- test/md4test.c | 66
- test/md5test.c | 66
- test/mdc2test.c | 91
- test/memleaktest.c | 57
- test/methtest.c | 60
- test/nptest.c | 66
- test/p5_crpt2_test.c | 53
- test/packettest.c | 59
- test/pbelutest.c | 57
- test/pkits-test.pl | 56
- test/r160test.c | 61
- test/randtest.c | 60
- test/rc2test.c | 60
- test/rc4test.c | 60
- test/rc5test.c | 60
- test/recipes/01-test_abort.t | 9
- test/recipes/01-test_ordinals.t | 104
- test/recipes/01-test_sanity.t | 12
- test/recipes/01-test_symbol_presence.t | 115
- test/recipes/02-test_ordinals.t | 58
- test/recipes/05-test_bf.t | 9
- test/recipes/05-test_cast.t | 9
- test/recipes/05-test_des.t | 9
- test/recipes/05-test_fuzz.t | 40
- test/recipes/05-test_hmac.t | 9
- test/recipes/05-test_idea.t | 9
- test/recipes/05-test_md2.t | 9
- test/recipes/05-test_md4.t | 9
- test/recipes/05-test_md5.t | 9
- test/recipes/05-test_mdc2.t | 9
- test/recipes/05-test_rand.t | 9
- test/recipes/05-test_rc2.t | 8
- test/recipes/05-test_rc4.t | 8
- test/recipes/05-test_rc5.t | 9
- test/recipes/05-test_rmd.t | 9
- test/recipes/05-test_sha1.t | 9
- test/recipes/05-test_sha256.t | 9
- test/recipes/05-test_sha512.t | 9
- test/recipes/05-test_wp.t | 9
- test/recipes/10-test_bn.t | 13
- test/recipes/10-test_exp.t | 9
- test/recipes/15-test_dh.t | 9
- test/recipes/15-test_dsa.t | 9
- test/recipes/15-test_ec.t | 9
- test/recipes/15-test_ecdh.t | 9
- test/recipes/15-test_ecdsa.t | 9
- test/recipes/15-test_rsa.t | 9
- test/recipes/20-test_enc.t | 9
- test/recipes/25-test_crl.t | 9
- test/recipes/25-test_d2i.t | 70
- test/recipes/25-test_gen.t | 44
- test/recipes/25-test_pkcs7.t | 9
- test/recipes/25-test_req.t | 43
- test/recipes/25-test_sid.t | 9
- test/recipes/25-test_verify.t | 74
- test/recipes/25-test_x509.t | 15
- test/recipes/30-test_afalg.t | 57
- test/recipes/30-test_engine.t | 9
- test/recipes/30-test_evp.t | 9
- test/recipes/30-test_evp_extra.t | 9
- test/recipes/30-test_pbelu.t | 9
- test/recipes/40-test_rehash.t | 16
- test/recipes/70-test_asyncio.t | 22
- test/recipes/70-test_clienthello.t | 9
- test/recipes/70-test_packet.t | 9
- test/recipes/70-test_sslcertstatus.t | 70
- test/recipes/70-test_sslextension.t | 67
- test/recipes/70-test_sslrecords.t | 140
- test/recipes/70-test_sslsessiontick.t | 112
- test/recipes/70-test_sslskewith0p.t | 66
- test/recipes/70-test_sslvertol.t | 66
- test/recipes/70-test_tlsextms.t | 81
- test/recipes/70-test_verify_extra.t | 9
- test/recipes/80-test_ca.t | 17
- test/recipes/80-test_cipherlist.t | 26
- test/recipes/80-test_cms.t | 9
- test/recipes/80-test_ct.t | 9
- test/recipes/80-test_dane.t | 9
- test/recipes/80-test_dtlsv1listen.t | 9
- test/recipes/80-test_ocsp.t | 9
- test/recipes/80-test_ssl_new.t | 63
- test/recipes/80-test_ssl_old.t | 406
- test/recipes/80-test_ssl_test_ctx.t | 9
- test/recipes/80-test_tsa.t | 9
- test/recipes/80-test_x509aux.t | 27
- test/recipes/90-test_async.t | 9
- test/recipes/90-test_bioprint.t | 12
- test/recipes/90-test_constant_time.t | 9
- test/recipes/90-test_gmdiff.t | 9
- test/recipes/90-test_heartbeat.t | 9
- test/recipes/90-test_ige.t | 9
- test/recipes/90-test_memleak.t | 9
- test/recipes/90-test_networking.t | 113
- test/recipes/90-test_np.t | 5
- test/recipes/90-test_p5_crpt2.t | 9
- test/recipes/90-test_secmem.t | 9
- test/recipes/90-test_srp.t | 9
- test/recipes/90-test_sslapi.t | 22
- test/recipes/90-test_threads.t | 9
- test/recipes/90-test_v3name.t | 9
- test/recipes/bc.pl | 9
- test/recipes/tconversion.pl | 9
- test/rmdtest.c | 103
- test/rsa_test.c | 15
- test/run_tests.pl | 16
- test/sanitytest.c | 67
- test/secmemtest.c | 81
- test/sha1test.c | 120
- test/sha256t.c | 81
- test/sha512t.c | 99
- test/smcont.txt | 2
- test/smime-certs/mksmime-certs.sh | 7
- test/srptest.c | 9
- test/ssl-tests/01-simple.conf | 4
- test/ssl-tests/01-simple.conf.in | 7
- test/ssl-tests/02-protocol-version.conf | 722 -
- test/ssl-tests/02-protocol-version.conf.in | 120
- test/ssl-tests/03-custom_verify.conf | 220
- test/ssl-tests/03-custom_verify.conf.in | 134
- test/ssl-tests/04-client_auth.conf | 592 +
- test/ssl-tests/04-client_auth.conf.in | 125
- test/ssl-tests/05-sni.conf | 168
- test/ssl-tests/05-sni.conf.in | 74
- test/ssl-tests/06-sni-ticket.conf | 631 +
- test/ssl-tests/06-sni-ticket.conf.in | 86
- test/ssl-tests/07-dtls-protocol-version.conf | 1820 ++++
- test/ssl-tests/07-dtls-protocol-version.conf.in | 19
- test/ssl-tests/08-npn.conf | 362
- test/ssl-tests/08-npn.conf.in | 165
- test/ssl-tests/09-alpn.conf | 298
- test/ssl-tests/09-alpn.conf.in | 136
- test/ssl-tests/10-resumption.conf | 1336 ++
- test/ssl-tests/10-resumption.conf.in | 19
- test/ssl-tests/11-dtls_resumption.conf | 612 +
- test/ssl-tests/11-dtls_resumption.conf.in | 19
- test/ssl-tests/protocol_version.pm | 247
- test/ssl-tests/ssltests_base.pm | 6
- test/ssl_test.c | 195
- test/ssl_test.tmpl | 40
- test/ssl_test_ctx.c | 264
- test/ssl_test_ctx.h | 97
- test/ssl_test_ctx_test.c | 119
- test/ssl_test_ctx_test.conf | 31
- test/sslapitest.c | 601 +
- test/ssltest_old.c | 608 -
- test/ssltestlib.c | 158
- test/ssltestlib.h | 21
- test/test_aesni | 68
- test/test_padlock | 64
- test/test_t4 | 70
- test/testlib/OpenSSL/Test.pm | 86
- test/testlib/OpenSSL/Test/Simple.pm | 7
- test/testlib/OpenSSL/Test/Utils.pm | 9
- test/testutil.c | 78
- test/testutil.h | 69
- test/threadstest.c | 57
- test/times | 113
- test/v3ext.c | 42
- test/v3nametest.c | 9
- test/verify_extra_test.c | 60
- test/wp_test.c | 24
- test/x509aux.c | 226
- tools/Makefile.in | 62
- tools/build.info | 7
- tools/c_hash | 9
- tools/c_info | 12
- tools/c_issuer | 10
- tools/c_name | 10
- tools/c_rehash.in | 10
- tools/primes.py | 21
- util/TLSProxy/ClientHello.pm | 56
- util/TLSProxy/Message.pm | 59
- util/TLSProxy/NewSessionTicket.pm | 55
- util/TLSProxy/Proxy.pm | 90
- util/TLSProxy/Record.pm | 56
- util/TLSProxy/ServerHello.pm | 56
- util/TLSProxy/ServerKeyExchange.pm | 56
- util/ck_errf.pl | 8
- util/copy-if-different.pl | 78
- util/copy.pl | 11
- util/dirname.pl | 18
- util/dofile.pl | 8
- util/domd.in | 26
- util/extract-names.pl | 26
- util/extract-section.pl | 12
- util/find-doc-nits.pl | 189
- util/find-undoc-api.pl | 82
- util/find-unused-errs | 35
- util/fipslink.pl | 8
- util/incore | 10
- util/indent.pro | 4
- util/install.sh | 108
- util/libcrypto.num | 855 -
- util/libssl.num | 12
- util/mkbuildinf.pl | 9
- util/mkdef.pl | 22
- util/mkdir-p.pl | 18
- util/mkerr.pl | 189
- util/mkrc.pl | 9
- util/openssl-format-source | 8
- util/perl/OpenSSL/Util/Pod.pm | 158
- util/perlpath.pl | 35
- util/process_docs.pl | 235
- util/selftest.pl | 9
- util/su-filter.pl | 10
- util/toutf8.sh | 17
- util/with_fallback.pm | 7
- 2096 files changed, 60791 insertions(+), 93940 deletions(-)
-
---- /dev/null
-+++ b/.gitattributes
-@@ -0,0 +1,2 @@
-+*.der binary
-+/fuzz/corpora/** binary
---- a/.gitignore
-+++ b/.gitignore
-@@ -1,12 +1,4 @@
--# Object files
--*.o
--*.obj
--
--# editor artefacts
--*.swp
--.#*
--\#*#
--*~
-+# Ignore editor artefacts
- /.dir-locals.el
-
- # Top level excludes
-@@ -25,36 +17,18 @@
- # *all* Makefiles
- Makefile
-
--/test/*.ss
--/test/*.srl
--/test/.rnd
--/test/test*.pem
--/test/newkey.pem
--/test/*.log
--
--# Certificate symbolic links
--*.0
--
- # Links under apps
- /apps/CA.pl
- /apps/tsget
-+/apps/tsget.pl
- /apps/md4.c
-
--
- # Auto generated headers
- /crypto/buildinf.h
- /crypto/include/internal/*_conf.h
- /openssl/include/opensslconf.h
- /util/domd
-
--# Auto generated assembly language source files
--*.s
--!/crypto/*/asm/*.s
--/crypto/arm*.S
--/crypto/*/*.S
--*.asm
--!/crypto/*/asm/*.asm
--
- # Executables
- /apps/openssl
- /test/sha256t
-@@ -71,30 +45,39 @@ Makefile
- /test/fips_ecdsavs
- /test/fips_rngvs
- /test/fips_test_suite
--*.so*
--*.dylib*
--*.dll*
--*.exe
--# Exceptions
--!/test/bctest
--!/crypto/des/times/486-50.sol
-+/test/ssltest_old
-+/test/x509aux
-+/test/v3ext
-+
-+# Certain files that get created by tests on the fly
-+/test/*.ss
-+/test/*.srl
-+/test/.rnd
-+/test/test*.pem
-+/test/newkey.pem
-+/test/*.log
-+/test/buildtest_*
-+
-+# Fuzz stuff.
-+# Anything without an extension is an executable on Unix, so we keep files
-+# with extensions. And we keep the corpora subddir versioned as well.
-+# Anything more generic with extensions that should be ignored will be taken
-+# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
-+/fuzz/*
-+!/fuzz/README*
-+!/fuzz/corpora
-+!/fuzz/*.*
-
- # Misc auto generated files
- /include/openssl/opensslconf.h
- /tools/c_rehash
--/crypto/**/lib
--/engines/**/lib
--/ssl/**/lib
--Makefile.save
--*.bak
-+/tools/c_rehash.pl
- /tags
- /TAGS
--cscope.*
--*.d
- /crypto.map
- /ssl.map
-
--# Windows
-+# Windows (legacy)
- /tmp32
- /tmp32.dbg
- /tmp32dll
-@@ -138,3 +121,51 @@ cscope.*
- /test/fips_shatest.c
- /test/fips_test_suite.c
- /test/shatest.c
-+
-+##### Generic patterns
-+# Auto generated assembly language source files
-+*.s
-+!/crypto/*/asm/*.s
-+/crypto/arm*.S
-+/crypto/*/*.S
-+*.asm
-+!/crypto/*/asm/*.asm
-+
-+# Object files
-+*.o
-+*.obj
-+
-+# editor artefacts
-+*.swp
-+.#*
-+\#*#
-+*~
-+
-+# Certificate symbolic links
-+*.0
-+
-+# All kinds of executables
-+*.so
-+*.so.*
-+*.dylib
-+*.dylib.*
-+*.dll
-+*.dll.*
-+*.exe
-+*.pyc
-+*.exp
-+*.lib
-+*.pdb
-+*.ilk
-+*.def
-+*.rc
-+*.res
-+
-+# Misc generated stuff
-+Makefile.save
-+/crypto/**/lib
-+/engines/**/lib
-+/ssl/**/lib
-+*.bak
-+cscope.*
-+*.d
---- a/.travis.yml
-+++ b/.travis.yml
-@@ -23,11 +23,9 @@ cache: ccache
- - gcc
-
- env:
-- - CONFIG_OPTS=""
-+ - CONFIG_OPTS="" DESTDIR="_install"
- - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2"
- - CONFIG_OPTS="--strict-warnings no-shared" BUILDONLY="yes"
-- - CONFIG_OPTS="--classic no-shared" BUILDONLY="yes"
-- - CONFIG_OPTS="--classic" BUILDONLY="yes"
- - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
-
-@@ -35,16 +33,19 @@ cache: ccache
- include:
- - os: linux
- compiler: clang-3.6
-- env: CONFIG_OPTS="-fsanitize=address no-shared"
-+ env: CONFIG_OPTS="no-shared enable-asan"
- - os: linux
- compiler: clang-3.6
-- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2 -fno-sanitize=alignment"
-+ env: CONFIG_OPTS="no-shared enable-msan"
- - os: linux
-- compiler: gcc-5
-- env: CONFIG_OPTS="no-shared -fsanitize=address"
-+ compiler: clang-3.6
-+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
-+ - os: linux
-+ compiler: clang-3.6
-+ env: CONFIG_OPTS="no-shared no-asm enable-asan enable-rc5 enable-md2"
- - os: linux
- compiler: gcc-5
-- env: CONFIG_OPTS="no-shared no-asm -fno-sanitize-recover -DPEDANTIC -fsanitize=address -fsanitize=undefined enable-rc5 enable-md2"
-+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- - os: linux
- compiler: i686-w64-mingw32-gcc
- env: CONFIG_OPTS="no-pic"
-@@ -60,34 +61,25 @@ cache: ccache
- before_script:
- - sh .travis-create-release.sh $TRAVIS_OS_NAME
- - tar -xvzf _srcdist.tar.gz
-- - if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then
-- srcdir=.;
-- cd _srcdist;
-- else
-- srcdir=../_srcdist;
-- mkdir _build;
-- cd _build;
-- fi
-+ - mkdir _build;
-+ - cd _build;
- - if [ "$CC" == i686-w64-mingw32-gcc ]; then
- export CROSS_COMPILE=${CC%%gcc}; unset CC;
-- $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
-+ ../_srcdist/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
- elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
- export CROSS_COMPILE=${CC%%gcc}; unset CC;
-- $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
-+ ../_srcdist/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
- else
- if which ccache >/dev/null && [ "$CC" != clang-3.6 ]; then
- CC="ccache $CC";
- fi;
-- $srcdir/config $CONFIG_OPTS;
-+ ../_srcdist/config $CONFIG_OPTS;
- fi
- - cd ..
-
- script:
-- - if echo "$CONFIG_OPTS" | grep -e "--classic" >/dev/null; then
-- cd _srcdist;
-- else
-- cd _build;
-- fi
-+ - cd _build;
-+ - make update
- - make
- - if [ -z "$BUILDONLY" ]; then
- if [ -n "$CROSS_COMPILE" ]; then
-@@ -97,6 +89,10 @@ cache: ccache
- else
- make build_tests;
- fi
-+ - if [ -n "$DESTDIR" ]; then
-+ mkdir "../$DESTDIR";
-+ make install install_docs DESTDIR="../$DESTDIR";
-+ fi
- - cd ..
-
- notifications:
---- /dev/null
-+++ b/AUTHORS
-@@ -0,0 +1,21 @@
-+ Andy Polyakov
-+ Ben Laurie
-+ Bodo Möller
-+ Emilia Käsper
-+ Eric Young
-+ Geoff Thorpe
-+ Holger Reif
-+ Kurt Roeckx
-+ Lutz Jänicke
-+ Mark J. Cox
-+ Matt Caswell
-+ Nils Larsch
-+ Paul C. Sutton
-+ Ralf S. Engelschall
-+ Rich Salz
-+ Richard Levitte
-+ Stephen Henson
-+ Steve Marquess
-+ Tim Hudson
-+ Ulf Möller
-+ Viktor Dukhovni
---- a/CHANGES
-+++ b/CHANGES
-@@ -2,7 +2,77 @@
- OpenSSL CHANGES
- _______________
-
-- Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]
-+ Changes between 1.0.2h and 1.1.0 [xx XXX 2016]
-+
-+ *) The method for finding the storage location for the Windows RAND seed file
-+ has changed. First we check %RANDFILE%. If that is not set then we check
-+ the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If
-+ all else fails we fall back to C:\.
-+ [Matt Caswell]
-+
-+ *) The EVP_EncryptUpdate() function has had its return type changed from void
-+ to int. A return of 0 indicates and error while a return of 1 indicates
-+ success.
-+ [Matt Caswell]
-+
-+ *) The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
-+ DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
-+ off the constant time implementation for RSA, DSA and DH have been made
-+ no-ops and deprecated.
-+ [Matt Caswell]
-+
-+ *) Windows RAND implementation was simplified to only get entropy by
-+ calling CryptGenRandom(). Various other RAND-related tickets
-+ were also closed.
-+ [Joseph Wylie Yandle, Rich Salz]
-+
-+ *) The stack and lhash API's were renamed to start with OPENSSL_SK_
-+ and OPENSSL_LH_, respectively. The old names are available
-+ with API compatibility. They new names are now completely documented.
-+ [Rich Salz]
-+
-+ *) Unify TYPE_up_ref(obj) methods signature.
-+ SSL_CTX_up_ref(), SSL_up_ref(), X509_up_ref(), EVP_PKEY_up_ref(),
-+ X509_CRL_up_ref(), X509_OBJECT_up_ref_count() methods are now returning an
-+ int (instead of void) like all others TYPE_up_ref() methods.
-+ So now these methods also check the return value of CRYPTO_atomic_add(),
-+ and the validity of object reference counter.
-+ [fdasilvayy at gmail.com]
-+
-+ *) With Windows Visual Studio builds, the .pdb files are installed
-+ alongside the installed libraries and executables. For a static
-+ library installation, ossl_static.pdb is the associate compiler
-+ generated .pdb file to be used when linking programs.
-+ [Richard Levitte]
-+
-+ *) Remove openssl.spec. Packaging files belong with the packagers.
-+ [Richard Levitte]
-+
-+ *) Automatic Darwin/OSX configuration has had a refresh, it will now
-+ recognise x86_64 architectures automatically. You can still decide
-+ to build for a different bitness with the environment variable
-+ KERNEL_BITS (can be 32 or 64), for example:
-+
-+ KERNEL_BITS=32 ./config
-+
-+ [Richard Levitte]
-+
-+ *) Change default algorithms in pkcs8 utility to use PKCS#5 v2.0,
-+ 256 bit AES and HMAC with SHA256.
-+ [Steve Henson]
-+
-+ *) Remove support for MIPS o32 ABI on IRIX (and IRIX only).
-+ [Andy Polyakov]
-+
-+ *) Triple-DES ciphers have been moved from HIGH to MEDIUM.
-+ [Rich Salz]
-+
-+ *) To enable users to have their own config files and build file templates,
-+ Configure looks in the directory indicated by the environment variable
-+ OPENSSL_LOCAL_CONFIG_DIR as well as the in-source Configurations/
-+ directory. On VMS, OPENSSL_LOCAL_CONFIG_DIR is expected to be a logical
-+ name and is used as is.
-+ [Richard Levitte]
-
- *) The following datatypes were made opaque: X509_OBJECT, X509_STORE_CTX,
- X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD. The unused type
-@@ -988,6 +1058,103 @@
- validated when establishing a connection.
- [Rob Percival <robpercival at google.com>]
-
-+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
-+
-+ *) Prevent padding oracle in AES-NI CBC MAC check
-+
-+ A MITM attacker can use a padding oracle attack to decrypt traffic
-+ when the connection uses an AES CBC cipher and the server support
-+ AES-NI.
-+
-+ This issue was introduced as part of the fix for Lucky 13 padding
-+ attack (CVE-2013-0169). The padding check was rewritten to be in
-+ constant time by making sure that always the same bytes are read and
-+ compared against either the MAC or padding bytes. But it no longer
-+ checked that there was enough data to have both the MAC and padding
-+ bytes.
-+
-+ This issue was reported by Juraj Somorovsky using TLS-Attacker.
-+ (CVE-2016-2107)
-+ [Kurt Roeckx]
-+
-+ *) Fix EVP_EncodeUpdate overflow
-+
-+ An overflow can occur in the EVP_EncodeUpdate() function which is used for
-+ Base64 encoding of binary data. If an attacker is able to supply very large
-+ amounts of input data then a length check can overflow resulting in a heap
-+ corruption.
-+
-+ Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
-+ the PEM_write_bio* family of functions. These are mainly used within the
-+ OpenSSL command line applications, so any application which processes data
-+ from an untrusted source and outputs it as a PEM file should be considered
-+ vulnerable to this issue. User applications that call these APIs directly
-+ with large amounts of untrusted data may also be vulnerable.
-+
-+ This issue was reported by Guido Vranken.
-+ (CVE-2016-2105)
-+ [Matt Caswell]
-+
-+ *) Fix EVP_EncryptUpdate overflow
-+
-+ An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
-+ is able to supply very large amounts of input data after a previous call to
-+ EVP_EncryptUpdate() with a partial block then a length check can overflow
-+ resulting in a heap corruption. Following an analysis of all OpenSSL
-+ internal usage of the EVP_EncryptUpdate() function all usage is one of two
-+ forms. The first form is where the EVP_EncryptUpdate() call is known to be
-+ the first called function after an EVP_EncryptInit(), and therefore that
-+ specific call must be safe. The second form is where the length passed to
-+ EVP_EncryptUpdate() can be seen from the code to be some small value and
-+ therefore there is no possibility of an overflow. Since all instances are
-+ one of these two forms, it is believed that there can be no overflows in
-+ internal code due to this problem. It should be noted that
-+ EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
-+ Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
-+ of these calls have also been analysed too and it is believed there are no
-+ instances in internal usage where an overflow could occur.
-+
-+ This issue was reported by Guido Vranken.
-+ (CVE-2016-2106)
-+ [Matt Caswell]
-+
-+ *) Prevent ASN.1 BIO excessive memory allocation
-+
-+ When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
-+ a short invalid encoding can cause allocation of large amounts of memory
-+ potentially consuming excessive resources or exhausting memory.
-+
-+ Any application parsing untrusted data through d2i BIO functions is
-+ affected. The memory based functions such as d2i_X509() are *not* affected.
-+ Since the memory based functions are used by the TLS library, TLS
-+ applications are not affected.
-+
-+ This issue was reported by Brian Carpenter.
-+ (CVE-2016-2109)
-+ [Stephen Henson]
-+
-+ *) EBCDIC overread
-+
-+ ASN1 Strings that are over 1024 bytes can cause an overread in applications
-+ using the X509_NAME_oneline() function on EBCDIC systems. This could result
-+ in arbitrary stack data being returned in the buffer.
-+
-+ This issue was reported by Guido Vranken.
-+ (CVE-2016-2176)
-+ [Matt Caswell]
-+
-+ *) Modify behavior of ALPN to invoke callback after SNI/servername
-+ callback, such that updates to the SSL_CTX affect ALPN.
-+ [Todd Short]
-+
-+ *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
-+ default.
-+ [Kurt Roeckx]
-+
-+ *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
-+ methods are enabled and ssl2 is disabled the methods return NULL.
-+ [Kurt Roeckx]
-+
- Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
-
- * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
-@@ -1226,7 +1393,7 @@
-
- *) Alternate chains certificate forgery
-
-- During certificate verfification, OpenSSL will attempt to find an
-+ During certificate verification, OpenSSL will attempt to find an
- alternative certificate chain if the first attempt to build such a chain
- fails. An error in the implementation of this logic can mean that an
- attacker could cause certain checks on untrusted certificates to be
-@@ -1484,7 +1651,7 @@
-
- *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
- ARMv5 through ARMv8, as opposite to "locking" it to single one.
-- So far those who have to target multiple plaforms would compromise
-+ So far those who have to target multiple platforms would compromise
- and argue that binary targeting say ARMv5 would still execute on
- ARMv8. "Universal" build resolves this compromise by providing
- near-optimal performance even on newer platforms.
-@@ -1544,7 +1711,7 @@
- [Steve Henson]
-
- *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
-- this fixes a limiation in previous versions of OpenSSL.
-+ this fixes a limitation in previous versions of OpenSSL.
- [Steve Henson]
-
- *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
-@@ -1653,7 +1820,7 @@
-
- *) Add support for certificate stores in CERT structure. This makes it
- possible to have different stores per SSL structure or one store in
-- the parent SSL_CTX. Include distint stores for certificate chain
-+ the parent SSL_CTX. Include distinct stores for certificate chain
- verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
- to build and store a certificate chain in CERT structure: returing
- an error if the chain cannot be built: this will allow applications
-@@ -1716,7 +1883,7 @@
- [Steve Henson]
-
- *) Integrate hostname, email address and IP address checking with certificate
-- verification. New verify options supporting checking in opensl utility.
-+ verification. New verify options supporting checking in openssl utility.
- [Steve Henson]
-
- *) Fixes and wildcard matching support to hostname and email checking
---- a/CONTRIBUTING
-+++ b/CONTRIBUTING
-@@ -1,42 +1,75 @@
--HOW TO CONTRIBUTE TO OpenSSL
------------------------------
-+HOW TO CONTRIBUTE TO PATCHES OpenSSL
-+------------------------------------
-
--Development is coordinated on the openssl-dev mailing list (see
--http://www.openssl.org for information on subscribing). If you
--would like to submit a patch, send it to rt at openssl.org with
--the string "[PATCH]" in the subject. Please be sure to include a
--textual explanation of what your patch does.
--
--You can also make GitHub pull requests. If you do this, please also send
--mail to rt at openssl.org with a brief description and a link to the PR so
--that we can more easily keep track of it.
-+(Please visit https://www.openssl.org/community/getting-started.html for
-+other ideas about how to contribute.)
-
-+Development is coordinated on the openssl-dev mailing list (see the
-+above link or https://mta.openssl.org for information on subscribing).
- If you are unsure as to whether a feature will be useful for the general
--OpenSSL community please discuss it on the openssl-dev mailing list first.
--Someone may be already working on the same thing or there may be a good
--reason as to why that feature isn't implemented.
--
--Patches should be as up to date as possible, preferably relative to the
--current Git or the last snapshot. They should follow our coding style
--(see https://www.openssl.org/policies/codingstyle.html) and compile without
--warnings using the --strict-warnings flag. OpenSSL compiles on many varied
--platforms: try to ensure you only use portable features.
--
--When at all possible, patches should include tests. These can either be
--added to an existing test, or completely new. Please see test/README for
--information on the test framework.
--
--Our preferred format for patch files is "git format-patch" output. For example
--to provide a patch file containing the last commit in your local git repository
--use the following command:
-+OpenSSL community you might want to discuss it on the openssl-dev mailing
-+list first. Someone may be already working on the same thing or there
-+may be a good reason as to why that feature isn't implemented.
-+
-+The best way to submit a patch is to make a pull request on GitHub.
-+(It is not necessary to send mail to rt at openssl.org to open a ticket!)
-+If you think the patch could use feedback from the community, please
-+start a thread on openssl-dev.
-+
-+You can also submit patches by sending it as mail to rt at openssl.org.
-+Please include the word "PATCH" and an explanation of what the patch
-+does in the subject line. If you do this, our preferred format is "git
-+format-patch" output. For example to provide a patch file containing the
-+last commit in your local git repository use the following command:
-
--# git format-patch --stdout HEAD^ >mydiffs.patch
-+ % git format-patch --stdout HEAD^ >mydiffs.patch
-
- Another method of creating an acceptable patch file without using git is as
- follows:
-
--# cd openssl-work
--# [your changes]
--# ./Configure dist; make clean
--# cd ..
--# diff -ur openssl-orig openssl-work > mydiffs.patch
-+ % cd openssl-work
-+ ...make your changes...
-+ % ./Configure dist; make clean
-+ % cd ..
-+ % diff -ur openssl-orig openssl-work >mydiffs.patch
-+
-+Note that pull requests are generally easier for the team, and community, to
-+work with. Pull requests benefit from all of the standard GitHub features,
-+including code review tools, simpler integration, and CI build support.
-+
-+No matter how a patch is submitted, the following items will help make
-+the acceptance and review process faster:
-+
-+ 1. Anything other than trivial contributions will require a contributor
-+ licensing agreement, giving us permission to use your code. See
-+ https://www.openssl.org/policies/cla.html for details.
-+
-+ 2. All source files should start with the following text (with
-+ appropriate comment characters at the start of each line and the
-+ year(s) updated):
-+
-+ Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
-+
-+ Licensed under the OpenSSL license (the "License"). You may not use
-+ this file except in compliance with the License. You can obtain a copy
-+ in the file LICENSE in the source distribution or at
-+ https://www.openssl.org/source/license.html
-+
-+ 3. Patches should be as current as possible. When using GitHub, please
-+ expect to have to rebase and update often. Note that we do not accept merge
-+ commits. You will be asked to remove them before a patch is considered
-+ acceptable.
-+
-+ 4. Patches should follow our coding style (see
-+ https://www.openssl.org/policies/codingstyle.html) and compile without
-+ warnings. Where gcc or clang is available you should use the
-+ --strict-warnings Configure option. OpenSSL compiles on many varied
-+ platforms: try to ensure you only use portable features.
-+
-+ 5. When at all possible, patches should include tests. These can either be
-+ added to an existing test, or completely new. Please see test/README
-+ for information on the test framework.
-+
-+ 6. New features or changed functionality must include documentation. Please
-+ look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
-+ our style.
---- a/Configurations/00-base-templates.conf
-+++ b/Configurations/00-base-templates.conf
-@@ -91,6 +91,12 @@
- ar => "lib",
- arflags => "/nologo",
- aroutflag => "/out:",
-+ rc => "rc",
-+ rcoutflag => "/fo",
-+ mt => "mt",
-+ mtflags => "-nologo",
-+ mtinflag => "-manifest ",
-+ mtoutflag => "-outputresource:",
-
- build_file => "makefile",
- build_scheme => [ "unified", "windows" ],
-@@ -185,7 +191,7 @@
- bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
- ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
- des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
-- aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S",
-+ aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
- md5_asm_src => "md5-sparcv9.S",
- sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
- cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
-@@ -203,9 +209,9 @@
- alpha_asm => {
- template => 1,
- cpuid_asm_src => "alphacpuid.s",
-- bn_asm_src => "bn_asm.c alpha-mont.s",
-- sha1_asm_src => "sha1-alpha.s",
-- modes_asm_src => "ghash-alpha.s",
-+ bn_asm_src => "bn_asm.c alpha-mont.S",
-+ sha1_asm_src => "sha1-alpha.S",
-+ modes_asm_src => "ghash-alpha.S",
- perlasm_scheme => "void"
- },
- mips32_asm => {
-@@ -217,7 +223,8 @@
- mips64_asm => {
- inherit_from => [ "mips32_asm" ],
- template => 1,
-- sha1_asm_src => add("sha512-mips.S")
-+ sha1_asm_src => add("sha512-mips.S"),
-+ poly1305_asm_src=> "poly1305-mips.S",
- },
- s390x_asm => {
- template => 1,
-@@ -244,7 +251,7 @@
- },
- aarch64_asm => {
- template => 1,
-- cpuid_asm_src => "armcap.c arm64cpuid.S mem_clr.c",
-+ cpuid_asm_src => "armcap.c arm64cpuid.S",
- ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
- bn_asm_src => "bn_asm.c armv8-mont.S",
- aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
---- a/Configurations/10-main.conf
-+++ b/Configurations/10-main.conf
-@@ -9,15 +9,39 @@ sub vc_win64a_info {
- $vc_win64a_info = { as => "nasm",
- asflags => "-f win64 -DNEAR -Ox -g",
- asoutflag => "-o" };
-- } else {
-+ } elsif ($disabled{asm}) {
- $vc_win64a_info = { as => "ml64",
- asflags => "/c /Cp /Cx /Zi",
- asoutflag => "/Fo" };
-+ } else {
-+ die "NASM not found - please read INSTALL and NOTES.WIN for further details\n";
- }
- }
- return $vc_win64a_info;
- }
-
-+my $vc_win32_info = {};
-+sub vc_win32_info {
-+ unless (%$vc_win32_info) {
-+ my $ver=`nasm -v 2>NUL`;
-+ my $vew=`nasmw -v 2>NUL`;
-+ if ($ver ne "" || $vew ne "") {
-+ $vc_win32_info = { as => $ver ge $vew ? "nasm" : "nasmw",
-+ asflags => "-f win32",
-+ asoutflag => "-o",
-+ perlasm_scheme => "win32n" };
-+ } elsif ($disabled{asm}) {
-+ $vc_win32_info = { as => "ml",
-+ asflags => "/nologo /Cp /coff /c /Cx /Zi",
-+ asoutflag => "/Fo",
-+ perlasm_scheme => "win32" };
-+ } else {
-+ die "NASM not found - please read INSTALL and NOTES.WIN for further details\n";
-+ }
-+ }
-+ return $vc_win32_info;
-+}
-+
- my $vc_wince_info = {};
- sub vc_wince_info {
- unless (%$vc_wince_info) {
-@@ -82,6 +106,7 @@ sub vms_info {
- my $pointer_size_str = $pointer_size == 0 ? "" : "$pointer_size";
-
- $vms_info->{disable_warns} = [ ];
-+ $vms_info->{pointer_size} = $pointer_size_str;
- if ($pointer_size == 64) {
- `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`;
- if ($? == 0) {
-@@ -279,44 +304,16 @@ sub vms_info {
- multilib => "/64",
- },
-
--#### IRIX 5.x configs
--# -mips2 flag is added by ./config when appropriate.
-- "irix-gcc" => {
-- inherit_from => [ "BASE_unix", asm("mips32_asm") ],
-- cc => "gcc",
-- cflags => picker(default => "-DB_ENDIAN",
-- debug => "-g -O0",
-- release => "-O3"),
-- bn_ops => "BN_LLONG RC4_CHAR",
-- thread_scheme => "(unknown)",
-- perlasm_scheme => "o32",
-- dso_scheme => "dlfcn",
-- shared_target => "irix-shared",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "irix-cc" => {
-- inherit_from => [ "BASE_unix", asm("mips32_asm") ],
-- cc => "cc",
-- cflags => picker(default => "-use_readonly_const -DB_ENDIAN",
-- debug => "-g -O0",
-- release => "-O2"),
-- bn_ops => "BN_LLONG RC4_CHAR",
-- thread_scheme => "(unknown)",
-- perlasm_scheme => "o32",
-- dso_scheme => "dlfcn",
-- shared_target => "irix-shared",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
- #### IRIX 6.x configs
--# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
--# './Configure irix-cc -o32' manually.
-+# Only N32 and N64 ABIs are supported.
- "irix-mips3-gcc" => {
- inherit_from => [ "BASE_unix", asm("mips64_asm") ],
- cc => "gcc",
- cflags => combine(picker(default => "-mabi=n32 -DB_ENDIAN -DBN_DIV3W",
- debug => "-g -O0",
- release => "-O3"),
-- threads("-D_SGI_MP_SOURCE -pthread")),
-+ threads("-D_SGI_MP_SOURCE")),
-+ ex_libs => add(threads("-lpthread")),
- bn_ops => "RC4_CHAR SIXTY_FOUR_BIT",
- thread_scheme => "pthreads",
- perlasm_scheme => "n32",
-@@ -351,6 +348,7 @@ sub vms_info {
- debug => "-g -O0",
- release => "-O3"),
- threads("-D_SGI_MP_SOURCE")),
-+ ex_libs => add(threads("-lpthread")),
- bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG",
- thread_scheme => "pthreads",
- perlasm_scheme => "64",
-@@ -402,9 +400,9 @@ sub vms_info {
- # crypto/sha/sha_lcl.h.
- # - originally there were 32-bit hpux-parisc2-* targets. They were
- # scrapped, because a) they were not interchangeable with other 32-bit
--# targets; a) when critical 32-bit assembly modules detect if they
--# are executed on PA-RISC 2.0 and thus adequate performance is
--# provided.
-+# targets; b) performance-critical 32-bit assembly modules implement
-+# even PA-RISC 2.0-specific code paths, which are chosen at run-time,
-+# thus adequate performance is provided even with PA-RISC 1.1 build.
- # <appro at fy.chalmers.se>
- "hpux-parisc-gcc" => {
- inherit_from => [ "BASE_unix" ],
-@@ -571,23 +569,18 @@ sub vms_info {
- bn_ops => "BN_LLONG",
- },
-
--#### DEC Alpha OSF/1/Tru64 targets.
-- "osf1-alpha-gcc" => {
-+#### DEC Alpha Tru64 targets. Tru64 is marketing name for OSF/1 version 4
-+#### and forward. In reality 'uname -s' still returns "OSF1". Originally
-+#### there were even osf1-* configs targeting prior versions provided,
-+#### but not anymore...
-+ "tru64-alpha-gcc" => {
- inherit_from => [ "BASE_unix", asm("alpha_asm") ],
- cc => "gcc",
-- cflags => "-O3",
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "(unknown)",
-- dso_scheme => "dlfcn",
-- shared_target => "alpha-osf1-shared",
-- shared_extension => ".so",
-- },
-- "osf1-alpha-cc" => {
-- inherit_from => [ "BASE_unix", asm("alpha_asm") ],
-- cc => "cc",
-- cflags => "-std1 -tune host -O4 -readonly_strings",
-+ cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3",
-+ threads("-pthread")),
-+ ex_libs => "-lrt", # for mlock(2)
- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "(unknown)",
-+ thread_scheme => "pthreads",
- dso_scheme => "dlfcn",
- shared_target => "alpha-osf1-shared",
- shared_extension => ".so",
-@@ -595,8 +588,9 @@ sub vms_info {
- "tru64-alpha-cc" => {
- inherit_from => [ "BASE_unix", asm("alpha_asm") ],
- cc => "cc",
-- cflags => combine("-std1 -tune host -fast -readonly_strings",
-+ cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings",
- threads("-pthread")),
-+ ex_libs => "-lrt", # for mlock(2)
- bn_ops => "SIXTY_FOUR_BIT_LONG",
- thread_scheme => "pthreads",
- dso_scheme => "dlfcn",
-@@ -872,17 +866,14 @@ sub vms_info {
- # Special note about unconditional -fPIC and -pie. The underlying
- # reason is that Lollipop refuses to run non-PIE. But what about
- # older systems and NDKs? -fPIC was never problem, so the only
-- # concern if -pie. Older toolchains, e.g. r4, appear to handle it
-+ # concern is -pie. Older toolchains, e.g. r4, appear to handle it
- # and binaries turn mostly functional. "Mostly" means that oldest
- # Androids, such as Froyo, fail to handle executable, but newer
- # systems are perfectly capable of executing binaries targeting
- # Froyo. Keep in mind that in the nutshell Android builds are
- # about JNI, i.e. shared libraries, not applications.
-- cflags => picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack -Wall",
-- debug => "-O0 -g",
-- release => "-O3"),
-- lflags => "-pie",
-- shared_cflag => "",
-+ cflags => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")),
-+ bin_cflags => "-pie",
- },
- "android-x86" => {
- inherit_from => [ "android", asm("x86_asm") ],
-@@ -921,11 +912,8 @@ sub vms_info {
-
- "android64" => {
- inherit_from => [ "linux-generic64" ],
-- cflags => picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack -Wall",
-- debug => "-O0 -g",
-- release => "-O3"),
-- lflags => "-pie",
-- shared_cflag => "",
-+ cflags => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")),
-+ bin_cflags => "-pie",
- },
- "android64-aarch64" => {
- inherit_from => [ "android64", asm("aarch64_asm") ],
-@@ -1258,16 +1246,15 @@ sub vms_info {
- return [ @defs ];
- }),
- coutflag => "/Fo",
-- rc => "rc",
-- rcoutflag => "/fo",
-- lib_cflags => add("/Zi /Fdlib"),
-- dso_cflags => "/Zi",
-+ lib_cflags => add("/Zi /Fdossl_static"),
-+ dso_cflags => "/Zi /Fddso",
- bin_cflags => "/Zi /Fdapp",
- lflags => add("/debug"),
- shared_ldflag => "/dll",
- shared_target => "win-shared", # meaningless except it gives Configure a hint
- thread_scheme => "winthreads",
- dso_scheme => "win32",
-+ apps_aux_src => add("win32_init.c"),
- },
- "VC-noCE-common" => {
- inherit_from => [ "VC-common" ],
-@@ -1280,7 +1267,7 @@ sub vms_info {
- release =>
- sub {
- ($disabled{shared} ? "" : "/MD")
-- ." /Ox /O2 /Ob2";
-+ ." /O2";
- })),
- lib_cflags => add(sub { $disabled{shared} ? "/MT /Zl" : () }),
- # Following might/should appears controversial, i.e. defining
-@@ -1344,11 +1331,9 @@ sub vms_info {
- # configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE'
- inherit_from => [ "VC-noCE-common", asm("x86_asm"),
- sub { $disabled{shared} ? () : "uplink_common" } ],
-- as => sub { my $ver=`nasm -v 2>NUL`;
-- my $vew=`nasmw -v 2>NUL`;
-- return $ver ge $vew ? "nasm" : "nasmw" },
-- asflags => "-f win32",
-- asoutflag => "-o",
-+ as => sub { vc_win32_info()->{as} },
-+ asflags => sub { vc_win32_info()->{asflags} },
-+ asoutflag => sub { vc_win32_info()->{asoutflag} },
- ex_libs => add(sub {
- my @ex_libs = ();
- # WIN32 UNICODE build gets linked with unicows.lib for
-@@ -1359,7 +1344,7 @@ sub vms_info {
- }),
- sys_id => "WIN32",
- bn_ops => "BN_LLONG EXPORT_VAR_AS_FN",
-- perlasm_scheme => "win32n",
-+ perlasm_scheme => sub { vc_win32_info()->{perlasm_scheme} },
- build_scheme => add("VC-W32", { separator => undef }),
- },
- "VC-CE" => {
-@@ -1430,6 +1415,7 @@ sub vms_info {
- shared_rcflag => "--target=pe-i386",
- shared_extension => ".dll",
- multilib => "",
-+ apps_aux_src => add("win32_init.c"),
- },
- "mingw64" => {
- # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
-@@ -1458,6 +1444,7 @@ sub vms_info {
- shared_rcflag => "--target=pe-x86-64",
- shared_extension => ".dll",
- multilib => "64",
-+ apps_aux_src => add("win32_init.c"),
- },
-
- #### UEFI
-@@ -1529,17 +1516,6 @@ sub vms_info {
- inherit_from => [ "Cygwin-x86" ]
- },
-
--#### DJGPP
-- "DJGPP" => {
-- inherit_from => [ asm("x86_asm") ],
-- cc => "gcc",
-- cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
-- sys_id => "MSDOS",
-- ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
-- bn_ops => "BN_LLONG",
-- perlasm_scheme => "a.out",
-- },
--
- ##### MacOS X (a.k.a. Darwin) setup
- "darwin-common" => {
- inherit_from => [ "BASE_unix" ],
-@@ -1643,6 +1619,7 @@ sub vms_info {
- dso_scheme => "dlfcn",
- shared_target => "linux-shared",
- shared_cflag => "-fPIC",
-+ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- },
-
- ##### VxWorks for various targets
-@@ -1741,48 +1718,20 @@ sub vms_info {
- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- ranlib => "$ENV{'RANLIB'}",
- },
-- "haiku-common" => {
-- template => 1,
-- cc => "cc",
-- cflags => add_before(picker(default => "-DL_ENDIAN -Wall",
-- debug => "-g -O0",
-- release => "-O2"),
-- threads("-D_REENTRANT")),
-- sys_id => "HAIKU",
-- lflags => "-lnetwork",
-- perlasm_scheme => "elf",
-- thread_scheme => "pthreads",
-- dso_scheme => "dlfcn",
-- shared_target => "haiku-shared",
-- shared_cflag => "-fPIC",
-- shared_ldflag => "-shared",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "haiku-x86" => {
-- inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
-- cflags => add(picker(default => "",
-- release => "-fomit-frame-pointer")),
-- bn_ops => "BN_LLONG",
-- },
-- # Haiku builds with no-asm
-- "haiku-x86_64" => {
-- inherit_from => [ "haiku-common", asm("x86_64_asm") ],
-- cflags => add("-m64"),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- },
--
-
- ##### VMS
- "vms-generic" => {
- inherit_from => [ "BASE_VMS" ],
- template => 1,
- cc => "CC/DECC",
-- cflags => picker(default => "/STANDARD=RELAXED/NOLIST/PREFIX=ALL/NAMES=(AS_IS,SHORTENED)",
-+ cflags => picker(default => "/STANDARD=RELAXED/NOLIST/PREFIX=ALL",
- debug => "/NOOPTIMIZE/DEBUG",
- release => "/OPTIMIZE/NODEBUG"),
- lflags => picker(default => "/MAP",
- debug => "/DEBUG/TRACEBACK",
- release => "/NODEBUG/NOTRACEBACK"),
-+ lib_cflags => add("/NAMES=(AS_IS,SHORTENED)"),
-+ dso_cflags => add("/NAMES=(AS_IS,SHORTENED)"),
- shared_target => "vms-shared",
- dso_scheme => "vms",
- thread_scheme => "pthreads",
-@@ -1790,18 +1739,6 @@ sub vms_info {
- apps_aux_src => "vms_decc_init.c",
- },
-
-- # VMS on VAX is *unsupported*
-- #"vms-asm" => {
-- # template => 1,
-- # bn_obj => "[.asm]vms.obj vms-helper.obj"
-- #},
-- #"vms-vax" => {
-- # inherit_from => [ "vms-generic", asm("vms-asm") ],
-- # as => "MACRO",
-- # debug_aflags => "/NOOPTIMIZE/DEBUG",
-- # release_aflags => "/OPTIMIZE/NODEBUG",
-- # bn_opts => "THIRTY_TWO_BIT RC4_CHAR RC4_CHUNK DES_PTR BF_PTR",
-- #},
- "vms-alpha" => {
- inherit_from => [ "vms-generic" ],
- cflags => add(sub { my @warnings =
-@@ -1814,6 +1751,7 @@ sub vms_info {
- ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
- }),
- ex_libs => add(sub { return vms_info(0)->{zlib} || (); }),
-+ pointer_size => sub { return vms_info(0)->{pointer_size} },
- #as => "???",
- #debug_aflags => "/NOOPTIMIZE/DEBUG",
- #release_aflags => "/OPTIMIZE/NODEBUG",
-@@ -1834,6 +1772,7 @@ sub vms_info {
- ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
- }),
- ex_libs => add(sub { return vms_info(32)->{zlib} || (); }),
-+ pointer_size => sub { return vms_info(32)->{pointer_size} },
- },
- "vms-alpha-p64" => {
- inherit_from => [ "vms-generic" ],
-@@ -1850,6 +1789,7 @@ sub vms_info {
- ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
- }),
- ex_libs => add(sub { return vms_info(64)->{zlib} || (); }),
-+ pointer_size => sub { return vms_info(64)->{pointer_size} },
- },
- "vms-ia64" => {
- inherit_from => [ "vms-generic" ],
-@@ -1863,6 +1803,7 @@ sub vms_info {
- ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : ();
- }),
- ex_libs => add(sub { return vms_info(0)->{zlib} || (); }),
-+ pointer_size => sub { return vms_info(0)->{pointer_size} },
- #as => "I4S",
- #debug_aflags => "/NOOPTIMIZE/DEBUG",
- #release_aflags => "/OPTIMIZE/NODEBUG",
-@@ -1883,6 +1824,7 @@ sub vms_info {
- ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : ();
- }),
- ex_libs => add(sub { return vms_info(32)->{zlib} || (); }),
-+ pointer_size => sub { return vms_info(32)->{pointer_size} },
- },
- "vms-ia64-p64" => {
- inherit_from => [ "vms-generic" ],
-@@ -1899,6 +1841,7 @@ sub vms_info {
- ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : ();
- }),
- ex_libs => add(sub { return vms_info(64)->{zlib} || (); }),
-+ pointer_size => sub { return vms_info(64)->{pointer_size} },
- },
-
- );
---- /dev/null
-+++ b/Configurations/50-djgpp.conf
-@@ -0,0 +1,15 @@
-+# We can't make any commitment to support the DJGPP platform,
-+# and rely entirely on the OpenSSL community to help is fine
-+# tune and test.
-+
-+%targets = (
-+ "DJGPP" => {
-+ inherit_from => [ asm("x86_asm") ],
-+ cc => "gcc",
-+ cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
-+ sys_id => "MSDOS",
-+ ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
-+ bn_ops => "BN_LLONG",
-+ perlasm_scheme => "a.out",
-+ },
-+);
---- /dev/null
-+++ b/Configurations/50-haiku.conf
-@@ -0,0 +1,29 @@
-+%targets = (
-+ "haiku-common" => {
-+ template => 1,
-+ cc => "cc",
-+ cflags => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h",
-+ debug => "-g -O0",
-+ release => "-O2"),
-+ threads("-D_REENTRANT")),
-+ sys_id => "HAIKU",
-+ ex_libs => "-lnetwork",
-+ perlasm_scheme => "elf",
-+ thread_scheme => "pthreads",
-+ dso_scheme => "dlfcn",
-+ shared_target => "gnu-shared",
-+ shared_cflag => "-fPIC",
-+ shared_ldflag => "-shared",
-+ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+ },
-+ "haiku-x86" => {
-+ inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
-+ cflags => add(picker(release => "-fomit-frame-pointer")),
-+ bn_ops => "BN_LLONG",
-+ },
-+ "haiku-x86_64" => {
-+ inherit_from => [ "haiku-common" ],
-+ cflags => add("-m64"),
-+ bn_ops => "SIXTY_FOUR_BIT_LONG",
-+ },
-+);
---- /dev/null
-+++ b/Configurations/50-masm.conf
-@@ -0,0 +1,17 @@
-+# We can't make commitment to supporting Microsoft assembler,
-+# because it would mean supporting all masm versions. This in
-+# in turn is because masm is not really an interchangeable option,
-+# while users tend to have reasons to stick with specific Visual
-+# Studio versions. It's usually lesser hassle to make it work
-+# with latest assembler, but tweaking for older versions had
-+# proven to be daunting task. This is experimental target, for
-+# production builds stick with [up-to-date version of] nasm.
-+
-+%targets = (
-+ "VC-WIN64A-masm" => {
-+ inherit_from => [ "VC-WIN64A" ],
-+ as => "ml64",
-+ asflags => "/c /Cp /Cx /Zi",
-+ asoutflag => "/Fo",
-+ },
-+);
---- a/Configurations/99-personal-ben.conf
-+++ /dev/null
-@@ -1,95 +0,0 @@
--## -*- mode: perl; -*-
--## Personal configuration targets
--
--%targets = (
-- "debug-ben" => {
-- cc => "gcc",
-- cflags => "$gcc_devteam_warn -DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -O2 -pipe",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-openbsd" => {
-- cc => "gcc",
-- cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-openbsd-debug" => {
-- cc => "gcc",
-- cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-debug" => {
-- cc => "gcc",
-- cflags => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-debug-64" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "gcc",
-- cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
-- threads("${BSDthreads}")),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "elf",
-- dso_scheme => "dlfcn",
-- shared_target => "bsd-gcc-shared",
-- shared_cflag => "-fPIC",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "debug-ben-debug-64-clang" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "clang",
-- cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
-- threads("${BSDthreads}")),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "elf",
-- dso_scheme => "dlfcn",
-- shared_target => "bsd-gcc-shared",
-- shared_cflag => "-fPIC",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "debug-ben-debug-64-noopt" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "gcc",
-- cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe",
-- threads("${BSDthreads}")),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "elf",
-- dso_scheme => "dlfcn",
-- shared_target => "bsd-gcc-shared",
-- shared_cflag => "-fPIC",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "debug-ben-macos" => {
-- cc => "cc",
-- cflags => "$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-no-opt" => {
-- cc => "gcc",
-- cflags => " -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -Werror -DL_ENDIAN -Wall -g3",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-strict" => {
-- cc => "gcc",
-- cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe",
-- thread_scheme => "(unknown)",
-- },
-- "debug-ben-darwin64" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "cc",
-- cflags => combine("$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall",
-- threads("-D_REENTRANT")),
-- sys_id => "MACOSX",
-- plib_lflags => "-Wl,-search_paths_first",
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "macosx",
-- dso_scheme => "dlfcn",
-- shared_target => "darwin-shared",
-- shared_cflag => "-fPIC -fno-common",
-- shared_ldflag => "-arch x86_64 -dynamiclib",
-- shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-- },
--);
---- a/Configurations/99-personal-bodo.conf
-+++ /dev/null
-@@ -1,21 +0,0 @@
--## -*- mode: perl; -*-
--## Personal configuration targets
--
--%targets = (
-- "debug-bodo" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "gcc",
-- cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int",
-- threads("-D_REENTRANT")),
-- ex_libs => add(" ","-ldl"),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "elf",
-- dso_scheme => "dlfcn",
-- shared_target => "linux-shared",
-- shared_cflag => "-fPIC",
-- shared_ldflag => "-m64",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- multilib => "64",
-- },
--);
---- a/Configurations/99-personal-geoff.conf
-+++ /dev/null
-@@ -1,29 +0,0 @@
--## -*- mode: perl; -*-
--## Personal configuration targets
--
--%targets = (
-- "debug-geoff32" => {
-- cc => "gcc",
-- cflags => combine("-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
-- threads("-D_REENTRANT")),
-- ex_libs => add(" ","-ldl"),
-- bn_ops => "BN_LLONG",
-- thread_scheme => "pthreads",
-- dso_scheme => "dlfcn",
-- shared_target => "linux-shared",
-- shared_cflag => "-fPIC",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "debug-geoff64" => {
-- cc => "gcc",
-- cflags => combine("-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
-- threads("-D_REENTRANT")),
-- ex_libs => add(" ","-ldl"),
-- bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
-- thread_scheme => "pthreads",
-- dso_scheme => "dlfcn",
-- shared_target => "linux-shared",
-- shared_cflag => "-fPIC",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
--);
---- a/Configurations/99-personal-levitte.conf
-+++ /dev/null
-@@ -1,21 +0,0 @@
--## -*- mode: perl; -*-
--## Personal configuration targets
--
--%targets = (
-- "levitte-linux-elf" => {
-- inherit_from => [ "linux-elf" ],
-- cflags => add(picker(debug => "-ggdb -g3")),
-- defines => add(picker(debug => "LEVITTE_DEBUG"),
-- { separator => undef }),
-- build_scheme => [ "unified", "unix" ],
-- build_file => "Makefile",
-- },
-- "levitte-linux-x86_64" => {
-- inherit_from => [ "linux-x86_64" ],
-- cflags => add(picker(debug => "-ggdb -g3")),
-- defines => add(picker(debug => "LEVITTE_DEBUG"),
-- { separator => undef }),
-- build_scheme => [ "unified", "unix" ],
-- build_file => "Makefile",
-- },
--);
---- a/Configurations/99-personal-rse.conf
-+++ /dev/null
-@@ -1,12 +0,0 @@
--## -*- mode: perl; -*-
--## Personal configuration targets
--
--%targets = (
-- "debug-rse" => {
-- inherit_from => [ "x86_elf_asm" ],
-- cc => "cc",
-- cflags => "-DL_ENDIAN -pipe -O -g -ggdb3 -Wall",
-- thread_scheme => "(unknown)",
-- bn_ops => "BN_LLONG",
-- },
--);
---- a/Configurations/99-personal-steve.conf
-+++ /dev/null
-@@ -1,50 +0,0 @@
--## -*- mode: perl; -*-
--## Personal configuration targets
--
--%targets = (
-- "debug-steve64" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "gcc",
-- cflags => combine("$gcc_devteam_warn -pthread -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -g",
-- threads("-D_REENTRANT")),
-- ex_libs => add(" ","-ldl"),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "elf",
-- dso_scheme => "dlfcn",
-- shared_target => "linux-shared",
-- shared_cflag => "-fPIC",
-- shared_ldflag => "-m64",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "debug-steve32" => {
-- inherit_from => [ "x86_elf_asm" ],
-- cc => "gcc",
-- cflags => combine("$gcc_devteam_warn -pthread -m32 -DL_ENDIAN -DCONF_DEBUG -g",
-- threads("-D_REENTRANT")),
-- lflags => "-rdynamic",
-- ex_libs => add(" ","-ldl"),
-- bn_ops => "BN_LLONG",
-- thread_scheme => "pthreads",
-- dso_scheme => "dlfcn",
-- shared_target => "linux-shared",
-- shared_cflag => "-fPIC",
-- shared_ldflag => "-m32",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
-- "debug-steve-opt" => {
-- inherit_from => [ "x86_64_asm" ],
-- cc => "gcc",
-- cflags => combine("$gcc_devteam_warn -pthread -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -g",
-- threads("-D_REENTRANT")),
-- ex_libs => add(" ","-ldl"),
-- bn_ops => "SIXTY_FOUR_BIT_LONG",
-- thread_scheme => "pthreads",
-- perlasm_scheme => "elf",
-- dso_scheme => "dlfcn",
-- shared_target => "linux-shared",
-- shared_cflag => "-fPIC",
-- shared_ldflag => "-m64",
-- shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-- },
--);
---- a/Configurations/README
-+++ b/Configurations/README
-@@ -99,8 +99,7 @@ hash table, where each entry represent a
- some options. In this case, the first
- string in the list is the name of the build
- scheme.
-- Currently recognised build schemes are
-- "unixmake" and "unified".
-+ Currently recognised build scheme is "unified".
- For the "unified" build scheme, this item
- *must* be an array with the first being the
- word "unified" and the second being a word
-@@ -380,6 +379,18 @@ item muct be the generator file. It is,
- build file template to define exactly how those command lines should
- be handled, how the output is captured and so on.
-
-+Sometimes, the generator file itself depends on other files, for
-+example if it is a perl script that depends on other perl modules.
-+This can be expressed using DEPEND like this:
-+
-+ DEPEND[asm/something.pl]=../perlasm/Foo.pm
-+
-+There may also be cases where the exact file isn't easily specified,
-+but an inclusion directory still needs to be specified. INCLUDE can
-+be used in that case:
-+
-+ INCLUDE[asm/something.pl]=../perlasm
-+
- NOTE: GENERATE lines are limited to one command only per GENERATE.
-
- As a last resort, it's possible to have raw build file lines, between
-@@ -499,6 +510,10 @@ They are all expected to return a string
-
- generatesrc(src => "PATH/TO/tobegenerated",
- generator => [ "generatingfile", ... ]
-+ generator_incs => [ "INCL/PATH", ... ]
-+ generator_deps => [ "dep1", ... ]
-+ generator => [ "generatingfile", ... ]
-+ incs => [ "INCL/PATH", ... ],
- deps => [ "dep1", ... ],
- intent => one of "libs", "dso", "bin" );
-
-@@ -508,9 +523,14 @@ They are all expected to return a string
- expected to be the file to generate from.
- generatesrc() is expected to analyse and figure out
- exactly how to apply that file and how to capture
-- the result. 'deps' is a list of explicit
-- dependencies. 'intent' indicates what the generated
-- file is going to be used for.
-+ the result. 'generator_incs' and 'generator_deps'
-+ are include directories and files that the generator
-+ file itself depends on. 'incs' and 'deps' are
-+ include directories and files that are used if $(CC)
-+ is used as an intermediary step when generating the
-+ end product (the file indicated by 'src'). 'intent'
-+ indicates what the generated file is going to be
-+ used for.
-
- src2obj - function that produces build file lines to build an
- object file from source files and associated data.
---- a/Configurations/README.design
-+++ b/Configurations/README.design
-@@ -37,7 +37,9 @@ build-file templates, adapted for the pl
- sections on %unified_info and build-file templates further down).
-
- The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
--end products.
-+end products. There are variants for them with '_NO_INST' as suffix
-+(PROGRAM_NO_INST etc) to specify end products that shouldn't get
-+installed.
-
- The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
- produced file, and their values are the source used to produce that
-@@ -91,6 +93,7 @@ depends on the library 'libssl' to funct
-
- GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
- DEPEND[buildinf.h]=../Makefile
-+ DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
-
- This is the build.info file in 'crypto', and it tells us a little more
- about what's needed to produce 'libcrypto'. LIBS is used again to
-@@ -103,9 +106,9 @@ This build.info file informs us that 'li
- source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
- It also shows us that building the object file inferred from
- 'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
--also shows the possibility to include raw build-file statements in a
--build.info file, in this case showing how 'buildinf.h' is built on
--Unix-like operating systems.
-+also shows the possibility to declare how some files are generated
-+using some script, in this case a perl script, and how such scripts
-+can be declared to depend on other files, in this case a perl module.
-
- Two things are worth an extra note:
-
-@@ -123,17 +126,24 @@ This is the build.info file in 'ssl/', a
- library 'libssl' is built from the source file 'ssl/tls.c'.
-
- # engines/build.info
-- ENGINES=libossltest
-- SOURCE[libossltest]=e_ossltest.c
-- DEPEND[libossltest]=../libcrypto
-- INCLUDE[libossltest]=../include
--
--This is the build.info file in 'engines/', telling us that an engine
--called 'engines/libossltest' shall be built, that it's source is
-+ ENGINES=dasync
-+ SOURCE[dasync]=e_dasync.c
-+ DEPEND[dasync]=../libcrypto
-+ INCLUDE[dasync]=../include
-+
-+ ENGINES_NO_INST=ossltest
-+ SOURCE[ossltest]=e_ossltest.c
-+ DEPEND[ossltest]=../libcrypto
-+ INCLUDE[ossltest]=../include
-+
-+This is the build.info file in 'engines/', telling us that two engines
-+called 'engines/dasync' and 'engines/ossltest' shall be built, that
-+dasync's source is 'engines/e_dasync.c' and ossltest's source is
- 'engines/e_ossltest.c' and that the include directory 'include/' may
--be used when building anything that will be part of this engine.
--Finally, the engine 'engines/libossltest' depends on the library
--'libcrypto' to function properly.
-+be used when building anything that will be part of these engines.
-+Also, both engines depend on the library 'libcrypto' to function
-+properly. Finally, only dasync is being installed, as ossltest is
-+only for internal testing.
-
- When Configure digests these build.info files, the accumulated
- information comes down to this:
-@@ -153,13 +163,19 @@ When Configure digests these build.info
- INCLUDE[apps/openssl]=. include
- DEPEND[apps/openssl]=libssl
-
-- ENGINES=engines/libossltest
-- SOURCE[engines/libossltest]=engines/e_ossltest.c
-- DEPEND[engines/libossltest]=libcrypto
-- INCLUDE[engines/libossltest]=include
-+ ENGINES=engines/dasync
-+ SOURCE[engines/dasync]=engines/e_dasync.c
-+ DEPEND[engines/dasync]=libcrypto
-+ INCLUDE[engines/dasync]=include
-+
-+ ENGINES_NO_INST=engines/ossltest
-+ SOURCE[engines/ossltest]=engines/e_ossltest.c
-+ DEPEND[engines/ossltest]=libcrypto
-+ INCLUDE[engines/ossltest]=include
-
- GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
- DEPEND[crypto/buildinf.h]=Makefile
-+ DEPEND[util/mkbuildinf.pl]=util/Foo.pm
-
-
- A few notes worth mentioning:
-@@ -170,13 +186,14 @@ PROGRAMS may be used to declare programs
-
- ENGINES may be used to declare engines only.
-
--The indexes for SOURCE, INCLUDE and ORDINALS must only be end product
--files, such as libraries, programs or engines. The values of SOURCE
-+The indexes for SOURCE and ORDINALS must only be end product files,
-+such as libraries, programs or engines. The values of SOURCE
- variables must only be source files (possibly generated)
-
--DEPEND shows a relationship between different produced files, such
--as a program depending on a library, or between an object file and
--some extra source file.
-+INCLUDE and DEPEND shows a relationship between different files
-+(usually produced files) or between files and directories, such as a
-+program depending on a library, or between an object file and some
-+extra source file.
-
- When Configure processes the build.info files, it will take it as
- truth without question, and will therefore perform very few checks.
-@@ -202,10 +219,19 @@ collected into the %unified_info databas
- engines => a list of engines. These are directly inferred from
- the ENGINES variable in build.info files.
-
-+ generate => a hash table containing 'file' => [ 'generator' ... ]
-+ pairs. These are directly inferred from the GENERATE
-+ variables in build.info files.
-+
- includes => a hash table containing 'file' => [ 'include' ... ]
- pairs. These are directly inferred from the INCLUDE
- variables in build.info files.
-
-+ install => a hash table containing 'type' => [ 'file' ... ] pairs.
-+ The types are 'programs', 'libraries', 'engines' and
-+ 'scripts', and the array of files list the files of
-+ that type that should be installed.
-+
- libraries => a list of libraries. These are directly inferred from
- the LIBS variable in build.info files.
-
-@@ -247,11 +273,15 @@ As an example, here is how the build.inf
- [
- "libssl",
- ],
-+ "crypto/buildinf.h" =>
-+ [
-+ "Makefile",
-+ ],
- "crypto/cversion.o" =>
- [
- "crypto/buildinf.h",
- ],
-- "engines/libossltest" =>
-+ "engines/ossltest" =>
- [
- "libcrypto",
- ],
-@@ -259,11 +289,26 @@ As an example, here is how the build.inf
- [
- "libcrypto",
- ],
-+ "util/mkbuildinf.pl" =>
-+ [
-+ "util/Foo.pm",
-+ ],
- },
- "engines" =>
- [
-- "engines/libossltest",
-+ "engines/dasync",
-+ "engines/ossltest",
- ],
-+ "generate" =>
-+ {
-+ "crypto/buildinf.h" =>
-+ [
-+ "util/mkbuildinf.pl",
-+ "\"\$(CC)",
-+ "\$(CFLAGS)\"",
-+ "\"$(PLATFORM)\"",
-+ ],
-+ },
- "includes" =>
- {
- "apps/openssl" =>
-@@ -271,7 +316,7 @@ As an example, here is how the build.inf
- ".",
- "include",
- ],
-- "engines/libossltest" =>
-+ "engines/ossltest" =>
- [
- "include"
- ],
-@@ -283,7 +328,27 @@ As an example, here is how the build.inf
- [
- "include",
- ],
-+ "util/mkbuildinf.pl" =>
-+ [
-+ "util",
-+ ],
- }
-+ "install" =>
-+ {
-+ "engines" =>
-+ [
-+ "engines/dasync",
-+ ],
-+ "libraries" =>
-+ [
-+ "libcrypto",
-+ "libssl",
-+ ],
-+ "programs" =>
-+ [
-+ "apps/openssl",
-+ ],
-+ },
- "libraries" =>
- [
- "libcrypto",
-@@ -308,9 +373,6 @@ As an example, here is how the build.inf
- ],
- "rawlines" =>
- [
-- "crypto/buildinf.h : Makefile",
-- " perl util/mkbuildinf.h \"\$(CC) \$(CFLAGS)\" \"\$(PLATFORM)\" \\"
-- " > crypto/buildinf.h"
- ],
- "sources" =>
- {
-@@ -338,7 +400,7 @@ As an example, here is how the build.inf
- [
- "engines/e_ossltest.c",
- ],
-- "engines/libossltest" =>
-+ "engines/ossltest" =>
- [
- "engines/e_ossltest.o",
- ],
-@@ -382,6 +444,34 @@ build static libraries from object files
- from static libraries, to programs from object files and libraries,
- etc.
-
-+ generatesrc - function that produces build file lines to generate
-+ a source file from some input.
-+
-+ It's called like this:
-+
-+ generatesrc(src => "PATH/TO/tobegenerated",
-+ generator => [ "generatingfile", ... ]
-+ generator_incs => [ "INCL/PATH", ... ]
-+ generator_deps => [ "dep1", ... ]
-+ incs => [ "INCL/PATH", ... ],
-+ deps => [ "dep1", ... ],
-+ intent => one of "libs", "dso", "bin" );
-+
-+ 'src' has the name of the file to be generated.
-+ 'generator' is the command or part of command to
-+ generate the file, of which the first item is
-+ expected to be the file to generate from.
-+ generatesrc() is expected to analyse and figure out
-+ exactly how to apply that file and how to capture
-+ the result. 'generator_incs' and 'generator_deps'
-+ are include directories and files that the generator
-+ file itself depends on. 'incs' and 'deps' are
-+ include directories and files that are used if $(CC)
-+ is used as an intermediary step when generating the
-+ end product (the file indicated by 'src'). 'intent'
-+ indicates what the generated file is going to be
-+ used for.
-+
- src2obj - function that produces build file lines to build an
- object file from source files and associated data.
-
-@@ -501,7 +591,7 @@ programs and all intermediate files, usi
- functions defined in the build-file template.
-
- As an example with the smaller build.info set we've seen as an
--example, producing the rules to build 'libssl' would result in the
-+example, producing the rules to build 'libcrypto' would result in the
- following calls:
-
- # Note: libobj2shlib will only be called if shared libraries are
-@@ -509,25 +599,43 @@ example, producing the rules to build 'l
- # Note 2: libobj2shlib gets both the name of the static library
- # and the names of all the object files that go into it. It's up
- # to the implementation to decide which to use as input.
-- libobj2shlib(shlib => "libssl",
-- lib => "libssl",
-- objs => [ "ssl/tls.o" ],
-- deps => [ "libcrypto" ]
-- ordinals => [ "ssl", "util/libssl.num" ]);
--
-- obj2lib(lib => "libssl"
-- objs => [ "ssl/tls.o" ]);
--
-- # Note 3: common.tmpl peals off the ".o" extension, as the
-- # platform at hand may have a different one.
-- src2obj(obj => "ssl/tls"
-- srcs => [ "ssl/tls.c" ],
-+ # Note 3: common.tmpl peals off the ".o" extension from all object
-+ # files, as the platform at hand may have a different one.
-+ libobj2shlib(shlib => "libcrypto",
-+ lib => "libcrypto",
-+ objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
-+ deps => [ ]
-+ ordinals => [ "crypto", "util/libcrypto.num" ]);
-+
-+ obj2lib(lib => "libcrypto"
-+ objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
-+
-+ src2obj(obj => "crypto/aes"
-+ srcs => [ "crypto/aes.c" ],
-+ deps => [ ],
-+ incs => [ "include" ],
-+ intent => "lib");
-+
-+ src2obj(obj => "crypto/evp"
-+ srcs => [ "crypto/evp.c" ],
- deps => [ ],
-- incs => [ "include" ]);
-+ incs => [ "include" ],
-+ intent => "lib");
-
-- src2dep(obj => "ssl/tls"
-- srcs => [ "ssl/tls.c" ],
-- incs => [ "include" ]);
-+ src2obj(obj => "crypto/cversion"
-+ srcs => [ "crypto/cversion.c" ],
-+ deps => [ "crypto/buildinf.h" ],
-+ incs => [ "include" ],
-+ intent => "lib");
-+
-+ generatesrc(src => "crypto/buildinf.h",
-+ generator => [ "util/mkbuildinf.pl", "\"$(CC)",
-+ "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
-+ generator_incs => [ "util" ],
-+ generator_deps => [ "util/Foo.pm" ],
-+ incs => [ ],
-+ deps => [ ],
-+ intent => "lib");
-
- The returned strings from all those calls are then concatenated
- together and written to the resulting build-file.
---- a/Configurations/common.tmpl
-+++ b/Configurations/common.tmpl
-@@ -1,7 +1,9 @@
- {- # -*- Mode: perl -*-
-
-- # A cache of objects for which a recipe has already been generated
-- my %cache;
-+ use File::Basename;
-+
-+ # A cache of objects for which a recipe has already been generated
-+ my %cache;
-
- # resolvedepends and reducedepends work in tandem to make sure
- # there are no duplicate dependencies and that they are in the
-@@ -42,8 +44,13 @@
- my $bin = shift;
- my %opts = @_;
- if ($unified_info{generate}->{$src}) {
-+ die "$src is generated by Configure, should not appear in build file\n"
-+ if ref $unified_info{generate}->{$src} eq "";
-+ my $script = $unified_info{generate}->{$src}->[0];
- $OUT .= generatesrc(src => $src,
- generator => $unified_info{generate}->{$src},
-+ generator_incs => $unified_info{includes}->{$script},
-+ generator_deps => $unified_info{depends}->{$script},
- deps => $unified_info{depends}->{$src},
- incs => [ @{$unified_info{includes}->{$bin}},
- @{$unified_info{includes}->{$obj}} ],
-@@ -153,9 +160,62 @@
- $cache{$script} = 1;
- }
-
-+ sub dodir {
-+ my $dir = shift;
-+ return "" if !exists(&generatedir) or $cache{$dir};
-+ $OUT .= generatedir(dir => $dir,
-+ deps => $unified_info{dirinfo}->{$dir}->{deps},
-+ %{$unified_info{dirinfo}->{$_}->{products}});
-+ $cache{$dir} = 1;
-+ }
-+
- # Start with populating the cache with all the overrides
- %cache = map { $_ => 1 } @{$unified_info{overrides}};
-
-+ # For convenience collect information regarding directories where
-+ # files are generated, those generated files and the end product
-+ # they end up in where applicable. Then, add build rules for those
-+ # directories
-+ if (exists &generatedir) {
-+ my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
-+ "lib" => [ @{$unified_info{libraries}} ],
-+ "bin" => [ @{$unified_info{programs}} ],
-+ "script" => [ @{$unified_info{scripts}} ] );
-+ foreach my $type (keys %loopinfo) {
-+ foreach my $product (@{$loopinfo{$type}}) {
-+ my %dirs = ();
-+ my $pd = dirname($product);
-+
-+ # We already have a "test" target, and the current directory
-+ # is just silly to make a target for
-+ $dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
-+
-+ foreach (@{$unified_info{sources}->{$product}}) {
-+ my $d = dirname($_);
-+
-+ # We don't want to create targets for source directories
-+ # when building out of source
-+ next if ($config{sourcedir} ne $config{builddir}
-+ && $d =~ m|^\Q$config{sourcedir}\E|);
-+ # We already have a "test" target, and the current directory
-+ # is just silly to make a target for
-+ next if $d eq "test" || $d eq ".";
-+
-+ $dirs{$d} = 1;
-+ push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
-+ if $d ne $pd;
-+ }
-+ foreach (keys %dirs) {
-+ push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
-+ $product;
-+ }
-+ }
-+ }
-+ }
-+
-+ # Build mandatory generated headers
-+ foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
-+
- # Build all known libraries, engines, programs and scripts.
- # Everything else will be handled as a consequence.
- foreach (@{$unified_info{libraries}}) { dolib($_); }
-@@ -163,6 +223,8 @@
- foreach (@{$unified_info{programs}}) { dobin($_); }
- foreach (@{$unified_info{scripts}}) { doscript($_); }
-
-+ foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); }
-+
- # Finally, should there be any applicable BEGINRAW/ENDRAW sections,
- # they are added here.
- $OUT .= $_."\n" foreach @{$unified_info{rawlines}};
---- a/Configurations/descrip.mms.tmpl
-+++ b/Configurations/descrip.mms.tmpl
-@@ -9,6 +9,9 @@
- our $osslprefix = 'OSSL$';
- (our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/;
-
-+ our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor};
-+ our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
-+
- our $sourcedir = $config{sourcedir};
- our $builddir = $config{builddir};
- sub sourcefile {
-@@ -37,14 +40,24 @@
- "";
- }
-
-+ # Because we need to make two computations of these data,
-+ # we store them in arrays for reuse
-+ our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}};
-+ our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}};
-+ our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
-+ grep { defined $unified_info{generate}->{$_} }
-+ map { @{$unified_info{sources}->{$_}} }
-+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
-+ ( grep { /\.h$/ } keys %{$unified_info{generate}} ) );
-+
- # This is a horrible hack, but is needed because recursive inclusion of files
- # in different directories does not work well with HP C.
- my $sd = sourcedir("crypto", "async", "arch");
- foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) {
- (my $x = $_) =~ s|\.o$|.OBJ|;
- $unified_info{before}->{$x}
-- = qq(arch = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
-- define arch 'arch');
-+ = qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
-+ define arch 'arch_include');
- $unified_info{after}->{$x}
- = qq(deassign arch);
- }
-@@ -52,10 +65,10 @@
- my $sd2 = sourcedir("ssl","statem");
- $unified_info{before}->{"[.test]heartbeat_test.OBJ"}
- = $unified_info{before}->{"[.test]ssltest_old.OBJ"}
-- = qq(record = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
-- define record 'record'
-- statem = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
-- define statem 'statem');
-+ = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
-+ define record 'record_include'
-+ statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
-+ define statem 'statem_include');
- $unified_info{after}->{"[.test]heartbeat_test.OBJ"}
- = $unified_info{after}->{"[.test]ssltest.OBJ"}
- = qq(deassign statem
-@@ -63,10 +76,10 @@
- foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) {
- (my $x = $_) =~ s|\.o$|.OBJ|;
- $unified_info{before}->{$x}
-- = qq(record = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
-- define record 'record'
-- statem = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
-- define statem 'statem');
-+ = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
-+ define record 'record_include'
-+ statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
-+ define statem 'statem_include');
- $unified_info{after}->{$x}
- = qq(deassign statem
- deassign record);
-@@ -80,7 +93,11 @@ PLATFORM={- $config{target} -}
- OPTIONS={- $config{options} -}
- CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
- SRCDIR={- $config{sourcedir} -}
--BUILDDIR={- $config{builddir} -}
-+BLDDIR={- $config{builddir} -}
-+
-+# Allow both V and VERBOSE to indicate verbosity. This only applies
-+# to testing.
-+VERBOSE=$(V)
-
- VERSION={- $config{version} -}
- MAJOR={- $config{major} -}
-@@ -95,13 +112,12 @@ EXE_EXT=.EXE
- LIB_EXT=.OLB
- SHLIB_EXT=.EXE
- OBJ_EXT=.OBJ
--DEP_EXT=.MMS
-+DEP_EXT=.D
-
- LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{libraries}}) -}
--SHLIBS={- join(" ", map { $_."\$(SHLIB_EXT)" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
-+SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
- ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -}
--PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } grep { !m|^\[\.test\]| } @{$unified_info{programs}}) -}
--TESTPROGS={- join(", ", map { "-\n\t".$_.".EXE" } grep { m|^\[\.test\]| } @{$unified_info{programs}}) -}
-+PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
- SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
- {- output_off() if $disabled{makedepend}; "" -}
- DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
-@@ -109,6 +125,17 @@ DEPS={- our @deps = map { (my $x = $_) =
- keys %{$unified_info{sources}};
- join(", ", map { "-\n\t".$_ } @deps); -}
- {- output_on() if $disabled{makedepend}; "" -}
-+GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
-+GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -}
-+
-+INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
-+INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
-+INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
-+{- output_off() if $disabled{apps}; "" -}
-+BIN_SCRIPTS=[.tools]c_rehash.pl
-+MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
-+{- output_on() if $disabled{apps}; "" -}
-
- # DESTDIR is for package builders so that they can configure for, say,
- # SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
-@@ -119,24 +146,28 @@ DEPS={- our @deps = map { (my $x = $_) =
- DESTDIR=
-
- # Do not edit this manually. Use Configure --prefix=DIR to change this!
--INSTALLTOP={- (my $x = $config{version}) =~ s|\.|_|g;
-- our $installtop =
-- catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL-$x]";
-+INSTALLTOP={- our $installtop =
-+ catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]";
- $installtop -}
- SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
- # This is the standard central area to store certificates, private keys...
- OPENSSLDIR={- catdir($config{openssldir}) ||
- $config{prefix} ? catdir($config{prefix},"COMMON")
- : "SYS\$COMMON:[OPENSSL-COMMON]" -}
--# Where installed engines reside
--ENGINESDIR={- $osslprefix -}ENGINES:
-+# The same, but for C
-+OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000]
-+# Where installed engines reside, for C
-+ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}:
-
- CC= {- $target{cc} -}
--CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
-+CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
- CFLAGS_Q=$(CFLAGS)
- DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -})
- LDFLAGS= {- $target{lflags} -}
- EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -}
-+LIB_CFLAGS={- $target{lib_cflags} || "" -}
-+DSO_CFLAGS={- $target{dso_cflags} || "" -}
-+BIN_CFLAGS={- $target{bin_cflags} || "" -}
-
- PERL={- $config{perl} -}
-
-@@ -210,27 +241,30 @@ NODEBUG=@
-
- # The main targets ###################################################
-
--all : configdata.pm, -
-- build_libs_nodep, build_engines_nodep, build_apps_nodep, -
-+all : build_generated, -
-+ build_libs_nodep, build_engines_nodep, build_programs_nodep, -
- depend
-
--build_libs : configdata.pm, build_libs_nodep, depend
--build_libs_nodep : $(LIBS)
--build_engines : configdata.pm, build_engines_nodep, depend
-+build_libs : build_generated, build_libs_nodep, depend
-+build_libs_nodep : $(LIBS), $(SHLIBS)
-+build_engines : build_generated, build_engines_nodep, depend
- build_engines_nodep : $(ENGINES)
--build_apps : configdata.pm, build_apps_nodep, depend
--build_apps_nodep : $(PROGRAMS), $(SCRIPTS)
--build_tests : configdata.pm, build_tests_nodep, depend
--build_tests_nodep : $(TESTPROGS)
-+build_programs : build_generated, build_programs_nodep, depend
-+build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
-
--test tests : configdata.pm, -
-- build_apps_nodep, build_engines_nodep, build_tests_nodep, -
-+build_generated : $(GENERATED_MANDATORY)
-+
-+# Kept around for backward compatibility
-+build_apps build_tests : build_programs
-+
-+test tests : build_generated, build_programs_nodep, build_engines_nodep, -
- depend
- @ ! {- output_off() if $disabled{tests}; "" -}
- SET DEFAULT [.test]{- move("test") -}
- DEFINE SRCTOP {- sourcedir() -}
- DEFINE BLDTOP {- builddir() -}
- DEFINE OPENSSL_ENGINES {- builddir("engines") -}
-+ IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
- $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
- DEASSIGN OPENSSL_ENGINES
- DEASSIGN BLDTOP
-@@ -241,26 +275,23 @@ test tests : configdata.pm, -
- @ ! {- output_on() if !$disabled{tests}; "" -}
-
- list-tests :
-- @ TOP=$(SRCDIR) PERL=$(PERL) $(PERL) {- catfile($config{sourcedir},"test", "run_tests.pl") -} list
--
--# Because VMS wants the generation number (or *) to delete files, we can't
--# use $(LIBS), $(PROGRAMS) and $(TESTPROGS) directly.
--libclean :
-- - DELETE []OSSL$LIB*.OLB;*,OSSL$LIB*.LIS;*
-- - DELETE [.crypto...]*.OBJ;*,*.LIS;*
-- - DELETE [.ssl...]*.OBJ;*,*.LIS;*
-- - DELETE [.engines...]*.OBJ;*,*.LIS;*
-- - DELETE []CXX$DEMANGLER_DB.;*
-+ @ ! {- output_off() if $disabled{tests}; "" -}
-+ @ DEFINE SRCTOP {- sourcedir() -}
-+ @ $(PERL) {- sourcefile("test", "run_tests.pl") -} list
-+ @ DEASSIGN SRCTOP
-+ @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
-+ @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
-+ @ ! {- output_on() if !$disabled{tests}; "" -}
-
--install : install_sw install_docs
-+install : install_sw install_ssldirs install_docs
- @ WRITE SYS$OUTPUT ""
- @ WRITE SYS$OUTPUT "######################################################################"
- @ WRITE SYS$OUTPUT ""
- @ IF "$(DESTDIR)" .EQS. "" THEN -
- PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
- WRITE SYS$OUTPUT "" ; -
-- WRITE SYS$OUTPUT "Run @$(INSTALLTOP)openssl_startup to set up logical names" ; -
-- WRITE SYS$OUTPUT "then run @$(INSTALLTOP)openssl_setup to define commands" ; -
-+ WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
-+ WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
- WRITE SYS$OUTPUT "" )
- @ IF "$(DESTDIR)" .NES. "" THEN -
- PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
-@@ -273,21 +304,37 @@ install : install_sw install_docs
- WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
- WRITE SYS$OUTPUT "" ; -
- WRITE SYS$OUTPUT "When in its final destination," ; -
-- WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup to set up logical names" ; -
-- WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils to define commands" ; -
-+ WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
-+ WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
- WRITE SYS$OUTPUT "" )
-
-+check_install :
-+ spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
-+
- uninstall : uninstall_docs uninstall_sw
-
-+# Because VMS wants the generation number (or *) to delete files, we can't
-+# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly.
-+libclean :
-+ {- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -}
-+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -}
-+
- clean : libclean
-- - DELETE []OSSL$LIB*.EXE;*,OSSL$LIB*.MAP;*,OSSL$LIB*.OPT;*
-- - DELETE [.engines...]LIB*.EXE;*,LIB*.MAP;*,LIB*.OPT;*
-- - DELETE [.apps]*.EXE;*,*.MAP;*,*.OPT;*
-- - DELETE [.apps]*.OBJ;*,*.LIS;*
-- - DELETE [.test]*.EXE;*,*.MAP;*,*.OPT;*
-- - DELETE [.test]*.OBJ;*,*.LIS;*
-- - DELETE [.test]*.LOG;*
-- - DELETE []*.MAP;*
-+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -}
-+ {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -}
-+ {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -}
-+ {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -}
-+ - DELETE [...]*.MAP;*
-+ - DELETE [...]*.D;*
-+ - DELETE [...]*.OBJ;*,*.LIS;*
-+ - DELETE []CXX$DEMANGLER_DB.;*
-+ - DELETE [.VMS]openssl_startup.com;*
-+ - DELETE [.VMS]openssl_shutdown.com;*
-+ - DELETE []vmsconfig.pm;*
-+
-+distclean : clean
-+ - DELETE configdata.pm;*
-+ - DELETE descrip.mms;*
-
- depend : descrip.mms
- descrip.mms : FORCE
-@@ -306,82 +353,116 @@ descrip.mms : FORCE
-
- # Install helper targets #############################################
-
--install_sw : all install_dev install_engines install_runtime install_config
-+install_sw : all install_shared _install_dev_ns -
-+ install_engines _install_runtime_ns -
-+ install_startup install_ivp
-
--uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime uninstall_config
-+uninstall_sw : uninstall_shared _uninstall_dev_ns -
-+ uninstall_engines _uninstall_runtime_ns -
-+ uninstall_startup uninstall_ivp
-
--install_docs : install_man_docs install_html_docs
-+install_docs : install_html_docs
-+
-+uninstall_docs : uninstall_html_docs
-+
-+install_ssldirs : check_INSTALLTOP
-+ - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
-+ IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
-+ CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
-+ IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
-+ CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
-+ IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN -
-+ CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC]
-+ COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC]
-+ @ ! Install configuration file
-+ COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
-+ ossl_dataroot:[000000]openssl.cnf-dist
-+ IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
-+ COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
-+ ossl_dataroot:[000000]openssl.cnf
-
--uninstall_docs : uninstall_man_docs uninstall_html_docs
-+install_shared : check_INSTALLTOP
-+ @ {- output_off() if $disabled{shared}; "" -} !
-+ @ WRITE SYS$OUTPUT "*** Installing shareable images"
-+ @ ! Install shared (runtime) libraries
-+ - CREATE/DIR ossl_installroot:[LIB.'arch']
-+ {- join("\n ",
-+ map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
-+ @install_shlibs) -}
-+ @ {- output_on() if $disabled{shared}; "" -} !
-
--install_dev : check_INSTALLTOP
-+_install_dev_ns : check_INSTALLTOP
- @ WRITE SYS$OUTPUT "*** Installing development files"
- @ ! Install header files
- - CREATE/DIR ossl_installroot:[include.openssl]
- COPY/PROT=W:R openssl:*.h ossl_installroot:[include.openssl]
-- @ ! Install libraries
-+ @ ! Install static (development) libraries
- - CREATE/DIR ossl_installroot:[LIB.'arch']
- {- join("\n ",
- map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
-- @{$unified_info{libraries}}) -}
-- @ {- output_off() if $disabled{shared}; "" -} !
-- {- join("\n ",
-- map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[LIB.'arch']" }
-- map { $unified_info{sharednames}->{$_} || () }
-- @{$unified_info{libraries}}) -}
-- @ {- output_on() if $disabled{shared}; "" -} !
-+ @{$unified_info{install}->{libraries}}) -}
-+
-+install_dev : install_shared _install_dev_ns
-
--install_runtime : check_INSTALLTOP
-- @ ! {- output_off() if $disabled{apps}; "" -}
-- @ WRITE SYS$OUTPUT "*** Installing runtime files"
-+_install_runtime_ns : check_INSTALLTOP
- @ ! Install the main program
- - CREATE/DIR ossl_installroot:[EXE.'arch']
-- COPY/PROT=W:RE [.APPS]openssl.EXE ossl_installroot:[EXE.'arch']
-+ COPY/PROT=W:RE [.APPS]openssl.EXE -
-+ ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
- @ ! Install scripts
-- - CREATE/DIR ossl_installroot:[EXE]
-- COPY/PROT=W:RE [.APPS]CA.pl ossl_installroot:[EXE]
-- COPY/PROT=W:RE [.TOOLS]c_rehash. ossl_installroot:[EXE]c_rehash.pl
-+ COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
- @ ! {- output_on() if $disabled{apps}; "" -}
-- @ ! Install configuration file
-- - CREATE/DIR ossl_dataroot:[000000]
-- COPY/PROT=W:RE {- sourcefile("apps", "openssl-vms.cnf") -} -
-- ossl_dataroot:[000000]openssl.cnf
-+
-+install_runtime : install_shared _install_runtime_ns
-
- install_engines : check_INSTALLTOP
- @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
- @ WRITE SYS$OUTPUT "*** Installing engines"
-- - CREATE/DIR ossl_installroot:[ENGINES.'arch']
-+ - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
- {- join("\n ",
-- map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES.'arch']" }
-- grep(!m|ossltest$|i, @{$unified_info{engines}})) -}
-+ map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
-+ @{$unified_info{install}->{engines}}) -}
- @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
-
--install_config : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
-- check_INSTALLTOP
-- IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
-- CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
-- IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
-- CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
-+install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
-+ [.VMS]openssl_utils.com, check_INSTALLTOP
- - CREATE/DIR ossl_installroot:[SYS$STARTUP]
-- COPY/PROT=W:RE -
-- [.VMS]openssl_startup.com,openssl_shutdown.com -
-- ossl_installroot:[SYS$STARTUP]
-- COPY/PROT=W:RE -
-- {- sourcefile("VMS", "openssl_utils.com") -} -
-- ossl_installroot:[SYS$STARTUP]
-+ COPY/PROT=W:RE [.VMS]openssl_startup.com -
-+ ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com
-+ COPY/PROT=W:RE [.VMS]openssl_shutdown.com -
-+ ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com
-+ COPY/PROT=W:RE [.VMS]openssl_utils.com -
-+ ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com
-+
-+install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP
-+ - CREATE/DIR ossl_installroot:[SYSTEST]
-+ COPY/PROT=W:RE [.VMS]openssl_ivp.com -
-+ ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
-
--[.VMS]openssl_startup.com : vmsconfig.pm
-+[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -}
- - CREATE/DIR [.VMS]
- $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
- {- sourcefile("VMS", "openssl_startup.com.in") -} -
- > [.VMS]openssl_startup.com
-
--[.VMS]openssl_shutdown.com : vmsconfig.pm
-+[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -}
-+ - CREATE/DIR [.VMS]
-+ $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
-+ {- sourcefile("VMS", "openssl_utils.com.in") -} -
-+ > [.VMS]openssl_utils.com
-+
-+[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -}
- - CREATE/DIR [.VMS]
- $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
- {- sourcefile("VMS", "openssl_shutdown.com.in") -} -
- > [.VMS]openssl_shutdown.com
-
-+[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -}
-+ - CREATE/DIR [.VMS]
-+ $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
-+ {- sourcefile("VMS", "openssl_ivp.com.in") -} -
-+ > [.VMS]openssl_ivp.com
-+
- vmsconfig.pm : configdata.pm
- OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm
- WRITE CONFIG "package vmsconfig;"
-@@ -390,15 +471,14 @@ vmsconfig.pm : configdata.pm
- WRITE CONFIG "our @ISA = qw(Exporter);"
- WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);"
- WRITE CONFIG "our %config = ("
-- WRITE CONFIG " target => '{- $config{target} -}',"
-- WRITE CONFIG " version => '$(MAJOR).$(MINOR)',"
-+ WRITE CONFIG " target => '","{- $config{target} -}","',"
-+ WRITE CONFIG " version => '","{- $config{version} -}","',"
-+ WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","',"
-+ WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","',"
- WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","',"
- WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)',"
- WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)',"
-- WRITE CONFIG " pointersize => '","{- $target{pointersize} -}","',"
-- WRITE CONFIG " shared_libs => ["
-- {- join("\n ", map { "WRITE CONFIG \" '$_'," } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "\@ !" -}
-- WRITE CONFIG " ],"
-+ WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","',"
- WRITE CONFIG ");"
- WRITE CONFIG "our %target = ();"
- WRITE CONFIG "our %disabled = ();"
-@@ -407,6 +487,10 @@ vmsconfig.pm : configdata.pm
- WRITE CONFIG "1;"
- CLOSE CONFIG
-
-+install_html_docs : check_INSTALLTOP
-+ @ $(PERL) {- sourcefile("util", "process_docs.pl") -} -
-+ --destdir=ossl_installroot:[HTML] --type=html
-+
- check_INSTALLTOP :
- @ IF "$(INSTALLTOP)" .EQS. "" THEN -
- WRITE SYS$ERROR "INSTALLTOP should not be empty"
-@@ -418,9 +502,7 @@ vmsconfig.pm : configdata.pm
- # Developer targets ##################################################
-
- debug_logicals :
-- SH LOGICAL/PROC openssl,internal,ossl_installroot
-- IF "$(DESTDIR)" .EQS. "" THEN -
-- SH LOGICAL/PROC ossl_dataroot
-+ SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot
-
- # Building targets ###################################################
-
-@@ -441,13 +523,25 @@ configdata.pm : {- join(" ", sourcefile(
- sub generatesrc {
- my %args = @_;
- my $generator = join(" ", @{$args{generator}});
-- my $deps = join(", -\n\t\t", @{$args{deps}});
-+ my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}});
-+ my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}});
-
- if ($args{src} !~ /\.[sS]$/) {
-- return <<"EOF";
-+ if ($args{generator}->[0] =~ m|^.*\.in$|) {
-+ my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
-+ "util", "dofile.pl")),
-+ rel2abs($config{builddir}));
-+ return <<"EOF";
- $args{src} : $args{generator}->[0] $deps
-- \$(PERL) $generator > \$@
-+ \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\
-+ "-o$target{build_file}" $generator > \$@
- EOF
-+ } else {
-+ return <<"EOF";
-+$args{src} : $args{generator}->[0] $deps
-+ \$(PERL)$generator_incs $generator > \$@
-+EOF
-+ }
- } else {
- die "No method to generate assembler source present.\n";
- }
-@@ -471,6 +565,9 @@ EOF
- my $srcs =
- join(", ",
- map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
-+ my $ecflags = { lib => '$(LIB_CFLAGS)',
-+ dso => '$(DSO_CFLAGS)',
-+ bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
- my $incs_on = "\@ !";
- my $incs_off = "\@ !";
- my $incs = "";
-@@ -494,20 +591,20 @@ EOF
- my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
- my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
- my $depbuild = $disabled{makedepend} ? ""
-- : " /MMS=(FILE=${objd}${objn}.tmp-MMS,TARGET=$obj.OBJ)";
-+ : " /MMS=(FILE=${objd}${objn}.tmp-D,TARGET=$obj.OBJ)";
-
- return <<"EOF";
- $obj.OBJ : $deps
- ${before}
- SET DEFAULT $forward
- $incs_on
-- \$(CC) \$(CFLAGS)${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
-+ \$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
- $incs_off
- SET DEFAULT $backward
- ${after}
-- \@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.MMS"",""$obj.tmp-MMS""); exit(0x10000000 + (\$x == 0));" || -
-- RENAME $obj.tmp-MMS $obj.mms )
-- \@ IF F\$SEARCH("$obj.tmp-MMS") .NES. "" THEN DELETE $obj.tmp-MMS;*
-+ \@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.D"",""$obj.tmp-D""); exit(0x10000000 + (\$x == 0));" || -
-+ RENAME $obj.tmp-D $obj.d )
-+ \@ IF F\$SEARCH("$obj.tmp-D") .NES. "" THEN DELETE $obj.tmp-D;*
- - PURGE $obj.OBJ
- EOF
- }
-@@ -517,7 +614,7 @@ EOF
- my $shlib = $args{shlib};
- my $libd = dirname($lib);
- my $libn = basename($lib);
-- (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib//i;
-+ (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
-@@ -545,22 +642,18 @@ EOF
- || "\@ !";
- return <<"EOF";
- $shlib.EXE : $lib.OLB $deps $ordinalsfile
-- IF "$mkdef_key" .EQS. "ssl" .OR. "$mkdef_key" .EQS. "crypto" THEN -
-- \$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp
-- IF "$mkdef_key" .EQS. "ssl" .OR. "$mkdef_key" .EQS. "crypto" THEN -
-- \$(PERL) $translatesyms_pl \$(BUILDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC
-+ \$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp
-+ \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC
-+ DELETE $shlib.SYMVEC-tmp;*
- OPEN/WRITE/SHARE=READ OPT_FILE $shlib.OPT
- WRITE OPT_FILE "IDENTIFICATION=""V$config{version}"""
-- IF "$mkdef_key" .NES. "ssl" .AND. "$mkdef_key" .NES. "crypto" THEN -
-- TYPE $engine_opt /OUTPUT=OPT_FILE:
-- IF "$mkdef_key" .EQS. "ssl" .OR. "$mkdef_key" .EQS. "crypto" THEN -
-- TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE:
-+ TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE:
- WRITE OPT_FILE "$lib.OLB/LIBRARY"
-- $write_opt ! Comment to protect from empty line
-+ $write_opt
- CLOSE OPT_FILE
- LINK /MAP=$shlib.MAP /FULL/SHARE=$shlib.EXE $shlib.OPT/OPT \$(EX_LIBS)
-- - DELETE $shlib.SYMVEC;*
-- - PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP
-+ DELETE $shlib.SYMVEC;*
-+ PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP
- EOF
- }
- sub obj2dso {
-@@ -609,7 +702,7 @@ EOF
- @{$args{objs}}));
- return <<"EOF";
- $lib.OLB : $objs
-- LIBRARY/CREATE/OBJECT $lib
-+ LIBRARY/CREATE/OBJECT $lib.OLB
- $fill_lib
- - PURGE $lib.OLB
- EOF
-@@ -656,7 +749,7 @@ EOF
- rel2abs($config{builddir}));
- return <<"EOF";
- $script : $sources
-- \$(PERL) "-I\$(BUILDDIR)" "-Mconfigdata" $dofile -
-+ \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile -
- "-o$target{build_file}" $sources > $script
- SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
- PURGE $script
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -14,6 +14,10 @@
-
- sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ }
-
-+ our $sover = $config{target} =~ /^mingw/
-+ ? $config{shlib_major}."_".$config{shlib_minor}
-+ : $config{shlib_major}.".".$config{shlib_minor};
-+
- # shlib and shlib_simple both take a static library name and figure
- # out what the shlib name should be.
- #
-@@ -56,6 +60,13 @@
-
- return $engine . $dsoext;
- }
-+ # This makes sure things get built in the order they need
-+ # to. You're welcome.
-+ sub dependmagic {
-+ my $target = shift;
-+
-+ return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
-+ }
- '';
- -}
- PLATFORM={- $config{target} -}
-@@ -75,26 +86,33 @@ SHLIB_TARGET={- $target{shared_target} -
-
- LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
- SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
-+SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
- ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
--PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test/| } @{$unified_info{programs}}) -}
--TESTPROGS={- join(" ", map { $_.$exeext } grep { m|^test/| } @{$unified_info{programs}}) -}
-+PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
- SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
- {- output_off() if $disabled{makedepend}; "" -}
- DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
- grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
- keys %{$unified_info{sources}}); -}
- {- output_on() if $disabled{makedepend}; "" -}
--GENERATED={- join(" ", map { (my $x = $_) =~ s|\.S$|\.s|; $x } keys %{$unified_info{generate}}) -}
--
-+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
-+GENERATED={- join(" ",
-+ ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
-+ grep { defined $unified_info{generate}->{$_} }
-+ map { @{$unified_info{sources}->{$_}} }
-+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
-+ ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
-+
-+INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
-+INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
- {- output_off() if $disabled{apps}; "" -}
- BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
--MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \
-- $(SRCDIR)/tools/c_issuer $(SRCDIR)/tools/c_name \
-- $(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
-+MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
- {- output_on() if $disabled{apps}; "" -}
-
--SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
--
- # DESTDIR is for package builders so that they can configure for, say,
- # /usr/ and yet have everything installed to /tmp/somedir/usr/.
- # Normally it is left empty.
-@@ -133,7 +151,7 @@ LIBDIR={- #
- our $libdir = $config{libdir} || "lib$multilib";
- $libdir -}
- ENGINESDIR={- use File::Spec::Functions;
-- catdir($prefix,$libdir,"engines") -}
-+ catdir($prefix,$libdir,"engines-$sover") -}
-
- MANDIR=$(INSTALLTOP)/share/man
- DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
-@@ -169,10 +187,9 @@ LIB_LDFLAGS={- $target{shared_ldflag}."
- # $prefix is not /usr.
- . ($config{target} =~ m|^BSD-| && $prefix !~ m|^/usr/.*$|
- ? " -Wl,-rpath,\$\$(LIBRPATH)" : "") -}
--RCFLAGS={- $target{shared_rcflag} -}
- DSO_CFLAGS={- $target{shared_cflag} || "" -}
- DSO_LDFLAGS=$(LIB_LDFLAGS)
--BIN_CFLAGS={- "" -}
-+BIN_CFLAGS={- $target{bin_cflags} -}
-
- PERL={- $config{perl} -}
-
-@@ -180,6 +197,8 @@ ARFLAGS= {- $target{arflags} -}
- AR=$(CROSS_COMPILE){- $target{ar} || "ar" -} $(ARFLAGS) r
- RANLIB= {- $target{ranlib} -}
- NM= $(CROSS_COMPILE){- $target{nm} || "nm" -}
-+RCFLAGS={- $target{shared_rcflag} -}
-+RC= $(CROSS_COMPILE){- $target{rc} || "windres" -}
- RM= rm -f
- RMDIR= rmdir
- TAR= {- $target{tar} || "tar" -}
-@@ -203,26 +222,37 @@ PERLASM_SCHEME= {- $target{perlasm_schem
- # the 80386.
- PROCESSOR= {- $config{processor} -}
-
-+# We want error [and other] messages in English. Trouble is that make(1)
-+# doesn't pass macros down as environment variables unless there already
-+# was corresponding variable originally set. In other words we can only
-+# reassign environment variables, but not set new ones, not in portable
-+# manner that is. That's why we reassign several, just to be sure...
-+LC_ALL=C
-+LC_MESSAGES=C
-+LANG=C
-+
- # The main targets ###################################################
-
--all: configdata.pm build_libs_nodep build_engines_nodep build_apps_nodep \
-- depend link-utils
-+{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep link-utils
-+{- dependmagic('build_libs'); -}: build_libs_nodep
-+{- dependmagic('build_engines'); -}: build_engines_nodep
-+{- dependmagic('build_programs'); -}: build_programs_nodep
-
--build_libs: configdata.pm build_libs_nodep depend
-+build_generated: $(GENERATED_MANDATORY)
- build_libs_nodep: libcrypto.pc libssl.pc openssl.pc
--build_engines: configdata.pm build_engines_nodep depend
- build_engines_nodep: $(ENGINES)
--build_apps: configdata.pm build_apps_nodep depend
--build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
--build_tests: configdata.pm build_tests_nodep depend
--build_tests_nodep: $(TESTPROGS)
-+build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
-+
-+# Kept around for backward compatibility
-+build_apps build_tests: build_programs
-
--test tests: build_tests_nodep build_apps_nodep build_engines_nodep \
-- depend link-utils
-+test: tests
-+{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils
- @ : {- output_off() if $disabled{tests}; "" -}
- ( cd test; \
- SRCTOP=../$(SRCDIR) \
- BLDTOP=../$(BLDDIR) \
-+ PERL="$(PERL)" \
- EXE_EXT={- $exeext -} \
- OPENSSL_ENGINES=../$(BLDDIR)/engines \
- $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
-@@ -231,7 +261,16 @@ test tests: build_tests_nodep build_apps
- @ : {- output_on() if !$disabled{tests}; "" -}
-
- list-tests:
-- @TOP=$(SRCDIR) PERL=$(PERL) $(PERL) $(SRCDIR)/test/run_tests.pl list
-+ @ : {- output_off() if $disabled{tests}; "" -}
-+ @SRCTOP="$(SRCDIR)" \
-+ $(PERL) $(SRCDIR)/test/run_tests.pl list
-+ @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
-+ @echo "Tests are not supported with your chosen Configure options"
-+ @ : {- output_on() if !$disabled{tests}; "" -}
-+
-+install: install_sw install_ssldirs install_docs
-+
-+uninstall: uninstall_docs uninstall_sw
-
- libclean:
- @set -e; for s in $(SHLIB_INFO); do \
-@@ -245,21 +284,22 @@ test tests: build_tests_nodep build_apps
- fi; \
- done
- $(RM) $(LIBS)
--
--install: install_sw install_ssldirs install_docs
--
--uninstall: uninstall_docs uninstall_sw
-+ $(RM) *.map
-
- clean: libclean
-- rm -f $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
-- rm -f $(GENERATED)
-- -rm -f `find . -name '*{- $depext -}'`
-- -rm -f `find . -name '*{- $objext -}'`
-- rm -f core
-- rm -f tags TAGS
-- rm -f openssl.pc libcrypto.pc libssl.pc
-- -rm -f `find . -type l`
-- rm -f $(TARFILE)
-+ $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
-+ $(RM) $(GENERATED)
-+ -$(RM) `find . -name '*{- $depext -}' -a \! -path "./.git/*"`
-+ -$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"`
-+ $(RM) core
-+ $(RM) tags TAGS
-+ $(RM) openssl.pc libcrypto.pc libssl.pc
-+ -$(RM) `find . -type l -a \! -path "./.git/*"`
-+ $(RM) $(TARFILE)
-+
-+distclean: clean
-+ $(RM) configdata.pm
-+ $(RM) Makefile
-
- # This exists solely for those who still type 'make depend'
- #
-@@ -296,11 +336,35 @@ uninstall_docs: uninstall_man_docs unins
- install_ssldirs:
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
-+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
-+ @set -e; for x in dummy $(MISC_SCRIPTS); do \
-+ if [ "$$x" = "dummy" ]; then continue; fi; \
-+ fn=`basename $$x`; \
-+ echo "install $$x -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
-+ cp $$x $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
-+ chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
-+ mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
-+ $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
-+ done
-+ @echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
-+ @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
-+ @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
-+ @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
-+ @if ! [ -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
-+ echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
-+ cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
-+ chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
-+ fi
-
- install_dev:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @echo "*** Installing development files"
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
-+ @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
-+ @echo "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
-+ @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-+ @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-+ @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
- @set -e; for i in $(SRCDIR)/include/openssl/*.h \
- $(BLDDIR)/include/openssl/*.h; do \
- fn=`basename $$i`; \
-@@ -309,7 +373,7 @@ uninstall_docs: uninstall_man_docs unins
- chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
- done
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
-- @set -e; for l in $(LIBS); do \
-+ @set -e; for l in $(INSTALL_LIBS); do \
- fn=`basename $$l`; \
- echo "install $$l -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
- cp $$l $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
-@@ -319,7 +383,7 @@ uninstall_docs: uninstall_man_docs unins
- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
- done
- @ : {- output_off() if $disabled{shared}; "" -}
-- @set -e; for s in $(SHLIB_INFO); do \
-+ @set -e; for s in $(INSTALL_SHLIB_INFO); do \
- s1=`echo "$$s" | cut -f1 -d";"`; \
- s2=`echo "$$s" | cut -f2 -d";"`; \
- fn1=`basename $$s1`; \
-@@ -327,7 +391,7 @@ uninstall_docs: uninstall_man_docs unins
- : {- output_off() if windowsdll(); "" -}; \
- echo "install $$s1 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \
- cp $$s1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
-+ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \
- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new \
- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \
- if [ "$$fn1" != "$$fn2" ]; then \
-@@ -337,7 +401,7 @@ uninstall_docs: uninstall_man_docs unins
- : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
- echo "install $$s2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \
- cp $$s2 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
-+ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \
- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new \
- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \
- : {- output_on() unless windowsdll(); "" -}; \
-@@ -356,6 +420,10 @@ uninstall_docs: uninstall_man_docs unins
-
- uninstall_dev:
- @echo "*** Uninstalling development files"
-+ @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
-+ @echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
-+ @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-+ @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
- @set -e; for i in $(SRCDIR)/include/openssl/*.h \
- $(BLDDIR)/include/openssl/*.h; do \
- fn=`basename $$i`; \
-@@ -364,13 +432,13 @@ uninstall_docs: uninstall_man_docs unins
- done
- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
-- @set -e; for l in $(LIBS); do \
-+ @set -e; for l in $(INSTALL_LIBS); do \
- fn=`basename $$l`; \
- echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
- done
- @ : {- output_off() if $disabled{shared}; "" -}
-- @set -e; for s in $(SHLIB_INFO); do \
-+ @set -e; for s in $(INSTALL_SHLIB_INFO); do \
- s1=`echo "$$s" | cut -f1 -d";"`; \
- s2=`echo "$$s" | cut -f2 -d";"`; \
- fn1=`basename $$s1`; \
-@@ -396,51 +464,56 @@ uninstall_docs: uninstall_man_docs unins
-
- install_engines:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
-- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/
-+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
- @echo "*** Installing engines"
-- @set -e; for e in dummy $(ENGINES); do \
-+ @set -e; for e in dummy $(INSTALL_ENGINES); do \
- if [ "$$e" = "dummy" ]; then continue; fi; \
- fn=`basename $$e`; \
-- if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
-- continue; \
-- fi; \
-- echo "install $$e -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn"; \
-- cp $$e $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new; \
-- chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn.new \
-- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn; \
-+ echo "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \
-+ cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
-+ chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
-+ mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \
-+ $(DESTDIR)$(ENGINESDIR)/$$fn; \
- done
-
- uninstall_engines:
- @echo "*** Uninstalling engines"
-- @set -e; for e in dummy $(ENGINES); do \
-+ @set -e; for e in dummy $(INSTALL_ENGINES); do \
- if [ "$$e" = "dummy" ]; then continue; fi; \
- fn=`basename $$e`; \
- if [ "$$fn" = '{- dso("ossltest") -}' ]; then \
- continue; \
- fi; \
-- echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn"; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$$fn; \
-+ echo "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \
-+ $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \
- done
-- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines
-+ -$(RMDIR) $(DESTDIR)$(ENGINESDIR)
-
- install_runtime:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
-- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
-+ @ : {- output_off() if windowsdll(); "" -}
-+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)
-+ @ : {- output_on() if windowsdll(); "" -}
- @echo "*** Installing runtime files"
-- : {- output_off() unless windowsdll(); "" -};
-- @set -e; for s in dummy $(SHLIBS); do \
-+ @set -e; for s in dummy $(INSTALL_SHLIBS); do \
- if [ "$$s" = "dummy" ]; then continue; fi; \
- fn=`basename $$s`; \
-+ : {- output_off() unless windowsdll(); "" -}; \
- echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
- cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
- chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
- $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
-+ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
-+ echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \
-+ cp $$s $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
-+ chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \
-+ mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \
-+ $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \
-+ : {- output_on() if windowsdll(); "" -}; \
- done
-- : {- output_on() unless windowsdll(); "" -};
-- @set -e; for x in dummy $(PROGRAMS); do \
-+ @set -e; for x in dummy $(INSTALL_PROGRAMS); do \
- if [ "$$x" = "dummy" ]; then continue; fi; \
- fn=`basename $$x`; \
- echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
-@@ -458,23 +531,10 @@ uninstall_docs: uninstall_man_docs unins
- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
- $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
- done
-- @set -e; for x in dummy $(MISC_SCRIPTS); do \
-- if [ "$$x" = "dummy" ]; then continue; fi; \
-- fn=`basename $$x`; \
-- echo "install $$x -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
-- cp $$x $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
-- chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
-- mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
-- $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
-- done
-- @echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"
-- @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
-- @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
-- @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf
-
- uninstall_runtime:
- @echo "*** Uninstalling runtime files"
-- @set -e; for x in dummy $(PROGRAMS); \
-+ @set -e; for x in dummy $(INSTALL_PROGRAMS); \
- do \
- if [ "$$x" = "dummy" ]; then continue; fi; \
- fn=`basename $$x`; \
-@@ -488,24 +548,15 @@ uninstall_docs: uninstall_man_docs unins
- echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
- $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
- done
-- @set -e; for x in dummy $(MISC_SCRIPTS); \
-- do \
-- if [ "$$x" = "dummy" ]; then continue; fi; \
-- fn=`basename $$x`; \
-- echo "$(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
-- $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
-- done
-- : {- output_off() unless windowsdll(); "" -};
-- @set -e; for s in dummy $(SHLIBS); do \
-+ @ : {- output_off() unless windowsdll(); "" -}
-+ @set -e; for s in dummy $(INSTALL_SHLIBS); do \
- if [ "$$s" = "dummy" ]; then continue; fi; \
- fn=`basename $$s`; \
- echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
- $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
- done
-- : {- output_on() unless windowsdll(); "" -};
-- $(RM) $(DESTDIR)$(OPENSSLDIR)/openssl.cnf
-+ @ : {- output_on() unless windowsdll(); "" -}
- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
-- -$(RMDIR) $(DESTDIR)$(OPENSSLDIR)/misc
-
- # A method to extract all names from a .pod file
- # The first sed extracts everything between "=head1 NAME" and the next =head1
-@@ -526,6 +577,7 @@ PROCESS_PODS=\
- SEC=`sed -ne 's/^=for *comment *openssl_manual_section: *\([0-9]\) *$$/\1/p' $$p`; \
- [ -z "$$SEC" ] && SEC=$$defsec; \
- fn=`basename $$p .pod`; \
-+ Name=$$fn; \
- NAME=`echo $$fn | tr [a-z] [A-Z]`; \
- suf=`eval "echo $$OUTSUFFIX"`; \
- top=`eval "echo $$OUTTOP"`; \
-@@ -605,8 +657,8 @@ UNINSTALL_DOCS=\
- OUTSUFFIX='.$(HTMLSUFFIX)'; \
- OUTTOP="$(DESTDIR)$(HTMLDIR)"; \
- GENERATE="pod2html --podroot=$(SRCDIR)/doc --htmldir=.. \
-- --podpath=apps:crypto:ssl \
-- | sed -e 's|href=\"http://man.he.net/man|href=\"../man|g'"; \
-+ --podpath=apps:crypto:ssl --title=\$$Name \
-+ | perl -pe 's|href=\"http://man.he.net/man|href=\"../man|g; s|href=\"(.*/man.*)(?<!\.html)\">|href=\"\$$1.html\">|g;'"; \
- $(PROCESS_PODS)
-
- uninstall_html_docs:
-@@ -621,16 +673,13 @@ UNINSTALL_DOCS=\
-
- update: generate errors ordinals
-
--generate: generate_apps generate_crypto_bn generate_crypto_objects
-+generate: generate_apps generate_crypto_bn generate_crypto_objects \
-+ generate_crypto_conf generate_crypto_asn1
-
- # Test coverage is a good idea for the future
- #coverage: $(PROGRAMS) $(TESTPROGRAMS)
- # ...
-
--# Currently disabled, util/selftest.pl needs a rewrite
--#report:
--# SRCDIR=$(SRCDIR) @$(PERL) util/selftest.pl
--
- lint:
- lint -DLINT $(INCLUDES) $(SRCS)
-
-@@ -652,18 +701,26 @@ generate: generate_apps generate_crypto_
- ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
-
- generate_crypto_objects:
-- ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \
-- include/openssl/obj_mac.h \
-- crypto/objects/obj_dat.h )
- ( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \
- crypto/objects/objects.txt \
- crypto/objects/obj_mac.num \
- include/openssl/obj_mac.h )
-+ ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \
-+ include/openssl/obj_mac.h \
-+ crypto/objects/obj_dat.h )
- ( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \
- crypto/objects/obj_mac.num \
- crypto/objects/obj_xref.txt \
- > crypto/objects/obj_xref.h )
-
-+generate_crypto_conf:
-+ ( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \
-+ > crypto/conf/conf_def.h )
-+
-+generate_crypto_asn1:
-+ ( cd $(SRCDIR); $(PERL) crypto/asn1/charmap.pl \
-+ > crypto/asn1/charmap.h )
-+
- errors:
- ( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c )
- ( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write )
-@@ -690,7 +747,7 @@ tags TAGS: FORCE
-
- # Release targets (note: only available on Unix) #####################
-
--TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
-+TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf -
- PREPARE_CMD=:
- tar:
- TMPDIR=/var/tmp/openssl-copy.$$$$; \
-@@ -698,6 +755,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0
- mkdir -p $$TMPDIR/$$DISTDIR; \
- (cd $(SRCDIR); \
- git ls-tree -r --name-only --full-tree HEAD \
-+ | grep -v '^fuzz/corpora' \
- | while read F; do \
- mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
- cp $$F $$TMPDIR/$$DISTDIR/$$F; \
-@@ -733,7 +791,7 @@ link-utils: $(BLDDIR)/util/opensslwrap.s
-
- # Building targets ###################################################
-
--libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS)
-+libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { shlib_simple($_) } @{$unified_info{libraries}}) -}
- libcrypto.pc:
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
-@@ -772,11 +830,7 @@ libcrypto.pc libssl.pc openssl.pc: confi
- echo 'Version: '$(VERSION); \
- echo 'Requires: libssl libcrypto' ) > openssl.pc
-
--# Note on the use of $(MFLAGS): this was an older variant of MAKEFLAGS which
--# wasn't passed down automatically. It's quite safe to use it like we do
--# below; if it doesn't exist, the result will be empty and 'make' will pick
--# up $(MAKEFLAGS) which is passed down as an environment variable.
--configdata.pm: $(SRCDIR)/Configurations/unix-Makefile.tmpl $(SRCDIR)/Configurations/common.tmpl $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_infos}}) -}
-+configdata.pm: {- $config{build_file_template} -} $(SRCDIR)/Configurations/common.tmpl $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_infos}}) -}
- @echo "Detected changed: $?"
- @echo "Reconfiguring..."
- $(SRCDIR)/Configure reconf
-@@ -807,19 +861,31 @@ configdata.pm: $(SRCDIR)/Configurations/
- sub generatesrc {
- my %args = @_;
- my $generator = join(" ", @{$args{generator}});
-+ my $generator_incs = join("", map { " -I".$_ } @{$args{generator_incs}});
- my $incs = join("", map { " -I".$_ } @{$args{incs}});
-- my $deps = join(" ", @{$args{deps}});
-+ my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}});
-
- if ($args{src} !~ /\.[sS]$/) {
-- return <<"EOF";
-+ if ($args{generator}->[0] =~ m|^.*\.in$|) {
-+ my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
-+ "util", "dofile.pl")),
-+ rel2abs($config{builddir}));
-+ return <<"EOF";
-+$args{src}: $args{generator}->[0] $deps
-+ \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
-+ "-o$target{build_file}" $generator > \$@
-+EOF
-+ } else {
-+ return <<"EOF";
- $args{src}: $args{generator}->[0] $deps
-- \$(PERL) $generator > \$@
-+ \$(PERL)$generator_incs $generator > \$@
- EOF
-+ }
- } else {
- if ($args{generator}->[0] =~ /\.pl$/) {
-- $generator = 'CC="$(CC)" $(PERL) '.$generator;
-+ $generator = 'CC="$(CC)" $(PERL)'.$generator_incs.' '.$generator;
- } elsif ($args{generator}->[0] =~ /\.m4$/) {
-- $generator = 'm4 -B 8192 '.$generator.' >'
-+ $generator = 'm4 -B 8192'.$generator_incs.' '.$generator.' >'
- } elsif ($args{generator}->[0] =~ /\.S$/) {
- $generator = undef;
- } else {
-@@ -835,7 +901,9 @@ EOF
- $target: $args{generator}->[0] $deps
- ( trap "rm -f \$@.*" INT 0; \\
- $generator \$@.S; \\
-- \$(CC) \$(CFLAGS) $incs -E -P \$@.S > \$@.i && mv -f \$@.i \$@ )
-+ \$(CC) $incs \$(CFLAGS) -E \$@.S | \\
-+ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\
-+ mv -f \$@.i \$@ )
- EOF
- }
- # Otherwise....
-@@ -846,7 +914,8 @@ EOF
- }
- return <<"EOF";
- $args{src}: $args{generator}->[0] $deps
-- \$(CC) \$(CFLAGS) $incs -E -P \$< > \$@
-+ \$(CC) $incs \$(CFLAGS) -E \$< | \\
-+ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@
- EOF
- }
- }
-@@ -879,7 +948,7 @@ EOF
- if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
- $recipe .= <<"EOF";
- $obj$depext: $deps
-- -\$(MAKEDEPEND) -f- -o"|$obj$objext" -- \$(CFLAGS) $ecflags$incs -- $srcs \\
-+ -\$(MAKEDEPEND) -f- -o"|$obj$objext" -- $incs \$(CFLAGS) $ecflags -- $srcs \\
- >\$\@.tmp 2>/dev/null
- -\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' \$\@.tmp
- \@if cmp \$\@.tmp \$\@ > /dev/null 2> /dev/null; then \\
-@@ -893,13 +962,13 @@ EOF
- if ($disabled{makedepend} || $makedepprog =~ /\/makedepend/) {
- $recipe .= <<"EOF";
- $obj$objext: $deps
-- \$(CC) \$(CFLAGS) $ecflags$incs -c -o \$\@ $srcs
-+ \$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
- EOF
- }
- if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
- $recipe .= <<"EOF";
- $obj$objext: $deps
-- \$(CC) \$(CFLAGS) $ecflags$incs -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
-+ \$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
- \@touch $obj$depext.tmp
- \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
- rm -f $obj$depext.tmp; \\
-@@ -939,15 +1008,15 @@ EOF
- $target: $lib$libext $deps $ordinalsfile
- \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
- PLATFORM=\$(PLATFORM) \\
-- PERL=\$(PERL) SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
-+ PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
- INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\
- LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
- LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\
- LIBCOMPATVERSIONS=';\$(SHLIB_VERSION_HISTORY)' \\
- CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\
-- CROSS_COMPILE='\$(CROSS_COMPILE)' LDFLAGS='\$(LDFLAGS)' \\
-+ LDFLAGS='\$(LDFLAGS)' \\
- SHARED_LDFLAGS='\$(LIB_LDFLAGS)' SHLIB_EXT=$shlibext \\
-- SHARED_RCFLAGS='\$(RCFLAGS)' \\
-+ RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\
- link_shlib.$shlib_target
- EOF
- . (windowsdll() ? <<"EOF" : "");
-@@ -975,7 +1044,7 @@ EOF
- $target: $objs $deps
- \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
- PLATFORM=\$(PLATFORM) \\
-- PERL=\$(PERL) SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
-+ PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\
- LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\
- LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\
- CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\
-@@ -1012,7 +1081,7 @@ EOF
- $bin$exeext: $objs $deps
- \$(RM) $bin$exeext
- \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\
-- PERL=\$(PERL) SRCDIR=\$(SRCDIR) \\
-+ PERL="\$(PERL)" SRCDIR=\$(SRCDIR) \\
- APPNAME=$bin$exeext OBJECTS="$objs" \\
- LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
- CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
-@@ -1034,5 +1103,37 @@ EOF
- chmod a+x $script
- EOF
- }
-+ sub generatedir {
-+ my %args = @_;
-+ my $dir = $args{dir};
-+ my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
-+ my @actions = ();
-+ my %extinfo = ( dso => $dsoext,
-+ lib => $libext,
-+ bin => $exeext );
-+
-+ foreach my $type (("dso", "lib", "bin", "script")) {
-+ next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
-+ # For lib object files, we could update the library. However, it
-+ # was decided that it's enough to build the directory local object
-+ # files, so we don't need to add any actions, and the dependencies
-+ # are already taken care of.
-+ if ($type ne "lib") {
-+ foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
-+ if (dirname($prod) eq $dir) {
-+ push @deps, $prod.$extinfo{$type};
-+ } else {
-+ push @actions, "\t@ : No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
-+ }
-+ }
-+ }
-+ }
-+
-+ my $deps = join(" ", @deps);
-+ my $actions = join("\n", "", @actions);
-+ return <<"EOF";
-+$args{dir} $args{dir}/: $deps$actions
-+EOF
-+ }
- "" # Important! This becomes part of the template result.
- -}
---- a/Configurations/windows-makefile.tmpl
-+++ b/Configurations/windows-makefile.tmpl
-@@ -11,6 +11,8 @@
- our $shlibextimport = $target{shared_import_extension} || ".lib";
- our $dsoext = $target{dso_extension} || ".dll";
-
-+ our $sover = $config{shlib_major}."_".$config{shlib_minor};
-+
- my $win_installenv =
- $target{build_scheme}->[2] eq "VC-W32" ?
- "ProgramFiles(x86)" : "ProgramW6432";
-@@ -19,10 +21,14 @@
- ? "CommonProgramFiles(x86)" : "CommonProgramW6432";
- our $win_installroot =
- defined($ENV{$win_installenv})
-- ? '%'.$win_installenv.'%' : '%ProgramFiles%';
-+ ? $win_installenv : 'ProgramFiles';
- our $win_commonroot =
- defined($ENV{$win_commonenv})
-- ? '%'.$win_commonenv.'%' : '%CommonProgramFiles%';
-+ ? $win_commonenv : 'CommonProgramFiles';
-+
-+ # expand variables early
-+ $win_installroot = $ENV{$win_installroot};
-+ $win_commonroot = $ENV{$win_commonroot};
-
- sub shlib {
- return () if $disabled{shared};
-@@ -56,54 +62,93 @@ SHLIB_VERSION_NUMBER={- $config{shlib_ve
-
- LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
- SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
-+SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
- ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
--PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{programs}}) -}
--TESTPROGS={- join(" ", map { $_.$exeext } grep { m|^test\\| } @{$unified_info{programs}}) -}
-+ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
-+PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -}
-+PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
- SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
--
- {- output_off() if $disabled{makedepend}; "" -}
- DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
- grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
- keys %{$unified_info{sources}}); -}
- {- output_on() if $disabled{makedepend}; "" -}
-+GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
-+GENERATED={- join(" ",
-+ ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x }
-+ grep { defined $unified_info{generate}->{$_} }
-+ map { @{$unified_info{sources}->{$_}} }
-+ grep { /\.o$/ } keys %{$unified_info{sources}} ),
-+ ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
-+
-+INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -}
-+INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
-+INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -}
-+INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
-+INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
-+{- output_off() if $disabled{apps}; "" -}
-+BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
-+MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
-+{- output_on() if $disabled{apps}; "" -}
-
- # Do not edit these manually. Use Configure with --prefix or --openssldir
- # to change this! Short explanation in the top comment in Configure
--INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
-- #
-- our $prefix = $config{prefix} || "$win_installroot\\OpenSSL";
-- $prefix -}
--OPENSSLDIR={- #
-- # The logic here is that if no --openssldir was given,
-- # OPENSSLDIR will get the value from $prefix plus "/ssl".
-- # If --openssldir was given and the value is an absolute
-- # path, OPENSSLDIR will get its value without change.
-- # If the value from --openssldir is a relative path,
-- # OPENSSLDIR will get $prefix with the --openssldir
-- # value appended as a subdirectory.
-- #
-- use File::Spec::Functions;
-- our $openssldir =
-- $config{openssldir} ?
-- (file_name_is_absolute($config{openssldir}) ?
-- $config{openssldir}
-- : catdir($prefix, $config{openssldir}))
-- : "$win_commonroot\\SSL";
-- $openssldir -}
-+INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
-+ #
-+ use File::Spec::Functions qw(:DEFAULT splitpath);
-+ our $prefix = $config{prefix} || "$win_installroot\\OpenSSL";
-+ our ($prefix_dev, $prefix_dir, $prefix_file) =
-+ splitpath($prefix, 1);
-+ $prefix_dev -}
-+INSTALLTOP_dir={- $prefix_dir -}
-+OPENSSLDIR_dev={- #
-+ # The logic here is that if no --openssldir was given,
-+ # OPENSSLDIR will get the value from $prefix plus "/ssl".
-+ # If --openssldir was given and the value is an absolute
-+ # path, OPENSSLDIR will get its value without change.
-+ # If the value from --openssldir is a relative path,
-+ # OPENSSLDIR will get $prefix with the --openssldir
-+ # value appended as a subdirectory.
-+ #
-+ use File::Spec::Functions qw(:DEFAULT splitpath);
-+ our $openssldir =
-+ $config{openssldir} ?
-+ (file_name_is_absolute($config{openssldir}) ?
-+ $config{openssldir}
-+ : catdir($prefix, $config{openssldir}))
-+ : "$win_commonroot\\SSL";
-+ our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
-+ splitpath($openssldir, 1);
-+ $openssldir_dev -}
-+OPENSSLDIR_dir={- $openssldir_dir -}
- LIBDIR={- our $libdir = $config{libdir} || "lib";
- $libdir -}
--ENGINESDIR={- use File::Spec::Functions;
-- our $enginesdir = catdir($prefix,$libdir,"engines");
-- $enginesdir -}
-+ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
-+ our $enginesdir = catdir($prefix,$libdir,"engines-$sover");
-+ our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
-+ splitpath($enginesdir, 1);
-+ $enginesdir_dev -}
-+ENGINESDIR_dir={- $enginesdir_dir -}
-+!IF "$(DESTDIR)" != ""
-+INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
-+OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
-+ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir)
-+!ELSE
-+INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
-+OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
-+ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
-+!ENDIF
-
- CC={- $target{cc} -}
- CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -}
--COUTFLAG={- $target{coutflag} || "/Fo" -}
-+COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY)
- RC={- $target{rc} || "rc" -}
--RCOUTFLAG={- $target{rcoutflag} || "/fo" -}
-+RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY)
- LD={- $target{ld} || "link" -}
- LDFLAGS={- $target{lflags} -}
--LDOUTFLAG={- $target{loutflag} || "/out:" -}
-+LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY)
- EX_LIBS={- $target{ex_libs} -}
- LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -}
- LIB_LDFLAGS={- $target{shared_ldflag} || "" -}
-@@ -116,61 +161,84 @@ PERL={- $config{perl} -}
-
- AR={- $target{ar} -}
- ARFLAGS= {- $target{arflags} -}
--AROUTFLAG={- $target{aroutflag} || "/out:" -}
-+AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY)
-+
-+MT={- $target{mt} -}
-+MTFLAGS= {- $target{mtflags} -}
-+MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY)
-+MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
-
- AS={- $target{as} -}
- ASFLAGS={- $target{asflags} -}
--ASOUTFLAG={- $target{asoutflag} -}
-+ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
- PERLASM_SCHEME= {- $target{perlasm_scheme} -}
-
- PROCESSOR= {- $config{processor} -}
-
- # The main targets ###################################################
-
--all: configdata.pm build_libs_nodep build_engines_nodep build_apps_nodep depend
-+all: build_generated \
-+ build_libs_nodep build_engines_nodep build_programs_nodep depend
-
--build_libs: configdata.pm build_libs_nodep depend
--build_libs_nodep: $(LIBS)
--build_engines: configdata.pm build_engines_nodep depend
-+build_libs: build_generated build_libs_nodep depend
-+build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
-+build_engines: build_generated build_engines_nodep depend
- build_engines_nodep: $(ENGINES)
--build_apps: configdata.pm build_apps_nodep depend
--build_apps_nodep: $(PROGRAMS) $(SCRIPTS)
--build_tests: configdata.pm build_tests_nodep depend
--build_tests_nodep: $(TESTPROGS)
-+build_programs: build_generated build_programs_nodep depend
-+build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
-
--test tests: build_tests_nodep build_apps_nodep build_engines_nodep depend
-+build_generated: $(GENERATED_MANDATORY)
-+
-+# Kept around for backward compatibility
-+build_apps build_tests: build_programs
-+
-+test: tests
-+tests: build_generated build_programs_nodep build_engines_nodep depend
- @rem {- output_off() if $disabled{tests}; "" -}
- set SRCTOP=$(SRCDIR)
- set BLDTOP=$(BLDDIR)
- set PERL=$(PERL)
-- $(PERL) $(SRCDIR)\test\run_tests.pl $(TESTS)
-+ "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
- @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
- @echo "Tests are not supported with your chosen Configure options"
- @rem {- output_on() if !$disabled{tests}; "" -}
-
- list-tests:
-- @set TOP=$(SRCDIR)
-- @set PERL=$(PERL)
-- @$(PERL) $(SRCDIR)\test\run_tests.pl list
-+ @rem {- output_off() if $disabled{tests}; "" -}
-+ @set SRCTOP=$(SRCDIR)
-+ @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
-+ @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
-+ @echo "Tests are not supported with your chosen Configure options"
-+ @rem {- output_on() if !$disabled{tests}; "" -}
-
- install: install_sw install_ssldirs install_docs
-
- uninstall: uninstall_docs uninstall_sw
-
- libclean:
-- $(PERL) -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*""" } @ARGV" $(SHLIBS)
-- del /Q /F $(LIBS)
-- del lib.pdb
-+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
-+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
-+ "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
-+ -del /Q /F $(LIBS)
-+ -del /Q ossl_static.pdb
-
- clean: libclean
-- del /Q /F $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS)
-- del /Q /S /F *.asm
-- del /Q /S /F *.d
-- del /Q /S /F *.obj
-- del /Q /S /F *.pdb
-- del /Q /S /F *.exp
-- del /Q /S /F engines\*.ilk
-- del /Q /S /F engines\*.lib
-+ -del /Q /F $(PROGRAMS) $(ENGINES) $(SCRIPTS)
-+ -del /Q /F $(GENERATED)
-+ -del /Q /S /F *.d
-+ -del /Q /S /F *.obj
-+ -del /Q /S /F *.pdb
-+ -del /Q /S /F *.exp
-+ -del /Q /S /F engines\*.ilk
-+ -del /Q /S /F engines\*.lib
-+ -del /Q /S /F apps\*.lib
-+ -del /Q /S /F engines\*.manifest
-+ -del /Q /S /F apps\*.manifest
-+ -del /Q /S /F test\*.manifest
-+
-+distclean: clean
-+ -del /Q /F configdata.pm
-+ -del /Q /F makefile
-
- depend:
-
-@@ -180,53 +248,84 @@ install_sw: all install_dev install_engi
-
- uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
-
--install_docs:
-+install_docs: install_html_docs
-
--uninstall_docs:
-+uninstall_docs: uninstall_html_docs
-
- install_ssldirs:
-- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\certs"
-- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)\private"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
-+ "$(OPENSSLDIR)\openssl.cnf.dist"
-+ @IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
-+ "$(OPENSSLDIR)\openssl.cnf"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
-+ "$(OPENSSLDIR)\misc"
-
- install_dev:
- @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
- @echo *** Installing development files
-- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\include\openssl"
-- @$(PERL) $(SRCDIR)\util\copy.pl $(SRCDIR)\include\openssl\*.h \
-- "$(DESTDIR)$(INSTALLTOP)\include\openssl"
-- @$(PERL) $(SRCDIR)\util\copy.pl $(BLDDIR)\include\openssl\*.h \
-- "$(DESTDIR)$(INSTALLTOP)\include\openssl"
-- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
-- @$(PERL) $(SRCDIR)\util\copy.pl $(LIBS) \
-- "$(DESTDIR)$(INSTALLTOP)\$(LIBDIR)"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
-+ @rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
-+ "$(INSTALLTOP)\include\openssl"
-+ @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
-+ "$(INSTALLTOP)\include\openssl"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
-+ "$(INSTALLTOP)\include\openssl"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
-+ "$(INSTALLTOP)\$(LIBDIR)"
-+ @if "$(SHLIBS)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \
-+ "$(INSTALLTOP)\$(LIBDIR)"
-
- uninstall_dev:
-
- install_engines:
- @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
- @echo *** Installing engines
-- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
- @if not "$(ENGINES)"=="" \
-- $(PERL) $(SRCDIR)\util\copy.pl $(ENGINES) "$(DESTDIR)$(ENGINESDIR)"
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
-+ @if not "$(ENGINES)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
-
- uninstall_engines:
-
- install_runtime:
- @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
- @echo *** Installing runtime files
-- @$(PERL) $(SRCDIR)\util\mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)\bin"
-+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
-+ @if not "$(SHLIBS)"=="" \
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
- @if not "$(SHLIBS)"=="" \
-- $(PERL) $(SRCDIR)\util\copy.pl $(SHLIBS) "$(DESTDIR)$(INSTALLTOP)\bin"
-- @$(PERL) $(SRCDIR)\util\copy.pl $(PROGRAMS) "$(DESTDIR)$(INSTALLTOP)\bin"
-+ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
-+ "$(INSTALLTOP)\bin"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
-+ "$(INSTALLTOP)\bin"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
-+ "$(INSTALLTOP)\bin"
-+ @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
-+ "$(INSTALLTOP)\bin"
-
- uninstall_runtime:
-
-+install_html_docs:
-+ "$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
-+ "--destdir=$(INSTALLTOP)\html" --type=html
-+
-+uninstall_html_docs:
-+
- # Building targets ###################################################
-
--configdata.pm: {- $config{build_file_template} -} $(SRCDIR)\Configure
-+configdata.pm: "{- $config{build_file_template} -}" "$(SRCDIR)\Configurations\common.tmpl" "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_infos}}) -}
- @echo "Detected changed: $?"
- @echo "Reconfiguring..."
-- $(PERL) $(SRCDIR)\Configure reconf
-+ "$(PERL)" "$(SRCDIR)\Configure" reconf
- @echo "**************************************************"
- @echo "*** ***"
- @echo "*** Please run the same make command again ***"
-@@ -250,18 +349,31 @@ configdata.pm: {- $config{build_file_tem
- sub generatesrc {
- my %args = @_;
- (my $target = $args{src}) =~ s/\.[sS]$/.asm/;
-- my $generator = join(" ", @{$args{generator}});
-- my $incs = join("", map { " /I ".$_ } @{$args{incs}});
-- my $deps = join(" ", @{$args{deps}});
-+ my $generator = '"'.join('" "', @{$args{generator}}).'"';
-+ my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
-+ my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
-+ my $deps = @{$args{deps}} ?
-+ '"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
-
- if ($target !~ /\.asm$/) {
-- return <<"EOF";
--$target: $args{generator}->[0] $deps
-- \$(PERL) $generator > \$@
-+ if ($args{generator}->[0] =~ m|^.*\.in$|) {
-+ my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
-+ "util", "dofile.pl")),
-+ rel2abs($config{builddir}));
-+ return <<"EOF";
-+$target: "$args{generator}->[0]" $deps
-+ "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
-+ "-o$target{build_file}" $generator > \$@
- EOF
-+ } else {
-+ return <<"EOF";
-+$target: "$args{generator}->[0]" $deps
-+ "\$(PERL)"$generator_incs $generator > \$@
-+EOF
-+ }
- } else {
- if ($args{generator}->[0] =~ /\.pl$/) {
-- $generator = '$(PERL) '.$generator;
-+ $generator = '"$(PERL)"'.$generator_incs.' '.$generator;
- } elsif ($args{generator}->[0] =~ /\.S$/) {
- $generator = undef;
- } else {
-@@ -273,25 +385,23 @@ EOF
- # end up generating foo.s in two steps.
- if ($args{src} =~ /\.S$/) {
- return <<"EOF";
--$target: $args{generator}->[0] $deps
-+$target: "$args{generator}->[0]" $deps
- set ASM=\$(AS)
-- set CC=\$(CC)
- $generator \$@.S
-- \$(CC) \$(CFLAGS) $incs /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
-+ \$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
- del /Q \$@.S
- EOF
- }
- # Otherwise....
- return <<"EOF";
--$target: $args{generator}->[0] $deps
-+$target: "$args{generator}->[0]" $deps
- set ASM=\$(AS)
-- set CC=\$(CC)
- $generator \$@
- EOF
- }
- return <<"EOF";
--$target: $args{generator}->[0] $deps
-- \$(CC) \$(CFLAGS) $incs /EP /C $args{generator}->[0] > \$@.i && move /Y \$@.i \$@
-+$target: "$args{generator}->[0]" $deps
-+ \$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
- EOF
- }
- }
-@@ -301,12 +411,12 @@ EOF
- my $obj = $args{obj};
- my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
- } ( @{$args{srcs}} );
-- my $srcs = join(" ", @srcs);
-- my $deps = join(" ", @srcs, @{$args{deps}});
-- my $incs = join("", map { " /I ".$_ } @{$args{incs}});
-+ my $srcs = '"'.join('" "', @srcs).'"';
-+ my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
-+ my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
- unless ($disabled{zlib}) {
- if ($withargs{zlib_include}) {
-- $incs .= " /I ".$withargs{zlib_include};
-+ $incs .= ' /I "'.$withargs{zlib_include}.'"';
- }
- }
- my $ecflags = { lib => '$(LIB_CFLAGS)',
-@@ -322,20 +432,20 @@ EOF
- return <<"EOF" if (!$disabled{makedepend});
- $obj$depext: $deps
- \$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
-- \$(PERL) -n << > $obj$depext
-+ "\$(PERL)" -n << > $obj$depext
- chomp;
- s/^Note: including file: *//;
- \$\$collect{\$\$_} = 1;
- END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
- <<
- $obj$objext: $obj$depext
-- \$(CC) \$(CFLAGS) $ecflags$incs -c \$(COUTFLAG)\$\@ @<<
-+ \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<<
- $srcs
- <<
- EOF
- return <<"EOF" if ($disabled{makedepend});
- $obj$objext: $deps
-- \$(CC) \$(CFLAGS) $ecflags$incs -c \$(COUTFLAG)\$\@ $srcs
-+ \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
- EOF
- }
-
-@@ -362,18 +472,21 @@ EOF
- rel2abs($config{builddir}));
- my $target = shlib_import($lib);
- return <<"EOF"
--$target: $deps $ordinalsfile $mkdef_pl
-- \$(PERL) $mkdef_pl "$mkdef_key" 32 > $shlib.def
-- \$(PERL) -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
-+$target: $deps "$ordinalsfile" "$mkdef_pl"
-+ "\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def
-+ "\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
- DEL $shlib.def.tmp
-- \$(PERL) $mkrc_pl $shlib$shlibext > $shlib.rc
-+ "\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc
- \$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc
-+ IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
- \$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
- /implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
- $objs $shlib.res$linklibs \$(EX_LIBS)
- <<
-- DEL /F apps\\$shlib$shlibext
-- DEL /F test\\$shlib$shlibext
-+ IF EXIST $shlib$shlibext.manifest \\
-+ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
-+ IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
-+ IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
- COPY $shlib$shlibext apps
- COPY $shlib$shlibext test
- EOF
-@@ -390,6 +503,7 @@ EOF
- compute_lib_depends(@{$args{deps}}));
- return <<"EOF";
- $dso$dsoext: $deps
-+ IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
- \$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
- LIBRARY $dso_n
- EXPORTS
-@@ -398,6 +512,8 @@ EXPORTS
- <<
- $objs$linklibs \$(EX_LIBS)
- <<
-+ IF EXIST $dso$dsoext.manifest \\
-+ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
- EOF
- }
- sub obj2lib {
-@@ -413,7 +529,7 @@ EOF
- return <<"EOF";
- $lib$libext: $deps
- \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
--\$\?
-+\$**
- <<
- EOF
- }
-@@ -428,23 +544,57 @@ EOF
- compute_lib_depends(@{$args{deps}}));
- return <<"EOF";
- $bin$exeext: $deps
-+ IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
- \$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
- $objs setargv.obj$linklibs \$(EX_LIBS)
- <<
-+ IF EXIST $bin$exeext.manifest \\
-+ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
- EOF
- }
- sub in2script {
- my %args = @_;
- my $script = $args{script};
-- my $sources = join(" ", @{$args{sources}});
-+ my $sources = '"'.join('" "', @{$args{sources}}).'"';
- my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
- "util", "dofile.pl")),
- rel2abs($config{builddir}));
- return <<"EOF";
- $script: $sources
-- \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
-+ "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
- "-o$target{build_file}" $sources > "$script"
- EOF
- }
-+ sub generatedir {
-+ my %args = @_;
-+ my $dir = $args{dir};
-+ my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
-+ my @actions = ();
-+ my %extinfo = ( dso => $dsoext,
-+ lib => $libext,
-+ bin => $exeext );
-+
-+ foreach my $type (("dso", "lib", "bin", "script")) {
-+ next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
-+ # For lib object files, we could update the library. However,
-+ # LIB on Windows doesn't work that way, so we won't create any
-+ # actions for it, and the dependencies are already taken care of.
-+ if ($type ne "lib") {
-+ foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
-+ if (dirname($prod) eq $dir) {
-+ push @deps, $prod.$extinfo{$type};
-+ } else {
-+ push @actions, "\t at rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
-+ }
-+ }
-+ }
-+ }
-+
-+ my $deps = join(" ", @deps);
-+ my $actions = join("\n", "", @actions);
-+ return <<"EOF";
-+$args{dir} $args{dir}\\ : $deps$actions
-+EOF
-+ }
- "" # Important! This becomes part of the template result.
- -}
---- a/Configure
-+++ b/Configure
-@@ -1,5 +1,11 @@
- #! /usr/bin/env perl
- # -*- mode: perl; -*-
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- ## Configure -- OpenSSL source tree configuration script
-
-@@ -8,6 +14,7 @@ use strict;
- use File::Basename;
- use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
- use File::Path qw/mkpath/;
-+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
-
- # see INSTALL for instructions.
-
-@@ -67,12 +74,12 @@ my $usage="Usage: Configure [no-<cipher>
- # RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
- # Following are set automatically by this script
- #
--# MD5_ASM use some extra md5 assember,
--# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
--# RMD160_ASM use some extra ripemd160 assember,
-+# MD5_ASM use some extra md5 assembler,
-+# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86
-+# RMD160_ASM use some extra ripemd160 assembler,
- # SHA256_ASM sha256_block is implemented in assembler
- # SHA512_ASM sha512_block is implemented in assembler
--# AES_ASM ASE_[en|de]crypt is implemented in assembler
-+# AES_ASM AES_[en|de]crypt is implemented in assembler
-
- # Minimum warning options... any contributions to OpenSSL should at least get
- # past these.
-@@ -80,7 +87,7 @@ my $usage="Usage: Configure [no-<cipher>
- # DEBUG_UNUSED enables __owur (warn unused result) checks.
- my $gcc_devteam_warn = "-DDEBUG_UNUSED"
- # -DPEDANTIC complements -pedantic and is meant to mask code that
-- # is not strictly standard-compliant and/or implementation-specifc,
-+ # is not strictly standard-compliant and/or implementation-specific,
- # e.g. inline assembly, disregards to alignment requirements, such
- # that -pedantic would complain about. Incidentally -DPEDANTIC has
- # to be used even in sanitized builds, because sanitizer too is
-@@ -137,7 +144,7 @@ my $strict_warnings = 0;
- our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-
- #
--# API compability name to version number mapping.
-+# API compatibility name to version number mapping.
- #
- my $maxapi = "1.1.0"; # API for "no-deprecated" builds
- my $apitable = {
-@@ -160,7 +167,7 @@ sub read_config;
-
- # resolve_config(target)
- #
--# Resolves all the late evalutations, inheritances and so on for the
-+# Resolves all the late evaluations, inheritances and so on for the
- # chosen target and any target it inherits from.
- sub resolve_config;
-
-@@ -172,6 +179,8 @@ my $srcdir = catdir(absolutedir(dirname(
- my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
- my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
-
-+my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
-+
- $config{sourcedir} = abs2rel($srcdir);
- $config{builddir} = abs2rel($blddir);
-
-@@ -202,10 +211,24 @@ die "erroneous version information in op
- # Collect target configurations
-
- my $pattern = catfile(dirname($0), "Configurations", "*.conf");
--foreach (sort glob($pattern) ) {
-+foreach (sort glob($pattern)) {
- &read_config($_);
- }
-
-+if (defined $ENV{$local_config_envname}) {
-+ if ($^O eq 'VMS') {
-+ # VMS environment variables are logical names,
-+ # which can be used as is
-+ $pattern = $local_config_envname . ':' . '*.conf';
-+ } else {
-+ $pattern = catfile($ENV{$local_config_envname}, '*.conf');
-+ }
-+
-+ foreach (sort glob($pattern)) {
-+ &read_config($_);
-+ }
-+}
-+
-
- print "Configuring OpenSSL version $config{version} (0x$config{version_num})\n";
-
-@@ -222,7 +245,7 @@ my $default_ranlib;
- $config{fips}=0;
-
- # Top level directories to build
--$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools" ];
-+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools", "fuzz" ];
- # crypto/ subdirectories to build
- $config{sdirs} = [
- "objects",
-@@ -238,12 +261,13 @@ my $default_ranlib;
- my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
- my @dtls = qw(dtls1 dtls1_2);
-
--# Explicitelly known options that are possible to disable. They can
-+# Explicitly known options that are possible to disable. They can
- # be regexps, and will be used like this: /^no-${option}$/
- # For developers: keep it sorted alphabetically
-
- my @disablables = (
- "afalgeng",
-+ "asan",
- "asm",
- "async",
- "autoalginit",
-@@ -277,6 +301,8 @@ my @disablables = (
- "engine",
- "err",
- "filenames",
-+ "fuzz-libfuzzer",
-+ "fuzz-afl",
- "gost",
- "heartbeats",
- "hw(-.+)?",
-@@ -285,6 +311,7 @@ my @disablables = (
- "md2",
- "md4",
- "mdc2",
-+ "msan",
- "multiblock",
- "nextprotoneg",
- "ocb",
-@@ -298,10 +325,8 @@ my @disablables = (
- "rc5",
- "rdrand",
- "rfc3779",
-- "ripemd",
- "rmd160",
- "scrypt",
-- "sct",
- "sctp",
- "seed",
- "shared",
-@@ -316,6 +341,7 @@ my @disablables = (
- "threads",
- "tls",
- "ts",
-+ "ubsan",
- "ui",
- "unit-test",
- "whirlpool",
-@@ -329,26 +355,34 @@ foreach my $proto ((@tls, @dtls))
- push(@disablables, "$proto-method");
- }
-
--my @deprecated_disablables = (
-- "ssl2",
-+my %deprecated_disablables = (
-+ "ssl2" => undef,
-+ "buf-freelists" => undef,
-+ "ripemd" => "rmd160"
- );
-
- # All of the following is disabled by default (RC5 was enabled before 0.9.8):
-
- our %disabled = ( # "what" => "comment"
-+ "asan" => "default",
- "ec_nistp_64_gcc_128" => "default",
- "egd" => "default",
-+ "fuzz-libfuzzer" => "default",
-+ "fuzz-afl" => "default",
- "md2" => "default",
-+ "msan" => "default",
- "rc5" => "default",
- "sctp" => "default",
- "ssl-trace" => "default",
- "ssl3" => "default",
- "ssl3-method" => "default",
-+ "ubsan" => "default",
- "unit-test" => "default",
- "weak-ssl-ciphers" => "default",
- "zlib" => "default",
- "zlib-dynamic" => "default",
- "crypto-mdebug" => "default",
-+ "crypto-mdebug-backtrace" => "default",
- "heartbeats" => "default",
- );
-
-@@ -364,7 +398,7 @@ my @disable_cascades = (
- "ec" => [ "ecdsa", "ecdh" ],
-
- "dgram" => [ "dtls", "sctp" ],
-- "sock" => [ "sctp" ],
-+ "sock" => [ "dgram" ],
- "dtls" => [ @dtls ],
-
- # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
-@@ -407,6 +441,8 @@ my @disable_cascades = (
- "apps" => [ "tests" ],
- "comp" => [ "zlib" ],
- sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
-+
-+ sub { !$disabled{"msan"} } => [ "asm" ],
- );
-
- # Avoid protocol support holes. Also disable all versions below N, if version
-@@ -431,17 +467,6 @@ while ((my $first, my $second) = (shift
- # To remove something from %disabled, use "enable-foo".
- # For symmetry, "disable-foo" is a synonym for "no-foo".
-
--my @generated_headers = (
-- "include/openssl/opensslconf.h",
-- "crypto/include/internal/bn_conf.h",
-- "crypto/include/internal/dso_conf.h"
-- );
--
--my @generated_by_make_headers = (
-- "crypto/buildinf.h"
-- );
--
--
- my $no_sse2=0;
-
- &usage if ($#ARGV < 0);
-@@ -458,8 +483,6 @@ my $target="";
- $config{options}="";
- $config{build_type} = "release";
-
--my $classic = 0;
--
- my @argvcopy=@ARGV;
-
- if (grep /^reconf(igure)?$/, @argvcopy) {
-@@ -533,21 +556,17 @@ foreach (@argvcopy)
- s /^zlib-dynamic$/enable-zlib-dynamic/;
-
- if (/^(no|disable|enable)-(.+)$/)
-- {
-- my $word = $2;
-- if (grep { $word =~ /^${_}$/ } @deprecated_disablables)
-- {
-- $deprecated_options{$_} = 1;
-- next;
-- }
-- elsif (!grep { $word =~ /^${_}$/ } @disablables)
-- {
-- $unsupported_options{$_} = 1;
-- next;
-- }
-- }
-- if (/^no-(.+)$/ || /^disable-(.+)$/)
-- {
-+ {
-+ my $word = $2;
-+ if (!exists $deprecated_disablables{$word}
-+ && !grep { $word =~ /^${_}$/ } @disablables)
-+ {
-+ $unsupported_options{$_} = 1;
-+ next;
-+ }
-+ }
-+ if (/^no-(.+)$/ || /^disable-(.+)$/)
-+ {
- foreach my $proto ((@tls, @dtls))
- {
- if ($1 eq "$proto-method")
-@@ -586,6 +605,14 @@ foreach (@argvcopy)
- {
- $disabled{"dynamic-engine"} = "option";
- }
-+ elsif (exists $deprecated_disablables{$1})
-+ {
-+ $deprecated_options{$_} = 1;
-+ if (defined $deprecated_disablables{$1})
-+ {
-+ $disabled{$deprecated_disablables{$1}} = "option";
-+ }
-+ }
- else
- {
- $disabled{$1} = "option";
-@@ -644,11 +671,7 @@ foreach (@argvcopy)
- }
- elsif (/^[-+]/)
- {
-- if (/^--classic$/)
-- {
-- $classic=1;
-- }
-- elsif (/^--prefix=(.*)$/)
-+ if (/^--prefix=(.*)$/)
- {
- $config{prefix}=$1;
- die "Directory given with --prefix MUST be absolute\n"
-@@ -674,6 +697,14 @@ foreach (@argvcopy)
- {
- $withargs{zlib_include}=$1;
- }
-+ elsif (/^--with-fuzzer-lib=(.*)$/)
-+ {
-+ $withargs{fuzzer_lib}=$1;
-+ }
-+ elsif (/^--with-fuzzer-include=(.*)$/)
-+ {
-+ $withargs{fuzzer_include}=$1;
-+ }
- elsif (/^--with-fipslibdir=(.*)$/)
- {
- $config{fipslibdir}="$1/";
-@@ -712,7 +743,7 @@ foreach (@argvcopy)
- unless ($_ eq $target || /^no-/ || /^disable-/)
- {
- # "no-..." follows later after implied disactivations
-- # have been derived. (Don't take this too seroiusly,
-+ # have been derived. (Don't take this too seriously,
- # we really only write OPTIONS to the Makefile out of
- # nostalgia.)
-
-@@ -886,11 +917,19 @@ my %target = resolve_config($target);
- if $config{cross_compile_prefix} eq "";
-
- # Allow overriding the names of some tools. USE WITH CARE
-+# Note: only Unix cares about HASHBANGPERL... that explains
-+# the default string.
- $config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl");
-+$config{hashbangperl} =
-+ $ENV{'HASHBANGPERL'} || $ENV{'PERL'} || "/usr/bin/env perl";
- $target{cc} = $ENV{'CC'} || $target{cc} || "cc";
--$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || which("ranlib") || "true";
-+$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} ||
-+ (which("$config{cross_compile_prefix}ranlib") ?
-+ "\$(CROSS_COMPILE)ranlib" : "true");
- $target{ar} = $ENV{'AR'} || $target{ar} || "ar";
- $target{nm} = $ENV{'NM'} || $target{nm} || "nm";
-+$target{rc} =
-+ $ENV{'RC'} || $ENV{'WINDRES'} || $target{rc} || "windres";
-
- # For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
- # or release_ attributes.
-@@ -904,22 +943,6 @@ my %target = resolve_config($target);
- $target{build_scheme} = [ $target{build_scheme} ]
- if ref($target{build_scheme}) ne "ARRAY";
-
--###### TO BE REMOVED WHEN CLASSIC BUILD IS REMOVED
--######
--###### If the user has chosen --classic, we give it to them.
--###### If they try that with an out-of-source config, we complain.
--if ($target{build_scheme}->[0] eq "unified" && $classic) {
-- die "Can't perform a classic build out of source tree\n"
-- if $srcdir ne $blddir;
--
-- $target{build_scheme} = { unix => [ "unixmake" ],
-- windows => undef,
-- VMS => undef } -> {$target{build_scheme}->[1]};
--
-- die "Classic mode unavailable on this platform\n"
-- unless defined($target{build_scheme});
--}
--
- my ($builder, $builder_platform, @builder_opts) =
- @{$target{build_scheme}};
-
-@@ -983,7 +1006,7 @@ unless ($disabled{threads}) {
- $disabled{threads} = "unavailable";
- }
- } else {
-- # The user chose to enable threads explicitely, let's see
-+ # The user chose to enable threads explicitly, let's see
- # if there's a chance that's possible
- if ($target{thread_scheme} eq "(unknown)") {
- # If the user asked for "threads" and we don't have internal
-@@ -1030,6 +1053,28 @@ if ($disabled{"dynamic-engine"}) {
- $config{dynamic_engines} = 1;
- }
-
-+unless ($disabled{"fuzz-libfuzzer"}) {
-+ $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
-+}
-+
-+unless ($disabled{asan}) {
-+ $config{cflags} .= "-fsanitize=address ";
-+}
-+
-+unless ($disabled{ubsan}) {
-+ # -DPEDANTIC or -fnosanitize=alignment may also be required on some
-+ # platforms.
-+ $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
-+}
-+
-+unless ($disabled{msan}) {
-+ $config{cflags} .= "-fsanitize=memory ";
-+}
-+
-+unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
-+ && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) {
-+ $config{cflags} .= "-fno-omit-frame-pointer -g ";
-+}
- #
- # Platform fix-ups
- #
-@@ -1239,12 +1284,27 @@ my $buildinfo_debug = defined($ENV{CONFI
- if ($builder eq "unified") {
- # Store the name of the template file we will build the build file from
- # in %config. This may be useful for the build file itself.
-- my $build_file_template =
-- catfile($srcdir, "Configurations",
-- $builder_platform."-".$target{build_file}.".tmpl");
-- $build_file_template =
-- catfile($srcdir, "Configurations", $target{build_file}.".tmpl")
-- if (! -f $build_file_template);
-+ my $build_file_template;
-+
-+ for my $filename (( $builder_platform."-".$target{build_file}.".tmpl",
-+ $target{build_file}.".tmpl" )) {
-+ if (defined $ENV{$local_config_envname}) {
-+ if ($^O eq 'VMS') {
-+ # VMS environment variables are logical names,
-+ # which can be used as is
-+ $build_file_template = $local_config_envname . ':' . $filename;
-+ } else {
-+ $build_file_template = catfile($ENV{$local_config_envname},
-+ $filename);
-+ }
-+ }
-+
-+ last if -f $build_file_template;
-+
-+ $build_file_template = catfile($srcdir, "Configurations", $filename);
-+
-+ last if -f $build_file_template;
-+ }
- $config{build_file_template} = $build_file_template;
-
- use lib catdir(dirname(__FILE__),"util");
-@@ -1308,9 +1368,13 @@ if ($builder eq "unified") {
- my $f = $_->[1];
- # The basic things we're trying to build
- my @programs = ();
-+ my @programs_install = ();
- my @libraries = ();
-+ my @libraries_install = ();
- my @engines = ();
-+ my @engines_install = ();
- my @scripts = ();
-+ my @scripts_install = ();
- my @extra = ();
- my @overrides = ();
- my @intermediates = ();
-@@ -1334,6 +1398,7 @@ if ($builder eq "unified") {
- $template->fill_in(HASH => { config => \%config,
- target => \%target,
- disabled => \%disabled,
-+ withargs => \%withargs,
- builddir => abs2rel($buildd, $blddir),
- sourcedir => abs2rel($sourced, $blddir),
- buildtop => abs2rel($blddir, $blddir),
-@@ -1373,48 +1438,72 @@ if ($builder eq "unified") {
- qr/^\s*ENDIF\s*$/
- => sub { die "ENDIF out of scope" if ! @skip;
- pop @skip; },
-- qr/^\s*PROGRAMS\s*=\s*(.*)\s*$/
-- => sub { push @programs, split(/\s+/, $1)
-- if !@skip || $skip[$#skip] > 0 },
-- qr/^\s*LIBS\s*=\s*(.*)\s*$/
-- => sub { push @libraries, split(/\s+/, $1)
-- if !@skip || $skip[$#skip] > 0 },
-- qr/^\s*ENGINES\s*=\s*(.*)\s*$/
-- => sub { push @engines, split(/\s+/, $1)
-- if !@skip || $skip[$#skip] > 0 },
-- qr/^\s*SCRIPTS\s*=\s*(.*)\s*$/
-- => sub { push @scripts, split(/\s+/, $1)
-- if !@skip || $skip[$#skip] > 0 },
-+ qr/^\s*PROGRAMS(_NO_INST)?\s*=\s*(.*)\s*$/
-+ => sub {
-+ if (!@skip || $skip[$#skip] > 0) {
-+ my $install = $1;
-+ my @x = tokenize($2);
-+ push @programs, @x;
-+ push @programs_install, @x unless $install;
-+ }
-+ },
-+ qr/^\s*LIBS(_NO_INST)?\s*=\s*(.*)\s*$/
-+ => sub {
-+ if (!@skip || $skip[$#skip] > 0) {
-+ my $install = $1;
-+ my @x = tokenize($2);
-+ push @libraries, @x;
-+ push @libraries_install, @x unless $install;
-+ }
-+ },
-+ qr/^\s*ENGINES(_NO_INST)?\s*=\s*(.*)\s*$/
-+ => sub {
-+ if (!@skip || $skip[$#skip] > 0) {
-+ my $install = $1;
-+ my @x = tokenize($2);
-+ push @engines, @x;
-+ push @engines_install, @x unless $install;
-+ }
-+ },
-+ qr/^\s*SCRIPTS(_NO_INST)?\s*=\s*(.*)\s*$/
-+ => sub {
-+ if (!@skip || $skip[$#skip] > 0) {
-+ my $install = $1;
-+ my @x = tokenize($2);
-+ push @scripts, @x;
-+ push @scripts_install, @x unless $install;
-+ }
-+ },
- qr/^\s*EXTRA\s*=\s*(.*)\s*$/
-- => sub { push @extra, split(/\s+/, $1)
-+ => sub { push @extra, tokenize($1)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/
-- => sub { push @overrides, split(/\s+/, $1)
-+ => sub { push @overrides, tokenize($1)
- if !@skip || $skip[$#skip] > 0 },
-
- qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/,
-- => sub { push @{$ordinals{$1}}, split(/\s+/, $2)
-+ => sub { push @{$ordinals{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
-- => sub { push @{$sources{$1}}, split(/\s+/, $2)
-+ => sub { push @{$sources{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*SHARED_SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
-- => sub { push @{$shared_sources{$1}}, split(/\s+/, $2)
-+ => sub { push @{$shared_sources{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*INCLUDE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
-- => sub { push @{$includes{$1}}, split(/\s+/, $2)
-+ => sub { push @{$includes{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
-- qr/^\s*DEPEND\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
-- => sub { push @{$depends{$1}}, split(/\s+/, $2)
-+ qr/^\s*DEPEND\[((?:\\.|[^\\\]])*)\]\s*=\s*(.*)\s*$/
-+ => sub { push @{$depends{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
- => sub { push @{$generate{$1}}, $2
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
-- => sub { push @{$renames{$1}}, split(/\s+/, $2)
-+ => sub { push @{$renames{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*SHARED_NAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
-- => sub { push @{$sharednames{$1}}, split(/\s+/, $2)
-+ => sub { push @{$sharednames{$1}}, tokenize($2)
- if !@skip || $skip[$#skip] > 0 },
- qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/
- => sub {
-@@ -1470,6 +1559,14 @@ if ($builder eq "unified") {
- $unified_info{programs}->{$program} = 1;
- }
-
-+ foreach (@programs_install) {
-+ my $program = cleanfile($buildd, $_, $blddir);
-+ if ($unified_info{rename}->{$program}) {
-+ $program = $unified_info{rename}->{$program};
-+ }
-+ $unified_info{install}->{programs}->{$program} = 1;
-+ }
-+
- foreach (@libraries) {
- my $library = cleanfile($buildd, $_, $blddir);
- if ($unified_info{rename}->{$library}) {
-@@ -1478,6 +1575,14 @@ if ($builder eq "unified") {
- $unified_info{libraries}->{$library} = 1;
- }
-
-+ foreach (@libraries_install) {
-+ my $library = cleanfile($buildd, $_, $blddir);
-+ if ($unified_info{rename}->{$library}) {
-+ $library = $unified_info{rename}->{$library};
-+ }
-+ $unified_info{install}->{libraries}->{$library} = 1;
-+ }
-+
- die <<"EOF" if scalar @engines and !$config{dynamic_engines};
- ENGINES can only be used if configured with 'dynamic-engine'.
- This is usually a fault in a build.info file.
-@@ -1490,6 +1595,14 @@ EOF
- $unified_info{engines}->{$library} = 1;
- }
-
-+ foreach (@engines_install) {
-+ my $library = cleanfile($buildd, $_, $blddir);
-+ if ($unified_info{rename}->{$library}) {
-+ $library = $unified_info{rename}->{$library};
-+ }
-+ $unified_info{install}->{engines}->{$library} = 1;
-+ }
-+
- foreach (@scripts) {
- my $script = cleanfile($buildd, $_, $blddir);
- if ($unified_info{rename}->{$script}) {
-@@ -1498,6 +1611,14 @@ EOF
- $unified_info{scripts}->{$script} = 1;
- }
-
-+ foreach (@scripts_install) {
-+ my $script = cleanfile($buildd, $_, $blddir);
-+ if ($unified_info{rename}->{$script}) {
-+ $script = $unified_info{rename}->{$script};
-+ }
-+ $unified_info{install}->{scripts}->{$script} = 1;
-+ }
-+
- foreach (@extra) {
- my $extra = cleanfile($buildd, $_, $blddir);
- $unified_info{extra}->{$extra} = 1;
-@@ -1628,9 +1749,15 @@ EOF
-
- foreach (keys %depends) {
- my $dest = $_;
-- my $ddest = cleanfile($buildd, $_, $blddir);
-- if ($unified_info{rename}->{$ddest}) {
-- $ddest = $unified_info{rename}->{$ddest};
-+ my $ddest = $dest eq "" ? "" : cleanfile($sourced, $_, $blddir);
-+
-+ # If the destination doesn't exist in source, it can only be
-+ # a generated file in the build tree.
-+ if ($ddest ne "" && ! -f $ddest) {
-+ $ddest = cleanfile($buildd, $_, $blddir);
-+ if ($unified_info{rename}->{$ddest}) {
-+ $ddest = $unified_info{rename}->{$ddest};
-+ }
- }
- foreach (@{$depends{$dest}}) {
- my $d = cleanfile($sourced, $_, $blddir);
-@@ -1643,7 +1770,7 @@ EOF
- if (! -f $d
- || (grep { $d eq $_ }
- map { cleanfile($srcdir, $_, $blddir) }
-- (@generated_headers, @generated_by_make_headers))) {
-+ grep { /\.h$/ } keys %{$unified_info{generate}})) {
- $d = cleanfile($buildd, $_, $blddir);
- }
- # Take note if the file to depend on is being renamed
-@@ -1651,26 +1778,35 @@ EOF
- $d = $unified_info{rename}->{$d};
- }
- $unified_info{depends}->{$ddest}->{$d} = 1;
-- # If we depend on a header file, let's make sure it
-- # can get included
-- if ($d =~ /\.h$/) {
-+ # If we depend on a header file or a perl module, let's make
-+ # sure it can get included
-+ if ($dest ne "" && $d =~ /\.(h|pm)$/) {
- my $i = dirname($d);
-- push @{$unified_info{includes}->{$ddest}}, $i
-- unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}};
-+ push @{$unified_info{includes}->{$ddest}->{source}}, $i
-+ unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}->{source}};
- }
- }
- }
-
- foreach (keys %includes) {
- my $dest = $_;
-- my $ddest = cleanfile($buildd, $_, $blddir);
-- if ($unified_info{rename}->{$ddest}) {
-- $ddest = $unified_info{rename}->{$ddest};
-+ my $ddest = cleanfile($sourced, $_, $blddir);
-+
-+ # If the destination doesn't exist in source, it can only be
-+ # a generated file in the build tree.
-+ if (! -f $ddest) {
-+ $ddest = cleanfile($buildd, $_, $blddir);
-+ if ($unified_info{rename}->{$ddest}) {
-+ $ddest = $unified_info{rename}->{$ddest};
-+ }
- }
- foreach (@{$includes{$dest}}) {
-- my $i = cleandir($sourced, $_, $blddir);
-- push @{$unified_info{includes}->{$ddest}}, $i
-- unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}};
-+ my $is = cleandir($sourced, $_, $blddir);
-+ my $ib = cleandir($buildd, $_, $blddir);
-+ push @{$unified_info{includes}->{$ddest}->{source}}, $is
-+ unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
-+ push @{$unified_info{includes}->{$ddest}->{build}}, $ib
-+ unless grep { $_ eq $ib } @{$unified_info{includes}->{$ddest}->{build}};
- }
- }
- }
-@@ -1681,12 +1817,28 @@ EOF
- $unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
- }
- # Two level structures
-- foreach my $l1 (("sources", "shared_sources", "ldadd", "depends")) {
-+ foreach my $l1 (("install", "sources", "shared_sources", "ldadd", "depends")) {
- foreach my $l2 (sort keys %{$unified_info{$l1}}) {
- $unified_info{$l1}->{$l2} =
- [ sort keys %{$unified_info{$l1}->{$l2}} ];
- }
- }
-+ # Includes
-+ foreach my $dest (sort keys %{$unified_info{includes}}) {
-+ if (defined($unified_info{includes}->{$dest}->{build})) {
-+ my @source_includes =
-+ ( @{$unified_info{includes}->{$dest}->{source}} );
-+ $unified_info{includes}->{$dest} =
-+ [ @{$unified_info{includes}->{$dest}->{build}} ];
-+ foreach my $inc (@source_includes) {
-+ push @{$unified_info{includes}->{$dest}}, $inc
-+ unless grep { $_ eq $inc } @{$unified_info{includes}->{$dest}};
-+ }
-+ } else {
-+ $unified_info{includes}->{$dest} =
-+ [ @{$unified_info{includes}->{$dest}->{source}} ];
-+ }
-+ }
- }
-
- # For the schemes that need it, we provide the old *_obj configs
-@@ -1823,7 +1975,7 @@ print OUT "1;\n";
- close(OUT);
-
-
--print "CC =$target{cc}\n";
-+print "CC =$config{cross_compile_prefix}$target{cc}\n";
- print "CFLAG =$target{cflags} $config{cflags}\n";
- print "SHARED_CFLAG =$target{shared_cflag}\n";
- print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
-@@ -1851,7 +2003,9 @@ print "CHACHA_ENC =$target{chacha_obj
- print "POLY1305_OBJ =$target{poly1305_obj}\n";
- print "BLAKE2_OBJ =$target{blake2_obj}\n";
- print "PROCESSOR =$config{processor}\n";
--print "RANLIB =$target{ranlib}\n";
-+print "RANLIB =", $target{ranlib} eq '$(CROSS_COMPILE)ranlib' ?
-+ "$config{cross_compile_prefix}ranlib" :
-+ "$target{ranlib}", "\n";
- print "ARFLAGS =$target{arflags}\n";
- print "PERL =$config{perl}\n";
- print "\n";
-@@ -1861,59 +2015,12 @@ print "THIRTY_TWO_BIT mode\n" if $config
- print "BN_LLONG mode\n" if $config{bn_ll};
- print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int;
-
--for (@generated_headers) {
-- mkpath(catdir($blddir, dirname($_)));
-- run_dofile(catfile($blddir, $_),
-- catfile($srcdir, $_.".in"));
--}
--
--###
--### When the old "unixmake" scheme goes away, so does this function
--###
--sub build_Makefile {
-- run_dofile("Makefile","Makefile.in");
--
-- # Copy all Makefile.in to Makefile (except top-level)
-- use File::Find;
-- use IO::File;
-- find(
-- {
-- preprocess => sub {
-- grep(!/^\./, @_);
-- },
-- wanted => sub {
-- return if ($_ ne "Makefile.in" || $File::Find::dir eq ".");
-- my $in = IO::File->new($_, "r") or
-- die sprintf "Error reading Makefile.in in %s: !$\n",
-- $File::Find::dir;
-- my $out = IO::File->new("Makefile", "w") or
-- die sprintf "Error writing Makefile in %s: !$\n",
-- $File::Find::dir;
-- print $out "# Generated from $_, do not edit\n";
-- while (my $line = <$in>) { print $out $line }
-- $in->close() or
-- die sprintf "Error reading Makefile.in in %s: !$\n",
-- $File::Find::dir;
-- $out->close() or
-- die sprintf "Error writing Makefile in %s: !$\n",
-- $File::Find::dir;
-- },
-- },
-- ".");
--}
--
- my %builders = (
- unified => sub {
- run_dofile(catfile($blddir, $target{build_file}),
- $config{build_file_template},
- catfile($srcdir, "Configurations", "common.tmpl"));
- },
-- unixmake => sub {
-- build_Makefile();
--
-- run_dofile("util/domd", "util/domd.in");
-- chmod 0755, "util/domd";
-- },
- );
-
- $builders{$builder}->($builder_platform, @builder_opts);
-@@ -1939,6 +2046,14 @@ or position independent code, please let
- you have tried with a current version of OpenSSL).
- EOF
-
-+print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
-+
-+WARNING: there are indications that another build was made in the source
-+directory. This build may have picked up artifacts from that build, the
-+safest course of action is to clean the source directory and redo this
-+configuration.
-+EOF
-+
- exit(0);
-
- ######################################################################
-@@ -2104,8 +2219,8 @@ sub read_config {
-
- }
-
--# configuration resolver. Will only resolve all the lazy evalutation
--# codeblocks for the chozen target and all those it inherits from,
-+# configuration resolver. Will only resolve all the lazy evaluation
-+# codeblocks for the chosen target and all those it inherits from,
- # recursively
- sub resolve_config {
- my $target = shift;
-@@ -2158,7 +2273,7 @@ sub resolve_config {
- # - If a value is a coderef, it will be executed with the list of
- # inherited values as arguments.
- # - If the corresponding key doesn't have a value at all or is the
-- # emoty string, the inherited value list will be run through the
-+ # empty string, the inherited value list will be run through the
- # default combiner (below), and the result becomes this target's
- # value.
- # - Otherwise, this target's value is assumed to be a string that
-@@ -2266,13 +2381,34 @@ sub run_dofile
- foreach (@templates) {
- die "Can't open $_, $!" unless -f $_;
- }
-- my $cmd = "$config{perl} \"-I.\" \"-Mconfigdata\" $dofile -o\"Configure\" \"".join("\" \"", at templates)."\" > \"$out.new\"";
-+ my $cmd = "$config{perl} \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"", at templates)."\" > \"$out.new\"";
- #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
- system($cmd);
- exit 1 if $? != 0;
- rename("$out.new", $out) || die "Can't rename $out.new, $!";
- }
-
-+sub which
-+{
-+ my ($name)=@_;
-+
-+ if (eval { require IPC::Cmd; 1; }) {
-+ IPC::Cmd->import();
-+ return scalar IPC::Cmd::can_run($name);
-+ } else {
-+ # if there is $directories component in splitpath,
-+ # then it's not something to test with $PATH...
-+ return $name if (File::Spec->splitpath($name))[1];
-+
-+ foreach (File::Spec->path()) {
-+ my $fullpath = catfile($_, "$name$target{exe_extension}");
-+ if (-f $fullpath and -x $fullpath) {
-+ return $fullpath;
-+ }
-+ }
-+ }
-+}
-+
- # Configuration printer ##############################################
-
- sub print_table_entry
-@@ -2400,22 +2536,6 @@ sub absolutedir {
- return realpath($dir);
- }
-
--sub which
-- {
-- my($name)=@_;
-- my $path;
-- foreach $path (split /:/, $ENV{PATH})
-- {
-- my $fullpath = "$path/$name$target{exe_extension}";
-- if (-f $fullpath and -x $fullpath)
-- {
-- return $fullpath
-- unless ($name eq "perl" and
-- system("$fullpath -e " . '\'exit($]<5.0);\''));
-- }
-- }
-- }
--
- sub quotify {
- my %processors = (
- perl => sub { my $x = shift;
-@@ -2519,3 +2639,41 @@ sub collect_information {
- }
- }
- }
-+
-+# tokenize($line)
-+# $line is a line of text to split up into tokens
-+# returns a list of tokens
-+#
-+# Tokens are divided by spaces. If the tokens include spaces, they
-+# have to be quoted with single or double quotes. Double quotes
-+# inside a double quoted token must be escaped. Escaping is done
-+# with backslash.
-+# Basically, the same quoting rules apply for " and ' as in any
-+# Unix shell.
-+sub tokenize {
-+ my $line = my $debug_line = shift;
-+ my @result = ();
-+
-+ while ($line =~ s|^\s+||, $line ne "") {
-+ my $token = "";
-+ while ($line ne "" && $line !~ m|^\s|) {
-+ if ($line =~ m/^"((?:[^"\\]+|\\.)*)"/) {
-+ $token .= $1;
-+ $line = $';
-+ } elsif ($line =~ m/^'([^']*)'/) {
-+ $token .= $1;
-+ $line = $';
-+ } elsif ($line =~ m/^(\S+)/) {
-+ $token .= $1;
-+ $line = $';
-+ }
-+ }
-+ push @result, $token;
-+ }
-+
-+ if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) {
-+ print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n";
-+ print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n";
-+ }
-+ return @result;
-+}
---- a/INSTALL
-+++ b/INSTALL
-@@ -2,16 +2,15 @@
- OPENSSL INSTALLATION
- --------------------
-
-- [This document describes installation on the main supported operating
-- systems, currently the Linux/Unix family, OpenVMS and Windows.
-- Installation on DOS (with djgpp), MacOS (before MacOS X)
-- is described in INSTALL.DJGPP or INSTALL.MacOS, respectively.]
-+ [This document describes installation on all supported operating
-+ systems (currently mainly the Linux/Unix family, OpenVMS and
-+ Windows)]
-
- To install OpenSSL, you will need:
-
-- * make
-- * Perl 5 with core modules (please read README.PERL)
-- * The perl module Text::Template (please read README.PERL)
-+ * A make implementation
-+ * Perl 5 with core modules (please read NOTES.PERL)
-+ * The perl module Text::Template (please read NOTES.PERL)
- * an ANSI C compiler
- * a development environment in the form of development libraries and C
- header files
-@@ -21,7 +20,8 @@
- please read one of these:
-
- * NOTES.VMS (OpenVMS)
-- * NOTES.WIN (any Windows except for Windows CE)
-+ * NOTES.WIN (any supported Windows)
-+ * NOTES.DJGPP (DOS platform with DJGPP)
-
- Quick Start
- -----------
-@@ -77,13 +77,43 @@
- --openssldir depend in what configuration is used and what Windows
- implementation OpenSSL is built on. More notes on this in NOTES.WIN):
-
-- --prefix=DIR
-- The top of the installation directory tree. Defaults are:
-+ --api=x.y.z
-+ Don't build with support for deprecated APIs below the
-+ specified version number. For example "--api=1.1.0" will
-+ remove support for all APIS that were deprecated in OpenSSL
-+ version 1.1.0 or below.
-
-- Unix: /usr/local
-- Windows: C:\Program Files\OpenSSL
-- or C:\Program Files (x86)\OpenSSL
-- OpenVMS: SYS$COMMON:[OPENSSL-'version']
-+ --cross-compile-prefix=PREFIX
-+ The PREFIX to include in front of commands for your
-+ toolchain. It's likely to have to end with dash, e.g.
-+ a-b-c- would invoke GNU compiler as a-b-c-gcc, etc.
-+ Unfortunately cross-compiling is too case-specific to
-+ put together one-size-fits-all instructions. You might
-+ have to pass more flags or set up environment variables
-+ to actually make it work. Android and iOS cases are
-+ discussed in corresponding Configurations/10-main.cf
-+ sections. But there are cases when this option alone is
-+ sufficient. For example to build the mingw64 target on
-+ Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
-+ works. Naturally provided that mingw packages are
-+ installed. Today Debian and Ubuntu users have option to
-+ install a number of prepackaged cross-compilers along
-+ with corresponding run-time and development packages for
-+ "alien" hardware. To give another example
-+ "--cross-compile-prefix=mipsel-linux-gnu-" suffices
-+ in such case. Needless to mention that you have to
-+ invoke ./Configure, not ./config, and pass your target
-+ name explicitly.
-+
-+ --debug
-+ Build OpenSSL with debugging symbols.
-+
-+ --libdir=DIR
-+ The name of the directory under the top of the installation
-+ directory tree (see the --prefix option) where libraries will
-+ be installed. By default this is "lib". Note that on Windows
-+ only ".lib" files will be stored in this location. dll files
-+ will always be installed to the "bin" directory.
-
- --openssldir=DIR
- Directory for OpenSSL configuration files, and also the
-@@ -94,16 +124,54 @@
- or C:\Program Files (x86)\Common Files\SSL
- OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
-
-- --api=x.y.z
-- Don't build with support for deprecated APIs below the
-- specified version number. For example "--api=1.1.0" will
-- remove support for all APIS that were deprecated in OpenSSL
-- version 1.1.0 or below.
-+ --prefix=DIR
-+ The top of the installation directory tree. Defaults are:
-+
-+ Unix: /usr/local
-+ Windows: C:\Program Files\OpenSSL
-+ or C:\Program Files (x86)\OpenSSL
-+ OpenVMS: SYS$COMMON:[OPENSSL-'version']
-+
-+ --release
-+ Build OpenSSL without debugging symbols. This is the default.
-+
-+ --strict-warnings
-+ This is a developer flag that switches on various compiler
-+ options recommended for OpenSSL development. It only works
-+ when using gcc or clang as the compiler. If you are
-+ developing a patch for OpenSSL then it is recommended that
-+ you use this option where possible.
-+
-+ --with-zlib-include=DIR
-+ The directory for the location of the zlib include file. This
-+ option is only necessary if enable-zlib (see below) is used
-+ and the include file is not already on the system include
-+ path.
-+
-+ --with-zlib-lib=LIB
-+ On Unix: this is the directory containing the zlib library.
-+ If not provided the system library path will be used.
-+ On Windows: this is the filename of the zlib library (with or
-+ without a path). This flag must be provided if the
-+ zlib-dynamic option is not also used. If zlib-dynamic is used
-+ then this flag is optional and a default value ("ZLIB1") is
-+ used if not provided.
-+ On VMS: this is the filename of the zlib library (with or
-+ without a path). This flag is optional and if not provided
-+ then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is
-+ used by default depending on the pointer size chosen.
-
- no-afalgeng
- Don't build the AFALG engine. This option will be forced if
- on a platform that does not support AFALG.
-
-+ enable-asan
-+ Build with the Address sanitiser. This is a developer option
-+ only. It may not work on all platforms and should never be
-+ used in production environments. It will only work when used
-+ with gcc or clang and should be used in conjunction with the
-+ no-shared option.
-+
- no-asm
- Do not use assembler code. On some platforms a small amount
- of assembler code may still be used.
-@@ -147,6 +215,13 @@
- enable-crypto-mdebug-backtrace
- As for crypto-mdebug, but additionally provide backtrace
- information for allocated memory.
-+ TO BE USED WITH CARE: this uses GNU C functionality, and
-+ is therefore not usable for non-GNU config targets. If
-+ your build complains about the use of '-rdynamic' or the
-+ lack of header file execinfo.h, this option is not for you.
-+ ALSO NOTE that even though execinfo.h is available on your
-+ system (through Gnulib), the functions might just be stubs
-+ that do nothing.
-
- no-ct
- Don't build support for Certificate Transparency.
-@@ -192,6 +267,12 @@
- Don't compile in filename and line number information (e.g.
- for errors and memory allocation).
-
-+ enable-fuzz-libfuzzer, enable-fuzz-afl
-+ Build with support for fuzzing using either libfuzzer or AFL.
-+ These are developer options only. They may not work on all
-+ platforms and should never be used in production environments.
-+ See the file fuzz/README.md for further details.
-+
- no-gost
- Don't build support for GOST based ciphersuites. Note that
- if this feature is enabled then GOST ciphersuites are only
-@@ -234,9 +315,6 @@
- Don't build support for RFC3779 ("X.509 Extensions for IP
- Addresses and AS Identifiers")
-
-- no-sct
-- ??
--
- sctp
- Build support for SCTP
-
-@@ -263,7 +341,7 @@
- "illegal instruction" exception. There might be a way
- to enable support in kernel, e.g. FreeBSD kernel can be
- compiled with CPU_ENABLE_SSE, and there is a way to
-- disengage SSE2 code pathes upon application start-up,
-+ disengage SSE2 code paths upon application start-up,
- but if you aim for wider "audience" running such kernel,
- consider no-sse2. Both the 386 and no-asm options imply
- no-sse2.
-@@ -297,6 +375,14 @@
- no-ts
- Don't build Time Stamping Authority support.
-
-+ enable-ubsan
-+ Build with the Undefined Behaviour sanitiser. This is a
-+ developer option only. It may not work on all platforms and
-+ should never be used in production environments. It will only
-+ work when used with gcc or clang and should be used in
-+ conjunction with the "-DPEDANTIC" option (or the
-+ --strict-warnings option).
-+
- no-ui
- Don't build with the "UI" capability (i.e. the set of
- features enabling text based prompts).
-@@ -415,10 +501,10 @@
- The generic configurations "cc" or "gcc" should usually work on 32 bit
- Unix-like systems.
-
-- Configure creates a build file ("Makefile" on Unix and "descrip.mms"
-- on OpenVMS) from a suitable template in Configurations, and
-- defines various macros in crypto/opensslconf.h (generated from
-- crypto/opensslconf.h.in).
-+ Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
-+ and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
-+ and defines various macros in include/openssl/opensslconf.h (generated from
-+ include/openssl/opensslconf.h.in).
-
- 1c. Configure OpenSSL for building outside of the source tree.
-
-@@ -471,9 +557,12 @@
-
- If the build fails, look at the output. There may be reasons for
- the failure that aren't problems in OpenSSL itself (like missing
-- standard headers). If it is a problem with OpenSSL itself, please
-- report the problem to <rt at openssl.org> (note that your message
-- will be recorded in the request tracker publicly readable at
-+ standard headers). If you are having problems you can get help by
-+ sending an email to the openssl-users email list (see
-+ https://www.openssl.org/community/mailinglists.html for details). If it
-+ is a bug with OpenSSL itself, please report the problem to
-+ <rt at openssl.org> (note that your message will be recorded in the request
-+ tracker publicly readable at
- https://www.openssl.org/community/index.html#bugs and will be
- forwarded to a public mailing list). Please check out the request
- tracker. Maybe the bug was already reported or has already been
-@@ -491,18 +580,19 @@
- $ mms test ! OpenVMS
- $ nmake test # Windows
-
-+ NOTE: you MUST run the tests from an unprivileged account (or
-+ disable your privileges temporarily if your platform allows it).
-+
- If some tests fail, look at the output. There may be reasons for
- the failure that isn't a problem in OpenSSL itself (like a
- malfunction with Perl). You may want increased verbosity, that
- can be accomplished like this:
-
-- $ HARNESS_VERBOSE=yes make test # Unix
-+ $ make VERBOSE=1 test # Unix
-
-- $ DEFINE HARNESS_VERBOSE YES
-- $ mms test ! OpenVMS
-+ $ mms /macro=(VERBOSE=1) test ! OpenVMS
-
-- $ set HARNESS_VERBOSE=yes
-- $ nmake test # Windows
-+ $ nmake VERBOSE=1 test # Windows
-
- If you want to run just one or a few specific tests, you can use
- the make variable TESTS to specify them, like this:
-@@ -513,7 +603,7 @@
-
- And of course, you can combine (Unix example shown):
-
-- $ HARNESS_VERBOSE=yes make TESTS='test_rsa test_dsa' test
-+ $ make VERBOSE=1 TESTS='test_rsa test_dsa' test
-
- You can find the list of available tests like this:
-
-@@ -528,12 +618,13 @@
- compiler optimization flags from the CFLAGS line in Makefile and
- run "make clean; make" or corresponding.
-
-- Please send a bug reports to <rt at openssl.org>.
-+ Please send bug reports to <rt at openssl.org>.
-
- 4. If everything tests ok, install OpenSSL with
-
- $ make install # Unix
- $ mms install ! OpenVMS
-+ $ nmake install # Windows
-
- This will install all the software components in this directory
- tree under PREFIX (the directory given with --prefix or its
-@@ -595,7 +686,7 @@
-
- * COMPILING existing applications
-
-- OpenSSL 1.1 hides a number of structures that were previously
-+ OpenSSL 1.1.0 hides a number of structures that were previously
- open. This includes all internal libssl structures and a number
- of EVP types. Accessor functions have been added to allow
- controlled access to the structures' data.
-@@ -607,11 +698,115 @@
- provided accessor functions where you would previously access a
- structure's field directly.
-
-- <TBA>
--
- Some APIs have changed as well. However, older APIs have been
- preserved when possible.
-
-+ Environment Variables
-+ ---------------------
-+
-+ A number of environment variables can be used to provide additional control
-+ over the build process. Typically these should be defined prior to running
-+ config or Configure. Not all environment variables are relevant to all
-+ platforms.
-+
-+ AR
-+ The name of the ar executable to use.
-+
-+ CC
-+ The compiler to use. Configure will attempt to pick a default
-+ compiler for your platform but this choice can be overridden
-+ using this variable. Set it to the compiler executable you wish
-+ to use, e.g. "gcc" or "clang".
-+
-+ CROSS_COMPILE
-+ This environment variable has the same meaning as for the
-+ "--cross-compile-prefix" Configure flag described above. If both
-+ are set then the Configure flag takes precedence.
-+
-+ NM
-+ The name of the nm executable to use.
-+
-+ OPENSSL_LOCAL_CONFIG_DIR
-+ OpenSSL comes with a database of information about how it
-+ should be built on different platforms. This information is
-+ held in ".conf" files in the Configurations directory. See the
-+ file Configurations/README for further information about the
-+ format of ".conf" files. As well as the standard ".conf" files
-+ it is possible to create your own ".conf" files and store them
-+ locally, outside the OpenSSL source tree. This environment
-+ variable can be set to the directory where these files are held.
-+
-+ PERL
-+ The name of the Perl executable to use when building OpenSSL.
-+
-+ HASHBANGPERL
-+ The command string for the Perl executable to insert in the
-+ #! line of perl scripts that will be publically installed.
-+ Default: /usr/bin/env perl
-+ Note: the value of this variable is added to the same scripts
-+ on all platforms, but it's only relevant on Unix-like platforms.
-+
-+ RC
-+ The name of the rc executable to use. The default will be as
-+ defined for the target platform in the ".conf" file. If not
-+ defined then "windres" will be used. The WINDRES environment
-+ variable is synonymous to this. If both are defined then RC
-+ takes precedence.
-+
-+ RANLIB
-+ The name of the ranlib executable to use.
-+
-+ WINDRES
-+ See RC.
-+
-+ Makefile targets
-+ ----------------
-+
-+ The Configure script generates a Makefile in a format relevant to the specific
-+ platform. The Makefiles provide a number of targets that can be used. Not all
-+ targets may be available on all platforms. Only the most common targets are
-+ described here. Examine the Makefiles themselves for the full list.
-+
-+ all
-+ The default target to build all the software components.
-+
-+ clean
-+ Remove all build artefacts and return the directory to a "clean"
-+ state.
-+
-+ depend
-+ Rebuild the dependencies in the Makefiles. This is a legacy
-+ option that no longer needs to be used in OpenSSL 1.1.0.
-+
-+ install
-+ Install all OpenSSL components.
-+
-+ install_sw
-+ Only install the OpenSSL software components.
-+
-+ install_docs
-+ Only install the OpenSSL documentation components.
-+
-+ install_man_docs
-+ Only install the OpenSSL man pages (Unix only).
-+
-+ install_html_docs
-+ Only install the OpenSSL html documentation.
-+
-+ list-tests
-+ Prints a list of all the self test names.
-+
-+ test
-+ Build and run the OpenSSL self tests.
-+
-+ uninstall
-+ Uninstall all OpenSSL components.
-+
-+ update
-+ This is a developer option. If you are developing a patch for
-+ OpenSSL you may need to use this if you want to update
-+ automatically generated files; add new error codes or add new
-+ (or change the visibility of) public API functions. (Unix only).
-
- Note on multi-threading
- -----------------------
-@@ -652,7 +847,7 @@
- internal PRNG. If not properly seeded, the internal PRNG will refuse
- to deliver random bytes and a "PRNG not seeded error" will occur.
- On systems without /dev/urandom (or similar) device, it may be necessary
-- to install additional support software to obtain random seed.
-+ to install additional support software to obtain a random seed.
- Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
- and the FAQ for more information.
-
---- a/INSTALL.DJGPP
-+++ /dev/null
-@@ -1,48 +0,0 @@
--
--
-- INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-- -------------------------------------------
--
-- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
-- environment for 16-bit DOS, but only with long filename support.
-- If you wish to compile on native DOS with 8+3 filenames, you will
-- have to tweak the installation yourself, including renaming files
-- with illegal or duplicate names.
--
-- You should have a full DJGPP environment installed, including the
-- latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
-- requires that PERL and the PERL module Text::Template also be
-- installed.
--
-- All of these can be obtained from the usual DJGPP mirror sites or
-- directly at "http://www.delorie.com/pub/djgpp". For help on which
-- files to download, see the DJGPP "ZIP PICKER" page at
-- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
-- the WATT-32 networking package installed before you try to compile
-- OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
-- The Makefile assumes that the WATT-32 code is in the directory
-- specified by the environment variable WATT_ROOT. If you have watt-32
-- in directory "watt32" under your main DJGPP directory, specify
-- WATT_ROOT="/dev/env/DJDIR/watt32".
--
-- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
-- running "./Configure" with appropriate arguments:
--
-- ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
--
-- And finally fire up "make". You may run out of DPMI selectors when
-- running in a DOS box under Windows. If so, just close the BASH
-- shell, go back to Windows, and restart BASH. Then run "make" again.
--
-- RUN-TIME CAVEAT LECTOR
-- --------------
--
-- Quoting FAQ:
--
-- "Cryptographic software needs a source of unpredictable data to work
-- correctly. Many open source operating systems provide a "randomness
-- device" (/dev/urandom or /dev/random) that serves this purpose."
--
-- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
-- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
-- obtained from "http://www.rahul.net/dkaufman/index.html".
---- a/INSTALL.WCE
-+++ /dev/null
-@@ -1,93 +0,0 @@
--
-- INSTALLATION FOR THE WINDOWS CE PLATFORM
-- ----------------------------------------
--
-- Building OpenSSL for Windows CE requires the following external tools:
--
-- * Microsoft eMbedded Visual C++ 3.0 or later
-- * Appropriate SDK might be required
-- * Perl for Win32 [commonly recommended ActiveState Perl is available
-- from http://www.activestate.com/Products/ActivePerl/]
-- You also need the perl module Text::Template.
-- Please read README.PERL for more information.
--
-- * wcecompat compatibility library available at
-- http://www.essemer.com.au/windowsce/
-- * Optionally ceutils for running automated tests (same location)
--
-- _or_
--
-- * PocketConsole driver and PortSDK available at
-- http://www.symbolictools.de/public/pocketconsole/
-- * CMD command interpreter (same location)
--
-- As Windows CE support in OpenSSL relies on 3rd party compatibility
-- library, it's appropriate to check corresponding URL for updates. For
-- example if you choose wcecompat, note that as for the moment of this
-- writing version 1.2 is available and actually required for WCE 4.2
-- and newer platforms. All wcecompat issues should be directed to
-- www.essemer.com.au.
--
-- Why compatibility library at all? The C Runtime Library implementation
-- for Windows CE that is included with Microsoft eMbedded Visual C++ is
-- incomplete and in some places incorrect. Compatibility library plugs
-- the holes and tries to bring the Windows CE CRT to [more] usable level.
-- Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
-- proposed compatibility libraries solve in two different ways: wcecompat
-- redirects IO to active sync link, while PortSDK - to NT-like console
-- driver on the handheld itself.
--
-- Building
-- --------
--
-- Setup the eMbedded Visual C++ environment. There are batch files for doing
-- this installed with eVC++. For an ARM processor, for example, execute:
--
-- > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
--
-- Next pick compatibility library according to your preferences.
--
-- 1. To choose wcecompat set up WCECOMPAT environment variable pointing
-- at the location of wcecompat tree "root":
--
-- > set WCECOMPAT=C:\wcecompat
-- > set PORTSDK_LIBPATH=
--
-- 2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
-- specific location where your portlib.lib is installed:
--
-- > set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
-- > set WCECOMPAT=
--
-- Note that you may not set both variables.
--
-- Next you should run Configure:
--
-- > perl Configure VC-CE
--
-- Next you need to build the Makefiles:
--
-- > ms\do_ms
--
-- Then from the VC++ environment at a prompt do:
--
-- > nmake -f ms\cedll.mak
--
-- [note that static builds are not supported under CE]
--
-- If all is well it should compile and you will have some DLLs and executables
-- in out32dll*.
--
-- <<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
--
-- If you want
-- to try the tests then make sure the ceutils are in the path and do:
--
-- > cd out32
-- > ..\ms\testce
--
-- This will copy each of the test programs to the Windows CE device and execute
-- them, displaying the output of the tests on this computer. The output should
-- look similar to the output produced by running the tests for a regular Windows
-- build.
--
---- a/LICENSE
-+++ b/LICENSE
-@@ -4,9 +4,7 @@
-
- The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
- the OpenSSL License and the original SSLeay license apply to the toolkit.
-- See below for the actual license texts. Actually both licenses are BSD-style
-- Open Source licenses. In case of any license issues related to OpenSSL
-- please contact openssl-core at openssl.org.
-+ See below for the actual license texts.
-
- OpenSSL License
- ---------------
---- a/Makefile.in
-+++ /dev/null
-@@ -1,798 +0,0 @@
--##
--## Makefile for OpenSSL
--##
--## {- join("\n## ", @autowarntext) -}
--
--VERSION={- $config{version} -}
--MAJOR={- $config{major} -}
--MINOR={- $config{minor} -}
--SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
--SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
--SHLIB_MAJOR={- $config{shlib_major} -}
--SHLIB_MINOR={- $config{shlib_minor} -}
--SHLIB_EXT={- $target{shared_extension} || ".so" -}
--SHLIB_EXT_SIMPLE={- $target{shared_extension_simple} || ".so" -}
--SHLIB_EXT_IMPORT={- $target{shared_import_extension} || "" -}
--DSO_EXT={- $target{dso_extension} || ".so" -}
--PLATFORM={- $config{target} -}
--OPTIONS={- $config{options} -}
--CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
--SHLIB_TARGET={- $target{shared_target} -}
--
--# HERE indicates where this Makefile lives. This can be used to indicate
--# where sub-Makefiles are expected to be. Currently has very limited usage,
--# and should probably not be bothered with at all.
--HERE=.
--
--# DESTDIR is for package builders so that they can configure
--# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
--# Normally it is left empty.
--DESTDIR=
--
--# Do not edit these manually. Use Configure with --prefix or --openssldir
--# to change this! Short explanation in the top comment in Configure
--INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet
-- #
-- our $prefix = $config{prefix} || "/usr/local";
-- $prefix -}
--OPENSSLDIR={- #
-- # The logic here is that if no --openssldir was given,
-- # OPENSSLDIR will get the value from $prefix plus "/ssl".
-- # If --openssldir was given and the value is an absolute
-- # path, OPENSSLDIR will get its value without change.
-- # If the value from --openssldir is a relative path,
-- # OPENSSLDIR will get $prefix with the --openssldir
-- # value appended as a subdirectory.
-- #
-- use File::Spec::Functions;
-- our $openssldir =
-- $config{openssldir} ?
-- (file_name_is_absolute($config{openssldir}) ?
-- $config{openssldir}
-- : catdir($prefix, $config{openssldir}))
-- : catdir($prefix, "ssl");
-- $openssldir -}
--LIBDIR={- #
-- # if $prefix/lib$target{multilib} is not an existing
-- # directory, then assume that it's not searched by linker
-- # automatically, in which case adding $target{multilib} suffix
-- # causes more grief than we're ready to tolerate, so don't...
-- our $multilib =
-- -d "$prefix/lib$target{multilib}" ? $target{multilib} : "";
-- our $libdir = $config{libdir} || "lib$multilib";
-- $libdir -}
--ENGINESDIR={- use File::Spec::Functions;
-- catdir($prefix,$libdir,"engines") -}
--
--# NO_IDEA - Define to build without the IDEA algorithm
--# NO_RC4 - Define to build without the RC4 algorithm
--# NO_RC2 - Define to build without the RC2 algorithm
--# THREADS - Define when building with threads, you will probably also need any
--# system defines as well, i.e. _REENTRANT for Solaris 2.[34]
--# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
--# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
--# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
--# DEVRANDOM - Give this the value of the 'random device' if your OS supports
--# one. 32 bytes will be read from this when the random
--# number generator is initalised.
--# SSL_FORBID_ENULL - define if you want the server to be not able to use the
--# NULL encryption ciphers.
--#
--# LOCK_DEBUG - turns on lots of lock debug output :-)
--# REF_DEBUG - turn on some xyz_free() assertions.
--# REF_PRINT - prints some stuff on structure free.
--# MFUNC - Make all Malloc/Free/Realloc calls call
--# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
--# call application defined callbacks via CRYPTO_set_mem_functions()
--# MD5_ASM needs to be defined to use the x86 assembler for MD5
--# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
--# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
--# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
--# equal 4.
--# PKCS1_CHECK - pkcs1 tests.
--
--CROSS_COMPILE= {- $config{cross_compile_prefix} -}
--CC= $(CROSS_COMPILE){- $target{cc} -}
--CFLAG={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
--CFLAG_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
--LDFLAG= {- $target{lflags} -} {- $config{lflags} -}
--PLIB_LDFLAG= {- $target{plib_lflags} -} {- $config{plib_lflags} -}
--EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
--EXE_EXT= {- $target{exe_extension} -}
--ARFLAGS= {- $target{arflags} -}
--AR=$(CROSS_COMPILE){- $target{ar} -} $(ARFLAGS) r
--RANLIB= {- $target{ranlib} -}
--NM= $(CROSS_COMPILE){- $target{nm} -}
--PERL= {- $config{perl} -}
--#RM= echo --
--RM= rm -f
--TAR= tar
--TARFLAGS= --no-recursion
--MAKEDEPPROG=$(CROSS_COMPILE){- $config{makedepprog} -}
--
--# We let the C compiler driver to take care of .s files. This is done in
--# order to be excused from maintaining a separate set of architecture
--# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
--# gcc, then the driver will automatically translate it to -xarch=v8plus
--# and pass it down to assembler.
--AS=$(CC) -c
--ASFLAG=$(CFLAG)
--
--# For x86 assembler: Set PROCESSOR to 386 if you want to support
--# the 80386.
--PROCESSOR= {- $config{processor} -}
--
--# CPUID module collects small commonly used assembler snippets
--APPS_OBJ={- $target{apps_obj} -}
--CPUID_OBJ= {- $target{cpuid_obj} -}
--UPLINK_OBJ= {- $target{uplink_obj} -}
--BN_ASM= {- $target{bn_obj} -}
--EC_ASM= {- $target{ec_obj} -}
--DES_ENC= {- $target{des_obj} -}
--AES_ENC= {- $target{aes_obj} -}
--BF_ENC= {- $target{bf_obj} -}
--CAST_ENC= {- $target{cast_obj} -}
--RC4_ENC= {- $target{rc4_obj} -}
--RC5_ENC= {- $target{rc5_obj} -}
--MD5_ASM_OBJ= {- $target{md5_obj} -}
--SHA1_ASM_OBJ= {- $target{sha1_obj} -}
--RMD160_ASM_OBJ= {- $target{rmd160_obj} -}
--BLAKE2_OBJ= {- $target{blake2_obj} -}
--WP_ASM_OBJ= {- $target{wp_obj} -}
--CMLL_ENC= {- $target{cmll_obj} -}
--MODES_ASM_OBJ= {- $target{modes_obj} -}
--PADLOCK_ASM_OBJ= {- $target{padlock_obj} -}
--CHACHA_ENC= {- $target{chacha_obj} -}
--POLY1305_ASM_OBJ= {- $target{poly1305_obj} -}
--PERLASM_SCHEME= {- $target{perlasm_scheme} -}
--
--# Zlib stuff
--ZLIB_INCLUDE={- $withargs{zlib_include} -}
--LIBZLIB={- $withargs{zlib_lib} -}
--
--# This is the location of fipscanister.o and friends.
--# The FIPS module build will place it $(INSTALLTOP)/lib
--# but since $(INSTALLTOP) can only take the default value
--# when the module is built it will be in /usr/local/ssl/lib
--# $(INSTALLTOP) for this build may be different so hard
--# code the path.
--
--FIPSLIBDIR={- $config{fipslibdir} -}
--
--# The location of the library which contains fipscanister.o
--# normally it will be libcrypto. If not compiling in FIPS mode
--# at all this is empty making it a useful test for a FIPS compile.
--
--FIPSCANLIB={- $config{fips} ? "libcrypto" : "" -}
--
--# Shared library base address. Currently only used on Windows.
--#
--
--BASEADDR={- $config{baseaddr} -}
--
--DIRS= {- join(" ", @{$config{dirs}}) -}
--SHLIBDIRS= crypto ssl
--INSTALL_SUBS= engines apps tools
--
--# dirs in crypto to build
--SDIRS= {- join(" ", @{$config{sdirs}}) -}
--
--# tests to perform. "alltests" is a special word indicating that all tests
--# should be performed.
--TESTS = alltests
--
--MAKEFILE= Makefile
--
--MANDIR=$(INSTALLTOP)/share/man
--MAN1=1
--MAN3=3
--MANSUFFIX=
--HTMLSUFFIX=html
--HTMLDIR=$(INSTALLTOP)/share/doc/$(BASENAME)/html
--SHELL=/bin/sh
--
--TOP= .
--LIBS= libcrypto.a libssl.a
--SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
--SHARED_SSL=libssl$(SHLIB_EXT)
--SHARED_LIBS={- $disabled{shared} ? '' : '$(SHARED_CRYPTO) $(SHARED_SSL)' -}
--SHARED_CFLAG={- $target{shared_cflag} -}
--SHARED_LDFLAG={- $target{shared_ldflag}." ".$config{shared_ldflag}
-- # Unlike other OSes (like Solaris, Linux, Tru64,
-- # IRIX) BSD run-time linkers (tested OpenBSD, NetBSD
-- # and FreeBSD) "demand" RPATH set on .so objects.
-- # Apparently application RPATH is not global and
-- # does not apply to .so linked with other .so.
-- # Problem manifests itself when libssl.so fails to
-- # load libcrypto.so. One can argue that we should
-- # engrave this into Makefile.shared rules or into
-- # BSD-* config lines above. Meanwhile let's try to
-- # be cautious and pass -rpath to linker only when
-- # $prefix is not /usr.
-- . ($config{target} =~ m|^BSD-| && $prefix !~ m|^/usr/.*$|
-- ? " -Wl,-rpath,\$\$(LIBRPATH)" : "") -}
--SHARED_RCFLAG={- $target{shared_rcflag} -}
--DYNAMIC_ENGINES={- $config{dynamic_engines} -}
--
--GENERAL= Makefile
--BASENAME= openssl
--NAME= $(BASENAME)-$(VERSION)
--TARFILE= ../$(NAME).tar
--HEADER= e_os.h
--
--# Directories created on install if they don't exist.
--INSTALLDIRS= \
-- $(DESTDIR)$(INSTALLTOP)/bin \
-- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) \
-- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines \
-- $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
-- $(DESTDIR)$(INSTALLTOP)/include/openssl \
-- $(DESTDIR)$(OPENSSLDIR)/misc \
-- $(DESTDIR)$(OPENSSLDIR)/certs \
-- $(DESTDIR)$(OPENSSLDIR)/private
--
--ENGDIRS={- join(" ", @{$config{engdirs}}) -}
--
--all: Makefile build_all_but_tests
--
--# as we stick to -e, CLEARENV ensures that local variables in lower
--# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
--# shell, which [annoyingly enough] terminates unset with error if VAR
--# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
--# which terminates unset with error if no variable was present:-(
--CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
-- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
-- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
-- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
-- $${HEADER+HEADER} \
-- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
-- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
-- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
-- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
-- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
--
--# LC_ALL=C ensures that error [and other] messages are delivered in
--# same language for uniform treatment.
--BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
-- CC='$(CC)' CFLAG='$(CFLAG)' CFLAG_Q='$(CFLAG_Q)' \
-- SHARED_CFLAG='$(SHARED_CFLAG)' \
-- AS='$(CC)' ASFLAG='$(CFLAG) -c' \
-- AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
-- CROSS_COMPILE='$(CROSS_COMPILE)' \
-- PERL='$(PERL)' DYNAMIC_ENGINES='$(DYNAMIC_ENGINES)' \
-- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
-- DESTDIR='$(DESTDIR)' \
-- INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
-- LIBDIR='$(LIBDIR)' \
-- SHARED_LDFLAG='$(SHARED_LDFLAG)' \
-- SHARED_RCFLAG='$(SHARED_RCFLAG)' \
-- ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
-- EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
-- SHLIB_EXT='$(SHLIB_EXT)' DSO_EXT='$(DSO_EXT)' \
-- SHLIB_TARGET='$(SHLIB_TARGET)' \
-- LDFLAG='$(LDFLAG)' \
-- PLIB_LDFLAG='$(PLIB_LDFLAG)' EX_LIBS='$(EX_LIBS)' \
-- APPS_OBJ='$(APPS_OBJ)' UPLINK_OBJ='$(UPLINK_OBJ)' \
-- CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
-- EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
-- AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
-- BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
-- RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
-- ENGDIRS='$(ENGDIRS)' \
-- SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
-- MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
-- RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
-- BLAKE2_OBJ='$(BLAKE2_OBJ)' \
-- WP_ASM_OBJ='$(WP_ASM_OBJ)' \
-- MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
-- PADLOCK_ASM_OBJ='$(PADLOCK_ASM_OBJ)' \
-- CHACHA_ENC='$(CHACHA_ENC)' \
-- POLY1305_ASM_OBJ='$(POLY1305_ASM_OBJ)' \
-- PERLASM_SCHEME='$(PERLASM_SCHEME)' \
-- FIPSLIBDIR='${FIPSLIBDIR}' \
-- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
-- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
--# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
--# which in turn eliminates ambiguities in variable treatment with -e.
--
--# BUILD_CMD is a generic macro to build a given target in a given
--# subdirectory. The target must be given through the shell variable
--# `target' and the subdirectory to build in must be given through `dir'.
--# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
--# BUILD_ONE_CMD instead.
--#
--# RECURSIVE_BUILD_CMD is a macro to build a given target in all
--# subdirectories defined in $(DIRS). It requires that the target
--# is given through the shell variable `target'.
--#
--# BUILD_ONE_CMD is a macro to build a given target in a given
--# subdirectory if that subdirectory is part of $(DIRS). It requires
--# exactly the same shell variables as BUILD_CMD.
--BUILD_CMD= if [ -d "$$dir" ]; then \
-- ( cd $$dir && echo "making $$target in $$dir..." && \
-- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
-- ) || exit 1; \
-- fi
--RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
--BUILD_ONE_CMD=\
-- if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
-- $(BUILD_CMD); \
-- fi
--
--reflect:
-- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
--
--sub_all: build_all
--
--build_all_but_tests: build_libs build_apps build_tools
--build_all: build_all_but_tests build_tests
--
--build_libs: build_libcrypto build_libssl openssl.pc
--
--build_libcrypto: build_crypto build_engines libcrypto.pc
--build_libssl: build_ssl libssl.pc
--
--build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines: build_crypto
-- @dir=engines; target=all; AS='$(CC) -c'; export AS; $(BUILD_ONE_CMD)
--
--build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
--
--all_testapps: build_libs build_testapps
--build_testapps:
-- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
--
--libcrypto$(SHLIB_EXT): libcrypto.a
-- @if [ "$(SHLIB_TARGET)" != "" ]; then \
-- if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-- FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
-- export CC FIPSLD_CC; \
-- fi; \
-- $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared; \
-- else \
-- echo "There's no support for shared libraries on this platform" >&2; \
-- exit 1; \
-- fi
--
--libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-- @if [ "$(SHLIB_TARGET)" != "" ]; then \
-- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-- else \
-- echo "There's no support for shared libraries on this platform" >&2; \
-- exit 1; \
-- fi
--
--link-shared:
-- @ set -e; for i in $(SHLIBDIRS); do \
-- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-- symlink.$(SHLIB_TARGET); \
-- libs="$$libs -l$$i"; \
-- done
--
--build-shared: do_$(SHLIB_TARGET) link-shared
--
--do_$(SHLIB_TARGET):
-- @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-- LIBDEPS="$$libs $(EX_LIBS)" \
-- link_shlib.$(SHLIB_TARGET); \
-- libs="-l$$i $$libs"; \
-- case "$(PLATFORM)" in \
-- Cygwin*) \
-- rm -f apps/cyg$$i-$(SHLIB_MAJOR).$(SHLIB_MINOR).dll; \
-- rm -f test/cyg$$i-$(SHLIB_MAJOR).$(SHLIB_MINOR).dll; \
-- cp cyg$$i-$(SHLIB_MAJOR).$(SHLIB_MINOR).dll apps/; \
-- cp cyg$$i-$(SHLIB_MAJOR).$(SHLIB_MINOR).dll test/; \
-- ;; \
-- mingw*) \
-- arch=; \
-- if expr $(PLATFORM) : mingw64 > /dev/null; then \
-- arch=-x64; \
-- fi; \
-- rm -f apps/lib$$i-$(SHLIB_MAJOR)_$(SHLIB_MINOR)$$arch.dll; \
-- rm -f test/lib$$i-$(SHLIB_MAJOR)_$(SHLIB_MINOR)$$arch.dll; \
-- cp lib$$i-$(SHLIB_MAJOR)_$(SHLIB_MINOR)$$arch.dll apps/; \
-- cp lib$$i-$(SHLIB_MAJOR)_$(SHLIB_MINOR)$$arch.dll test/; \
-- ;; \
-- esac; \
-- done
--
--libcrypto.pc: Makefile
-- @ ( echo 'prefix=$(INSTALLTOP)'; \
-- echo 'exec_prefix=$${prefix}'; \
-- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-- echo 'includedir=$${prefix}/include'; \
-- echo ''; \
-- echo 'Name: OpenSSL-libcrypto'; \
-- echo 'Description: OpenSSL cryptography library'; \
-- echo 'Version: '$(VERSION); \
-- echo 'Requires: '; \
-- echo 'Libs: -L$${libdir} -lcrypto'; \
-- echo 'Libs.private: $(EX_LIBS)'; \
-- echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
--
--libssl.pc: Makefile
-- @ ( echo 'prefix=$(INSTALLTOP)'; \
-- echo 'exec_prefix=$${prefix}'; \
-- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-- echo 'includedir=$${prefix}/include'; \
-- echo ''; \
-- echo 'Name: OpenSSL-libssl'; \
-- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
-- echo 'Version: '$(VERSION); \
-- echo 'Requires.private: libcrypto'; \
-- echo 'Libs: -L$${libdir} -lssl'; \
-- echo 'Libs.private: $(EX_LIBS)'; \
-- echo 'Cflags: -I$${includedir}' ) > libssl.pc
--
--openssl.pc: Makefile
-- @ ( echo 'prefix=$(INSTALLTOP)'; \
-- echo 'exec_prefix=$${prefix}'; \
-- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-- echo 'includedir=$${prefix}/include'; \
-- echo ''; \
-- echo 'Name: OpenSSL'; \
-- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
-- echo 'Version: '$(VERSION); \
-- echo 'Requires: libssl libcrypto' ) > openssl.pc
--
--Makefile: Makefile.in Configure config
-- @echo "Makefile is older than Makefile.in, Configure or config."
-- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-- @false
--
--libclean:
-- rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
--
--clean: libclean
-- rm -f */*/*.o */*.o *.o core a.out fluff testlog make.log cctest cctest.c
-- rm -rf *.bak certs/.0
-- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-- rm -f $(LIBS) tags TAGS
-- rm -f openssl.pc libssl.pc libcrypto.pc
-- rm -f speed.* .pure
-- rm -f $(TARFILE)
--
--gentests:
-- @(cd test && echo "generating dummy tests (if needed)..." && \
-- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
--
--test: tests
--
--tests: build_tests
-- @(cd test && echo "testing..." && \
-- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-- @if [ -z "$(CROSS_COMPILE)" ]; then \
-- OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a; \
-- fi
--
--list-tests:
-- @(cd test && \
-- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. list-tests)
--
--report:
-- @$(PERL) util/selftest.pl
--
--tags TAGS: FORCE
-- rm -f TAGS tags
-- -ctags -R .
-- -etags `find . -name '*.[ch]' -o -name '*.pm'`
--
--FORCE:
--
--depend:
-- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
--
--update: generate errors ordinals depend
--
--generate:
-- (cd apps && PERL='${PERL}' $(MAKE) generate)
-- (cd crypto/bn && PERL='${PERL}' $(MAKE) generate)
-- (cd crypto/objects && PERL='${PERL}' $(MAKE) generate)
--
--errors:
-- $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-- $(PERL) util/mkerr.pl -recurse -write
-- (cd engines; $(MAKE) PERL=$(PERL) errors)
--
--ordinals: util/libcrypto.num util/libssl.num test_ordinals TABLE
--util/libcrypto.num::
-- $(PERL) util/mkdef.pl crypto update
--util/libssl.num::
-- $(PERL) util/mkdef.pl ssl update
--test_ordinals:
-- TOP=$(TOP) PERL=$(PERL) $(PERL) test/run_tests.pl test_ordinals
--
--TABLE: Configure Configurations/*.conf
-- (echo 'Output of `Configure TABLE'"':"; \
-- $(PERL) Configure TABLE) > TABLE
--
--# Build distribution tar-file. As the list of files returned by "find" is
--# pretty long, on several platforms a "too many arguments" error or similar
--# would occur. Therefore the list of files is temporarily stored into a file
--# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
--# tar does not support the --files-from option.
--TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-- --owner 0 --group 0 \
-- --transform 's|^|$(NAME)/|' \
-- -cvf -
--
--$(TARFILE).list:
-- git diff --quiet HEAD
-- git ls-files | sort > $(TARFILE).list
--
--tar: $(TARFILE).list
-- find . -type d -print | xargs chmod 755
-- find . -type f -print | xargs chmod a+r
-- find . -type f -perm -0100 -print | xargs chmod a+x
-- $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-- rm -f $(TARFILE).list
-- ls -l $(TARFILE).gz
--
--tar-snap: $(TARFILE).list
-- $(TAR_COMMAND) > $(TARFILE)
-- rm -f $(TARFILE).list
-- ls -l $(TARFILE)
--
--dist:
-- $(PERL) Configure dist
-- @$(MAKE) SDIRS='$(SDIRS)' clean
-- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
--
--install: all install_docs install_sw
--
--uninstall: uninstall_sw uninstall_docs
--
--install_sw:
-- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALLDIRS)
-- @set -e; for i in include/openssl/*.h; do \
-- (cp $$i $(DESTDIR)$(INSTALLTOP)/$$i; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$$i ); \
-- done;
-- @set -e; target=install; for dir in $(INSTALL_SUBS); do $(BUILD_CMD); done
-- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-- do \
-- if [ -f "$$i" ]; then \
-- ( echo installing $$i; \
-- cp $$i $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-- $(RANLIB) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
-- fi; \
-- done;
-- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-- tmp="$(SHARED_LIBS)"; \
-- for i in $${tmp:-x}; \
-- do \
-- if [ -f "$$i" -o -f "$$i.a" ]; then \
-- case "$(PLATFORM)" in \
-- Cygwin*) \
-- c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-- echo installing $$c; \
-- cp $$c $(DESTDIR)$(INSTALLTOP)/bin/$$c.new; \
-- chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$c.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$c.new $(DESTDIR)$(INSTALLTOP)/bin/$$c; \
-- echo installing $$i.a; \
-- cp $$i.a $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a.new; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a.new $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a; \
-- ;; \
-- mingw*) \
-- arch=; \
-- if expr $(PLATFORM) : mingw64 > /dev/null; then \
-- arch=-x64; \
-- fi; \
-- m=`echo $$i | sed -e 's/\.dll$$/-$(SHLIB_MAJOR)_$(SHLIB_MINOR)'"$$arch"'.dll/'`; \
-- echo installing $$m; \
-- cp $$m $(DESTDIR)$(INSTALLTOP)/bin/$$m.new; \
-- chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$m.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$m.new $(DESTDIR)$(INSTALLTOP)/bin/$$m; \
-- echo installing $$i.a; \
-- cp $$i.a $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a.new; \
-- chmod 555 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a.new $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a; \
-- ;; \
-- *) \
-- echo installing $$i; \
-- cp $$i $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-- chmod 555 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-- ;; \
-- esac; \
-- fi; \
-- done; \
-- ( here="`pwd`"; \
-- cd $(DESTDIR)$(INSTALLTOP)/$(LIBDIR); \
-- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
-- if [ "$(INSTALLTOP)" != "/usr" ]; then \
-- echo 'OpenSSL shared libraries have been installed in:'; \
-- echo ' $(INSTALLTOP)'; \
-- fi; \
-- fi
-- cp libcrypto.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-- cp libssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-- cp openssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
--
--uninstall_sw:
-- cd include/openssl && files=* && cd $(DESTDIR)$(INSTALLTOP)/include/openssl && $(RM) $$files
-- @for i in $(LIBS) ;\
-- do \
-- test -f "$$i" && \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i && \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-- done;
-- @if [ -n "$(SHARED_LIBS)" ]; then \
-- tmp="$(SHARED_LIBS)"; \
-- for i in $${tmp:-x}; \
-- do \
-- if [ -f "$$i" -o -f "$$i.a" ]; then \
-- case "$(PLATFORM)" in \
-- Cygwin*) \
-- c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$c; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$c; \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a; \
-- ;; \
-- mingw*) \
-- arch=; \
-- if expr $(PLATFORM) : mingw64 > /dev/null; then \
-- arch=-x64; \
-- fi; \
-- m=`echo $$i | sed -e 's/\.dll$$/-$(SHLIB_MAJOR)_$(SHLIB_MINOR)'"$$arch"'.dll/'`; \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$m; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$m; \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i.a; \
-- ;; \
-- *) \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-- ;; \
-- esac; \
-- fi; \
-- done; \
-- fi
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-- @target=uninstall; for dir in $(INSTALL_SUBS); do $(BUILD_CMD); done
--
--install_html_docs:
-- here="`pwd`"; \
-- filecase=; \
-- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-- filecase=-i; \
-- esac; \
-- for subdir in apps crypto ssl; do \
-- $(PERL) $(TOP)/util/mkdir-p $(DESTDIR)$(HTMLDIR)/$$subdir; \
-- for i in doc/$$subdir/*.pod; do \
-- fn=`basename $$i .pod`; \
-- echo "installing html/$$fn.$(HTMLSUFFIX)"; \
-- cat $$i \
-- | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
-- | pod2html --podroot=doc --htmlroot=.. --podpath=$$subdir:apps:crypto:ssl \
-- | sed -r 's/<!DOCTYPE.*//g' \
-- > $(DESTDIR)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-- $(PERL) util/extract-names.pl < $$i | \
-- grep -v $$filecase "^$$fn\$$" | \
-- (cd $(DESTDIR)$(HTMLDIR)/$$subdir; \
-- while read n; do \
-- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
-- done); \
-- done; \
-- done
--
--uninstall_html_docs:
-- here="`pwd`"; \
-- filecase=; \
-- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-- filecase=-i; \
-- esac; \
-- for subdir in apps crypto ssl; do \
-- for i in doc/$$subdir/*.pod; do \
-- fn=`basename $$i .pod`; \
-- $(RM) $(DESTDIR)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-- $(PERL) util/extract-names.pl < $$i | \
-- grep -v $$filecase "^$$fn\$$" | \
-- while read n; do \
-- $(RM) $(DESTDIR)$(HTMLDIR)/$$subdir/"$$n".$(HTMLSUFFIX); \
-- done; \
-- done; \
-- done
--
--install_docs:
-- @$(PERL) $(TOP)/util/mkdir-p.pl \
-- $(DESTDIR)$(MANDIR)/man1 \
-- $(DESTDIR)$(MANDIR)/man3 \
-- $(DESTDIR)$(MANDIR)/man5 \
-- $(DESTDIR)$(MANDIR)/man7
-- here="`pwd`"; \
-- filecase=; \
-- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
-- filecase=-i; \
-- esac; \
-- set -e; for i in doc/apps/*.pod; do \
-- fn=`basename $$i .pod`; \
-- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-- (cd `$(PERL) util/dirname.pl $$i`; \
-- pod2man \
-- --section=$$sec --center=OpenSSL \
-- --release=$(VERSION) `basename $$i`) \
-- > $(DESTDIR)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-- $(PERL) util/extract-names.pl < $$i | \
-- (grep -v $$filecase "^$$fn\$$"; true) | \
-- (grep -v "[ ]"; true) | \
-- (cd $(DESTDIR)$(MANDIR)/man$$sec/; \
-- while read n; do \
-- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-- done); \
-- done; \
-- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-- fn=`basename $$i .pod`; \
-- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-- (cd `$(PERL) util/dirname.pl $$i`; \
-- pod2man \
-- --section=$$sec --center=OpenSSL \
-- --release=$(VERSION) `basename $$i`) \
-- > $(DESTDIR)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-- $(PERL) util/extract-names.pl < $$i | \
-- (grep -v $$filecase "^$$fn\$$"; true) | \
-- (grep -v "[ ]"; true) | \
-- (cd $(DESTDIR)$(MANDIR)/man$$sec/; \
-- while read n; do \
-- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-- done); \
-- done
--
--uninstall_docs:
-- @here="`pwd`"; \
-- filecase=; \
-- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*) \
-- filecase=-i; \
-- esac; \
-- for i in doc/apps/*.pod; do \
-- fn=`basename $$i .pod`; \
-- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-- echo $(RM) $(DESTDIR)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-- $(RM) $(DESTDIR)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-- $(PERL) util/extract-names.pl < $$i | \
-- (grep -v $$filecase "^$$fn\$$"; true) | \
-- (grep -v "[ ]"; true) | \
-- while read n; do \
-- echo $(RM) $(DESTDIR)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-- $(RM) $(DESTDIR)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-- done; \
-- done; \
-- for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-- fn=`basename $$i .pod`; \
-- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-- echo $(RM) $(DESTDIR)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-- $(RM) $(DESTDIR)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-- $(PERL) util/extract-names.pl < $$i | \
-- (grep -v $$filecase "^$$fn\$$"; true) | \
-- (grep -v "[ ]"; true) | \
-- while read n; do \
-- echo $(RM) $(DESTDIR)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-- $(RM) $(DESTDIR)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \
-- done; \
-- done
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -14,6 +14,7 @@ CFLAGS=$(CFLAG)
- LDFLAGS=$(LDFLAG)
- SHARED_LDFLAGS=$(SHARED_LDFLAG)
-
-+RC=windres
- # SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
- # or Mingw.
- SHARED_RCFLAGS=$(SHARED_RCFLAG)
-@@ -278,9 +279,9 @@ link_app.darwin: # is there run-path on
- SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
- dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
- echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
-- "$(CROSS_COMPILE)windres $(SHARED_RCFLAGS) -o rc.o"; \
-+ "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
- $(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
-- $(CROSS_COMPILE)windres $(SHARED_RCFLAGS) -o rc.o; \
-+ $(RC) $(SHARED_RCFLAGS) -o rc.o; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \
-@@ -306,9 +307,9 @@ link_app.darwin: # is there run-path on
- | sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \
- > $(LIBNAME).def; \
- echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
-- "$(CROSS_COMPILE)windres $(SHARED_RCFLAGS) -o rc.o"; \
-+ "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
- $(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
-- $(CROSS_COMPILE)windres $(SHARED_RCFLAGS) -o rc.o; \
-+ $(RC) $(SHARED_RCFLAGS) -o rc.o; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \
-@@ -561,11 +562,11 @@ symlink.gnu symlink.solaris symlink.svr3
- symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
-
- # Compatibility targets
--link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared link_dso.haiku-shared: link_dso.gnu
-+link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu
- link_shlib.bsd-gcc-shared: link_shlib.linux-shared
--link_shlib.gnu-shared link_shlib.haiku-shared: link_shlib.gnu
--link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared link_app.haiku-shared: link_app.gnu
--symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared symlink.haiku-shared: symlink.gnu
-+link_shlib.gnu-shared: link_shlib.gnu
-+link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
-+symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
- link_dso.bsd-shared: link_dso.bsd
- link_shlib.bsd-shared: link_shlib.bsd
- link_app.bsd-shared: link_app.bsd
---- a/NEWS
-+++ b/NEWS
-@@ -5,8 +5,9 @@
- This file gives a brief overview of the major changes between each OpenSSL
- release. For more details please read the CHANGES file.
-
-- Major changes between OpenSSL 1.0.2g and OpenSSL 1.1.0 [in pre-release]
-+ Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release]
-
-+ o Copyright text was shrunk to a boilerplate that points to the license
- o "shared" builds are now the default when possible
- o Added support for "pipelining"
- o Added the AFALG engine
-@@ -46,6 +47,19 @@
- o Support for Certificate Transparency
- o HKDF support.
-
-+ Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
-+
-+ o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
-+ o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
-+ o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
-+ o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
-+ o EBCDIC overread (CVE-2016-2176)
-+ o Modify behavior of ALPN to invoke callback after SNI/servername
-+ callback, such that updates to the SSL_CTX affect ALPN.
-+ o Remove LOW from the DEFAULT cipher list. This removes singles DES from
-+ the default.
-+ o Only remove the SSLv2 methods with the no-ssl2-method option.
-+
- Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
-
- o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
-@@ -416,8 +430,8 @@
- o New STORE structure and library to provide an interface to all
- sorts of data repositories. Supports storage of public and
- private keys, certificates, CRLs, numbers and arbitrary blobs.
-- This library is unfortunately unfinished and unused withing
-- OpenSSL.
-+ This library is unfortunately unfinished and unused within
-+ OpenSSL.
- o New control functions for the error stack.
- o Changed the PKCS#7 library to support one-pass S/MIME
- processing.
-@@ -433,7 +447,7 @@
- o Major overhaul of RC4 performance on Intel P4, IA-64 and
- AMD64.
- o Changed the Configure script to have some algorithms disabled
-- by default. Those can be explicitely enabled with the new
-+ by default. Those can be explicitly enabled with the new
- argument form 'enable-xxx'.
- o Change the default digest in 'openssl' commands from MD5 to
- SHA-1.
---- /dev/null
-+++ b/NOTES.DJGPP
-@@ -0,0 +1,48 @@
-+
-+
-+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-+ -------------------------------------------
-+
-+ OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
-+ environment for 16-bit DOS, but only with long filename support.
-+ If you wish to compile on native DOS with 8+3 filenames, you will
-+ have to tweak the installation yourself, including renaming files
-+ with illegal or duplicate names.
-+
-+ You should have a full DJGPP environment installed, including the
-+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
-+ requires that PERL and the PERL module Text::Template also be
-+ installed (see NOTES.PERL).
-+
-+ All of these can be obtained from the usual DJGPP mirror sites or
-+ directly at "http://www.delorie.com/pub/djgpp". For help on which
-+ files to download, see the DJGPP "ZIP PICKER" page at
-+ "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
-+ the WATT-32 networking package installed before you try to compile
-+ OpenSSL. This can be obtained from "http://www.watt-32.net/".
-+ The Makefile assumes that the WATT-32 code is in the directory
-+ specified by the environment variable WATT_ROOT. If you have watt-32
-+ in directory "watt32" under your main DJGPP directory, specify
-+ WATT_ROOT="/dev/env/DJDIR/watt32".
-+
-+ To compile OpenSSL, start your BASH shell, then configure for DJGPP by
-+ running "./Configure" with appropriate arguments:
-+
-+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
-+
-+ And finally fire up "make". You may run out of DPMI selectors when
-+ running in a DOS box under Windows. If so, just close the BASH
-+ shell, go back to Windows, and restart BASH. Then run "make" again.
-+
-+ RUN-TIME CAVEAT LECTOR
-+ --------------
-+
-+ Quoting FAQ:
-+
-+ "Cryptographic software needs a source of unpredictable data to work
-+ correctly. Many open source operating systems provide a "randomness
-+ device" (/dev/urandom or /dev/random) that serves this purpose."
-+
-+ As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
-+ party "randomness" DOS driver. One such driver, NOISE.SYS, can be
-+ obtained from "http://www.rahul.net/dkaufman/index.html".
---- /dev/null
-+++ b/NOTES.PERL
-@@ -0,0 +1,119 @@
-+ TOC
-+ ===
-+
-+ - Notes on Perl
-+ - Notes on Perl on Windows
-+ - Notes on Perl modules we use
-+ - Notes on installing a perl module
-+
-+ Notes on Perl
-+ -------------
-+
-+ For our scripts, we rely quite a bit on Perl, and increasingly on
-+ some core Perl modules. These Perl modules are part of the Perl
-+ source, so if you build Perl on your own, you should be set.
-+
-+ However, if you install Perl as binary packages, the outcome might
-+ differ, and you may have to check that you do get the core modules
-+ installed properly. We do not claim to know them all, but experience
-+ has told us the following:
-+
-+ - on Linux distributions based on Debian, the package 'perl' will
-+ install the core Perl modules as well, so you will be fine.
-+ - on Linux distributions based on RPMs, you will need to install
-+ 'perl-core' rather than just 'perl'.
-+
-+ You MUST have at least Perl version 5.10.0 installed. This minimum
-+ requirement is due to our use of regexp backslash sequence \R among
-+ other features that didn't exist in core Perl before that version.
-+
-+ Notes on Perl on Windows
-+ ------------------------
-+
-+ There are a number of build targets that can be viewed as "Windows".
-+ Indeed, there are VC-* configs targeting VisualStudio C, as well as
-+ MinGW and Cygwin. The key recommendation is to use "matching" Perl,
-+ one that matches build environment. For example, if you will build
-+ on Cygwin be sure to use the Cygwin package manager to install Perl.
-+ For MSYS builds use the MSYS provided Perl. For VC-* builds we
-+ recommend ActiveState Perl, available from
-+ http://www.activestate.com/ActivePerl.
-+
-+ Notes on Perl on VMS
-+ --------------------
-+
-+ You will need to install Perl separately. One way to do so is to
-+ download the source from http://perl.org/, unpacking it, reading
-+ README.vms and follow the instructions. Another way is to download a
-+ .PCSI file from http://www.vmsperl.com/ and install it using the
-+ POLYCENTER install tool.
-+
-+ Notes on Perl modules we use
-+ ----------------------------
-+
-+ We make increasing use of Perl modules, and do our best to limit
-+ ourselves to core Perl modules to keep the requirements down. There
-+ are just a few exceptions:
-+
-+ Test::More We require the minimum version to be 0.96, which
-+ appeared in Perl 5.13.4, because that version was
-+ the first to have all the features we're using.
-+ This module is required for testing only! If you
-+ don't plan on running the tests, you don't need to
-+ bother with this one.
-+
-+ Text::Template This module is not part of the core Perl modules.
-+ As a matter of fact, the core Perl modules do not
-+ include any templating module to date.
-+ This module is absolutely needed, configuration
-+ depends on it.
-+
-+ To avoid unnecessary initial hurdles, we have bundled a copy of the
-+ following modules in our source. They will work as fallbacks if
-+ these modules aren't already installed on the system.
-+
-+ Text::Template
-+
-+ Notes on installing a perl module
-+ ---------------------------------
-+
-+ There are a number of ways to install a perl module. In all
-+ descriptions below, Text::Template will server as an example.
-+
-+ 1. for Linux users, the easiest is to install with the use of your
-+ favorite package manager. Usually, all you need to do is search
-+ for the module name and to install the package that comes up.
-+
-+ On Debian based Linux distributions, it would go like this:
-+
-+ $ apt-cache search Text::Template
-+ ...
-+ libtext-template-perl - perl module to process text templates
-+ $ sudo apt-get install libtext-template-perl
-+
-+ Perl modules in Debian based distributions use package names like
-+ the name of the module in question, with "lib" prepended and
-+ "-perl" appended.
-+
-+ 2. Install using CPAN. This is very easy, but usually requires root
-+ access:
-+
-+ $ cpan -i Text::Template
-+
-+ Note that this runs all the tests that the module to be installed
-+ comes with. This is usually a smooth operation, but there are
-+ platforms where a failure is indicated even though the actual tests
-+ were successful. Should that happen, you can force an
-+ installation regardless (that should be safe since you've already
-+ seen the tests succeed!):
-+
-+ $ cpan -f -i Text::Template
-+
-+ Note: on VMS, you must quote any argument that contains upper case
-+ characters, so the lines above would be:
-+
-+ $ cpan -i "Text::Template"
-+
-+ and:
-+
-+ $ cpan -f -i "Text::Template"
---- a/NOTES.WIN
-+++ b/NOTES.WIN
-@@ -2,15 +2,16 @@
- NOTES FOR THE WINDOWS PLATFORMS
- ===============================
-
-- [Notes for Windows CE can be found in INSTALL.WCE]
--
- Requirement details for native (Visual C++) builds
- --------------------------------------------------
-
-+ In addition to the requirements and instructions listed in INSTALL,
-+ this are required as well:
-+
- - You need Perl. We recommend ActiveState Perl, available from
-- http://www.activestate.com/ActivePerl.
-+ https://www.activestate.com/ActivePerl.
- You also need the perl module Text::Template, available on CPAN.
-- Please read README.PERL for more information.
-+ Please read NOTES.PERL for more information.
-
- - You need a C compiler. OpenSSL has been tested to build with these:
-
-@@ -46,6 +47,12 @@
- PREFIX: %ProgramFiles%\OpenSSL
- OPENSSLDIR: %CommonProgramFiles%\SSL
-
-+ ALSO NOTE that those directories are usually write protected, even if
-+ your account is in the Administrators group. To work around that,
-+ start the command prompt by right-clicking on it and choosing "Run as
-+ Administrator" before running 'nmake install'. The other solution
-+ is, of course, to choose a different set of directories by using
-+ --prefix and --openssldir when configuring.
-
- GNU C (Cygwin)
- --------------
-@@ -57,7 +64,7 @@
-
- To build OpenSSL using Cygwin, you need to:
-
-- * Install Cygwin (see http://cygwin.com/)
-+ * Install Cygwin (see https://cygwin.com/)
-
- * Install Cygwin Perl and ensure it is in the path. Recall that
- as least 5.10.0 is required.
-@@ -88,9 +95,9 @@
- required. Run the installers and do whatever magic they say it takes
- to start MSYS bash shell with GNU tools and matching Perl on its PATH.
- "Matching Perl" refers to chosen "shell environment", i.e. if built
-- under MSYS, then Perl compiled for MSYS is highly recommended.
-+ under MSYS, then Perl compiled for MSYS must be used.
-
-- Alternativelly, one can use MSYS2 from http://msys2.github.io/,
-+ Alternatively, one can use MSYS2 from https://msys2.github.io/,
- which includes MingW (32-bit and 64-bit).
-
- * It is also possible to cross-compile it on Linux by configuring
-@@ -105,18 +112,18 @@
- This section applies to non-Cygwin builds.
-
- If you link with static OpenSSL libraries then you're expected to
-- additionally link your application with WS2_32.LIB, ADVAPI32.LIB,
-- GDI32.LIB and USER32.LIB. Those developing non-interactive service
-- applications might feel concerned about linking with the latter two,
-- as they are justly associated with interactive desktop, which is not
-- available to service processes. The toolkit is designed to detect in
-- which context it's currently executed, GUI, console app or service,
-- and act accordingly, namely whether or not to actually make GUI calls.
-- Additionally those who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL
-- and actually keep them off service process should consider
-- implementing and exporting from .exe image in question own
-- _OPENSSL_isservice not relying on USER32.DLL.
-- E.g., on Windows Vista and later you could:
-+ additionally link your application with WS2_32.LIB, GDI32.LIB,
-+ ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
-+ non-interactive service applications might feel concerned about
-+ linking with GDI32.LIB and USER32.LIB, as they are justly associated
-+ with interactive desktop, which is not available to service
-+ processes. The toolkit is designed to detect in which context it's
-+ currently executed, GUI, console app or service, and act accordingly,
-+ namely whether or not to actually make GUI calls. Additionally those
-+ who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
-+ actually keep them off service process should consider implementing
-+ and exporting from .exe image in question own _OPENSSL_isservice not
-+ relying on USER32.DLL. E.g., on Windows Vista and later you could:
-
- __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
- { DWORD sess;
---- a/README
-+++ b/README
-@@ -1,5 +1,5 @@
-
-- OpenSSL 1.1.0-pre5 (beta) 19 Apr 2016
-+ OpenSSL 1.1.0-pre6-dev
-
- Copyright (c) 1998-2016 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
-@@ -10,11 +10,8 @@
-
- The OpenSSL Project is a collaborative effort to develop a robust,
- commercial-grade, fully featured, and Open Source toolkit implementing the
-- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
-- well as a full-strength general purpose cryptographic library. The project is
-- managed by a worldwide community of volunteers that use the Internet to
-- communicate, plan, and develop the OpenSSL toolkit and its related
-- documentation.
-+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
-+ full-strength general purpose cryptographic library.
-
- OpenSSL is descended from the SSLeay library developed by Eric A. Young
- and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
-@@ -48,15 +45,16 @@
- ------------
-
- See the appropriate file:
-- INSTALL Linux, Unix, Windows, OpenVMS
-- INSTALL.DJGPP DOS platform with DJGPP
-- INSTALL.WCE Windows CE
-+ INSTALL Linux, Unix, Windows, OpenVMS, ...
-+ NOTES.* INSTALL addendums for different platforms
-
- SUPPORT
- -------
-
- See the OpenSSL website www.openssl.org for details on how to obtain
-- commercial technical support.
-+ commercial technical support. Free community support is available through the
-+ openssl-users email list (see
-+ https://www.openssl.org/community/mailinglists.html for further details).
-
- If you have any problems with OpenSSL then please take the following steps
- first:
-@@ -69,12 +67,11 @@
- If you wish to report a bug then please include the following information in
- any bug report:
-
-- - On Unix systems:
-- Self-test report generated by 'make report'
-- - On other systems:
-- OpenSSL version: output of 'openssl version -a'
-- OS Name, Version, Hardware platform
-- Compiler Details (name, version)
-+ - OpenSSL version: output of 'openssl version -a'
-+ - Any "Configure" options that you selected during compilation of the
-+ library if applicable (see INSTALL)
-+ - OS Name, Version, Hardware platform
-+ - Compiler Details (name, version)
- - Application Details (name, version)
- - Problem Description (steps that will reproduce the problem, if known)
- - Stack Traceback (if the application dumps core)
-@@ -84,8 +81,8 @@
- rt at openssl.org
-
- In order to avoid spam, this is a moderated mailing list, and it might
-- take a day for the ticket to show up. (We also scan posts to make sure
-- that security disclosures aren't publically posted by mistake.) Mail
-+ take a couple of days for the ticket to show up. (We also scan posts to make
-+ sure that security disclosures aren't publicly posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list. Confidential mail
-@@ -94,11 +91,11 @@
-
- Please do NOT use this for general assistance or support queries.
- Just because something doesn't work the way you expect does not mean it
-- is necessarily a bug in OpenSSL.
-+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
-+ of query.
-
-- You can also make GitHub pull requests. If you do this, please also send
-- mail to rt at openssl.org with a link to the PR so that we can more easily
-- keep track of it.
-+ You can also make GitHub pull requests. See the CONTRIBUTING file for more
-+ details.
-
- HOW TO CONTRIBUTE TO OpenSSL
- ----------------------------
---- a/README.PERL
-+++ /dev/null
-@@ -1,118 +0,0 @@
-- TOC
-- ===
--
-- - Notes on Perl
-- - Notes on Perl on Windows
-- - Notes on Perl modules we use
-- - Notes on installing a perl module
--
-- Notes on Perl
-- -------------
--
-- For our scripts, we rely quite a bit on Perl, and increasingly on
-- some core Perl modules. These Perl modules are part of the Perl
-- source, so if you build Perl on your own, you should be set.
--
-- However, if you install Perl as binary packages, the outcome might
-- differ, and you may have to check that you do get the core modules
-- installed properly. We do not claim to know them all, but experience
-- has told us the following:
--
-- - on Linux distributions based on Debian, the package 'perl' will
-- install the core Perl modules as well, so you will be fine.
-- - on Linux distributions based on RPMs, you will need to install
-- 'perl-core' rather than just 'perl'.
--
-- You MUST have at least Perl version 5.10.0 installed. This minimum
-- requirement is due to our use of regexp backslash sequence \R among
-- other features that didn't exist in core Perl before that version.
--
-- Notes on Perl on Windows
-- ------------------------
--
-- If you will build on Cygwin (and possibly some other POSIX layers),
-- Perl is already part of your distribution. Simply use the Cygwin
-- package manager to make sure Perl gets installed.
--
-- Otherwise, you will need to install Perl separately. The Perl
-- package that we know of is ActiveState Perl, available from
-- http://www.activestate.com/ActivePerl.
--
-- Notes on Perl on VMS
-- --------------------
--
-- You will need to install Perl separately. One way to do so is to
-- download the source from http://perl.org/, unpacking it, reading
-- README.vms and follow instructions. Another way is to download a
-- .PCSI file from http://www.vmsperl.com/ and install it using the
-- POLYCENTER install tool.
--
-- Notes on Perl modules we use
-- ----------------------------
--
-- We make increasing use of Perl modules, and do our best to limit
-- ourselves to core Perl modules to keep the requirements down. There
-- are just a few exceptions:
--
-- Test::More We require the minimum version to be 0.96, which
-- appeared in Perl 5.13.4, because that version was
-- the first to have all the features we're using.
-- This module is required for testing only! If you
-- don't plan on running the tests, you don't need to
-- bother with this one.
--
-- Text::Template This module is not part of the core Perl modules.
-- As a matter of fact, the core Perl modules do not
-- include any templating module to date.
-- This module is absolutely needed, configuration
-- depends on it.
--
-- To avoid unnecessary initial hurdles, we have bundled a copy of the
-- following modules in our source. They will work as fallbacks if
-- these modules aren't already installed on the system.
--
-- Text::Template
--
-- Notes on installing a perl module
-- ---------------------------------
--
-- There are a number of ways to install a perl module. In all
-- descriptions below, Text::Template will server as an example.
--
-- 1. for Linux users, the easiest is to install with the use of your
-- favorite package manager. Usually, all you need to do is search
-- for the module name and to install the package that comes up.
--
-- On Debian based Linux distributions, it would go like this:
--
-- $ apt-cache search Text::Template
-- ...
-- libtext-template-perl - perl module to process text templates
-- $ sudo apt-get install libtext-template-perl
--
-- Perl modules in Debian based distributions use package names like
-- the name of the module in question, with "lib" prepended and
-- "-perl" appended.
--
-- 2. Install using CPAN. This is very easy, but usually requires root
-- access:
--
-- $ cpan -i Text::Template
--
-- Note that this runs all the tests that the module to be install
-- comes with. This is usually a smooth operation, but there are
-- platforms where a failure is indicate even though the actual tests
-- were successful. Should that happen, you can force an
-- installation regardless (that should be safe since you've already
-- seen the tests succeed!):
--
-- $ cpan -f -i Text::Template
--
-- Note: on VMS, you must quote any argument that contains upper case
-- characters, so the lines above would be:
--
-- $ cpan -i "Text::Template"
--
-- and:
--
-- $ cpan -f -i "Text::Template"
---- a/VMS/VMSify-conf.pl
-+++ b/VMS/VMSify-conf.pl
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- /dev/null
-+++ b/VMS/openssl_ivp.com.in
-@@ -0,0 +1,40 @@
-+$ ! OpenSSL Internal Verification Procedure
-+$ !
-+$ ! This script checks the consistency of a OpenSSL installation
-+$ ! It had better be spawned, as it creates process logicals
-+$
-+$ ! Generated information
-+$ INSTALLTOP := {- $config{INSTALLTOP} -}
-+$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
-+$
-+$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
-+$ ! can use to call the startup procedure
-+$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
-+ - ".][000000" - "[000000." - "][" - "]A.;" + "."
-+$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
-+ - ".][000000" - "[000000." - "][" - "]A.;" + "."
-+$
-+$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
-+$ pz := {- $config{pointer_size} -}
-+$
-+$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
-+$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
-+$
-+$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
-+ .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" -
-+ .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
-+ .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" -
-+ .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
-+ .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
-+ .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
-+$ THEN
-+$ WRITE SYS$ERROR "Installation inconsistent"
-+$ EXIT %x00018292 ! RMS$_FNF, file not found
-+$ ENDIF
-+$
-+$ ! If something else is wrong with the installation, we're likely
-+$ ! to get an image activation error here
-+$ openssl version -a
-+$
-+$ WRITE SYS$ERROR "OpenSSL IVP passed"
-+$ EXIT %x10000001
---- a/VMS/openssl_shutdown.com.in
-+++ b/VMS/openssl_shutdown.com.in
-@@ -24,36 +24,29 @@
- $ IF arch .EQS. "" THEN GOTO unknown_arch
- $ ENDIF
- $
--$ ! Generated information
--$ VERSION := {- $config{version} -}
--$ INSTALLTOP := {- $config{INSTALLTOP} -}
--$ POINTER_SIZE = {- $config{pointersize} -}
--$
- $ ! Abbrevs
- $ DEAS := DEASSIGN /NOLOG 'P1'
--$ v = VERSION - "." - "."
-+$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
-+$ pz := {- $config{pointer_size} -}
-+$
-+$ DEAS OSSL$DATAROOT
-+$ DEAS OSSL$INSTROOT
-+$ DEAS OSSL$INCLUDE
-+$ DEAS OSSL$LIB
-+$ DEAS OSSL$SHARE
-+$ DEAS OSSL$ENGINES'sv'
-+$ DEAS OSSL$EXE
-+$ DEAS OSSL$LIBCRYPTO'pz'
-+$ DEAS OSSL$LIBSSL'pz'
-+$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
-+$ DEAS OSSL$LIBSSL'sv'_SHR'pz'
-+$ DEAS OPENSSL
- $
--$ DEAS OSSL$ROOT'v'
--$ DEAS OSSL$INCLUDE'v'
--$ DEAS OSSL$LIB'v'
--$ DEAS OSSL$SHARE'v'
--$ DEAS OSSL$ENGINES'v'
--$ DEAS OSSL$EXE'v'
--$ {- output_off() if $disabled{shared} -}
--$ {- join("\n\$ ", map { "DEAS $_'v'" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
--$ {- output_on() -}
- $ IF P2 .NES. "NOALIASES"
- $ THEN
--$ DEAS OSSL$ROOT
--$ DEAS OSSL$INCLUDE
--$ DEAS OSSL$LIB
--$ DEAS OSSL$SHARE
- $ DEAS OSSL$ENGINES
--$ DEAS OSSL$EXE
--$ DEAS OPENSSL
--$ {- output_off() if $disabled{shared} -}
--$ {- join("\n\$ ", map { "DEAS $_" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
--$ {- output_on() -}
-+$ DEAS OSSL$LIBCRYPTO_SHR'pz'
-+$ DEAS OSSL$LIBSSL_SHR'pz'
- $ ENDIF
- $
- $ EXIT 'status'
---- a/VMS/openssl_startup.com.in
-+++ b/VMS/openssl_startup.com.in
-@@ -6,26 +6,33 @@
- $ !
- $ ! The logical names created are:
- $ !
--$ ! OSSL$ROOTnnn Installation root
--$ ! OSSL$EXEnnn Where the executables are located
--$ ! OSSL$LIBnnn Where the library files are located
--$ ! OSSL$SHAREnnn Where the sahreable images are located
--$ ! OSSL$INCLUDEnnn Include directory root
--$ ! OSSL$ENGINESnnn Where the sahreable images are located
-+$ ! OSSL$INSTROOT Installation root
-+$ ! OSSL$DATAROOT Data root (common directory
-+$ ! for certs etc)
-+$ ! OSSL$INCLUDE Include directory root
-+$ ! OSSL$LIB Where the static library files
-+$ ! are located
-+$ ! OSSL$SHARE Where the shareable image files
-+$ ! are located
-+$ ! OSSL$EXE Where the executables are located
-+$ ! OSSL$ENGINESnnn Where the shareable images are located
-+$ ! OSSL$LIBCRYPTO The static crypto library
-+$ ! OSSL$LIBSSL The static ssl library
-+$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image
-+$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image
-+$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
- $ !
- $ ! In all these, nnn is the OpenSSL version number. This allows
--$ ! several OpenSSL versions to be installed simultaneously.
-+$ ! several OpenSSL versions to be installed simultaneously, which
-+$ ! matters for applications that are linked to the shareable images
-+$ ! or that depend on engines.
- $ !
- $ ! In addition, unless P2 is "NOALIASES", these logical names are
- $ ! created:
- $ !
--$ ! OSSL$ROOT Alias for OSSL$ROOTnnn
--$ ! OSSL$EXE Alias for OSSL$EXEnnn
--$ ! OSSL$LIB Alias for OSSL$LIBnnn
--$ ! OSSL$SHARE Alias for OSSL$SHAREnnn
--$ ! OSSL$INCLUDE Alias for OSSL$INCLUDEnnn
--$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
--$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
-+$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
-+$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR
-+$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR
- $ !
- $ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when
- $ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
-@@ -51,19 +58,18 @@
- $ ENDIF
- $
- $ ! Generated information
--$ VERSION := {- $config{version} -}
- $ INSTALLTOP := {- $config{INSTALLTOP} -}
- $ OPENSSLDIR := {- $config{OPENSSLDIR} -}
--$ POINTER_SIZE := {- $config{pointersize} -}
- $
- $ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
- $ ! can build concealed logical names on
- $ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
-- - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
-+ - ".][000000" - "[000000." - "][" - "]A.;" + "."
- $ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
-- - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
--$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_'
--$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_'
-+ - ".][000000" - "[000000." - "][" - "]A.;" + "."
-+$
-+$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
-+$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
- $
- $ ! Check that things are in place, and specifically, the stuff
- $ ! belonging to this architecture
-@@ -82,36 +88,32 @@
- $ ! Abbrevs
- $ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
- $ DEF := DEFINE /NOLOG 'P1'
--$ v = VERSION - "." - "."
-+$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
-+$ pz := {- $config{pointer_size} -}
-+$
-+$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
-+$ DEFT OSSL$INSTROOT 'INSTALLTOP_']
-+$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.]
-+$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch']
-+$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch']
-+$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
-+$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],-
-+ OSSL$INSTROOT:[EXE]
-+$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
-+$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB
-+$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
-+$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
-+$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
- $
--$ DEFT OSSL$INSTROOT'v' 'INSTALLTOP_'
--$ DEFT OSSL$INCLUDE'v' OSSL$INSTROOT:[INCLUDE.]
--$ DEF OSSL$LIB'v' OSSL$INSTROOT:[LIB.'arch']
--$ DEF OSSL$SHARE'v' OSSL$INSTROOT:[LIB.'arch']
--$ DEF OSSL$ENGINES'v' OSSL$INSTROOT:[ENGINES.'arch']
--$ DEF OSSL$EXE'v' OSSL$INSTROOT:[EXE.'arch']
--$ {- output_off() if $disabled{shared} -}
--$ {- join("\n\$ ", map { "DEF $_'v' OSSL\$SHARE:$_" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
--$ {- output_on() -}
- $ IF P2 .NES. "NOALIASES"
- $ THEN
--$ DEF OSSL$INSTROOT OSSL$INSTROOT'v'
--$ DEF OSSL$INCLUDE OSSL$INCLUDE'v'
--$ DEF OSSL$LIB OSSL$LIB'v'
--$ DEF OSSL$SHARE OSSL$SHARE'v'
--$ DEF OSSL$ENGINES OSSL$ENGINES'v'
--$ DEF OSSL$EXE OSSL$EXE'v'
--$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
--$ {- output_off() if $disabled{shared} -}
--$ {- join("\n\$ ", map { "DEF $_ $_'v'" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) -}
--$ {- output_on() -}
-+$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz'
-+$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz'
-+$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz'
- $ ENDIF
- $
--$ DEFT OSSL$DATAROOT 'OPENSSLDIR_'
--$ DEF OSSL$CERTS OSSL$DATAROOT:[CERTS]
--$ DEF OSSL$PRIVATE OSSL$DATAROOT:[PRIVATE]
--$
- $ bailout:
- $ DEASSIGN WRK_INSTALLTOP
-+$ DEASSIGN WRK_OPENSSLDIR
- $
- $ EXIT 'status'
---- a/VMS/openssl_utils.com
-+++ /dev/null
-@@ -1,12 +0,0 @@
--$ ! OpenSSL utilities
--$ !
--$
--$ OPENSSL :== $OSSL$EXE:OPENSSL
--$
--$ IF F$SYMBOL(PERL) .EQS. "STRING"
--$ THEN
--$ OSSLCA :== 'PERL' OSSL$EXE:CA.pl
--$ OSSLREHASH :== 'PERL' OSSL$EXE:c_rehash.pl
--$ ELSE
--$ WRITE SYS$ERROR "NOTE: no perl => no OSSLCA or OSSLREHASH"
--$ ENDIF
---- /dev/null
-+++ b/VMS/openssl_utils.com.in
-@@ -0,0 +1,14 @@
-+$ ! OpenSSL utilities
-+$ !
-+$
-+$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
-+$
-+$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v'
-+$ OPENSSL :== $OSSL$EXE:OPENSSL'v'
-+$
-+$ IF F$TYPE(PERL) .EQS. "STRING"
-+$ THEN
-+$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
-+$ ELSE
-+$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
-+$ ENDIF
---- a/VMS/translatesyms.pl
-+++ b/VMS/translatesyms.pl
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # This script will translate any SYMBOL_VECTOR item that has a translation
- # in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
---- a/apps/CA.pl.in
-+++ b/apps/CA.pl.in
-@@ -1,4 +1,11 @@
--#!{- $config{perl} -}
-+#!{- $config{hashbangperl} -}
-+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # Wrapper around the ca to make it easier to use
- #
-@@ -16,7 +23,7 @@ if(defined $ENV{'OPENSSL'}) {
-
- my $verbose = 1;
-
--my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"};
-+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
- my $DAYS = "-days 365";
- my $CADAYS = "-days 1095"; # 3 years
- my $REQ = "$openssl req $OPENSSL_CONFIG";
-@@ -38,7 +45,7 @@ my $NEWREQ = "newreq.pem";
- my $NEWCERT = "newcert.pem";
- my $NEWP12 = "newcert.p12";
- my $RET = 0;
--my $WHAT = shift @ARGV;
-+my $WHAT = shift @ARGV || "";
- my $FILE;
-
- # See if reason for a CRL entry is valid; exit if not.
-@@ -89,7 +96,7 @@ sub run
-
-
- if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
-- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
- print STDERR " CA -pkcs12 [certname]\n";
- print STDERR " CA -crl|-revoke cert-filename [reason]\n";
- exit 0;
---- a/apps/Makefile.in
-+++ /dev/null
-@@ -1,159 +0,0 @@
--#
--# apps/Makefile
--#
--
--DIR= apps
--TOP= ..
--CC= cc
--INCLUDES= -I$(TOP) -I../crypto -I../include
--CFLAG= -g -static -Wswitch
--MAKEFILE= Makefile
--PERL= perl
--RM= rm -f
--
--PLIB_LDFLAG=
--EX_LIBS=
--EXE_EXT=
--
--APPS_OBJ=
--
--SHLIB_TARGET=
--
--CFLAGS= $(INCLUDES) $(CFLAG)
--
--GENERAL=Makefile makeapps.com install.com
--
--DLIBCRYPTO=../libcrypto.a
--DLIBSSL=../libssl.a
--LIBCRYPTO=-L.. -lcrypto
--LIBSSL=-L.. -lssl
--
--SCRIPTS=CA.pl tsget
--EXE= openssl$(EXE_EXT)
--CONFS=openssl.cnf ct_log_list.cnf
--
--COMMANDS= \
-- asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o \
-- dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o \
-- genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o \
-- pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o \
-- s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o \
-- srp.o ts.o verify.o version.o x509.o rehash.o
--
--EXTRA_OBJ=apps.o opt.o s_cb.o s_socket.o
--EXTRA_SRC=apps.c opt.c s_cb.c s_socket.c
--RAND_OBJ=app_rand.o
--RAND_SRC=app_rand.c
--
--OBJ = $(COMMANDS)
--
--SRC = \
-- asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \
-- dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \
-- genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \
-- pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \
-- s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
-- srp.c ts.c verify.c version.c x509.c rehash.c
--
--EXE_OBJ = openssl.o $(OBJ) $(EXTRA_OBJ) $(RAND_OBJ) $(APPS_OBJ)
--EXE_SRC = openssl.c $(SRC) $(EXTRA_SRC) $(RAND_SRC)
--
--HEADER= apps.h progs.h s_apps.h \
-- testdsa.h testrsa.h timeouts.h
--
--ALL= $(GENERAL) $(EXE_SRC) $(HEADER)
--
--top:
-- @(cd ..; $(MAKE) DIRS=$(DIR) all)
--
--all: exe scripts
--
--exe: $(EXE)
--
--scripts: $(SCRIPTS)
--
--openssl-vms.cnf: openssl.cnf
-- $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
--
--install:
-- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-- @set -e; for i in $(EXE); \
-- do \
-- echo installing $$i; \
-- cp $$i $(DESTDIR)$(INSTALLTOP)/bin/$$i.new; \
-- chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$i.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$i.new $(DESTDIR)$(INSTALLTOP)/bin/$$i; \
-- done
-- @set -e; for i in $(SCRIPTS); \
-- do \
-- echo installing $$i; \
-- cp $$i $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new; \
-- chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new; \
-- mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \
-- done
-- @set -e; for i in $(CONFS); \
-- do \
-- echo installing $$i; \
-- cp $$i $(DESTDIR)$(OPENSSLDIR)/$$i.new; \
-- chmod 644 $(DESTDIR)$(OPENSSLDIR)/$$i.new; \
-- mv -f $(DESTDIR)$(OPENSSLDIR)/$$i.new $(DESTDIR)$(OPENSSLDIR)/$$i; \
-- done
--
--uninstall:
-- @set -e; for i in $(EXE); \
-- do \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$i; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$i; \
-- done
-- @set -e; for i in $(SCRIPTS); \
-- do \
-- echo $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \
-- $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \
-- done
-- @set -e; for i in $(CONFS); \
-- do \
-- echo $(RM) $(DESTDIR)$(OPENSSLDIR)/$$i; \
-- $(RM) $(DESTDIR)$(OPENSSLDIR)/$$i; \
-- done
--
--generate: openssl-vms.cnf progs.h
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(EXE_SRC)
--
--clean:
-- rm -f *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-- rm -f req
--
--$(DLIBSSL):
-- (cd ..; $(MAKE) build_libssl)
--
--$(DLIBCRYPTO):
-- (cd ..; $(MAKE) build_libcrypto)
--
--$(EXE): $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
-- $(RM) $(EXE)
-- shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-- shlib_target="$(SHLIB_TARGET)"; \
-- fi; \
-- LIBRARIES="$(LIBSSL) $(LIBCRYPTO)" ; \
-- $(MAKE) -f $(TOP)/Makefile.shared -e \
-- APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \
-- LDFLAG="$(LDFLAG)" \
-- LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \
-- link_app.$${shlib_target}
--
--progs.h: progs.pl Makefile.in
-- $(RM) progs.h
-- $(PERL) progs.pl $(EXE_SRC) > progs.h
--
--CA.pl: CA.pl.in
-- $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile CA.pl.in > CA.pl.new
-- mv CA.pl.new CA.pl
--
--tsget: tsget.in
-- $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -oapps/Makefile tsget.in > tsget.new
-- mv tsget.new tsget
--
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/apps/app_rand.c
-+++ b/apps/app_rand.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "apps.h"
-@@ -120,10 +19,6 @@ int app_RAND_load_file(const char *file,
- int consider_randfile = (file == NULL);
- char buffer[200];
-
--#ifdef OPENSSL_SYS_WINDOWS
-- RAND_screen();
--#endif
--
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- #ifndef OPENSSL_NO_EGD
---- a/apps/apps.c
-+++ b/apps/apps.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-@@ -115,6 +14,7 @@
- */
- # define _POSIX_C_SOURCE 2
- #endif
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -142,7 +42,7 @@
- #endif
- #include <openssl/bn.h>
- #include <openssl/ssl.h>
--
-+#include "s_apps.h"
- #include "apps.h"
-
- #ifdef _WIN32
-@@ -156,7 +56,9 @@ typedef struct {
- unsigned long mask;
- } NAME_EX_TBL;
-
-+#if !defined(OPENSSL_NO_UI) || !defined(OPENSSL_NO_ENGINE)
- static UI_METHOD *ui_method = NULL;
-+#endif
-
- static int set_table_opts(unsigned long *flags, const char *arg,
- const NAME_EX_TBL * in_tbl);
-@@ -174,8 +76,6 @@ int chopup_args(ARGS *arg, char *buf)
- if (arg->size == 0) {
- arg->size = 20;
- arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
-- if (arg->argv == NULL)
-- return 0;
- }
-
- for (p = buf;;) {
-@@ -187,11 +87,12 @@ int chopup_args(ARGS *arg, char *buf)
-
- /* The start of something good :-) */
- if (arg->argc >= arg->size) {
-+ char **tmp;
- arg->size += 20;
-- arg->argv = OPENSSL_realloc(arg->argv,
-- sizeof(*arg->argv) * arg->size);
-- if (arg->argv == NULL)
-+ tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
-+ if (tmp == NULL)
- return 0;
-+ arg->argv = tmp;
- }
- quoted = *p == '\'' || *p == '"';
- if (quoted)
-@@ -568,9 +469,9 @@ int app_load_modules(const CONF *config)
- CONF *to_free = NULL;
-
- if (config == NULL)
-- config = to_free = app_load_config_quiet(default_config_file);
-+ config = to_free = app_load_config_quiet(default_config_file);
- if (config == NULL)
-- return 1;
-+ return 1;
-
- if (CONF_modules_load(config, NULL, 0) <= 0) {
- BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
-@@ -1025,7 +926,7 @@ void* app_malloc(int sz, const char *wha
- }
-
- /*
-- * Initialize or extend, if *certs != NULL, a certificate stack.
-+ * Initialize or extend, if *certs != NULL, a certificate stack.
- */
- int load_certs(const char *file, STACK_OF(X509) **certs, int format,
- const char *pass, const char *desc)
-@@ -1034,7 +935,7 @@ int load_certs(const char *file, STACK_O
- }
-
- /*
-- * Initialize or extend, if *crls != NULL, a certificate stack.
-+ * Initialize or extend, if *crls != NULL, a certificate stack.
- */
- int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
- const char *pass, const char *desc)
-@@ -1085,6 +986,7 @@ int set_name_ex(unsigned long *flags, co
- {
- static const NAME_EX_TBL ex_tbl[] = {
- {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
-+ {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
- {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
- {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
- {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
-@@ -1246,7 +1148,7 @@ void print_name(BIO *out, const char *ti
- }
- }
-
--void print_bignum_var(BIO *out, BIGNUM *in, const char *var,
-+void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
- int len, unsigned char *buffer)
- {
- BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
-@@ -1291,7 +1193,7 @@ X509_STORE *setup_verify(char *CAfile, c
- if (store == NULL)
- goto end;
-
-- if(CAfile != NULL || !noCAfile) {
-+ if (CAfile != NULL || !noCAfile) {
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
- if (lookup == NULL)
- goto end;
-@@ -1304,7 +1206,7 @@ X509_STORE *setup_verify(char *CAfile, c
- X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
- }
-
-- if(CApath != NULL || !noCApath) {
-+ if (CApath != NULL || !noCApath) {
- lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
- if (lookup == NULL)
- goto end;
-@@ -1382,7 +1284,7 @@ static unsigned long index_serial_hash(c
- n = a[DB_serial];
- while (*n == '0')
- n++;
-- return (lh_strhash(n));
-+ return OPENSSL_LH_strhash(n);
- }
-
- static int index_serial_cmp(const OPENSSL_CSTRING *a,
-@@ -1402,7 +1304,7 @@ static int index_name_qual(char **a)
-
- static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
- {
-- return (lh_strhash(a[DB_name]));
-+ return OPENSSL_LH_strhash(a[DB_name]);
- }
-
- int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
-@@ -1513,7 +1415,7 @@ int save_serial(char *serialfile, char *
-
- int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
- {
-- char buf[5][BSIZE];
-+ char buf[2][BSIZE];
- int i, j;
-
- i = strlen(serialfile) + strlen(old_suffix);
-@@ -1882,6 +1784,7 @@ int bio_to_mem(unsigned char **out, int
- BIO *mem;
- int len, ret;
- unsigned char tbuf[1024];
-+
- mem = BIO_new(BIO_s_mem());
- if (mem == NULL)
- return -1;
-@@ -1964,9 +1867,9 @@ void policies_print(X509_STORE_CTX *ctx)
- * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
- * outlen: (output) set to the length of the resulting buffer on success.
- * err: (maybe NULL) on failure, an error message line is written to this BIO.
-- * in: a NUL termianted string like "abc,def,ghi"
-+ * in: a NUL terminated string like "abc,def,ghi"
- *
-- * returns: a malloced buffer or NULL on failure.
-+ * returns: a malloc'd buffer or NULL on failure.
- */
- unsigned char *next_protos_parse(size_t *outlen, const char *in)
- {
-@@ -2081,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(
- crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
- crl = load_crl_crldp(crldp);
- sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
-- if (!crl)
-+ if (!crl) {
-+ sk_X509_CRL_free(crls);
- return NULL;
-+ }
- sk_X509_CRL_push(crls, crl);
- /* Try to download delta CRL */
- crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
-@@ -2621,6 +2526,8 @@ BIO *bio_open_default_quiet(const char *
-
- void wait_for_async(SSL *s)
- {
-+ /* On Windows select only works for sockets, so we simply don't wait */
-+#ifndef OPENSSL_SYS_WINDOWS
- int width = 0;
- fd_set asyncfds;
- OSSL_ASYNC_FD *fds;
-@@ -2630,7 +2537,7 @@ void wait_for_async(SSL *s)
- return;
- if (numfds == 0)
- return;
-- fds = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD) * numfds);
-+ fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
- if (!SSL_get_all_async_fds(s, fds, &numfds)) {
- OPENSSL_free(fds);
- }
-@@ -2644,4 +2551,33 @@ void wait_for_async(SSL *s)
- fds++;
- }
- select(width, (void *)&asyncfds, NULL, NULL, NULL);
-+#endif
- }
-+
-+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
-+#if defined(OPENSSL_SYS_MSDOS)
-+int has_stdin_waiting(void)
-+{
-+# if defined(OPENSSL_SYS_WINDOWS)
-+ HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
-+ DWORD events = 0;
-+ INPUT_RECORD inputrec;
-+ DWORD insize = 1;
-+ BOOL peeked;
-+
-+ if (inhand == INVALID_HANDLE_VALUE) {
-+ return 0;
-+ }
-+
-+ peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
-+ if (!peeked) {
-+ /* Probably redirected input? _kbhit() does not work in this case */
-+ if (!feof(stdin)) {
-+ return 1;
-+ }
-+ return 0;
-+ }
-+# endif
-+ return _kbhit();
-+}
-+#endif
---- a/apps/apps.h
-+++ b/apps/apps.h
-@@ -1,117 +1,19 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_APPS_H
- # define HEADER_APPS_H
-
- # include "e_os.h"
-+# if defined(__unix) || defined(__unix__)
-+# include <sys/time.h> /* struct timeval for DTLS */
-+# endif
- # include <assert.h>
-
- # include <openssl/e_os2.h>
-@@ -165,6 +67,9 @@ CONF *app_load_config_quiet(const char *
- int app_load_modules(const CONF *config);
- void unbuffer(FILE *fp);
- void wait_for_async(SSL *s);
-+# if defined(OPENSSL_SYS_MSDOS)
-+int has_stdin_waiting(void);
-+# endif
-
- /*
- * Common verification options.
-@@ -180,7 +85,7 @@ void wait_for_async(SSL *s);
- OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
- OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
- OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
-- OPT_V_VERIFY_AUTH_LEVEL, \
-+ OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
- OPT_V__LAST
-
- # define OPT_V_OPTIONS \
-@@ -208,9 +113,9 @@ void wait_for_async(SSL *s);
- { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
- "set policy variable require-explicit-policy"}, \
- { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
-- "set policy variable inihibit-any-policy"}, \
-+ "set policy variable inhibit-any-policy"}, \
- { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
-- "set policy variable inihibit-policy-mapping"}, \
-+ "set policy variable inhibit-policy-mapping"}, \
- { "x509_strict", OPT_V_X509_STRICT, '-', \
- "disable certificate compatibility work-arounds"}, \
- { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
-@@ -230,7 +135,8 @@ void wait_for_async(SSL *s);
- { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
- "accept chains anchored by intermediate trust-store CAs"}, \
- { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
-- { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }
-+ { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
-+ { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
-
- # define OPT_V_CASES \
- OPT_V__FIRST: case OPT_V__LAST: break; \
-@@ -262,7 +168,8 @@ void wait_for_async(SSL *s);
- case OPT_V_SUITEB_192: \
- case OPT_V_PARTIAL_CHAIN: \
- case OPT_V_NO_ALT_CHAINS: \
-- case OPT_V_NO_CHECK_TIME
-+ case OPT_V_NO_CHECK_TIME: \
-+ case OPT_V_ALLOW_PROXY_CERTS
-
- /*
- * Common "extended"? options.
-@@ -282,7 +189,7 @@ void wait_for_async(SSL *s);
- { "xcertform", OPT_X_CERTFORM, 'F', \
- "format of Extended certificate (PEM or DER) PEM default " }, \
- { "xkeyform", OPT_X_KEYFORM, 'F', \
-- "format of Exnteded certificate's key (PEM or DER) PEM default"}
-+ "format of Extended certificate's key (PEM or DER) PEM default"}
-
- # define OPT_X_CASES \
- OPT_X__FIRST: case OPT_X__LAST: break; \
-@@ -367,6 +274,10 @@ void wait_for_async(SSL *s);
- case OPT_S_DHPARAM: \
- case OPT_S_DEBUGBROKE
-
-+#define IS_NO_PROT_FLAG(o) \
-+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
-+ || o == OPT_S_NOTLS1_2)
-+
- /*
- * Option parsing.
- */
-@@ -407,6 +318,7 @@ typedef struct string_int_pair_st {
- # define OPT_FMT_HTTP (1L << 9)
- # define OPT_FMT_PVK (1L << 10)
- # define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
-+# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
- # define OPT_FMT_ANY ( \
- OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
-@@ -455,6 +367,11 @@ typedef struct args_st {
- * can be re-used.
- */
- char **copy_argv(int *argc, char *argv[]);
-+/*
-+ * Win32-specific argv initialization that splits OS-supplied UNICODE
-+ * command line string to array of UTF8-encoded strings.
-+ */
-+void win32_utf8argv(int *argc, char **argv[]);
-
-
- # define PW_MIN_LENGTH 4
-@@ -474,7 +391,8 @@ int dump_cert_text(BIO *out, X509 *x);
- void print_name(BIO *out, const char *title, X509_NAME *nm,
- unsigned long lflags);
- # endif
--void print_bignum_var(BIO *, BIGNUM *, const char*, int, unsigned char *);
-+void print_bignum_var(BIO *, const BIGNUM *, const char*,
-+ int, unsigned char *);
- void print_array(BIO *, const char *, int, const unsigned char *);
- int set_cert_ex(unsigned long *flags, const char *arg);
- int set_name_ex(unsigned long *flags, const char *arg);
---- a/apps/asn1pars.c
-+++ b/apps/asn1pars.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -82,7 +34,7 @@ OPTIONS asn1parse_options[] = {
- {"in", OPT_IN, '<', "input file"},
- {"out", OPT_OUT, '>', "output file (output format is always DER)"},
- {"i", OPT_INDENT, 0, "indents the output"},
-- {"noout", OPT_NOOUT, 0, "don't produce any output"},
-+ {"noout", OPT_NOOUT, 0, "do not produce any output"},
- {"offset", OPT_OFFSET, 'p', "offset into file"},
- {"length", OPT_LENGTH, 'p', "length of section in file"},
- {"oid", OPT_OID, '<', "file of extra oid definitions"},
-@@ -109,7 +61,8 @@ int asn1parse_main(int argc, char **argv
- BUF_MEM *buf = NULL;
- STACK_OF(OPENSSL_STRING) *osk = NULL;
- char *genstr = NULL, *genconf = NULL;
-- char *infile = NULL, *str = NULL, *oidfile = NULL, *derfile = NULL;
-+ char *infile = NULL, *oidfile = NULL, *derfile = NULL;
-+ unsigned char *str = NULL;
- char *name = NULL, *header = NULL, *prog;
- const unsigned char *ctmpbuf;
- int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
-@@ -202,7 +155,7 @@ int asn1parse_main(int argc, char **argv
- goto end;
-
- if (strictpem) {
-- if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) !=
-+ if (PEM_read_bio(in, &name, &header, &str, &num) !=
- 1) {
- BIO_printf(bio_err, "Error reading PEM file\n");
- ERR_print_errors(bio_err);
-@@ -246,14 +199,14 @@ int asn1parse_main(int argc, char **argv
- num += i;
- }
- }
-- str = buf->data;
-+ str = (unsigned char *)buf->data;
-
- }
-
- /* If any structs to parse go through in sequence */
-
- if (sk_OPENSSL_STRING_num(osk)) {
-- tmpbuf = (unsigned char *)str;
-+ tmpbuf = str;
- tmplen = num;
- for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
- ASN1_TYPE *atmp;
-@@ -287,7 +240,7 @@ int asn1parse_main(int argc, char **argv
- tmpbuf = at->value.asn1_string->data;
- tmplen = at->value.asn1_string->length;
- }
-- str = (char *)tmpbuf;
-+ str = tmpbuf;
- num = tmplen;
- }
-
-@@ -308,7 +261,7 @@ int asn1parse_main(int argc, char **argv
- }
- }
- if (!noout &&
-- !ASN1_parse_dump(bio_out, (unsigned char *)&(str[offset]), length,
-+ !ASN1_parse_dump(bio_out, &(str[offset]), length,
- indent, dump)) {
- ERR_print_errors(bio_err);
- goto end;
---- a/apps/build.info
-+++ b/apps/build.info
-@@ -1,4 +1,5 @@
--{- use File::Spec::Functions qw/catdir rel2abs/; -}
-+{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
-+ "" -}
- IF[{- !$disabled{apps} -}]
- PROGRAMS=openssl
- SOURCE[openssl]=\
-@@ -12,10 +13,10 @@ IF[{- !$disabled{apps} -}]
- apps.c opt.c s_cb.c s_socket.c \
- app_rand.c \
- {- $target{apps_aux_src} -}
-- INCLUDE[openssl]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[openssl]=.. ../include
- DEPEND[openssl]=../libssl
-
-- SCRIPTS=CA.pl tsget
-+ SCRIPTS=CA.pl {- $tsget_name -}
- SOURCE[CA.pl]=CA.pl.in
-- SOURCE[tsget]=tsget.in
-+ SOURCE[{- $tsget_name -}]=tsget.in
- ENDIF
---- a/apps/ca.c
-+++ b/apps/ca.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* The PPKI stuff has been donated by Jeff Barber <jeffb at issl.atl.hp.com> */
-@@ -137,7 +89,7 @@
- #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
- #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
-
--static void lookup_fail(const char *name, const char *tag);
-+static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
- static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-@@ -181,9 +133,7 @@ char *make_revocation_str(int rev_type,
- int make_revoked(X509_REVOKED *rev, const char *str);
- static int old_entry_print(ASN1_OBJECT *obj, ASN1_STRING *str);
-
--static CONF *conf = NULL;
- static CONF *extconf = NULL;
--static char *section = NULL;
- static int preserve = 0;
- static int msie_hack = 0;
-
-@@ -220,7 +170,7 @@ OPTIONS ca_options[] = {
- {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
- {"keyfile", OPT_KEYFILE, 's', "Private key"},
- {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
-- {"passin", OPT_PASSIN, 's'},
-+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
- {"cert", OPT_CERT, '<', "The CA cert"},
- {"selfsign", OPT_SELFSIGN, '-',
-@@ -228,17 +178,17 @@ OPTIONS ca_options[] = {
- {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
- {"out", OPT_OUT, '>', "Where to put the output file(s)"},
- {"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
-- {"sigopt", OPT_SIGOPT, 's'},
-- {"notext", OPT_NOTEXT, '-'},
-+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
-+ {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
- {"batch", OPT_BATCH, '-', "Don't ask questions"},
- {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
- {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
- {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
- {"msie_hack", OPT_MSIE_HACK, '-',
- "msie modifications to handle all those universal strings"},
-- {"crldays", OPT_CRLDAYS, 'p', "Days is when the next CRL is due"},
-- {"crlhours", OPT_CRLHOURS, 'p', "Hours is when the next CRL is due"},
-- {"crlsec", OPT_CRLSEC, 'p'},
-+ {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
-+ {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
-+ {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
- {"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
- {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
- {"spkac", OPT_SPKAC, '<',
-@@ -268,6 +218,7 @@ OPTIONS ca_options[] = {
-
- int ca_main(int argc, char **argv)
- {
-+ CONF *conf = NULL;
- ENGINE *e = NULL;
- BIGNUM *crlnumber = NULL, *serial = NULL;
- EVP_PKEY *pkey = NULL;
-@@ -281,15 +232,15 @@ int ca_main(int argc, char **argv)
- STACK_OF(X509) *cert_sk = NULL;
- X509_CRL *crl = NULL;
- const EVP_MD *dgst = NULL;
-- char *configfile = default_config_file;
-+ char *configfile = default_config_file, *section = NULL;
- char *md = NULL, *policy = NULL, *keyfile = NULL;
- char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
- char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
- char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
- char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
- char *serialfile = NULL, *startdate = NULL, *subj = NULL;
-- char *prog, *enddate = NULL, *tmp_email_dn = NULL;
-- char *dbfile = NULL, *f, *randfile = NULL, *tofree = NULL;
-+ char *prog, *enddate = NULL;
-+ char *dbfile = NULL, *f, *randfile = NULL;
- char buf[3][BSIZE];
- char *const *pp;
- const char *p;
-@@ -304,46 +255,41 @@ int ca_main(int argc, char **argv)
- X509_REVOKED *r = NULL;
- OPTION_CHOICE o;
-
-- conf = NULL;
-- section = NULL;
-- preserve = 0;
-- msie_hack = 0;
--
- prog = opt_init(argc, argv, ca_options);
- while ((o = opt_next()) != OPT_EOF) {
- switch (o) {
-- case OPT_EOF:
-- case OPT_ERR:
-+ case OPT_EOF:
-+ case OPT_ERR:
- opthelp:
-- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-- goto end;
-- case OPT_HELP:
-- opt_help(ca_options);
-- ret = 0;
-- goto end;
-- case OPT_IN:
-- req = 1;
-- infile = opt_arg();
-- break;
-- case OPT_OUT:
-- outfile = opt_arg();
-- break;
-- case OPT_VERBOSE:
-- verbose = 1;
-- break;
-- case OPT_CONFIG:
-- configfile = opt_arg();
-- break;
-- case OPT_NAME:
-- section = opt_arg();
-- break;
-- case OPT_SUBJ:
-- subj = opt_arg();
-- /* preserve=1; */
-- break;
-- case OPT_UTF8:
-- chtype = MBSTRING_UTF8;
-- break;
-+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
-+ goto end;
-+ case OPT_HELP:
-+ opt_help(ca_options);
-+ ret = 0;
-+ goto end;
-+ case OPT_IN:
-+ req = 1;
-+ infile = opt_arg();
-+ break;
-+ case OPT_OUT:
-+ outfile = opt_arg();
-+ break;
-+ case OPT_VERBOSE:
-+ verbose = 1;
-+ break;
-+ case OPT_CONFIG:
-+ configfile = opt_arg();
-+ break;
-+ case OPT_NAME:
-+ section = opt_arg();
-+ break;
-+ case OPT_SUBJ:
-+ subj = opt_arg();
-+ /* preserve=1; */
-+ break;
-+ case OPT_UTF8:
-+ chtype = MBSTRING_UTF8;
-+ break;
- case OPT_CREATE_SERIAL:
- create_ser = 1;
- break;
-@@ -481,22 +427,16 @@ int ca_main(int argc, char **argv)
- argv = opt_rest();
-
- BIO_printf(bio_err, "Using configuration from %s\n", configfile);
-- /* We already loaded the default config file */
-- if (configfile != default_config_file) {
-- if ((conf = app_load_config(configfile)) == NULL)
-- goto end;
-- if (!app_load_modules(conf))
-- goto end;
-- }
-+
-+ if ((conf = app_load_config(configfile)) == NULL)
-+ goto end;
-+ if (configfile != default_config_file && !app_load_modules(conf))
-+ goto end;
-
- /* Lets get the config section we are using */
-- if (section == NULL) {
-- section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
-- if (section == NULL) {
-- lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
-- goto end;
-- }
-- }
-+ if (section == NULL
-+ && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
-+ goto end;
-
- if (conf != NULL) {
- p = NCONF_get_string(conf, NULL, "oid_file");
-@@ -552,13 +492,13 @@ int ca_main(int argc, char **argv)
- } else
- ERR_clear_error();
-
-- /*****************************************************************/
-+ /*****************************************************************/
- /* report status of cert with serial number given on command line */
- if (ser_status) {
-- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
-- lookup_fail(section, ENV_DATABASE);
-+ dbfile = lookup_conf(conf, section, ENV_DATABASE);
-+ if (dbfile == NULL)
- goto end;
-- }
-+
- db = load_index(dbfile, &db_attr);
- if (db == NULL)
- goto end;
-@@ -571,16 +511,13 @@ int ca_main(int argc, char **argv)
- goto end;
- }
-
-- /*****************************************************************/
-+ /*****************************************************************/
- /* we definitely need a private key, so let's get it */
-
-- if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
-- section,
-- ENV_PRIVATE_KEY)) ==
-- NULL)) {
-- lookup_fail(section, ENV_PRIVATE_KEY);
-+ if (keyfile == NULL
-+ && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
- goto end;
-- }
-+
- if (!key) {
- free_key = 1;
- if (!app_passwd(passinarg, NULL, &key, NULL)) {
-@@ -596,16 +533,13 @@ int ca_main(int argc, char **argv)
- goto end;
- }
-
-- /*****************************************************************/
-+ /*****************************************************************/
- /* we need a certificate */
- if (!selfsign || spkac_file || ss_cert_file || gencrl) {
-- if ((certfile == NULL)
-- && ((certfile = NCONF_get_string(conf,
-- section,
-- ENV_CERTIFICATE)) == NULL)) {
-- lookup_fail(section, ENV_CERTIFICATE);
-+ if (certfile == NULL
-+ && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
- goto end;
-- }
-+
- x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
- if (x509 == NULL)
- goto end;
-@@ -664,12 +598,12 @@ int ca_main(int argc, char **argv)
- } else
- ERR_clear_error();
-
-- /*****************************************************************/
-+ /*****************************************************************/
- /* lookup where to write new certificates */
- if ((outdir == NULL) && (req)) {
-
-- if ((outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR))
-- == NULL) {
-+ outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
-+ if (outdir == NULL) {
- BIO_printf(bio_err,
- "there needs to be defined a directory for new certificate to be placed in\n");
- goto end;
-@@ -690,12 +624,12 @@ int ca_main(int argc, char **argv)
- #endif
- }
-
-- /*****************************************************************/
-+ /*****************************************************************/
- /* we need to load the database file */
-- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
-- lookup_fail(section, ENV_DATABASE);
-+ dbfile = lookup_conf(conf, section, ENV_DATABASE);
-+ if (dbfile == NULL)
- goto end;
-- }
-+
- db = load_index(dbfile, &db_attr);
- if (db == NULL)
- goto end;
-@@ -748,7 +682,7 @@ int ca_main(int argc, char **argv)
- if (!index_index(db))
- goto end;
-
-- /*****************************************************************/
-+ /*****************************************************************/
- /* Update the db file for expired certificates */
- if (doupdatedb) {
- if (verbose)
-@@ -787,10 +721,11 @@ int ca_main(int argc, char **argv)
- extfile);
-
- /* We can have sections in the ext file */
-- if (!extensions
-- && !(extensions =
-- NCONF_get_string(extconf, "default", "extensions")))
-- extensions = "default";
-+ if (extensions == NULL) {
-+ extensions = NCONF_get_string(extconf, "default", "extensions");
-+ if (extensions == NULL)
-+ extensions = "default";
-+ }
- }
-
- /*****************************************************************/
-@@ -801,12 +736,9 @@ int ca_main(int argc, char **argv)
- goto end;
- }
-
-- if ((md == NULL) && ((md = NCONF_get_string(conf,
-- section,
-- ENV_DEFAULT_MD)) == NULL)) {
-- lookup_fail(section, ENV_DEFAULT_MD);
-+ if (md == NULL
-+ && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
- goto end;
-- }
-
- if (strcmp(md, "default") == 0) {
- int def_nid;
-@@ -822,31 +754,26 @@ int ca_main(int argc, char **argv)
- }
-
- if (req) {
-- if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
-- section,
-- ENV_DEFAULT_EMAIL_DN))
-- != NULL)) {
-- if (strcmp(tmp_email_dn, "no") == 0)
-+ if (email_dn == 1) {
-+ char *tmp_email_dn = NULL;
-+
-+ tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
-+ if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
- email_dn = 0;
- }
- if (verbose)
- BIO_printf(bio_err, "message digest is %s\n",
- OBJ_nid2ln(EVP_MD_type(dgst)));
-- if ((policy == NULL) && ((policy = NCONF_get_string(conf,
-- section,
-- ENV_POLICY)) ==
-- NULL)) {
-- lookup_fail(section, ENV_POLICY);
-+ if (policy == NULL
-+ && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
- goto end;
-- }
-+
- if (verbose)
- BIO_printf(bio_err, "policy is %s\n", policy);
-
-- if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
-- == NULL) {
-- lookup_fail(section, ENV_SERIAL);
-+ serialfile = lookup_conf(conf, section, ENV_SERIAL);
-+ if (serialfile == NULL)
- goto end;
-- }
-
- if (!extconf) {
- /*
-@@ -1116,7 +1043,7 @@ int ca_main(int argc, char **argv)
- }
- }
-
-- /*****************************************************************/
-+ /*****************************************************************/
- if (gencrl) {
- int crl_v2 = 0;
- if (!crl_ext) {
-@@ -1257,7 +1184,7 @@ int ca_main(int argc, char **argv)
- goto end;
-
- }
-- /*****************************************************************/
-+ /*****************************************************************/
- if (dorevoke) {
- if (infile == NULL) {
- BIO_printf(bio_err, "no input files\n");
-@@ -1283,10 +1210,9 @@ int ca_main(int argc, char **argv)
- BIO_printf(bio_err, "Data Base Updated\n");
- }
- }
-- /*****************************************************************/
-+ /*****************************************************************/
- ret = 0;
- end:
-- OPENSSL_free(tofree);
- BIO_free_all(Cout);
- BIO_free_all(Sout);
- BIO_free_all(out);
-@@ -1310,9 +1236,12 @@ int ca_main(int argc, char **argv)
- return (ret);
- }
-
--static void lookup_fail(const char *name, const char *tag)
-+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
- {
-- BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
-+ char *entry = NCONF_get_string(conf, section, tag);
-+ if (entry == NULL)
-+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
-+ return entry;
- }
-
- static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-@@ -1445,7 +1374,7 @@ static int do_body(X509 **xret, EVP_PKEY
- {
- X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
- NULL;
-- ASN1_UTCTIME *tm, *tmptm;
-+ ASN1_UTCTIME *tm;
- ASN1_STRING *str, *str2;
- ASN1_OBJECT *obj;
- X509 *ret = NULL;
-@@ -1460,12 +1389,6 @@ static int do_body(X509 **xret, EVP_PKEY
- OPENSSL_STRING *rrow = NULL;
- char buf[25];
-
-- tmptm = ASN1_UTCTIME_new();
-- if (tmptm == NULL) {
-- BIO_printf(bio_err, "malloc error\n");
-- return (0);
-- }
--
- for (i = 0; i < DB_NUMBER; i++)
- row[i] = NULL;
-
-@@ -1601,7 +1524,8 @@ static int do_body(X509 **xret, EVP_PKEY
- j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
- if ((j < 0) && (last2 == -1)) {
- BIO_printf(bio_err,
-- "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",
-+ "The %s field does not exist in the CA certificate,\n"
-+ "the 'policy' is misconfigured\n",
- cv->name);
- goto end;
- }
-@@ -1615,7 +1539,8 @@ static int do_body(X509 **xret, EVP_PKEY
- }
- if (j < 0) {
- BIO_printf(bio_err,
-- "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
-+ "The %s field is different between\n"
-+ "CA certificate (%s) and the request (%s)\n",
- cv->name,
- ((str2 == NULL) ? "NULL" : (char *)str2->data),
- ((str == NULL) ? "NULL" : (char *)str->data));
-@@ -1934,7 +1859,6 @@ static int do_body(X509 **xret, EVP_PKEY
- X509_NAME_free(subject);
- if (dn_subject != subject)
- X509_NAME_free(dn_subject);
-- ASN1_UTCTIME_free(tmptm);
- if (ok <= 0)
- X509_free(ret);
- else
-@@ -2194,27 +2118,28 @@ static int get_certificate_status(const
- {
- char *row[DB_NUMBER], **rrow;
- int ok = -1, i;
-+ size_t serial_len = strlen(serial);
-
- /* Free Resources */
- for (i = 0; i < DB_NUMBER; i++)
- row[i] = NULL;
-
- /* Malloc needed char spaces */
-- row[DB_serial] = app_malloc(strlen(serial) + 2, "row serial#");
-+ row[DB_serial] = app_malloc(serial_len + 2, "row serial#");
-
-- if (strlen(serial) % 2) {
-+ if (serial_len % 2) {
- /*
- * Set the first char to 0
- */ ;
- row[DB_serial][0] = '0';
-
- /* Copy String from serial to row[DB_serial] */
-- memcpy(row[DB_serial] + 1, serial, strlen(serial));
-- row[DB_serial][strlen(serial) + 1] = '\0';
-+ memcpy(row[DB_serial] + 1, serial, serial_len);
-+ row[DB_serial][serial_len + 1] = '\0';
- } else {
- /* Copy String from serial to row[DB_serial] */
-- memcpy(row[DB_serial], serial, strlen(serial));
-- row[DB_serial][strlen(serial)] = '\0';
-+ memcpy(row[DB_serial], serial, serial_len);
-+ row[DB_serial][serial_len] = '\0';
- }
-
- /* Make it Upper Case */
-@@ -2270,7 +2195,7 @@ static int do_updatedb(CA_DB *db)
-
- /* get actual time and make a string */
- a_tm = X509_gmtime_adj(a_tm, 0);
-- a_tm_s = (char *)app_malloc(a_tm->length + 1, "time string");
-+ a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
---- a/apps/ciphers.c
-+++ b/apps/ciphers.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,6 +22,7 @@ typedef enum OPTION_choice {
- OPT_TLS1_1,
- OPT_TLS1_2,
- OPT_PSK,
-+ OPT_SRP,
- OPT_V, OPT_UPPER_V, OPT_S
- } OPTION_CHOICE;
-
-@@ -96,6 +49,9 @@ OPTIONS ciphers_options[] = {
- #ifndef OPENSSL_NO_PSK
- {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
- #endif
-+#ifndef OPENSSL_NO_SRP
-+ {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
-+#endif
- {NULL}
- };
-
-@@ -108,6 +64,12 @@ static unsigned int dummy_psk(SSL *ssl,
- return 0;
- }
- #endif
-+#ifndef OPENSSL_NO_SRP
-+static char *dummy_srp(SSL *ssl, void *arg)
-+{
-+ return "";
-+}
-+#endif
-
- int ciphers_main(int argc, char **argv)
- {
-@@ -122,6 +84,9 @@ int ciphers_main(int argc, char **argv)
- #ifndef OPENSSL_NO_PSK
- int psk = 0;
- #endif
-+#ifndef OPENSSL_NO_SRP
-+ int srp = 0;
-+#endif
- const char *p;
- char *ciphers = NULL, *prog;
- char buf[512];
-@@ -175,6 +140,11 @@ int ciphers_main(int argc, char **argv)
- psk = 1;
- #endif
- break;
-+ case OPT_SRP:
-+#ifndef OPENSSL_NO_SRP
-+ srp = 1;
-+#endif
-+ break;
- }
- }
- argv = opt_rest();
-@@ -197,6 +167,10 @@ int ciphers_main(int argc, char **argv)
- if (psk)
- SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
- #endif
-+#ifndef OPENSSL_NO_SRP
-+ if (srp)
-+ SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
-+#endif
- if (ciphers != NULL) {
- if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
- BIO_printf(bio_err, "Error in cipher list\n");
---- a/apps/cms.c
-+++ b/apps/cms.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* CMS utility function */
-@@ -134,15 +90,15 @@ OPTIONS cms_options[] = {
- " cert.pem... recipient certs for encryption\n"},
- {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
- {"help", OPT_HELP, '-', "Display this summary"},
-- {"inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER"},
-- {"outform", OPT_OUTFORM, 'F',
-+ {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
-+ {"outform", OPT_OUTFORM, 'c',
- "Output format SMIME (default), PEM or DER"},
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
- {"sign", OPT_SIGN, '-', "Sign message"},
-- {"sign_receipt", OPT_SIGN_RECEIPT, '-'},
-+ {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
- {"resign", OPT_RESIGN, '-'},
- {"verify", OPT_VERIFY, '-', "Verify signed message"},
- {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
-@@ -177,7 +133,7 @@ OPTIONS cms_options[] = {
- {"noindef", OPT_NOINDEF, '-'},
- {"nooldmime", OPT_NOOLDMIME, '-'},
- {"crlfeol", OPT_CRLFEOL, '-'},
-- {"noout", OPT_NOOUT, '-'},
-+ {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
- {"receipt_request_print", OPT_RR_PRINT, '-'},
- {"receipt_request_all", OPT_RR_ALL, '-'},
- {"receipt_request_first", OPT_RR_FIRST, '-'},
-@@ -191,7 +147,7 @@ OPTIONS cms_options[] = {
- "Do not load certificates from the default certificates directory"},
- {"content", OPT_CONTENT, '<',
- "Supply or override content for detached signature"},
-- {"print", OPT_PRINT, '-'},
-+ {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"},
- {"secretkey", OPT_SECRETKEY, 's'},
- {"secretkeyid", OPT_SECRETKEYID, 's'},
- {"pwri_password", OPT_PWRI_PASSWORD, 's'},
-@@ -205,7 +161,7 @@ OPTIONS cms_options[] = {
- {"signer", OPT_SIGNER, 's', "Signer certificate file"},
- {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
- {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
-- {"md", OPT_MD, 's'},
-+ {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
- {"inkey", OPT_INKEY, 's',
- "Input private key (if not signer or recipient)"},
- {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
-@@ -260,6 +216,7 @@ int cms_main(int argc, char **argv)
- unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
- unsigned char *secret_key = NULL, *secret_keyid = NULL;
- long ltmp;
-+ const char *mime_eol = "\n";
- OPTION_CHOICE o;
-
- if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
-@@ -278,11 +235,11 @@ int cms_main(int argc, char **argv)
- ret = 0;
- goto end;
- case OPT_INFORM:
-- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-+ if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
- goto opthelp;
- break;
- case OPT_OUTFORM:
-- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
-+ if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
- goto opthelp;
- break;
- case OPT_OUT:
-@@ -392,6 +349,7 @@ int cms_main(int argc, char **argv)
- flags |= CMS_NOOLDMIMETYPE;
- break;
- case OPT_CRLFEOL:
-+ mime_eol = "\r\n";
- flags |= CMS_CRLFEOL;
- break;
- case OPT_NOOUT:
-@@ -522,7 +480,7 @@ int cms_main(int argc, char **argv)
- signerfile = opt_arg();
- break;
- case OPT_INKEY:
-- /* If previous -inkey arument add signer to list */
-+ /* If previous -inkey argument add signer to list */
- if (keyfile) {
- if (signerfile == NULL) {
- BIO_puts(bio_err, "Illegal -inkey without -signer\n");
-@@ -1084,11 +1042,11 @@ int cms_main(int argc, char **argv)
- CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
- } else if (outformat == FORMAT_SMIME) {
- if (to)
-- BIO_printf(out, "To: %s\n", to);
-+ BIO_printf(out, "To: %s%s", to, mime_eol);
- if (from)
-- BIO_printf(out, "From: %s\n", from);
-+ BIO_printf(out, "From: %s%s", from, mime_eol);
- if (subject)
-- BIO_printf(out, "Subject: %s\n", subject);
-+ BIO_printf(out, "Subject: %s%s", subject, mime_eol);
- if (operation == SMIME_RESIGN)
- ret = SMIME_write_CMS(out, cms, indata, flags);
- else
-@@ -1282,7 +1240,7 @@ static CMS_ReceiptRequest *make_receipt_
- *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
- *rr_from)
- {
-- STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
-+ STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
- CMS_ReceiptRequest *rr;
- rct_to = make_names_stack(rr_to);
- if (!rct_to)
-@@ -1297,6 +1255,7 @@ static CMS_ReceiptRequest *make_receipt_
- rct_to);
- return rr;
- err:
-+ sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
- return NULL;
- }
-
---- a/apps/crl.c
-+++ b/apps/crl.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -80,15 +32,15 @@ OPTIONS crl_options[] = {
- {"in", OPT_IN, '<', "Input file - default stdin"},
- {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
- {"out", OPT_OUT, '>', "output file - default stdout"},
-- {"keyform", OPT_KEYFORM, 'F'},
-- {"key", OPT_KEY, '<'},
-+ {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
-+ {"key", OPT_KEY, '<', "CRL signing Private key to use"},
- {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
- {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
- {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
- {"noout", OPT_NOOUT, '-', "No CRL output"},
- {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
- {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
-- {"badsig", OPT_BADSIG, '-'},
-+ {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
- {"gendelta", OPT_GENDELTA, '<'},
- {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
- {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
-@@ -96,7 +48,7 @@ OPTIONS crl_options[] = {
- "Do not load the default certificates file"},
- {"no-CApath", OPT_NOCAPATH, '-',
- "Do not load certificates from the default certificates directory"},
-- {"verify", OPT_VERIFY, '-'},
-+ {"verify", OPT_VERIFY, '-', "Verify CRL signature"},
- {"text", OPT_TEXT, '-', "Print out a text format version"},
- {"hash", OPT_HASH, '-', "Print hash value"},
- {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
-@@ -244,13 +196,13 @@ int crl_main(int argc, char **argv)
- if (lookup == NULL)
- goto end;
- ctx = X509_STORE_CTX_new();
-- if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
-+ if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
- BIO_printf(bio_err, "Error initialising X509 store\n");
- goto end;
- }
-
-- xobj = X509_STORE_get_X509_by_subject(ctx, X509_LU_X509,
-- X509_CRL_get_issuer(x));
-+ xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
-+ X509_CRL_get_issuer(x));
- if (xobj == NULL) {
- BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
- goto end;
---- a/apps/crl2p7.c
-+++ b/apps/crl2p7.c
-@@ -1,64 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
- /*
-- * This was written by Gordon Chaffee <chaffee at plateau.cs.berkeley.edu> and
-- * donated 'to the cause' along with lots and lots of other fixes to the
-- * library.
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -138,10 +84,8 @@ int crl2pkcs7_main(int argc, char **argv
- if ((certflst == NULL)
- && (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
- goto end;
-- if (!sk_OPENSSL_STRING_push(certflst, opt_arg())) {
-- sk_OPENSSL_STRING_free(certflst);
-+ if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
- goto end;
-- }
- break;
- }
- }
-@@ -197,8 +141,6 @@ int crl2pkcs7_main(int argc, char **argv
- }
- }
-
-- sk_OPENSSL_STRING_free(certflst);
--
- out = bio_open_default(outfile, 'w', outformat);
- if (out == NULL)
- goto end;
-@@ -214,6 +156,7 @@ int crl2pkcs7_main(int argc, char **argv
- }
- ret = 0;
- end:
-+ sk_OPENSSL_STRING_free(certflst);
- BIO_free(in);
- BIO_free_all(out);
- PKCS7_free(p7);
---- a/apps/dgst.c
-+++ b/apps/dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/apps/dh1024.pem
-+++ b/apps/dh1024.pem
-@@ -1,10 +1,10 @@
- -----BEGIN DH PARAMETERS-----
--MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
--jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
--ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
-+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
-+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
-+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
- -----END DH PARAMETERS-----
-
--These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
--(http://www.skip-vpn.org/spec/numbers.html).
--See there for how they were generated.
--Note that g is not a generator, but this is not a problem since p is a safe prime.
-+These are the 1024-bit DH parameters from "Internet Key Exchange
-+Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
-+
-+See https://tools.ietf.org/html/rfc2412 for how they were generated.
---- a/apps/dh2048.pem
-+++ b/apps/dh2048.pem
-@@ -1,12 +1,14 @@
- -----BEGIN DH PARAMETERS-----
--MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
--89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
--T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
--zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
--Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
--CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
-+MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
-+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
-+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
-+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
-+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
-+5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
- -----END DH PARAMETERS-----
-
--These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
--(http://www.skip-vpn.org/spec/numbers.html).
--See there for how they were generated.
-+These are the 2048-bit DH parameters from "More Modular Exponential
-+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
-+https://tools.ietf.org/html/rfc3526
-+
-+See https://tools.ietf.org/html/rfc2412 for how they were generated.
---- a/apps/dh4096.pem
-+++ b/apps/dh4096.pem
-@@ -1,18 +1,19 @@
- -----BEGIN DH PARAMETERS-----
--MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
--l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
--Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
--Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
--VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
--alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
--sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
--ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
--OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
--AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
--KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
-+MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
-+IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
-+awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
-+mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
-+fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
-+5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
-+fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
-+ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
-+ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
-++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
-+HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
- -----END DH PARAMETERS-----
-
--These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
--(http://www.skip-vpn.org/spec/numbers.html).
--See there for how they were generated.
--Note that g is not a generator, but this is not a problem since p is a safe prime.
-+These are the 4096-bit DH parameters from "More Modular Exponential
-+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
-+https://tools.ietf.org/html/rfc3526
-+
-+See https://tools.ietf.org/html/rfc2412 for how they were generated.
---- a/apps/dhparam.c
-+++ b/apps/dhparam.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -150,7 +49,7 @@ OPTIONS dhparam_options[] = {
- {"out", OPT_OUT, '>', "Output file"},
- {"check", OPT_CHECK, '-', "Check the DH parameters"},
- {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
-- {"noout", OPT_NOOUT, '-'},
-+ {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
- {"C", OPT_C, '-', "Print C code"},
-@@ -371,20 +270,35 @@ int dhparam_main(int argc, char **argv)
- goto end;
- }
- if (i & DH_CHECK_P_NOT_PRIME)
-- printf("p value is not prime\n");
-+ BIO_printf(bio_err, "WARNING: p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-- printf("p value is not a safe prime\n");
-+ BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
-+ if (i & DH_CHECK_Q_NOT_PRIME)
-+ BIO_printf(bio_err, "WARNING: q value is not a prime\n");
-+ if (i & DH_CHECK_INVALID_Q_VALUE)
-+ BIO_printf(bio_err, "WARNING: q value is invalid\n");
-+ if (i & DH_CHECK_INVALID_J_VALUE)
-+ BIO_printf(bio_err, "WARNING: j value is invalid\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-- printf("unable to check the generator value\n");
-+ BIO_printf(bio_err,
-+ "WARNING: unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
-- printf("the g value is not a generator\n");
-+ BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
- if (i == 0)
-- printf("DH parameters appear to be ok.\n");
-+ BIO_printf(bio_err, "DH parameters appear to be ok.\n");
-+ if (num != 0 && i != 0) {
-+ /*
-+ * We have generated parameters but DH_check() indicates they are
-+ * invalid! This should never happen!
-+ */
-+ BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
-+ goto end;
-+ }
- }
- if (C) {
- unsigned char *data;
- int len, bits;
-- BIGNUM *pbn, *gbn;
-+ const BIGNUM *pbn, *gbn;
-
- len = DH_size(dh);
- bits = DH_bits(dh);
-@@ -423,7 +337,7 @@ int dhparam_main(int argc, char **argv)
- }
-
- if (!noout) {
-- BIGNUM *q;
-+ const BIGNUM *q;
- DH_get0_pqg(dh, NULL, &q, NULL);
- if (outformat == FORMAT_ASN1)
- i = i2d_DHparams_bio(out, dh);
---- a/apps/dsa.c
-+++ b/apps/dsa.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -83,15 +35,15 @@ typedef enum OPTION_choice {
-
- OPTIONS dsa_options[] = {
- {"help", OPT_HELP, '-', "Display this summary"},
-- {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
-+ {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
- {"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
- {"in", OPT_IN, 's', "Input key"},
- {"out", OPT_OUT, '>', "Output file"},
- {"noout", OPT_NOOUT, '-', "Don't print key out"},
- {"text", OPT_TEXT, '-', "Print the key in text"},
- {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
-- {"pubin", OPT_PUBIN, '-'},
-- {"pubout", OPT_PUBOUT, '-'},
-+ {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
-+ {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
-@@ -243,7 +195,7 @@ int dsa_main(int argc, char **argv)
- }
-
- if (modulus) {
-- BIGNUM *pub_key = NULL;
-+ const BIGNUM *pub_key = NULL;
- DSA_get0_key(dsa, &pub_key, NULL);
- BIO_printf(out, "Public Key=");
- BN_print(out, pub_key);
---- a/apps/dsaparam.c
-+++ b/apps/dsaparam.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -263,7 +215,7 @@ int dsaparam_main(int argc, char **argv)
- }
-
- if (C) {
-- BIGNUM *p = NULL, *q = NULL, *g = NULL;
-+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
- unsigned char *data;
- int len, bits_p;
-
-@@ -292,6 +244,7 @@ int dsaparam_main(int argc, char **argv)
- " return NULL;\n"
- " }\n"
- " return(dsa);\n}\n");
-+ OPENSSL_free(data);
- }
-
- if (!noout) {
---- a/apps/ec.c
-+++ b/apps/ec.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -92,15 +44,15 @@ typedef enum OPTION_choice {
-
- OPTIONS ec_options[] = {
- {"help", OPT_HELP, '-', "Display this summary"},
-- {"in", OPT_IN, '<', "Input file"},
-- {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
-+ {"in", OPT_IN, 's', "Input file"},
-+ {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
- {"noout", OPT_NOOUT, '-', "Don't print key out"},
- {"text", OPT_TEXT, '-', "Print the key"},
- {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
-- {"pubin", OPT_PUBIN, '-'},
-- {"pubout", OPT_PUBOUT, '-'},
-+ {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
-+ {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
- {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
- {"check", OPT_CHECK, '-', "check key consistency"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
-@@ -118,6 +70,7 @@ OPTIONS ec_options[] = {
- int ec_main(int argc, char **argv)
- {
- BIO *in = NULL, *out = NULL;
-+ ENGINE *e = NULL;
- EC_KEY *eckey = NULL;
- const EC_GROUP *group;
- const EVP_CIPHER *enc = NULL;
-@@ -143,7 +96,7 @@ int ec_main(int argc, char **argv)
- ret = 0;
- goto end;
- case OPT_INFORM:
-- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
- goto opthelp;
- break;
- case OPT_IN:
-@@ -178,7 +131,7 @@ int ec_main(int argc, char **argv)
- passoutarg = opt_arg();
- break;
- case OPT_ENGINE:
-- (void)setup_engine(opt_arg(), 0);
-+ e = setup_engine(opt_arg(), 0);
- break;
- case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &enc))
-@@ -217,9 +170,11 @@ int ec_main(int argc, char **argv)
- goto end;
- }
-
-- in = bio_open_default(infile, 'r', informat);
-- if (in == NULL)
-- goto end;
-+ if (informat != FORMAT_ENGINE) {
-+ in = bio_open_default(infile, 'r', informat);
-+ if (in == NULL)
-+ goto end;
-+ }
-
- BIO_printf(bio_err, "read EC key\n");
- if (informat == FORMAT_ASN1) {
-@@ -227,6 +182,16 @@ int ec_main(int argc, char **argv)
- eckey = d2i_EC_PUBKEY_bio(in, NULL);
- else
- eckey = d2i_ECPrivateKey_bio(in, NULL);
-+ } else if (informat == FORMAT_ENGINE) {
-+ EVP_PKEY *pkey;
-+ if (pubin)
-+ pkey = load_pubkey(infile, informat , 1, passin, e, "Public Key");
-+ else
-+ pkey = load_key(infile, informat, 1, passin, e, "Private Key");
-+ if (pkey != NULL) {
-+ eckey = EVP_PKEY_get1_EC_KEY(pkey);
-+ EVP_PKEY_free(pkey);
-+ }
- } else {
- if (pubin)
- eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
---- a/apps/ecparam.c
-+++ b/apps/ecparam.c
-@@ -1,59 +1,12 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
---- a/apps/enc.c
-+++ b/apps/enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -82,6 +34,7 @@ static void show_ciphers(const OBJ_NAME
-
- typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-+ OPT_LIST,
- OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
- OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
- OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
-@@ -90,6 +43,7 @@ typedef enum OPTION_choice {
-
- OPTIONS enc_options[] = {
- {"help", OPT_HELP, '-', "Display this summary"},
-+ {"ciphers", OPT_LIST, '-', "List ciphers"},
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
- {"pass", OPT_PASS, 's', "Passphrase source"},
-@@ -108,11 +62,11 @@ OPTIONS enc_options[] = {
- "Used with -[base64|a] to specify base64 buffer as a single line"},
- {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
- {"k", OPT_K, 's', "Passphrase"},
-- {"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
-+ {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
- {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
- {"S", OPT_UPPER_S, 's', "Salt, in hex"},
- {"iv", OPT_IV, 's', "IV in hex"},
-- {"md", OPT_MD, 's', "Use specified digest to create key from passphrase"},
-+ {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
- {"none", OPT_NONE, '-', "Don't encrypt"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- #ifdef ZLIB
-@@ -177,7 +131,9 @@ int enc_main(int argc, char **argv)
- case OPT_HELP:
- opt_help(enc_options);
- ret = 0;
-- BIO_printf(bio_err, "Cipher Types\n");
-+ goto end;
-+ case OPT_LIST:
-+ BIO_printf(bio_err, "Supported ciphers:\n");
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
- show_ciphers, bio_err);
- BIO_printf(bio_err, "\n");
-@@ -291,8 +247,6 @@ int enc_main(int argc, char **argv)
- break;
- }
- }
-- argc = opt_num_rest();
-- argv = opt_rest();
-
- if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
- BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
-@@ -428,6 +382,8 @@ int enc_main(int argc, char **argv)
- * output BIO. If decrypting read salt from input BIO.
- */
- unsigned char *sptr;
-+ size_t str_len = strlen(str);
-+
- if (nosalt)
- sptr = NULL;
- else {
-@@ -467,7 +423,7 @@ int enc_main(int argc, char **argv)
-
- if (!EVP_BytesToKey(cipher, dgst, sptr,
- (unsigned char *)str,
-- strlen(str), 1, key, iv)) {
-+ str_len, 1, key, iv)) {
- BIO_printf(bio_err, "EVP_BytesToKey failed\n");
- goto end;
- }
-@@ -478,7 +434,7 @@ int enc_main(int argc, char **argv)
- if (str == strbuf)
- OPENSSL_cleanse(str, SIZE);
- else
-- OPENSSL_cleanse(str, strlen(str));
-+ OPENSSL_cleanse(str, str_len);
- }
- if (hiv != NULL) {
- int siz = EVP_CIPHER_iv_length(cipher);
---- a/apps/engine.c
-+++ b/apps/engine.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -94,10 +45,6 @@ OPTIONS engine_options[] = {
- {NULL}
- };
-
--static void identity(char *ptr)
--{
--}
--
- static int append_buf(char **buf, int *size, const char *s)
- {
- if (*buf == NULL) {
-@@ -107,13 +54,17 @@ static int append_buf(char **buf, int *s
- }
-
- if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
-+ char *tmp;
- *size += 256;
-- *buf = OPENSSL_realloc(*buf, *size);
-+ tmp = OPENSSL_realloc(*buf, *size);
-+ if (tmp == NULL) {
-+ OPENSSL_free(*buf);
-+ *buf = NULL;
-+ return 0;
-+ }
-+ *buf = tmp;
- }
-
-- if (*buf == NULL)
-- return 0;
--
- if (**buf != '\0')
- OPENSSL_strlcat(*buf, ", ", *size);
- OPENSSL_strlcat(*buf, s, *size);
-@@ -262,7 +213,7 @@ static int util_verbose(ENGINE *e, int v
- BIO_printf(out, "\n");
- ret = 1;
- err:
-- sk_OPENSSL_STRING_pop_free(cmds, identity);
-+ sk_OPENSSL_STRING_free(cmds);
- OPENSSL_free(name);
- OPENSSL_free(desc);
- return ret;
-@@ -312,7 +263,7 @@ int engine_main(int argc, char **argv)
- int ret = 1, i;
- int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
- ENGINE *e;
-- STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
-+ STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
- STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
- STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
- BIO *out;
-@@ -329,7 +280,7 @@ int engine_main(int argc, char **argv)
- * names, and then setup to parse the rest of the line as flags. */
- prog = argv[0];
- while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
-- sk_OPENSSL_STRING_push(engines, argv1);
-+ sk_OPENSSL_CSTRING_push(engines, argv1);
- argc--;
- argv++;
- }
-@@ -382,17 +333,17 @@ int engine_main(int argc, char **argv)
- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
- goto end;
- }
-- sk_OPENSSL_STRING_push(engines, *argv);
-+ sk_OPENSSL_CSTRING_push(engines, *argv);
- }
-
-- if (sk_OPENSSL_STRING_num(engines) == 0) {
-+ if (sk_OPENSSL_CSTRING_num(engines) == 0) {
- for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
-- sk_OPENSSL_STRING_push(engines, (char *)ENGINE_get_id(e));
-+ sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
- }
- }
-
-- for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
-- const char *id = sk_OPENSSL_STRING_value(engines, i);
-+ for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
-+ const char *id = sk_OPENSSL_CSTRING_value(engines, i);
- if ((e = ENGINE_by_id(id)) != NULL) {
- const char *name = ENGINE_get_name(e);
- /*
-@@ -481,9 +432,9 @@ int engine_main(int argc, char **argv)
- end:
-
- ERR_print_errors(bio_err);
-- sk_OPENSSL_STRING_pop_free(engines, identity);
-- sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
-- sk_OPENSSL_STRING_pop_free(post_cmds, identity);
-+ sk_OPENSSL_CSTRING_free(engines);
-+ sk_OPENSSL_STRING_free(pre_cmds);
-+ sk_OPENSSL_STRING_free(post_cmds);
- BIO_free_all(out);
- return (ret);
- }
---- a/apps/errstr.c
-+++ b/apps/errstr.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -106,8 +58,6 @@ int errstr_main(int argc, char **argv)
- goto end;
- }
- }
-- argc = opt_num_rest();
-- argv = opt_rest();
-
- ret = 0;
- for (argv = opt_rest(); *argv; argv++) {
---- a/apps/gendsa.c
-+++ b/apps/gendsa.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -101,7 +53,7 @@ int gendsa_main(int argc, char **argv)
- char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
- OPTION_CHOICE o;
- int ret = 1, private = 0;
-- BIGNUM *p = NULL;
-+ const BIGNUM *p = NULL;
-
- prog = opt_init(argc, argv, gendsa_options);
- while ((o = opt_next()) != OPT_EOF) {
---- a/apps/genpkey.c
-+++ b/apps/genpkey.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <string.h>
- #include "apps.h"
---- a/apps/genrsa.c
-+++ b/apps/genrsa.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -107,7 +59,7 @@ int genrsa_main(int argc, char **argv)
- ENGINE *eng = NULL;
- BIGNUM *bn = BN_new();
- BIO *out = NULL;
-- BIGNUM *e;
-+ const BIGNUM *e;
- RSA *rsa = NULL;
- const EVP_CIPHER *enc = NULL;
- int ret = 1, num = DEFBITS, private = 0;
---- a/apps/nseq.c
-+++ b/apps/nseq.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/apps/ocsp.c
-+++ b/apps/ocsp.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -154,7 +105,7 @@ OPTIONS ocsp_options[] = {
- {"timeout", OPT_TIMEOUT, 'p',
- "Connection timeout (in seconds) to the OCSP responder"},
- {"url", OPT_URL, 's', "Responder URL"},
-- {"host", OPT_HOST, 's', "host:prot top to connect to"},
-+ {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
- {"port", OPT_PORT, 'p', "Port to run responder on"},
- {"ignore_err", OPT_IGNORE_ERR, '-'},
- {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
-@@ -163,7 +114,7 @@ OPTIONS ocsp_options[] = {
- {"resp_no_certs", OPT_RESP_NO_CERTS, '-',
- "Don't include any certificates in response"},
- {"resp_key_id", OPT_RESP_KEY_ID, '-',
-- "Identify reponse by signing certificate key ID"},
-+ "Identify response by signing certificate key ID"},
- {"no_certs", OPT_NO_CERTS, '-',
- "Don't include any certificates in signed request"},
- {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
-@@ -178,7 +129,8 @@ OPTIONS ocsp_options[] = {
- "Don't verify additional certificates"},
- {"no_intern", OPT_NO_INTERN, '-',
- "Don't search certificates contained in response for signer"},
-- {"badsig", OPT_BADSIG, '-'},
-+ {"badsig", OPT_BADSIG, '-',
-+ "Corrupt last byte of loaded OSCP response signature (for test)"},
- {"text", OPT_TEXT, '-', "Print text form of request and response"},
- {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
- {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
-@@ -205,7 +157,7 @@ OPTIONS ocsp_options[] = {
- {"path", OPT_PATH, 's', "Path to use in OCSP request"},
- {"issuer", OPT_ISSUER, '<', "Issuer certificate"},
- {"cert", OPT_CERT, '<', "Certificate to check"},
-- {"serial", OPT_SERIAL, 's', "Nerial number to check"},
-+ {"serial", OPT_SERIAL, 's', "Serial number to check"},
- {"index", OPT_INDEX, '<', "Certificate status index file"},
- {"CA", OPT_CA, '<', "CA certificate"},
- {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
-@@ -213,12 +165,12 @@ OPTIONS ocsp_options[] = {
- "Number of requests to accept (default unlimited)"},
- {"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
- {"rsigner", OPT_RSIGNER, '<',
-- "Sesponder certificate to sign responses with"},
-+ "Responder certificate to sign responses with"},
- {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
- {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
-- {"rmd", OPT_RMD, 's'},
-+ {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
- {"header", OPT_HEADER, 's', "key=value header to add"},
-- {"", OPT_MD, '-', "Any supported digest"},
-+ {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
- OPT_V_OPTIONS,
- {NULL}
- };
-@@ -227,6 +179,7 @@ int ocsp_main(int argc, char **argv)
- {
- BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
- const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
-+ int trailing_md = 0;
- CA_DB *rdb = NULL;
- EVP_PKEY *key = NULL, *rkey = NULL;
- OCSP_BASICRESP *bs = NULL;
-@@ -438,6 +391,7 @@ int ocsp_main(int argc, char **argv)
- goto end;
- if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
- goto end;
-+ trailing_md = 0;
- break;
- case OPT_SERIAL:
- if (cert_id_md == NULL)
-@@ -446,6 +400,7 @@ int ocsp_main(int argc, char **argv)
- goto end;
- if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
- goto end;
-+ trailing_md = 0;
- break;
- case OPT_INDEX:
- ridx_filename = opt_arg();
-@@ -473,7 +428,7 @@ int ocsp_main(int argc, char **argv)
- case OPT_ROTHER:
- rcertfile = opt_arg();
- break;
-- case OPT_RMD:
-+ case OPT_RMD: /* Response MessageDigest */
- if (!opt_md(opt_arg(), &rsign_md))
- goto end;
- break;
-@@ -489,7 +444,7 @@ int ocsp_main(int argc, char **argv)
- goto end;
- break;
- case OPT_MD:
-- if (cert_id_md != NULL) {
-+ if (trailing_md) {
- BIO_printf(bio_err,
- "%s: Digest must be before -cert or -serial\n",
- prog);
-@@ -497,9 +452,16 @@ int ocsp_main(int argc, char **argv)
- }
- if (!opt_md(opt_unknown(), &cert_id_md))
- goto opthelp;
-+ trailing_md = 1;
- break;
- }
- }
-+
-+ if (trailing_md) {
-+ BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
-+ prog);
-+ goto opthelp;
-+ }
- argc = opt_num_rest();
- if (argc != 0)
- goto opthelp;
-@@ -1027,13 +989,13 @@ static char **lookup_serial(CA_DB *db, A
-
- static BIO *init_responder(const char *port)
- {
-- BIO *acbio = NULL, *bufbio = NULL;
--
- # ifdef OPENSSL_NO_SOCK
- BIO_printf(bio_err,
- "Error setting up accept BIO - sockets not supported.\n");
- return NULL;
--# endif
-+# else
-+ BIO *acbio = NULL, *bufbio = NULL;
-+
- bufbio = BIO_new(BIO_f_buffer());
- if (bufbio == NULL)
- goto err;
-@@ -1060,9 +1022,10 @@ static BIO *init_responder(const char *p
- BIO_free_all(acbio);
- BIO_free(bufbio);
- return NULL;
-+# endif
- }
-
--
-+# ifndef OPENSSL_NO_SOCK
- /*
- * Decode %xx URL-decoding in-place. Ignores mal-formed sequences.
- */
-@@ -1086,9 +1049,13 @@ static int urldecode(char *p)
- *out = '\0';
- return (int)(out - save);
- }
-+# endif
-
- static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
- {
-+# ifdef OPENSSL_NO_SOCK
-+ return 0;
-+# else
- int len;
- OCSP_REQUEST *req = NULL;
- char inbuf[2048], reqbuf[2048];
-@@ -1169,7 +1136,7 @@ static int do_responder(OCSP_REQUEST **p
- *preq = req;
-
- return 1;
--
-+# endif
- }
-
- static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
---- a/apps/openssl-vms.cnf
-+++ b/apps/openssl-vms.cnf
-@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
-
- authorityKeyIdentifier=keyid:always,issuer
-
--# This is what PKIX recommends but some broken software chokes on critical
--# extensions.
--#basicConstraints = critical,CA:true
--# So we do this instead.
--basicConstraints = CA:true
-+basicConstraints = critical,CA:true
-
- # Key usage: this is typical for a CA certificate. However since it will
- # prevent it being used as an test self-signed certificate it is best
---- a/apps/openssl.c
-+++ b/apps/openssl.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -113,7 +12,6 @@
- #include <stdlib.h>
- #include <openssl/bio.h>
- #include <openssl/crypto.h>
--#include <openssl/rand.h>
- #include <openssl/lhash.h>
- #include <openssl/conf.h>
- #include <openssl/x509.h>
-@@ -233,6 +131,11 @@ int main(int argc, char *argv[])
-
- #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
- copied_argv = argv = copy_argv(&argc, argv);
-+#elif defined(_WIN32)
-+ /*
-+ * Replace argv[] with UTF-8 encoded strings.
-+ */
-+ win32_utf8argv(&argc, &argv);
- #endif
-
- p = getenv("OPENSSL_DEBUG_MEMORY");
-@@ -305,7 +208,7 @@ int main(int argc, char *argv[])
- extern void add_history(const char *cp);
- char *text;
-
-- char *text = readline(prompt);
-+ text = readline(prompt);
- if (text == NULL)
- goto end;
- i = strlen(text);
-@@ -491,10 +394,8 @@ int help_main(int argc, char **argv)
- return 0;
- }
- }
-- argc = opt_num_rest();
-- argv = opt_rest();
-
-- if (argc != 0) {
-+ if (opt_num_rest() != 0) {
- BIO_printf(bio_err, "Usage: %s\n", prog);
- return 1;
- }
-@@ -628,7 +529,7 @@ static int function_cmp(const FUNCTION *
-
- static unsigned long function_hash(const FUNCTION * a)
- {
-- return lh_strhash(a->name);
-+ return OPENSSL_LH_strhash(a->name);
- }
-
- static int SortFnByName(const void *_f1, const void *_f2)
-@@ -743,9 +644,6 @@ static void list_disabled(void)
- #ifdef OPENSSL_NO_SCRYPT
- BIO_puts(bio_out, "SCRYPT\n");
- #endif
--#ifdef OPENSSL_NO_SCT
-- BIO_puts(bio_out, "SCT\n");
--#endif
- #ifdef OPENSSL_NO_SCTP
- BIO_puts(bio_out, "SCTP\n");
- #endif
-@@ -761,15 +659,9 @@ static void list_disabled(void)
- #ifdef OPENSSL_NO_SRTP
- BIO_puts(bio_out, "SRTP\n");
- #endif
--#ifdef OPENSSL_NO_SSL
-- BIO_puts(bio_out, "SSL\n");
--#endif
- #ifdef OPENSSL_NO_SSL3
- BIO_puts(bio_out, "SSL3\n");
- #endif
--#if defined(OPENSSL_NO_TLS)
-- BIO_puts(bio_out, "TLS\n");
--#endif
- #ifdef OPENSSL_NO_TLS1
- BIO_puts(bio_out, "TLS1\n");
- #endif
---- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -233,11 +233,7 @@ subjectKeyIdentifier=hash
-
- authorityKeyIdentifier=keyid:always,issuer
-
--# This is what PKIX recommends but some broken software chokes on critical
--# extensions.
--#basicConstraints = critical,CA:true
--# So we do this instead.
--basicConstraints = CA:true
-+basicConstraints = critical,CA:true
-
- # Key usage: this is typical for a CA certificate. However since it will
- # prevent it being used as an test self-signed certificate it is best
---- a/apps/opt.c
-+++ b/apps/opt.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* #define COMPILE_STANDALONE_TEST_DRIVER */
-@@ -59,6 +19,7 @@
- #include <ctype.h>
- #include <limits.h>
- #include <openssl/bio.h>
-+#include <openssl/x509v3.h>
-
- #define MAX_OPT_HELP_WIDTH 30
- const char OPT_HELP_STR[] = "--";
-@@ -113,7 +74,7 @@ char *opt_progname(const char *argv0)
- {
- const char *p, *q;
-
-- /* Find last special charcter sys:[foo.bar]openssl */
-+ /* Find last special character sys:[foo.bar]openssl */
- for (p = argv0 + strlen(argv0); --p > argv0;)
- if (*p == ':' || *p == ']' || *p == '>') {
- p++;
-@@ -179,7 +140,7 @@ char *opt_init(int ac, char **av, const
- switch (i) {
- case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
- case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
-- case 'u':
-+ case 'u': case 'c':
- break;
- default:
- assert(0);
-@@ -615,10 +576,13 @@ int opt_verify(int opt, X509_VERIFY_PARA
- break;
- case OPT_V_NO_ALT_CHAINS:
- X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
-- break;
-+ break;
- case OPT_V_NO_CHECK_TIME:
- X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
-- break;
-+ break;
-+ case OPT_V_ALLOW_PROXY_CERTS:
-+ X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
-+ break;
- }
- return 1;
-
-@@ -755,10 +719,12 @@ int opt_next(void)
- return -1;
- }
- break;
-+ case 'c':
- case 'E':
- case 'F':
- case 'f':
- if (opt_format(arg,
-+ o->valtype == 'c' ? OPT_FMT_PDS :
- o->valtype == 'E' ? OPT_FMT_PDE :
- o->valtype == 'F' ? OPT_FMT_PEMDER
- : OPT_FMT_ANY, &ival))
-@@ -894,7 +860,7 @@ void opt_help(const OPTIONS *list)
- start[sizeof start - 1] = '\0';
-
- if (o->name == OPT_MORE_STR) {
-- /* Continuation of previous line; padd and print. */
-+ /* Continuation of previous line; pad and print. */
- start[width] = '\0';
- BIO_printf(bio_err, "%s %s\n", start, help);
- continue;
---- a/apps/passwd.c
-+++ b/apps/passwd.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
-@@ -175,6 +135,7 @@ int passwd_main(int argc, char **argv)
- if (pw_source_defined)
- goto opthelp;
- in_stdin = 1;
-+ pw_source_defined = 1;
- break;
- }
- }
-@@ -326,69 +287,93 @@ static char *md5crypt(const char *passwd
- char *salt_out;
- int n;
- unsigned int i;
-- EVP_MD_CTX *md, *md2;
-- size_t passwd_len, salt_len;
-+ EVP_MD_CTX *md = NULL, *md2 = NULL;
-+ size_t passwd_len, salt_len, magic_len;
-
- passwd_len = strlen(passwd);
- out_buf[0] = '$';
- out_buf[1] = 0;
-- assert(strlen(magic) <= 4); /* "1" or "apr1" */
-+ magic_len = strlen(magic);
-+
-+ if (magic_len > 4) /* assert it's "1" or "apr1" */
-+ return NULL;
-+
- OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
- OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
- OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
-- assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-- salt_out = out_buf + 2 + strlen(magic);
-+
-+ if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
-+ return NULL;
-+
-+ salt_out = out_buf + 2 + magic_len;
- salt_len = strlen(salt_out);
-- assert(salt_len <= 8);
-
-- md = EVP_MD_CTX_new();
-- if (md == NULL)
-+ if (salt_len > 8)
- return NULL;
-- EVP_DigestInit_ex(md, EVP_md5(), NULL);
-- EVP_DigestUpdate(md, passwd, passwd_len);
-- EVP_DigestUpdate(md, "$", 1);
-- EVP_DigestUpdate(md, magic, strlen(magic));
-- EVP_DigestUpdate(md, "$", 1);
-- EVP_DigestUpdate(md, salt_out, salt_len);
-+
-+ md = EVP_MD_CTX_new();
-+ if (md == NULL
-+ || !EVP_DigestInit_ex(md, EVP_md5(), NULL)
-+ || !EVP_DigestUpdate(md, passwd, passwd_len)
-+ || !EVP_DigestUpdate(md, "$", 1)
-+ || !EVP_DigestUpdate(md, magic, magic_len)
-+ || !EVP_DigestUpdate(md, "$", 1)
-+ || !EVP_DigestUpdate(md, salt_out, salt_len))
-
- md2 = EVP_MD_CTX_new();
-- if (md2 == NULL)
-- return NULL;
-- EVP_DigestInit_ex(md2, EVP_md5(), NULL);
-- EVP_DigestUpdate(md2, passwd, passwd_len);
-- EVP_DigestUpdate(md2, salt_out, salt_len);
-- EVP_DigestUpdate(md2, passwd, passwd_len);
-- EVP_DigestFinal_ex(md2, buf, NULL);
--
-- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-- EVP_DigestUpdate(md, buf, sizeof buf);
-- EVP_DigestUpdate(md, buf, i);
-+ if (md2 == NULL
-+ || !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
-+ || !EVP_DigestUpdate(md2, passwd, passwd_len)
-+ || !EVP_DigestUpdate(md2, salt_out, salt_len)
-+ || !EVP_DigestUpdate(md2, passwd, passwd_len)
-+ || !EVP_DigestFinal_ex(md2, buf, NULL))
-+ goto err;
-+
-+ for (i = passwd_len; i > sizeof buf; i -= sizeof buf) {
-+ if (!EVP_DigestUpdate(md, buf, sizeof buf))
-+ goto err;
-+ }
-+ if (!EVP_DigestUpdate(md, buf, i))
-+ goto err;
-
- n = passwd_len;
- while (n) {
-- EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1);
-+ if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
-+ goto err;
- n >>= 1;
- }
-- EVP_DigestFinal_ex(md, buf, NULL);
-+ if (!EVP_DigestFinal_ex(md, buf, NULL))
-+ return NULL;
-
- for (i = 0; i < 1000; i++) {
-- EVP_DigestInit_ex(md2, EVP_md5(), NULL);
-- EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf,
-- (i & 1) ? passwd_len : sizeof buf);
-- if (i % 3)
-- EVP_DigestUpdate(md2, salt_out, salt_len);
-- if (i % 7)
-- EVP_DigestUpdate(md2, passwd, passwd_len);
-- EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd,
-- (i & 1) ? sizeof buf : passwd_len);
-- EVP_DigestFinal_ex(md2, buf, NULL);
-+ if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
-+ goto err;
-+ if (!EVP_DigestUpdate(md2,
-+ (i & 1) ? (unsigned const char *)passwd : buf,
-+ (i & 1) ? passwd_len : sizeof buf))
-+ goto err;
-+ if (i % 3) {
-+ if (!EVP_DigestUpdate(md2, salt_out, salt_len))
-+ goto err;
-+ }
-+ if (i % 7) {
-+ if (!EVP_DigestUpdate(md2, passwd, passwd_len))
-+ goto err;
-+ }
-+ if (!EVP_DigestUpdate(md2,
-+ (i & 1) ? buf : (unsigned const char *)passwd,
-+ (i & 1) ? sizeof buf : passwd_len))
-+ goto err;
-+ if (!EVP_DigestFinal_ex(md2, buf, NULL))
-+ goto err;
- }
- EVP_MD_CTX_free(md2);
- EVP_MD_CTX_free(md);
-+ md2 = NULL;
-+ md = NULL;
-
- {
- /* transform buf into output string */
--
- unsigned char buf_perm[sizeof buf];
- int dest, source;
- char *output;
-@@ -425,6 +410,11 @@ static char *md5crypt(const char *passwd
- }
-
- return out_buf;
-+
-+ err:
-+ EVP_MD_CTX_free(md2);
-+ EVP_MD_CTX_free(md);
-+ return NULL;
- }
- # endif
-
-@@ -506,10 +496,10 @@ static int do_passwd(int passed_salt, ch
- BIO_printf(out, "%s\t%s\n", hash, passwd);
- else
- BIO_printf(out, "%s\n", hash);
-- return 0;
-+ return 1;
-
- end:
-- return 1;
-+ return 0;
- }
- #else
-
---- a/apps/pkcs12.c
-+++ b/apps/pkcs12.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -571,9 +522,13 @@ int pkcs12_main(int argc, char **argv)
-
- if ((options & INFO) && PKCS12_mac_present(p12)) {
- ASN1_INTEGER *tmaciter;
--
-- PKCS12_get0_mac(NULL, NULL, NULL, &tmaciter, p12);
-- BIO_printf(bio_err, "MAC Iteration %ld\n",
-+ X509_ALGOR *macalgid;
-+ ASN1_OBJECT *macobj;
-+ PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
-+ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
-+ BIO_puts(bio_err, "MAC:");
-+ i2a_ASN1_OBJECT(bio_err, macobj);
-+ BIO_printf(bio_err, " Iteration %ld\n",
- tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
- }
- if (macver) {
-@@ -674,6 +629,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
- PKCS8_PRIV_KEY_INFO *p8;
- X509 *x509;
- STACK_OF(X509_ATTRIBUTE) *attrs;
-+ int ret = 0;
-
- attrs = PKCS12_SAFEBAG_get0_attrs(bag);
-
-@@ -688,7 +644,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
- if ((pkey = EVP_PKCS82PKEY(p8)) == NULL)
- return 0;
- print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
-- PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
-+ ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
- EVP_PKEY_free(pkey);
- break;
-
-@@ -713,7 +669,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
- }
- print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
- PKCS8_PRIV_KEY_INFO_free(p8);
-- PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
-+ ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
- EVP_PKEY_free(pkey);
- break;
-
-@@ -733,7 +689,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
- if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
- return 0;
- dump_cert_text(out, x509);
-- PEM_write_bio_X509(out, x509);
-+ ret = PEM_write_bio_X509(out, x509);
- X509_free(x509);
- break;
-
-@@ -750,7 +706,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
- BIO_printf(bio_err, "\n");
- return 1;
- }
-- return 1;
-+ return ret;
- }
-
- /* Given a single certificate return a verified chain or NULL if error */
-@@ -786,16 +742,70 @@ static int get_cert_chain(X509 *cert, X5
-
- static int alg_print(X509_ALGOR *alg)
- {
-- PBEPARAM *pbe;
-- const unsigned char *p = alg->parameter->value.sequence->data;
-+ int pbenid, aparamtype;
-+ ASN1_OBJECT *aoid;
-+ void *aparam;
-+ PBEPARAM *pbe = NULL;
-+
-+ X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
-+
-+ pbenid = OBJ_obj2nid(aoid);
-+
-+ BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
-+
-+ /*
-+ * If PBE algorithm is PBES2 decode algorithm parameters
-+ * for additional details.
-+ */
-+ if (pbenid == NID_pbes2) {
-+ PBE2PARAM *pbe2 = NULL;
-+ int encnid;
-+ if (aparamtype == V_ASN1_SEQUENCE)
-+ pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
-+ if (pbe2 == NULL) {
-+ BIO_puts(bio_err, "<unsupported parameters>");
-+ goto done;
-+ }
-+ X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
-+ pbenid = OBJ_obj2nid(aoid);
-+ X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
-+ encnid = OBJ_obj2nid(aoid);
-+ BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
-+ OBJ_nid2sn(encnid));
-+ /* If KDF is PBKDF2 decode parameters */
-+ if (pbenid == NID_id_pbkdf2) {
-+ PBKDF2PARAM *kdf = NULL;
-+ int prfnid;
-+ if (aparamtype == V_ASN1_SEQUENCE)
-+ kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
-+ if (kdf == NULL) {
-+ BIO_puts(bio_err, "<unsupported parameters>");
-+ goto done;
-+ }
-
-- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-- if (!pbe)
-- return 1;
-- BIO_printf(bio_err, "%s, Iteration %ld\n",
-- OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
-- ASN1_INTEGER_get(pbe->iter));
-- PBEPARAM_free(pbe);
-+ if (kdf->prf == NULL) {
-+ prfnid = NID_hmacWithSHA1;
-+ } else {
-+ X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
-+ prfnid = OBJ_obj2nid(aoid);
-+ }
-+ BIO_printf(bio_err, ", Iteration %ld, PRF %s",
-+ ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
-+ PBKDF2PARAM_free(kdf);
-+ }
-+ PBE2PARAM_free(pbe2);
-+ } else {
-+ if (aparamtype == V_ASN1_SEQUENCE)
-+ pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
-+ if (pbe == NULL) {
-+ BIO_puts(bio_err, "<unsupported parameters>");
-+ goto done;
-+ }
-+ BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
-+ PBEPARAM_free(pbe);
-+ }
-+ done:
-+ BIO_puts(bio_err, "\n");
- return 1;
- }
-
---- a/apps/pkcs7.c
-+++ b/apps/pkcs7.c
-@@ -1,106 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -222,12 +126,16 @@ int pkcs7_main(int argc, char **argv)
- i = OBJ_obj2nid(p7->type);
- switch (i) {
- case NID_pkcs7_signed:
-- certs = p7->d.sign->cert;
-- crls = p7->d.sign->crl;
-+ if (p7->d.sign != NULL) {
-+ certs = p7->d.sign->cert;
-+ crls = p7->d.sign->crl;
-+ }
- break;
- case NID_pkcs7_signedAndEnveloped:
-- certs = p7->d.signed_and_enveloped->cert;
-- crls = p7->d.signed_and_enveloped->crl;
-+ if (p7->d.signed_and_enveloped != NULL) {
-+ certs = p7->d.signed_and_enveloped->cert;
-+ crls = p7->d.signed_and_enveloped->crl;
-+ }
- break;
- default:
- break;
---- a/apps/pkcs8.c
-+++ b/apps/pkcs8.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999-2004.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -71,7 +23,8 @@ typedef enum OPTION_choice {
- #ifndef OPENSSL_NO_SCRYPT
- OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
- #endif
-- OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT
-+ OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
-+ OPT_TRADITIONAL
- } OPTION_CHOICE;
-
- OPTIONS pkcs8_options[] = {
-@@ -89,6 +42,7 @@ OPTIONS pkcs8_options[] = {
- {"iter", OPT_ITER, 'p', "Specify the iteration count"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
-+ {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
- #ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- #endif
-@@ -118,7 +72,7 @@ int pkcs8_main(int argc, char **argv)
- OPTION_CHOICE o;
- int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
-- int private = 0;
-+ int private = 0, traditional = 0;
- #ifndef OPENSSL_NO_SCRYPT
- long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
- #endif
-@@ -158,6 +112,9 @@ int pkcs8_main(int argc, char **argv)
- case OPT_NOCRYPT:
- nocrypt = 1;
- break;
-+ case OPT_TRADITIONAL:
-+ traditional = 1;
-+ break;
- case OPT_V2:
- if (!opt_cipher(opt_arg(), &cipher))
- goto opthelp;
-@@ -177,6 +134,8 @@ int pkcs8_main(int argc, char **argv)
- "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
- goto opthelp;
- }
-+ if (cipher == NULL)
-+ cipher = EVP_aes_256_cbc();
- break;
- case OPT_ITER:
- if (!opt_int(opt_arg(), &iter))
-@@ -225,8 +184,8 @@ int pkcs8_main(int argc, char **argv)
- goto end;
- }
-
-- if ((pbe_nid == -1) && !cipher)
-- pbe_nid = NID_pbeWithMD5AndDES_CBC;
-+ if ((pbe_nid == -1) && cipher == NULL)
-+ cipher = EVP_aes_256_cbc();
-
- in = bio_open_default(infile, 'r', informat);
- if (in == NULL)
-@@ -341,7 +300,10 @@ int pkcs8_main(int argc, char **argv)
- else if (1) {
- #ifndef OPENSSL_NO_UI
- p8pass = pass;
-- EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
-+ if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) {
-+ BIO_printf(bio_err, "Can't read Password\n");
-+ goto end;
-+ }
- } else {
- #endif
- BIO_printf(bio_err, "Password required\n");
-@@ -363,11 +325,15 @@ int pkcs8_main(int argc, char **argv)
- }
-
- assert(private);
-- if (outformat == FORMAT_PEM)
-- PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-- else if (outformat == FORMAT_ASN1)
-+ if (outformat == FORMAT_PEM) {
-+ if (traditional)
-+ PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
-+ NULL, passout);
-+ else
-+ PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-+ } else if (outformat == FORMAT_ASN1) {
- i2d_PrivateKey_bio(out, pkey);
-- else {
-+ } else {
- BIO_printf(bio_err, "Bad format specified for key\n");
- goto end;
- }
---- a/apps/pkey.c
-+++ b/apps/pkey.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <string.h>
- #include "apps.h"
-@@ -66,12 +18,12 @@ typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
- OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
-- OPT_TEXT, OPT_NOOUT, OPT_MD
-+ OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL
- } OPTION_CHOICE;
-
- OPTIONS pkey_options[] = {
- {"help", OPT_HELP, '-', "Display this summary"},
-- {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
-+ {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
- {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
-@@ -84,6 +36,8 @@ OPTIONS pkey_options[] = {
- {"text", OPT_TEXT, '-', "Output in plaintext as well"},
- {"noout", OPT_NOOUT, '-', "Don't output the key"},
- {"", OPT_MD, '-', "Any supported cipher"},
-+ {"traditional", OPT_TRADITIONAL, '-',
-+ "Use traditional format for private keys"},
- #ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- #endif
-@@ -101,7 +55,7 @@ int pkey_main(int argc, char **argv)
- OPTION_CHOICE o;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM;
- int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
-- int private = 0;
-+ int private = 0, traditional = 0;
-
- prog = opt_init(argc, argv, pkey_options);
- while ((o = opt_next()) != OPT_EOF) {
-@@ -153,6 +107,9 @@ int pkey_main(int argc, char **argv)
- case OPT_NOOUT:
- noout = 1;
- break;
-+ case OPT_TRADITIONAL:
-+ traditional = 1;
-+ break;
- case OPT_MD:
- if (!opt_cipher(opt_unknown(), &cipher))
- goto opthelp;
-@@ -188,8 +145,13 @@ int pkey_main(int argc, char **argv)
- PEM_write_bio_PUBKEY(out, pkey);
- else {
- assert(private);
-- PEM_write_bio_PrivateKey(out, pkey, cipher,
-- NULL, 0, NULL, passout);
-+ if (traditional)
-+ PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
-+ NULL, 0, NULL,
-+ passout);
-+ else
-+ PEM_write_bio_PrivateKey(out, pkey, cipher,
-+ NULL, 0, NULL, passout);
- }
- } else if (outformat == FORMAT_ASN1) {
- if (pubout)
---- a/apps/pkeyparam.c
-+++ b/apps/pkeyparam.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <string.h>
- #include "apps.h"
---- a/apps/pkeyutl.c
-+++ b/apps/pkeyutl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "apps.h"
-@@ -109,7 +60,7 @@ OPTIONS pkeyutl_options[] = {
- {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
- {"inkey", OPT_INKEY, 's', "Input private key file"},
- {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
-- {"passin", OPT_PASSIN, 's', "Pass phrase source"},
-+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
- {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
- {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
---- a/apps/prime.c
-+++ b/apps/prime.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -122,16 +82,34 @@ int prime_main(int argc, char **argv)
- goto end;
- }
- bn = BN_new();
-- BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
-+ if (bn == NULL) {
-+ BIO_printf(bio_err, "Out of memory.\n");
-+ goto end;
-+ }
-+ if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
-+ BIO_printf(bio_err, "Failed to generate prime.\n");
-+ goto end;
-+ }
- s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
-+ if (s == NULL) {
-+ BIO_printf(bio_err, "Out of memory.\n");
-+ goto end;
-+ }
- BIO_printf(bio_out, "%s\n", s);
- OPENSSL_free(s);
- } else {
- for ( ; *argv; argv++) {
-+ int r;
-+
- if (hex)
-- BN_hex2bn(&bn, argv[0]);
-+ r = BN_hex2bn(&bn, argv[0]);
- else
-- BN_dec2bn(&bn, argv[0]);
-+ r = BN_dec2bn(&bn, argv[0]);
-+
-+ if(!r) {
-+ BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
-+ goto end;
-+ }
-
- BN_print(bio_out, bn);
- BIO_printf(bio_out, " (%s) %s prime\n",
-@@ -141,8 +119,8 @@ int prime_main(int argc, char **argv)
- }
- }
-
-- BN_free(bn);
--
-+ ret = 0;
- end:
-+ BN_free(bn);
- return ret;
- }
---- a/apps/progs.h
-+++ b/apps/progs.h
-@@ -1,12 +1,13 @@
- /*
-- * Automatically generated by progs.pl for openssl.c
-- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * WARNING: do not edit!
-+ * Generated by apps/progs.pl
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- typedef enum FUNC_TYPE {
-@@ -17,7 +18,7 @@ typedef enum FUNC_TYPE {
- typedef struct function_st {
- FUNC_TYPE type;
- const char *name;
-- int (*func)(int argc,char *argv[]);
-+ int (*func)(int argc, char *argv[]);
- const OPTIONS *help;
- } FUNCTION;
-
-@@ -213,27 +214,15 @@ static FUNCTION functions[] = {
- #ifndef OPENSSL_NO_MD4
- { FT_md, "md4", dgst_main},
- #endif
--#ifndef OPENSSL_NO_MD5
- { FT_md, "md5", dgst_main},
--#endif
- #ifndef OPENSSL_NO_GOST
- { FT_md, "gost", dgst_main},
- #endif
--#ifndef OPENSSL_NO_SHA
- { FT_md, "sha1", dgst_main},
--#endif
--#ifndef OPENSSL_NO_SHA
- { FT_md, "sha224", dgst_main},
--#endif
--#ifndef OPENSSL_NO_SHA
- { FT_md, "sha256", dgst_main},
--#endif
--#ifndef OPENSSL_NO_SHA
- { FT_md, "sha384", dgst_main},
--#endif
--#ifndef OPENSSL_NO_SHA
- { FT_md, "sha512", dgst_main},
--#endif
- #ifndef OPENSSL_NO_MDC2
- { FT_md, "mdc2", dgst_main},
- #endif
---- a/apps/progs.pl
-+++ b/apps/progs.pl
-@@ -1,12 +1,10 @@
--#!/usr/bin/perl
--
--# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Licensed under the OpenSSL licenses, (the "License");
--# you may not use this file except in compliance with the License.
--# You may obtain a copy of the License at
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
- # https://www.openssl.org/source/license.html
--# or in the file LICENSE in the source distribution.
-
- # Generate progs.h file by looking for command mains in list of C files
- # passed on the command line.
-@@ -31,14 +29,15 @@ foreach my $filename (@ARGV) {
-
- print <<'EOF';
- /*
-- * Automatically generated by progs.pl for openssl.c
-- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * WARNING: do not edit!
-+ * Generated by apps/progs.pl
-+ *
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- typedef enum FUNC_TYPE {
-@@ -94,11 +93,6 @@ foreach my $cmd (@ARGV) {
- }
-
- my %md_disabler = (
-- sha1 => "sha",
-- sha224 => "sha",
-- sha256 => "sha",
-- sha384 => "sha",
-- sha512 => "sha",
- blake2b512 => "blake2",
- blake2s256 => "blake2",
- );
-@@ -114,7 +108,7 @@ foreach my $cmd (
- } elsif (my $disabler = $md_disabler{$cmd}) {
- print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
- } else {
-- print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n";
-+ print $str;
- }
- }
-
---- a/apps/rand.c
-+++ b/apps/rand.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "apps.h"
-@@ -150,22 +105,26 @@ int rand_main(int argc, char **argv)
- r = RAND_bytes(buf, chunk);
- if (r <= 0)
- goto end;
-- if (format != FORMAT_TEXT) /* hex */
-- BIO_write(out, buf, chunk);
-- else {
-+ if (format != FORMAT_TEXT) {
-+ if (BIO_write(out, buf, chunk) != chunk)
-+ goto end;
-+ } else {
- for (i = 0; i < chunk; i++)
-- BIO_printf(out, "%02x", buf[i]);
-+ if (BIO_printf(out, "%02x", buf[i]) != 2)
-+ goto end;
- }
- num -= chunk;
- }
- if (format == FORMAT_TEXT)
- BIO_puts(out, "\n");
-- (void)BIO_flush(out);
-+ if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
-+ goto end;
-
-- app_RAND_write_file(NULL);
- ret = 0;
-
- end:
-+ if (ret != 0)
-+ ERR_print_errors(bio_err);
- BIO_free_all(out);
- return (ret);
- }
---- a/apps/rehash.c
-+++ b/apps/rehash.c
-@@ -1,65 +1,22 @@
- /*
-- * C implementation based on the original Perl and shell versions
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Copyright (c) 2013-2014 Timo Teräs <timo.teras at iki.fi>
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+
-+/*
-+ * C implementation based on the original Perl and shell versions
- *
-+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras at iki.fi>
- */
-
- #include "apps.h"
-
--#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__)
-+#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
-+ (defined(__VMS) && defined(__DECC) && __CTRL_VER >= 80300000)
- # include <unistd.h>
- # include <stdio.h>
- # include <limits.h>
-@@ -74,6 +31,9 @@
- # include <openssl/x509.h>
-
-
-+# ifndef PATH_MAX
-+# define PATH_MAX 4096
-+# endif
- # ifndef NAME_MAX
- # define NAME_MAX 255
- # endif
-@@ -154,8 +114,8 @@ static int add_entry(enum Type type, uns
- for (ep = bp->first_entry; ep; ep = ep->next) {
- if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
- BIO_printf(bio_err,
-- "%s: skipping duplicate certificate in %s\n",
-- opt_getprog(), filename);
-+ "%s: skipping duplicate %s in %s\n", opt_getprog(),
-+ type == TYPE_CERT ? "certificate" : "CRL", filename);
- return 1;
- }
- if (strcmp(filename, ep->filename) == 0) {
-@@ -203,7 +163,7 @@ static int handle_symlink(const char *fi
- int i, type, id;
- unsigned char ch;
- char linktarget[PATH_MAX], *endptr;
-- ssize_t n;
-+ ossl_ssize_t n;
-
- for (i = 0; i < 8; i++) {
- ch = filename[i];
-@@ -214,9 +174,11 @@ static int handle_symlink(const char *fi
- }
- if (filename[i++] != '.')
- return -1;
-- for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--)
-- if (strcasecmp(suffixes[type], &filename[i]) == 0)
-+ for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
-+ const char *suffix = suffixes[type];
-+ if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
- break;
-+ }
- i += strlen(suffixes[type]);
-
- id = strtoul(&filename[i], &endptr, 10);
-@@ -300,6 +262,11 @@ static int do_file(const char *filename,
- return errs;
- }
-
-+static void str_free(char *s)
-+{
-+ OPENSSL_free(s);
-+}
-+
- /*
- * Process a directory; return number of errors found.
- */
-@@ -310,11 +277,12 @@ static int do_dir(const char *dirname, e
- OPENSSL_DIR_CTX *d = NULL;
- struct stat st;
- unsigned char idmask[MAX_COLLISIONS / 8];
-- int n, nextid, buflen, errs = 0;
-+ int n, numfiles, nextid, buflen, errs = 0;
- size_t i;
- const char *pathsep;
- const char *filename;
-- char *buf;
-+ char *buf, *copy;
-+ STACK_OF(OPENSSL_STRING) *files = NULL;
-
- if (app_access(dirname, W_OK) < 0) {
- BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
-@@ -328,7 +296,23 @@ static int do_dir(const char *dirname, e
- if (verbose)
- BIO_printf(bio_out, "Doing %s\n", dirname);
-
-+ if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
-+ BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
-+ exit(1);
-+ }
- while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
-+ if ((copy = strdup(filename)) == NULL
-+ || sk_OPENSSL_STRING_push(files, copy) == 0) {
-+ BIO_puts(bio_err, "out of memory\n");
-+ exit(1);
-+ }
-+ }
-+ OPENSSL_DIR_end(&d);
-+ sk_OPENSSL_STRING_sort(files);
-+
-+ numfiles = sk_OPENSSL_STRING_num(files);
-+ for (n = 0; n < numfiles; ++n) {
-+ filename = sk_OPENSSL_STRING_value(files, n);
- if (snprintf(buf, buflen, "%s%s%s",
- dirname, pathsep, filename) >= buflen)
- continue;
-@@ -338,7 +322,7 @@ static int do_dir(const char *dirname, e
- continue;
- errs += do_file(filename, buf, h);
- }
-- OPENSSL_DIR_end(&d);
-+ sk_OPENSSL_STRING_pop_free(files, str_free);
-
- for (i = 0; i < OSSL_NELEM(hash_table); i++) {
- for (bp = hash_table[i]; bp; bp = nextbp) {
-@@ -382,6 +366,7 @@ static int do_dir(const char *dirname, e
- strerror(errno));
- errs++;
- }
-+ bit_set(idmask, nextid);
- } else if (remove_links) {
- /* Link to be deleted */
- snprintf(buf, buflen, "%s%s%n%08x.%s%d",
---- a/apps/req.c
-+++ b/apps/req.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -375,7 +327,7 @@ int req_main(int argc, char **argv)
- if (!nmflag_set)
- nmflag = XN_FLAG_ONELINE;
-
-- /* TODO: simplify this as pkey is still always NULL here */
-+ /* TODO: simplify this as pkey is still always NULL here */
- private = newreq && (pkey == NULL) ? 1 : 0;
-
- if (!app_passwd(passargin, passargout, &passin, &passout)) {
-@@ -386,7 +338,7 @@ int req_main(int argc, char **argv)
- if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n", template);
- req_conf = app_load_config(template);
-- if (!app_load_modules(req_conf))
-+ if (template != default_config_file && !app_load_modules(req_conf))
- goto end;
-
- if (req_conf != NULL) {
-@@ -547,8 +499,12 @@ int req_main(int argc, char **argv)
- }
- }
-
-- BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
-- newkey, keyalgstr);
-+ if (pkey_type == EVP_PKEY_EC) {
-+ BIO_printf(bio_err, "Generating an EC private key\n");
-+ } else {
-+ BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
-+ newkey, keyalgstr);
-+ }
-
- EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
- EVP_PKEY_CTX_set_app_data(genctx, bio_err);
-@@ -771,15 +727,14 @@ int req_main(int argc, char **argv)
- goto end;
-
- if (pubkey) {
-- EVP_PKEY *tpubkey;
-- tpubkey = X509_REQ_get_pubkey(req);
-+ EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
-+
- if (tpubkey == NULL) {
- BIO_printf(bio_err, "Error getting public key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_PUBKEY(out, tpubkey);
-- EVP_PKEY_free(tpubkey);
- }
-
- if (text) {
-@@ -802,9 +757,9 @@ int req_main(int argc, char **argv)
- EVP_PKEY *tpubkey;
-
- if (x509)
-- tpubkey = X509_get_pubkey(x509ss);
-+ tpubkey = X509_get0_pubkey(x509ss);
- else
-- tpubkey = X509_REQ_get_pubkey(req);
-+ tpubkey = X509_REQ_get0_pubkey(req);
- if (tpubkey == NULL) {
- fprintf(stdout, "Modulus=unavailable\n");
- goto end;
-@@ -812,13 +767,12 @@ int req_main(int argc, char **argv)
- fprintf(stdout, "Modulus=");
- #ifndef OPENSSL_NO_RSA
- if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
-- BIGNUM *n;
-+ const BIGNUM *n;
- RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
- BN_print(out, n);
- } else
- #endif
- fprintf(stdout, "Wrong Algorithm type");
-- EVP_PKEY_free(tpubkey);
- fprintf(stdout, "\n");
- }
-
-@@ -1153,12 +1107,12 @@ static int auto_info(X509_REQ *req, STAC
- }
- }
- #ifndef CHARSET_EBCDIC
-- plus_char = (*p == '+');
-+ plus_char = (*type == '+');
- #else
-- plus_char = (*p == os_toascii['+']);
-+ plus_char = (*type == os_toascii['+']);
- #endif
- if (plus_char) {
-- p++;
-+ type++;
- mval = -1;
- } else
- mval = 0;
---- a/apps/rsa.c
-+++ b/apps/rsa.c
-@@ -1,106 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -146,7 +50,7 @@ OPTIONS rsa_options[] = {
- {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
- {"check", OPT_CHECK, '-', "Verify key consistency"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
--# ifdef OPENSSL_NO_RC4
-+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
-@@ -170,7 +74,7 @@ int rsa_main(int argc, char **argv)
- int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
- # if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
- int pvk_encr = 2;
--#endif
-+# endif
- OPTION_CHOICE o;
-
- prog = opt_init(argc, argv, rsa_options);
-@@ -230,12 +134,12 @@ int rsa_main(int argc, char **argv)
- case OPT_PVK_NONE:
- pvk_encr = 0;
- break;
--#else
-+# else
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
- break;
--#endif
-+# endif
- case OPT_NOOUT:
- noout = 1;
- break;
-@@ -310,7 +214,7 @@ int rsa_main(int argc, char **argv)
- }
-
- if (modulus) {
-- BIGNUM *n;
-+ const BIGNUM *n;
- RSA_get0_key(rsa, &n, NULL, NULL);
- BIO_printf(out, "Modulus=");
- BN_print(out, n);
---- a/apps/rsautl.c
-+++ b/apps/rsautl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -105,7 +56,7 @@ OPTIONS rsautl_options[] = {
- {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
-- {"passin", OPT_PASSIN, 's', "Pass phrase source"},
-+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- # ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- # endif
---- a/apps/s_apps.h
-+++ b/apps/s_apps.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <openssl/opensslconf.h>
-
- #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
---- a/apps/s_cb.c
-+++ b/apps/s_cb.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* callback functions used by s_client, s_server, and s_time */
-@@ -406,8 +305,6 @@ int ssl_print_point_formats(BIO *out, SS
-
- }
- }
-- if (nformats <= 0)
-- BIO_puts(out, "NONE");
- BIO_puts(out, "\n");
- return 1;
- }
-@@ -439,8 +336,6 @@ int ssl_print_curves(BIO *out, SSL *s, i
- BIO_printf(out, "%s", cname);
- }
- }
-- if (ncurves == 0)
-- BIO_puts(out, "NONE");
- OPENSSL_free(curves);
- if (noshared) {
- BIO_puts(out, "\n");
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
-@@ -189,9 +89,6 @@ extern int verify_return_error;
- extern int verify_quiet;
-
- static char *prog;
--static int async = 0;
--static unsigned int split_send_fragment = 0;
--static unsigned int max_pipelines = 0;
- static int c_nbio = 0;
- static int c_tlsextdebug = 0;
- static int c_status_req = 0;
-@@ -238,6 +135,7 @@ static void do_ssl_shutdown(SSL *ssl)
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_ASYNC:
-+ case SSL_ERROR_WANT_ASYNC_JOB:
- /* We just do busy waiting. Nothing clever */
- continue;
- }
-@@ -259,9 +157,9 @@ static unsigned int psk_client_cb(SSL *s
- unsigned char *psk,
- unsigned int max_psk_len)
- {
-- unsigned int psk_len = 0;
- int ret;
-- BIGNUM *bn = NULL;
-+ long key_len;
-+ unsigned char *key;
-
- if (c_debug)
- BIO_printf(bio_c_out, "psk_client_cb\n");
-@@ -282,31 +180,29 @@ static unsigned int psk_client_cb(SSL *s
- if (c_debug)
- BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
- ret);
-- ret = BN_hex2bn(&bn, psk_key);
-- if (!ret) {
-- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
-+
-+ /* convert the PSK key to binary */
-+ key = OPENSSL_hexstr2buf(psk_key, &key_len);
-+ if (key == NULL) {
-+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
- psk_key);
-- BN_free(bn);
- return 0;
- }
--
-- if ((unsigned int)BN_num_bytes(bn) > max_psk_len) {
-+ if (key_len > max_psk_len) {
- BIO_printf(bio_err,
-- "psk buffer of callback is too small (%d) for key (%d)\n",
-- max_psk_len, BN_num_bytes(bn));
-- BN_free(bn);
-+ "psk buffer of callback is too small (%d) for key (%ld)\n",
-+ max_psk_len, key_len);
-+ OPENSSL_free(key);
- return 0;
- }
-
-- psk_len = BN_bn2bin(bn, psk);
-- BN_free(bn);
-- if (psk_len == 0)
-- goto out_err;
-+ memcpy(psk, key, key_len);
-+ OPENSSL_free(key);
-
- if (c_debug)
-- BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
-+ BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
-
-- return psk_len;
-+ return key_len;
- out_err:
- if (c_debug)
- BIO_printf(bio_err, "Error in PSK client callback\n");
-@@ -341,7 +237,7 @@ typedef struct srp_arg_st {
- int msg; /* copy from c_msg */
- int debug; /* copy from c_debug */
- int amp; /* allow more groups */
-- int strength /* minimal size for N */ ;
-+ int strength; /* minimal size for N */
- } SRP_ARG;
-
- # define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
-@@ -353,10 +249,10 @@ static int srp_Verify_N_and_g(const BIGN
- BIGNUM *r = BN_new();
- int ret =
- g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
-- BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
-+ BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
- p != NULL && BN_rshift1(p, N) &&
- /* p = (N-1)/2 */
-- BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
-+ BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
- r != NULL &&
- /* verify g^((N-1)/2) == -1 (mod N) */
- BN_mod_exp(r, g, p, N, bn_ctx) &&
-@@ -375,7 +271,7 @@ static int srp_Verify_N_and_g(const BIGN
- * The callback is only called for a non default group.
- *
- * An application does not need the call back at all if
-- * only the stanard groups are used. In real life situations,
-+ * only the standard groups are used. In real life situations,
- * client and server already share well known groups,
- * thus there is no need to verify them.
- * Furthermore, in case that a server actually proposes a group that
-@@ -508,7 +404,7 @@ static ossl_ssize_t hexdecode(const char
- {
- unsigned char **out = (unsigned char **)result;
- const char *in = *inptr;
-- unsigned char *ret = OPENSSL_malloc(strlen(in)/2);
-+ unsigned char *ret = app_malloc(strlen(in)/2, "hexdecode");
- unsigned char *cp = ret;
- uint8_t byte;
- int nibble = 0;
-@@ -517,19 +413,16 @@ static ossl_ssize_t hexdecode(const char
- return -1;
-
- for (byte = 0; *in; ++in) {
-- char c;
-+ int x;
-
- if (isspace(_UC(*in)))
- continue;
-- c = tolower(_UC(*in));
-- if ('0' <= c && c <= '9') {
-- byte |= c - '0';
-- } else if ('a' <= c && c <= 'f') {
-- byte |= c - 'a' + 10;
-- } else {
-+ x = OPENSSL_hexchar2int(*in);
-+ if (x < 0) {
- OPENSSL_free(ret);
- return 0;
- }
-+ byte |= (char)x;
- if ((nibble ^= 1) == 0) {
- *cp++ = byte;
- byte = 0;
-@@ -651,8 +544,14 @@ typedef enum OPTION_choice {
- OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
- OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
- OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
-- OPT_PSK_IDENTITY, OPT_PSK, OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH,
-- OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, OPT_SSL_CONFIG,
-+#ifndef OPENSSL_NO_PSK
-+ OPT_PSK_IDENTITY, OPT_PSK,
-+#endif
-+#ifndef OPENSSL_NO_SRP
-+ OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
-+ OPT_SRP_MOREGROUPS,
-+#endif
-+ OPT_SSL3, OPT_SSL_CONFIG,
- OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
- OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
- OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
-@@ -683,7 +582,9 @@ OPTIONS s_client_options[] = {
- {"unix", OPT_UNIX, 's', "Connect over unix domain sockets"},
- #endif
- {"4", OPT_4, '-', "Use IPv4 only"},
-+#ifdef AF_INET6
- {"6", OPT_6, '-', "Use IPv6 only"},
-+#endif
- {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
- {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},
- {"certform", OPT_CERTFORM, 'F',
-@@ -813,7 +714,7 @@ OPTIONS s_client_options[] = {
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
- #endif
- #ifndef OPENSSL_NO_SRP
-- {"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"},
-+ {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
- {"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
- {"srp_lateuser", OPT_SRP_LATEUSER, '-',
- "SRP username into second ClientHello message"},
-@@ -835,7 +736,7 @@ OPTIONS s_client_options[] = {
- {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
- {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
- #endif
-- {NULL}
-+ {NULL, OPT_EOF, 0x00, NULL}
- };
-
- typedef enum PROTOCOL_choice {
-@@ -851,7 +752,7 @@ typedef enum PROTOCOL_choice {
- PROTO_IRC
- } PROTOCOL_CHOICE;
-
--static OPT_PAIR services[] = {
-+static const OPT_PAIR services[] = {
- {"smtp", PROTO_SMTP},
- {"pop3", PROTO_POP3},
- {"imap", PROTO_IMAP},
-@@ -860,9 +761,26 @@ static OPT_PAIR services[] = {
- {"xmpp-server", PROTO_XMPP_SERVER},
- {"telnet", PROTO_TELNET},
- {"irc", PROTO_IRC},
-- {NULL}
-+ {NULL, 0}
- };
-
-+#define IS_INET_FLAG(o) \
-+ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
-+#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
-+
-+#define IS_PROT_FLAG(o) \
-+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
-+ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
-+
-+/* Free |*dest| and optionally set it to a copy of |source|. */
-+static void freeandcopy(char **dest, const char *source)
-+{
-+ OPENSSL_free(*dest);
-+ *dest = NULL;
-+ if (source != NULL)
-+ *dest = OPENSSL_strdup(source);
-+}
-+
- int s_client_main(int argc, char **argv)
- {
- BIO *sbio;
-@@ -883,7 +801,7 @@ int s_client_main(int argc, char **argv)
- char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL;
- char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
- char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
-- char *port = BUF_strdup(PORT);
-+ char *port = OPENSSL_strdup(PORT);
- char *inrand = NULL;
- char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
- char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p;
-@@ -902,6 +820,7 @@ int s_client_main(int argc, char **argv)
- int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
- int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
- int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
-+ int at_eof = 0;
- int read_buf_len = 0;
- int fallback_scsv = 0;
- long randamt = 0;
-@@ -936,7 +855,12 @@ int s_client_main(int argc, char **argv)
- char *ctlog_file = NULL;
- int ct_validation = 0;
- #endif
-- int min_version = 0, max_version = 0;
-+ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
-+ int async = 0;
-+ unsigned int split_send_fragment = 0;
-+ unsigned int max_pipelines = 0;
-+ enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
-+ int count4or6 = 0;
-
- FD_ZERO(&readfds);
- FD_ZERO(&writefds);
-@@ -972,6 +896,32 @@ int s_client_main(int argc, char **argv)
-
- prog = opt_init(argc, argv, s_client_options);
- while ((o = opt_next()) != OPT_EOF) {
-+ /* Check for intermixing flags. */
-+ if (connect_type == use_unix && IS_INET_FLAG(o)) {
-+ BIO_printf(bio_err,
-+ "%s: Intermixed protocol flags (unix and internet domains)\n",
-+ prog);
-+ goto end;
-+ }
-+ if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
-+ BIO_printf(bio_err,
-+ "%s: Intermixed protocol flags (internet and unix domains)\n",
-+ prog);
-+ goto end;
-+ }
-+
-+ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
-+ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
-+ goto end;
-+ }
-+ if (IS_NO_PROT_FLAG(o))
-+ no_prot_opt++;
-+ if (prot_opt == 1 && no_prot_opt) {
-+ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
-+ "\"-no_<prot>\"\n");
-+ goto end;
-+ }
-+
- switch (o) {
- case OPT_EOF:
- case OPT_ERR:
-@@ -983,59 +933,28 @@ int s_client_main(int argc, char **argv)
- ret = 0;
- goto end;
- case OPT_4:
--#ifdef AF_UNIX
-- if (socket_family == AF_UNIX) {
-- OPENSSL_free(host); host = NULL;
-- OPENSSL_free(port); port = NULL;
-- }
--#endif
-+ connect_type = use_inet;
- socket_family = AF_INET;
-+ count4or6++;
- break;
-- case OPT_6:
-- if (1) {
- #ifdef AF_INET6
--#ifdef AF_UNIX
-- if (socket_family == AF_UNIX) {
-- OPENSSL_free(host); host = NULL;
-- OPENSSL_free(port); port = NULL;
-- }
--#endif
-- socket_family = AF_INET6;
-- } else {
--#endif
-- BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog);
-- goto end;
-- }
-+ case OPT_6:
-+ connect_type = use_inet;
-+ socket_family = AF_INET6;
-+ count4or6++;
- break;
-- case OPT_HOST:
--#ifdef AF_UNIX
-- if (socket_family == AF_UNIX) {
-- OPENSSL_free(host); host = NULL;
-- OPENSSL_free(port); port = NULL;
-- socket_family = AF_UNSPEC;
-- }
- #endif
-- OPENSSL_free(host); host = BUF_strdup(opt_arg());
-+ case OPT_HOST:
-+ connect_type = use_inet;
-+ freeandcopy(&host, opt_arg());
- break;
- case OPT_PORT:
--#ifdef AF_UNIX
-- if (socket_family == AF_UNIX) {
-- OPENSSL_free(host); host = NULL;
-- OPENSSL_free(port); port = NULL;
-- socket_family = AF_UNSPEC;
-- }
--#endif
-- OPENSSL_free(port); port = BUF_strdup(opt_arg());
-+ connect_type = use_inet;
-+ freeandcopy(&port, opt_arg());
- break;
- case OPT_CONNECT:
--#ifdef AF_UNIX
-- if (socket_family == AF_UNIX) {
-- socket_family = AF_UNSPEC;
-- }
--#endif
-- OPENSSL_free(host); host = NULL;
-- OPENSSL_free(port); port = NULL;
-- connectstr = opt_arg();
-+ connect_type = use_inet;
-+ freeandcopy(&connectstr, opt_arg());
- break;
- case OPT_PROXY:
- proxystr = opt_arg();
-@@ -1043,9 +962,9 @@ int s_client_main(int argc, char **argv)
- break;
- #ifdef AF_UNIX
- case OPT_UNIX:
-+ connect_type = use_unix;
- socket_family = AF_UNIX;
-- OPENSSL_free(host); host = BUF_strdup(opt_arg());
-- OPENSSL_free(port); port = NULL;
-+ freeandcopy(&host, opt_arg());
- break;
- #endif
- case OPT_XMPPHOST:
-@@ -1136,7 +1055,6 @@ int s_client_main(int argc, char **argv)
- BIO_printf(bio_err, "Error getting client auth engine\n");
- goto opthelp;
- }
-- break;
- #endif
- break;
- case OPT_RAND:
-@@ -1200,10 +1118,6 @@ int s_client_main(int argc, char **argv)
- goto end;
- }
- break;
--#else
-- case OPT_PSK_IDENTITY:
-- case OPT_PSK:
-- break;
- #endif
- #ifndef OPENSSL_NO_SRP
- case OPT_SRPUSER:
-@@ -1233,13 +1147,6 @@ int s_client_main(int argc, char **argv)
- if (min_version < TLS1_VERSION)
- min_version = TLS1_VERSION;
- break;
--#else
-- case OPT_SRPUSER:
-- case OPT_SRPPASS:
-- case OPT_SRP_STRENGTH:
-- case OPT_SRP_LATEUSER:
-- case OPT_SRP_MOREGROUPS:
-- break;
- #endif
- case OPT_SSL_CONFIG:
- ssl_config = opt_arg();
-@@ -1384,6 +1291,7 @@ int s_client_main(int argc, char **argv)
- case OPT_STARTTLS:
- if (!opt_pair(opt_arg(), services, &starttls_proto))
- goto end;
-+ break;
- case OPT_SERVERNAME:
- servername = opt_arg();
- break;
-@@ -1417,6 +1325,10 @@ int s_client_main(int argc, char **argv)
- break;
- }
- }
-+ if (count4or6 >= 2) {
-+ BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
-+ goto opthelp;
-+ }
- argc = opt_num_rest();
- if (argc != 0)
- goto opthelp;
-@@ -1801,9 +1713,9 @@ int s_client_main(int argc, char **argv)
- goto end;
- }
- } else if (dane_tlsa_rrset != NULL) {
-- BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
-- "-dane_tlsa_domain option.\n", prog);
-- goto end;
-+ BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
-+ "-dane_tlsa_domain option.\n", prog);
-+ goto end;
- }
-
- re_start:
-@@ -1824,18 +1736,25 @@ int s_client_main(int argc, char **argv)
- }
- #ifndef OPENSSL_NO_DTLS
- if (socket_type == SOCK_DGRAM) {
-- struct sockaddr peer;
-- int peerlen = sizeof peer;
-+ union BIO_sock_info_u peer_info;
-
- sbio = BIO_new_dgram(s, BIO_NOCLOSE);
-- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
-+ if ((peer_info.addr = BIO_ADDR_new()) == NULL) {
-+ BIO_printf(bio_err, "memory allocation failure\n");
-+ BIO_closesocket(s);
-+ goto end;
-+ }
-+ if (!BIO_sock_info(s, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
- BIO_printf(bio_err, "getsockname:errno=%d\n",
- get_last_socket_error());
-+ BIO_ADDR_free(peer_info.addr);
- BIO_closesocket(s);
- goto end;
- }
-
-- (void)BIO_ctrl_set_connected(sbio, &peer);
-+ (void)BIO_ctrl_set_connected(sbio, peer_info.addr);
-+ BIO_ADDR_free(peer_info.addr);
-+ peer_info.addr = NULL;
-
- if (enable_timeouts) {
- timeout.tv_sec = 0;
-@@ -2227,7 +2146,12 @@ int s_client_main(int argc, char **argv)
- if (!ssl_pending) {
- #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
- if (tty_on) {
-- if (read_tty)
-+ /*
-+ * Note that select() returns when read _would not block_,
-+ * and EOF satisfies that. To avoid a CPU-hogging loop,
-+ * set the flag so we exit.
-+ */
-+ if (read_tty && !at_eof)
- openssl_fdset(fileno(stdin), &readfds);
- if (write_tty)
- openssl_fdset(fileno(stdout), &writefds);
-@@ -2267,18 +2191,8 @@ int s_client_main(int argc, char **argv)
- tv.tv_usec = 0;
- i = select(width, (void *)&readfds, (void *)&writefds,
- NULL, &tv);
--# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
-- if (!i && (!_kbhit() || !read_tty))
-+ if (!i && (!has_stdin_waiting() || !read_tty))
- continue;
--# else
-- if (!i && (!((_kbhit())
-- || (WAIT_OBJECT_0 ==
-- WaitForSingleObject(GetStdHandle
-- (STD_INPUT_HANDLE),
-- 0)))
-- || !read_tty))
-- continue;
--# endif
- } else
- i = select(width, (void *)&readfds, (void *)&writefds,
- NULL, timeoutp);
-@@ -2359,6 +2273,8 @@ int s_client_main(int argc, char **argv)
- write_ssl = 0;
- }
- break;
-+ case SSL_ERROR_WANT_ASYNC_JOB:
-+ /* This shouldn't ever happen in s_client - treat as an error */
- case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
- goto shut;
-@@ -2445,20 +2361,17 @@ int s_client_main(int argc, char **argv)
- BIO_printf(bio_c_out, "closed\n");
- ret = 0;
- goto shut;
-+ case SSL_ERROR_WANT_ASYNC_JOB:
-+ /* This shouldn't ever happen in s_client. Treat as an error */
- case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
- goto shut;
- /* break; */
- }
- }
--#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
--# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
-- else if (_kbhit())
--# else
-- else if ((_kbhit())
-- || (WAIT_OBJECT_0 ==
-- WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
--# endif
-+/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */
-+#if defined(OPENSSL_SYS_MSDOS)
-+ else if (has_stdin_waiting())
- #else
- else if (FD_ISSET(fileno(stdin), &readfds))
- #endif
-@@ -2484,6 +2397,9 @@ int s_client_main(int argc, char **argv)
- } else
- i = raw_read_stdin(cbuf, BUFSIZZ);
-
-+ if (i == 0)
-+ at_eof = 1;
-+
- if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
- BIO_printf(bio_err, "DONE\n");
- ret = 0;
-@@ -2520,6 +2436,16 @@ int s_client_main(int argc, char **argv)
- if (in_init)
- print_stuff(bio_c_out, con, full_log);
- do_ssl_shutdown(con);
-+#if defined(OPENSSL_SYS_WINDOWS)
-+ /*
-+ * Give the socket time to send its last data before we close it.
-+ * No amount of setting SO_LINGER etc on the socket seems to persuade
-+ * Windows to send the data before closing the socket...but sleeping
-+ * for a short time seems to do it (units in ms)
-+ * TODO: Find a better way to do this
-+ */
-+ Sleep(50);
-+#endif
- BIO_closesocket(SSL_get_fd(con));
- end:
- if (con != NULL) {
-@@ -2669,6 +2595,7 @@ static void print_stuff(BIO *bio, SSL *s
- SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
- if (peer != NULL) {
- EVP_PKEY *pktmp;
-+
- pktmp = X509_get0_pubkey(peer);
- BIO_printf(bio, "Server public key is %d bit\n",
- EVP_PKEY_bits(pktmp));
-@@ -2688,11 +2615,15 @@ static void print_stuff(BIO *bio, SSL *s
- {
- /* Print out local port of connection: useful for debugging */
- int sock;
-- struct sockaddr_in ladd;
-- socklen_t ladd_size = sizeof(ladd);
-+ union BIO_sock_info_u info;
-+
- sock = SSL_get_fd(s);
-- getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
-- BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
-+ if ((info.addr = BIO_ADDR_new()) != NULL
-+ && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
-+ BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
-+ ntohs(BIO_ADDR_rawport(info.addr)));
-+ }
-+ BIO_ADDR_free(info.addr);
- }
- #endif
-
-@@ -2730,7 +2661,8 @@ static void print_stuff(BIO *bio, SSL *s
- #endif
-
- SSL_SESSION_print(bio, SSL_get_session(s));
-- if (keymatexportlabel != NULL) {
-+ if ((SSL_get_session(s) != NULL) &&
-+ (keymatexportlabel != NULL)) {
- BIO_printf(bio, "Keying material exporter:\n");
- BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
- BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);
-@@ -2781,4 +2713,4 @@ static int ocsp_resp_cb(SSL *s, void *ar
- }
- # endif
-
--#endif
-+#endif /* OPENSSL_NO_SOCK */
---- a/apps/s_server.c
-+++ b/apps/s_server.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -181,6 +81,9 @@ typedef unsigned int u_int;
- #endif
- #include "s_apps.h"
- #include "timeouts.h"
-+#ifdef CHARSET_EBCDIC
-+#include <openssl/ebcdic.h>
-+#endif
-
- static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
- static int sv_body(int s, int stype, unsigned char *context);
-@@ -243,19 +146,15 @@ static int async = 0;
- static unsigned int split_send_fragment = 0;
- static unsigned int max_pipelines = 0;
-
--#ifndef OPENSSL_NO_ENGINE
--static char *engine_id = NULL;
--#endif
- static const char *session_id_prefix = NULL;
-
- #ifndef OPENSSL_NO_DTLS
- static int enable_timeouts = 0;
- static long socket_mtu;
--static int cert_chain = 0;
-+
- #endif
- static int dtlslisten = 0;
-
--static BIO *serverinfo_in = NULL;
- static const char *s_serverinfo_file = NULL;
-
- #ifndef OPENSSL_NO_PSK
-@@ -266,9 +165,8 @@ static unsigned int psk_server_cb(SSL *s
- unsigned char *psk,
- unsigned int max_psk_len)
- {
-- unsigned int psk_len = 0;
-- int ret;
-- BIGNUM *bn = NULL;
-+ long key_len = 0;
-+ unsigned char *key;
-
- if (s_debug)
- BIO_printf(bio_s_out, "psk_server_cb\n");
-@@ -290,31 +188,26 @@ static unsigned int psk_server_cb(SSL *s
- BIO_printf(bio_s_out, "PSK client identity found\n");
-
- /* convert the PSK key to binary */
-- ret = BN_hex2bn(&bn, psk_key);
-- if (!ret) {
-- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
-+ key = OPENSSL_hexstr2buf(psk_key, &key_len);
-+ if (key == NULL) {
-+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
- psk_key);
-- BN_free(bn);
- return 0;
- }
-- if (BN_num_bytes(bn) > (int)max_psk_len) {
-+ if (key_len > (int)max_psk_len) {
- BIO_printf(bio_err,
-- "psk buffer of callback is too small (%d) for key (%d)\n",
-- max_psk_len, BN_num_bytes(bn));
-- BN_free(bn);
-+ "psk buffer of callback is too small (%d) for key (%ld)\n",
-+ max_psk_len, key_len);
-+ OPENSSL_free(key);
- return 0;
- }
-
-- ret = BN_bn2bin(bn, psk);
-- BN_free(bn);
--
-- if (ret < 0)
-- goto out_err;
-- psk_len = (unsigned int)ret;
-+ memcpy(psk, key, key_len);
-+ OPENSSL_free(key);
-
- if (s_debug)
-- BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
-- return psk_len;
-+ BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
-+ return key_len;
- out_err:
- if (s_debug)
- BIO_printf(bio_err, "Error in PSK server callback\n");
-@@ -402,9 +295,6 @@ static void s_server_init(void)
- async = 0;
- split_send_fragment = 0;
- max_pipelines = 0;
--#ifndef OPENSSL_NO_ENGINE
-- engine_id = NULL;
--#endif
- }
-
- static int local_argc = 0;
-@@ -420,17 +310,7 @@ static int ebcdic_gets(BIO *bp, char *bu
- static int ebcdic_puts(BIO *bp, const char *str);
-
- # define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
--static const BIO_METHOD methods_ebcdic = {
-- BIO_TYPE_EBCDIC_FILTER,
-- "EBCDIC/ASCII filter",
-- ebcdic_write,
-- ebcdic_read,
-- ebcdic_puts,
-- ebcdic_gets,
-- ebcdic_ctrl,
-- ebcdic_new,
-- ebcdic_free,
--};
-+static BIO_METHOD *methods_ebcdic = NULL;
-
- /* This struct is "unwarranted chumminess with the compiler." */
- typedef struct {
-@@ -438,9 +318,22 @@ typedef struct {
- char buff[1];
- } EBCDIC_OUTBUFF;
-
--const BIO_METHOD *BIO_f_ebcdic_filter()
-+static const BIO_METHOD *BIO_f_ebcdic_filter()
- {
-- return (&methods_ebcdic);
-+ if (methods_ebcdic == NULL) {
-+ methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
-+ "EBCDIC/ASCII filter");
-+ if ( methods_ebcdic == NULL
-+ || !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
-+ || !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
-+ || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
-+ || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets)
-+ || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl)
-+ || !BIO_meth_set_create(methods_ebcdic, ebcdic_new)
-+ || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free))
-+ return NULL;
-+ }
-+ return methods_ebcdic;
- }
-
- static int ebcdic_new(BIO *bi)
-@@ -451,68 +344,71 @@ static int ebcdic_new(BIO *bi)
- wbuf->alloced = 1024;
- wbuf->buff[0] = '\0';
-
-- bi->ptr = (char *)wbuf;
-- bi->init = 1;
-- bi->flags = 0;
-- return (1);
-+ BIO_set_data(bi, wbuf);
-+ BIO_set_init(bi, 1);
-+ return 1;
- }
-
- static int ebcdic_free(BIO *a)
- {
-+ EBCDIC_OUTBUFF *wbuf;
-+
- if (a == NULL)
-- return (0);
-- OPENSSL_free(a->ptr);
-- a->ptr = NULL;
-- a->init = 0;
-- a->flags = 0;
-- return (1);
-+ return 0;
-+ wbuf = BIO_get_data(a);
-+ OPENSSL_free(wbuf);
-+ BIO_set_data(a, NULL);
-+ BIO_set_init(a, 0);
-+
-+ return 1;
- }
-
- static int ebcdic_read(BIO *b, char *out, int outl)
- {
- int ret = 0;
-+ BIO *next = BIO_next(b);
-
- if (out == NULL || outl == 0)
- return (0);
-- if (b->next_bio == NULL)
-+ if (next == NULL)
- return (0);
-
-- ret = BIO_read(b->next_bio, out, outl);
-+ ret = BIO_read(next, out, outl);
- if (ret > 0)
- ascii2ebcdic(out, out, ret);
-- return (ret);
-+ return ret;
- }
-
- static int ebcdic_write(BIO *b, const char *in, int inl)
- {
- EBCDIC_OUTBUFF *wbuf;
-+ BIO *next = BIO_next(b);
- int ret = 0;
- int num;
-- unsigned char n;
-
- if ((in == NULL) || (inl <= 0))
- return (0);
-- if (b->next_bio == NULL)
-- return (0);
-+ if (next == NULL)
-+ return 0;
-
-- wbuf = (EBCDIC_OUTBUFF *) b->ptr;
-+ wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b);
-
- if (inl > (num = wbuf->alloced)) {
- num = num + num; /* double the size */
- if (num < inl)
- num = inl;
-+ OPENSSL_free(wbuf);
- wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
-- OPENSSL_free(b->ptr);
-
- wbuf->alloced = num;
- wbuf->buff[0] = '\0';
-
-- b->ptr = (char *)wbuf;
-+ BIO_set_data(b, wbuf);
- }
-
- ebcdic2ascii(wbuf->buff, in, inl);
-
-- ret = BIO_write(b->next_bio, wbuf->buff, inl);
-+ ret = BIO_write(next, wbuf->buff, inl);
-
- return (ret);
- }
-@@ -520,15 +416,16 @@ static int ebcdic_write(BIO *b, const ch
- static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret;
-+ BIO *next = BIO_next(b);
-
-- if (b->next_bio == NULL)
-+ if (next == NULL)
- return (0);
- switch (cmd) {
- case BIO_CTRL_DUP:
- ret = 0L;
- break;
- default:
-- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-+ ret = BIO_ctrl(next, cmd, num, ptr);
- break;
- }
- return (ret);
-@@ -537,8 +434,10 @@ static long ebcdic_ctrl(BIO *b, int cmd,
- static int ebcdic_gets(BIO *bp, char *buf, int size)
- {
- int i, ret = 0;
-- if (bp->next_bio == NULL)
-- return (0);
-+ BIO *next = BIO_next(bp);
-+
-+ if (next == NULL)
-+ return 0;
- /* return(BIO_gets(bp->next_bio,buf,size));*/
- for (i = 0; i < size - 1; ++i) {
- ret = ebcdic_read(bp, &buf[i], 1);
-@@ -556,8 +455,8 @@ static int ebcdic_gets(BIO *bp, char *bu
-
- static int ebcdic_puts(BIO *bp, const char *str)
- {
-- if (bp->next_bio == NULL)
-- return (0);
-+ if (BIO_next(bp) == NULL)
-+ return 0;
- return ebcdic_write(bp, str, strlen(str));
- }
- #endif
-@@ -664,19 +563,19 @@ static int cert_status_cb(SSL *s, void *
- SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
- NULL, NULL))
- goto err;
-- obj = X509_STORE_get_X509_by_subject(inctx, X509_LU_X509,
-- X509_get_issuer_name(x));
-+ obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509,
-+ X509_get_issuer_name(x));
- if (obj == NULL) {
- BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
- goto done;
- }
-- req = OCSP_REQUEST_new();
-- if (req == NULL)
-- goto err;
- id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
- X509_OBJECT_free(obj);
- if (!id)
- goto err;
-+ req = OCSP_REQUEST_new();
-+ if (req == NULL)
-+ goto err;
- if (!OCSP_request_add0_id(req, id))
- goto err;
- id = NULL;
-@@ -813,7 +712,7 @@ typedef enum OPTION_choice {
- OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
- OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
- OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
-- OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
-+ OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
- OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
- OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
- OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
-@@ -841,7 +740,7 @@ OPTIONS s_server_options[] = {
- {"Verify", OPT_UPPER_V_VERIFY, 'n',
- "Turn on peer certificate verification, must have a cert"},
- {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
-- {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
-+ {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
- {"serverinfo", OPT_SERVERINFO, 's',
- "PEM serverinfo file for certificate"},
- {"certform", OPT_CERTFORM, 'F',
-@@ -889,7 +788,7 @@ OPTIONS s_server_options[] = {
- "-Private Key file to use for servername if not in -cert2"},
- {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
- "Hex dump of all TLS extensions received"},
-- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
-+ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
- {"id_prefix", OPT_ID_PREFIX, 's',
- "Generate SSL/TLS session IDs prefixed by arg"},
- {"rand", OPT_RAND, 's',
-@@ -981,7 +880,6 @@ OPTIONS s_server_options[] = {
- {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
- {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
- {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
-- {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
- {"listen", OPT_LISTEN, '-',
- "Listen for a DTLS ClientHello with a cookie and then connect"},
- #endif
-@@ -1007,12 +905,16 @@ OPTIONS s_server_options[] = {
- #ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- #endif
-- {NULL}
-+ {NULL, OPT_EOF, 0, NULL}
- };
-
-+#define IS_PROT_FLAG(o) \
-+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
-+ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
-+
- int s_server_main(int argc, char *argv[])
- {
-- ENGINE *e = NULL;
-+ ENGINE *engine = NULL;
- EVP_PKEY *s_key = NULL, *s_dkey = NULL;
- SSL_CONF_CTX *cctx = NULL;
- const SSL_METHOD *meth = TLS_server_method();
-@@ -1070,7 +972,7 @@ int s_server_main(int argc, char *argv[]
- char *srpuserseed = NULL;
- char *srp_verifier_file = NULL;
- #endif
-- int min_version = 0, max_version = 0;
-+ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
-
- local_argc = argc;
- local_argv = argv;
-@@ -1084,6 +986,17 @@ int s_server_main(int argc, char *argv[]
-
- prog = opt_init(argc, argv, s_server_options);
- while ((o = opt_next()) != OPT_EOF) {
-+ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
-+ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
-+ goto end;
-+ }
-+ if (IS_NO_PROT_FLAG(o))
-+ no_prot_opt++;
-+ if (prot_opt == 1 && no_prot_opt) {
-+ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
-+ "\"-no_<prot>\"\n");
-+ goto end;
-+ }
- switch (o) {
- case OPT_EOF:
- case OPT_ERR:
-@@ -1470,11 +1383,6 @@ int s_server_main(int argc, char *argv[]
- socket_mtu = atol(opt_arg());
- #endif
- break;
-- case OPT_CHAIN:
--#ifndef OPENSSL_NO_DTLS
-- cert_chain = 1;
--#endif
-- break;
- case OPT_LISTEN:
- #ifndef OPENSSL_NO_DTLS
- dtlslisten = 1;
-@@ -1484,7 +1392,7 @@ int s_server_main(int argc, char *argv[]
- session_id_prefix = opt_arg();
- break;
- case OPT_ENGINE:
-- e = setup_engine(opt_arg(), 1);
-+ engine = setup_engine(opt_arg(), 1);
- break;
- case OPT_RAND:
- inrand = opt_arg();
-@@ -1590,7 +1498,7 @@ int s_server_main(int argc, char *argv[]
- goto end;
-
- if (nocert == 0) {
-- s_key = load_key(s_key_file, s_key_format, 0, pass, e,
-+ s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
- "server certificate private key file");
- if (!s_key) {
- ERR_print_errors(bio_err);
-@@ -1611,7 +1519,7 @@ int s_server_main(int argc, char *argv[]
- }
-
- if (tlsextcbp.servername) {
-- s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
-+ s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
- "second server certificate private key file");
- if (!s_key2) {
- ERR_print_errors(bio_err);
-@@ -1670,7 +1578,7 @@ int s_server_main(int argc, char *argv[]
- s_dkey_file = s_dcert_file;
-
- s_dkey = load_key(s_dkey_file, s_dkey_format,
-- 0, dpass, e, "second certificate private key file");
-+ 0, dpass, engine, "second certificate private key file");
- if (!s_dkey) {
- ERR_print_errors(bio_err);
- goto end;
-@@ -1854,9 +1762,10 @@ int s_server_main(int argc, char *argv[]
- if (async)
- SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
-
-- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
-- (!SSL_CTX_set_default_verify_paths(ctx2))) {
-+ if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
-+ noCApath)) {
- ERR_print_errors(bio_err);
-+ goto end;
- }
- if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
- BIO_printf(bio_err, "Error setting verify params\n");
-@@ -2067,7 +1976,6 @@ int s_server_main(int argc, char *argv[]
- SSL_CTX_free(ctx2);
- X509_free(s_cert2);
- EVP_PKEY_free(s_key2);
-- BIO_free(serverinfo_in);
- #ifndef OPENSSL_NO_NEXTPROTONEG
- OPENSSL_free(next_proto.data);
- #endif
-@@ -2079,6 +1987,9 @@ int s_server_main(int argc, char *argv[]
- bio_s_out = NULL;
- BIO_free(bio_s_msg);
- bio_s_msg = NULL;
-+#ifdef CHARSET_EBCDIC
-+ BIO_meth_free(methods_ebcdic);
-+#endif
- return (ret);
- }
-
-@@ -2257,10 +2168,10 @@ static int sv_body(int s, int stype, uns
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i = select(width, (void *)&readfds, NULL, NULL, &tv);
-- if ((i < 0) || (!i && !_kbhit()))
-- continue;
-- if (_kbhit())
-+ if (has_stdin_waiting())
- read_from_terminal = 1;
-+ if ((i < 0) || (!i && !read_from_terminal))
-+ continue;
- #else
- if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
-@@ -2399,13 +2310,19 @@ static int sv_body(int s, int stype, uns
- break;
- case SSL_ERROR_WANT_ASYNC:
- BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
-+ (void)BIO_flush(bio_s_out);
- wait_for_async(con);
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_s_out, "Write BLOCK\n");
-+ (void)BIO_flush(bio_s_out);
- break;
-+ case SSL_ERROR_WANT_ASYNC_JOB:
-+ /*
-+ * This shouldn't ever happen in s_server. Treat as an error
-+ */
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- BIO_printf(bio_s_out, "ERROR\n");
-@@ -2469,17 +2386,24 @@ static int sv_body(int s, int stype, uns
- ascii2ebcdic(buf, buf, i);
- #endif
- raw_write_stdout(buf, (unsigned int)i);
-+ (void)BIO_flush(bio_s_out);
- if (SSL_has_pending(con))
- goto again;
- break;
- case SSL_ERROR_WANT_ASYNC:
- BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
-+ (void)BIO_flush(bio_s_out);
- wait_for_async(con);
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- BIO_printf(bio_s_out, "Read BLOCK\n");
-+ (void)BIO_flush(bio_s_out);
- break;
-+ case SSL_ERROR_WANT_ASYNC_JOB:
-+ /*
-+ * This shouldn't ever happen in s_server. Treat as an error
-+ */
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- BIO_printf(bio_s_out, "ERROR\n");
-@@ -2530,9 +2454,10 @@ static int init_ssl_connection(SSL *con)
- unsigned next_proto_neg_len;
- #endif
- unsigned char *exportedkeymat;
-+ int retry = 0;
-
- #ifndef OPENSSL_NO_DTLS
-- if(dtlslisten) {
-+ if (dtlslisten) {
- BIO_ADDR *client = NULL;
-
- if ((client = BIO_ADDR_new()) == NULL) {
-@@ -2545,11 +2470,11 @@ static int init_ssl_connection(SSL *con)
- int fd = -1;
-
- wbio = SSL_get_wbio(con);
-- if(wbio) {
-+ if (wbio) {
- BIO_get_fd(wbio, &fd);
- }
-
-- if(!wbio || BIO_connect(fd, client, 0) == 0) {
-+ if (!wbio || BIO_connect(fd, client, 0) == 0) {
- BIO_printf(bio_err, "ERROR - unable to connect\n");
- BIO_ADDR_free(client);
- return 0;
-@@ -2557,6 +2482,8 @@ static int init_ssl_connection(SSL *con)
- BIO_ADDR_free(client);
- dtlslisten = 0;
- i = SSL_accept(con);
-+ } else {
-+ BIO_ADDR_free(client);
- }
- } else
- #endif
-@@ -2564,6 +2491,8 @@ static int init_ssl_connection(SSL *con)
- do {
- i = SSL_accept(con);
-
-+ if (i <= 0)
-+ retry = BIO_sock_should_retry(i);
- #ifdef CERT_CB_TEST_RETRY
- {
- while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
-@@ -2571,6 +2500,8 @@ static int init_ssl_connection(SSL *con)
- BIO_printf(bio_err,
- "LOOKUP from certificate callback during accept\n");
- i = SSL_accept(con);
-+ if (i <= 0)
-+ retry = BIO_sock_should_retry(i);
- }
- }
- #endif
-@@ -2589,13 +2520,15 @@ static int init_ssl_connection(SSL *con)
- else
- BIO_printf(bio_s_out, "LOOKUP not successful\n");
- i = SSL_accept(con);
-+ if (i <= 0)
-+ retry = BIO_sock_should_retry(i);
- }
- #endif
- } while (i < 0 && SSL_waiting_for_async(con));
-
- if (i <= 0) {
- if ((dtlslisten && i == 0)
-- || (!dtlslisten && BIO_sock_should_retry(i))) {
-+ || (!dtlslisten && retry)) {
- BIO_printf(bio_s_out, "DELAY\n");
- return (1);
- }
-@@ -2681,6 +2614,7 @@ static int init_ssl_connection(SSL *con)
- OPENSSL_free(exportedkeymat);
- }
-
-+ (void)BIO_flush(bio_s_out);
- return (1);
- }
-
-@@ -3377,4 +3311,4 @@ static void free_sessions(void)
- first = NULL;
- }
-
--#endif
-+#endif /* OPENSSL_NO_SOCK */
---- a/apps/s_socket.c
-+++ b/apps/s_socket.c
-@@ -1,106 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 199-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* socket-related functions used by s_client and s_server */
-@@ -195,6 +99,8 @@ int init_client(int *sock, const char *h
- if (*sock == INVALID_SOCKET) {
- ERR_print_errors(bio_err);
- } else {
-+ /* Remove any stale errors from previous connection attempts */
-+ ERR_clear_error();
- ret = 1;
- }
- BIO_ADDRINFO_free(res);
---- a/apps/s_time.c
-+++ b/apps/s_time.c
-@@ -1,67 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define NO_SHUTDOWN
-
--/* ----------------------------------------
-- s_time - SSL client connection timer program
-- Written and donated by Larry Streepy <streepy at healthcare.com>
-- -----------------------------------------*/
--
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -94,8 +41,6 @@
- #undef BUFSIZZ
- #define BUFSIZZ 1024*10
-
--#define MYBUFSIZ 1024*8
--
- #undef min
- #undef max
- #define min(a,b) (((a) < (b)) ? (a) : (b))
-@@ -110,6 +55,8 @@ extern int verify_error;
-
- static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
-
-+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
-+
- typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
-@@ -162,11 +109,11 @@ int s_time_main(int argc, char **argv)
- char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
- double totalTime = 0.0;
- int noCApath = 0, noCAfile = 0;
-- int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
-- 0, ver;
-+ int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
- long bytes_read = 0, finishtime = 0;
- OPTION_CHOICE o;
-- int max_version = 0;
-+ int max_version = 0, ver, buf_len;
-+ size_t buf_size;
-
- meth = TLS_client_method();
- verify_depth = 0;
-@@ -229,8 +176,9 @@ int s_time_main(int argc, char **argv)
- break;
- case OPT_WWW:
- www_path = opt_arg();
-- if (strlen(www_path) > MYBUFSIZ - 100) {
-- BIO_printf(bio_err, "%s: -www option too long\n", prog);
-+ buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2; /* 2 is for %s */
-+ if (buf_size > sizeof(buf)) {
-+ BIO_printf(bio_err, "%s: -www option is too long\n", prog);
- goto end;
- }
- break;
-@@ -285,9 +233,9 @@ int s_time_main(int argc, char **argv)
- goto end;
-
- if (www_path != NULL) {
-- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-- www_path);
-- if (SSL_write(scon, buf, strlen(buf)) <= 0)
-+ buf_len = BIO_snprintf(buf, sizeof buf,
-+ fmt_http_get_cmd, www_path);
-+ if (SSL_write(scon, buf, buf_len) <= 0)
- goto end;
- while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
- bytes_read += i;
-@@ -343,8 +291,9 @@ int s_time_main(int argc, char **argv)
- }
-
- if (www_path != NULL) {
-- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path);
-- if (SSL_write(scon, buf, strlen(buf)) <= 0)
-+ buf_len = BIO_snprintf(buf, sizeof buf,
-+ fmt_http_get_cmd, www_path);
-+ if (SSL_write(scon, buf, buf_len) <= 0)
- goto end;
- while (SSL_read(scon, buf, sizeof(buf)) > 0)
- continue;
---- a/apps/sess_id.c
-+++ b/apps/sess_id.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/apps/smime.c
-+++ b/apps/smime.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* S/MIME utility function */
-@@ -115,15 +66,15 @@ OPTIONS smime_options[] = {
- {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
- {"binary", OPT_BINARY, '-', "Don't translate message to text"},
- {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
-- {"signer", OPT_SIGNER, '<', "Signer certificate file"},
-+ {"signer", OPT_SIGNER, 's', "Signer certificate file"},
- {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
- {"in", OPT_IN, '<', "Input file"},
-- {"inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER"},
-+ {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
- {"inkey", OPT_INKEY, '<',
- "Input private key (if not signer or recipient)"},
- {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
- {"out", OPT_OUT, '>', "Output file"},
-- {"outform", OPT_OUTFORM, 'F',
-+ {"outform", OPT_OUTFORM, 'c',
- "Output format SMIME (default), PEM or DER"},
- {"content", OPT_CONTENT, '<',
- "Supply or override content for detached signature"},
-@@ -148,7 +99,7 @@ OPTIONS smime_options[] = {
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
-- {"md", OPT_MD, 's'},
-+ {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- OPT_V_OPTIONS,
- #ifndef OPENSSL_NO_ENGINE
-@@ -183,6 +134,7 @@ int smime_main(int argc, char **argv)
- FORMAT_PEM;
- int vpmtouched = 0, rv = 0;
- ENGINE *e = NULL;
-+ const char *mime_eol = "\n";
-
- if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
- return 1;
-@@ -200,14 +152,14 @@ int smime_main(int argc, char **argv)
- ret = 0;
- goto end;
- case OPT_INFORM:
-- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
-+ if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
- goto opthelp;
- break;
- case OPT_IN:
- infile = opt_arg();
- break;
- case OPT_OUTFORM:
-- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
-+ if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
- goto opthelp;
- break;
- case OPT_OUT:
-@@ -273,6 +225,7 @@ int smime_main(int argc, char **argv)
- break;
- case OPT_CRLFEOL:
- flags |= PKCS7_CRLFEOL;
-+ mime_eol = "\r\n";
- break;
- case OPT_RAND:
- inrand = opt_arg();
-@@ -322,7 +275,7 @@ int smime_main(int argc, char **argv)
- goto opthelp;
- break;
- case OPT_INKEY:
-- /* If previous -inkey arument add signer to list */
-+ /* If previous -inkey argument add signer to list */
- if (keyfile) {
- if (signerfile == NULL) {
- BIO_printf(bio_err,
-@@ -623,11 +576,11 @@ int smime_main(int argc, char **argv)
- PEM_write_bio_PKCS7(out, p7);
- else {
- if (to)
-- BIO_printf(out, "To: %s\n", to);
-+ BIO_printf(out, "To: %s%s", to, mime_eol);
- if (from)
-- BIO_printf(out, "From: %s\n", from);
-+ BIO_printf(out, "From: %s%s", from, mime_eol);
- if (subject)
-- BIO_printf(out, "Subject: %s\n", subject);
-+ BIO_printf(out, "Subject: %s%s", subject, mime_eol);
- if (outformat == FORMAT_SMIME) {
- if (operation == SMIME_RESIGN)
- rv = SMIME_write_PKCS7(out, p7, indata, flags);
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -191,6 +144,9 @@ static volatile int run = 0;
- static int mr = 0;
- static int usertime = 1;
-
-+typedef void *(*kdf_fn) (
-+ const void *in, size_t inlen, void *out, size_t *xoutlen);
-+
- typedef struct loopargs_st {
- ASYNC_JOB *inprogress_job;
- ASYNC_WAIT_CTX *wait_ctx;
-@@ -198,7 +154,7 @@ typedef struct loopargs_st {
- unsigned char *buf2;
- unsigned char *buf_malloc;
- unsigned char *buf2_malloc;
-- unsigned int *siglen;
-+ unsigned int siglen;
- #ifndef OPENSSL_NO_RSA
- RSA *rsa_key[RSA_NUM];
- #endif
-@@ -211,6 +167,8 @@ typedef struct loopargs_st {
- EC_KEY *ecdh_b[EC_NUM];
- unsigned char *secret_a;
- unsigned char *secret_b;
-+ int outlen;
-+ kdf_fn kdf;
- #endif
- EVP_CIPHER_CTX *ctx;
- HMAC_CTX *hctx;
-@@ -291,7 +249,8 @@ static const char *names[ALGOR_NUM] = {
- };
-
- static double results[ALGOR_NUM][SIZE_NUM];
--static int lengths[SIZE_NUM] = {
-+
-+static const int lengths[SIZE_NUM] = {
- 16, 64, 256, 1024, 8 * 1024, 16 * 1024
- };
-
-@@ -386,18 +345,6 @@ static double Time_F(int s)
- }
- #endif
-
--#ifndef OPENSSL_NO_EC
--static const int KDF1_SHA1_len = 20;
--static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
-- size_t *outlen)
--{
-- if (*outlen < SHA_DIGEST_LENGTH)
-- return NULL;
-- *outlen = SHA_DIGEST_LENGTH;
-- return SHA1(in, inlen, out);
--}
--#endif /* OPENSSL_NO_EC */
--
- static void multiblock_speed(const EVP_CIPHER *evp_cipher);
-
- static int found(const char *name, const OPT_PAIR * pairs, int *result)
-@@ -424,7 +371,8 @@ OPTIONS speed_options[] = {
- {"decrypt", OPT_DECRYPT, '-',
- "Time decryption instead of encryption (only EVP)"},
- {"mr", OPT_MR, '-', "Produce machine readable output"},
-- {"mb", OPT_MB, '-'},
-+ {"mb", OPT_MB, '-',
-+ "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"},
- {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
- {"elapsed", OPT_ELAPSED, '-',
- "Measure time in real time instead of CPU user time"},
-@@ -633,13 +581,14 @@ static OPT_PAIR ecdh_choices[] = {
- # define COND(d) (count < (d))
- # define COUNT(d) (d)
- #else
--# define COND(c) (run && count<0x7fffffff)
-+# define COND(unused_cond) (run && count<0x7fffffff)
- # define COUNT(d) (count)
- #endif /* SIGALRM */
-
- static int testnum;
--static char *engine_id = NULL;
-
-+/* Nb of iterations to do per algorithm and key-size */
-+static long c[ALGOR_NUM][SIZE_NUM];
-
- #ifndef OPENSSL_NO_MD2
- static int EVP_Digest_MD2_loop(void *args)
-@@ -648,9 +597,12 @@ static int EVP_Digest_MD2_loop(void *arg
- unsigned char *buf = tempargs->buf;
- unsigned char md2[MD2_DIGEST_LENGTH];
- int count;
-- for (count = 0; COND(c[D_MD2][testnum]); count++)
-- EVP_Digest(buf, (unsigned long)lengths[testnum], &(md2[0]), NULL,
-- EVP_md2(), NULL);
-+
-+ for (count = 0; COND(c[D_MD2][testnum]); count++) {
-+ if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
-+ NULL))
-+ return -1;
-+ }
- return count;
- }
- #endif
-@@ -662,9 +614,12 @@ static int EVP_Digest_MDC2_loop(void *ar
- unsigned char *buf = tempargs->buf;
- unsigned char mdc2[MDC2_DIGEST_LENGTH];
- int count;
-- for (count = 0; COND(c[D_MDC2][testnum]); count++)
-- EVP_Digest(buf, (unsigned long)lengths[testnum], &(mdc2[0]), NULL,
-- EVP_mdc2(), NULL);
-+
-+ for (count = 0; COND(c[D_MDC2][testnum]); count++) {
-+ if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
-+ NULL))
-+ return -1;
-+ }
- return count;
- }
- #endif
-@@ -676,9 +631,12 @@ static int EVP_Digest_MD4_loop(void *arg
- unsigned char *buf = tempargs->buf;
- unsigned char md4[MD4_DIGEST_LENGTH];
- int count;
-- for (count = 0; COND(c[D_MD4][testnum]); count++)
-- EVP_Digest(&(buf[0]), (unsigned long)lengths[testnum], &(md4[0]),
-- NULL, EVP_md4(), NULL);
-+
-+ for (count = 0; COND(c[D_MD4][testnum]); count++) {
-+ if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
-+ NULL))
-+ return -1;
-+ }
- return count;
- }
- #endif
-@@ -702,10 +660,11 @@ static int HMAC_loop(void *args)
- HMAC_CTX *hctx = tempargs->hctx;
- unsigned char hmac[MD5_DIGEST_LENGTH];
- int count;
-+
- for (count = 0; COND(c[D_HMAC][testnum]); count++) {
- HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
- HMAC_Update(hctx, buf, lengths[testnum]);
-- HMAC_Final(hctx, &(hmac[0]), NULL);
-+ HMAC_Final(hctx, hmac, NULL);
- }
- return count;
- }
-@@ -764,9 +723,11 @@ static int EVP_Digest_RMD160_loop(void *
- unsigned char *buf = tempargs->buf;
- unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
- int count;
-- for (count = 0; COND(c[D_RMD160][testnum]); count++)
-- EVP_Digest(buf, (unsigned long)lengths[testnum], &(rmd160[0]), NULL,
-- EVP_ripemd160(), NULL);
-+ for (count = 0; COND(c[D_RMD160][testnum]); count++) {
-+ if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
-+ NULL, EVP_ripemd160(), NULL))
-+ return -1;
-+ }
- return count;
- }
- #endif
-@@ -779,7 +740,7 @@ static int RC4_loop(void *args)
- unsigned char *buf = tempargs->buf;
- int count;
- for (count = 0; COND(c[D_RC4][testnum]); count++)
-- RC4(&rc4_ks, (unsigned int)lengths[testnum], buf, buf);
-+ RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
- return count;
- }
- #endif
-@@ -824,7 +785,7 @@ static int AES_cbc_128_encrypt_loop(void
- int count;
- for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
- AES_cbc_encrypt(buf, buf,
-- (unsigned long)lengths[testnum], &aes_ks1,
-+ (size_t)lengths[testnum], &aes_ks1,
- iv, AES_ENCRYPT);
- return count;
- }
-@@ -836,7 +797,7 @@ static int AES_cbc_192_encrypt_loop(void
- int count;
- for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
- AES_cbc_encrypt(buf, buf,
-- (unsigned long)lengths[testnum], &aes_ks2,
-+ (size_t)lengths[testnum], &aes_ks2,
- iv, AES_ENCRYPT);
- return count;
- }
-@@ -848,7 +809,7 @@ static int AES_cbc_256_encrypt_loop(void
- int count;
- for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
- AES_cbc_encrypt(buf, buf,
-- (unsigned long)lengths[testnum], &aes_ks3,
-+ (size_t)lengths[testnum], &aes_ks3,
- iv, AES_ENCRYPT);
- return count;
- }
-@@ -861,7 +822,7 @@ static int AES_ige_128_encrypt_loop(void
- int count;
- for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
- AES_ige_encrypt(buf, buf2,
-- (unsigned long)lengths[testnum], &aes_ks1,
-+ (size_t)lengths[testnum], &aes_ks1,
- iv, AES_ENCRYPT);
- return count;
- }
-@@ -874,7 +835,7 @@ static int AES_ige_192_encrypt_loop(void
- int count;
- for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
- AES_ige_encrypt(buf, buf2,
-- (unsigned long)lengths[testnum], &aes_ks2,
-+ (size_t)lengths[testnum], &aes_ks2,
- iv, AES_ENCRYPT);
- return count;
- }
-@@ -887,7 +848,7 @@ static int AES_ige_256_encrypt_loop(void
- int count;
- for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
- AES_ige_encrypt(buf, buf2,
-- (unsigned long)lengths[testnum], &aes_ks3,
-+ (size_t)lengths[testnum], &aes_ks3,
- iv, AES_ENCRYPT);
- return count;
- }
-@@ -903,6 +864,7 @@ static int CRYPTO_gcm128_aad_loop(void *
- return count;
- }
-
-+static long save_count = 0;
- static int decrypt = 0;
- static int EVP_Update_loop(void *args)
- {
-@@ -910,15 +872,14 @@ static int EVP_Update_loop(void *args)
- unsigned char *buf = tempargs->buf;
- EVP_CIPHER_CTX *ctx = tempargs->ctx;
- int outl, count;
-+#ifndef SIGALRM
-+ int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
-+#endif
- if (decrypt)
-- for (count = 0;
-- COND(save_count * 4 * lengths[0] / lengths[testnum]);
-- count++)
-+ for (count = 0; COND(nb_iter); count++)
- EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
- else
-- for (count = 0;
-- COND(save_count * 4 * lengths[0] / lengths[testnum]);
-- count++)
-+ for (count = 0; COND(nb_iter); count++)
- EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
- if (decrypt)
- EVP_DecryptFinal_ex(ctx, buf, &outl);
-@@ -934,22 +895,26 @@ static int EVP_Digest_loop(void *args)
- unsigned char *buf = tempargs->buf;
- unsigned char md[EVP_MAX_MD_SIZE];
- int count;
-- for (count = 0;
-- COND(save_count * 4 * lengths[0] / lengths[testnum]); count++)
-- EVP_Digest(buf, lengths[testnum], &(md[0]), NULL, evp_md, NULL);
-+#ifndef SIGALRM
-+ int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
-+#endif
-
-+ for (count = 0; COND(nb_iter); count++) {
-+ if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
-+ return -1;
-+ }
- return count;
- }
-
- #ifndef OPENSSL_NO_RSA
--static long rsa_c[RSA_NUM][2];
-+static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
-
- static int RSA_sign_loop(void *args)
- {
- loopargs_t *tempargs = (loopargs_t *)args;
- unsigned char *buf = tempargs->buf;
- unsigned char *buf2 = tempargs->buf2;
-- unsigned int *rsa_num = tempargs->siglen;
-+ unsigned int *rsa_num = &tempargs->siglen;
- RSA **rsa_key = tempargs->rsa_key;
- int ret, count;
- for (count = 0; COND(rsa_c[testnum][0]); count++) {
-@@ -969,7 +934,7 @@ static int RSA_verify_loop(void *args)
- loopargs_t *tempargs = (loopargs_t *)args;
- unsigned char *buf = tempargs->buf;
- unsigned char *buf2 = tempargs->buf2;
-- unsigned int rsa_num = *(tempargs->siglen);
-+ unsigned int rsa_num = tempargs->siglen;
- RSA **rsa_key = tempargs->rsa_key;
- int ret, count;
- for (count = 0; COND(rsa_c[testnum][1]); count++) {
-@@ -993,7 +958,7 @@ static int DSA_sign_loop(void *args)
- unsigned char *buf = tempargs->buf;
- unsigned char *buf2 = tempargs->buf2;
- DSA **dsa_key = tempargs->dsa_key;
-- unsigned int *siglen = tempargs->siglen;
-+ unsigned int *siglen = &tempargs->siglen;
- int ret, count;
- for (count = 0; COND(dsa_c[testnum][0]); count++) {
- ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
-@@ -1013,7 +978,7 @@ static int DSA_verify_loop(void *args)
- unsigned char *buf = tempargs->buf;
- unsigned char *buf2 = tempargs->buf2;
- DSA **dsa_key = tempargs->dsa_key;
-- unsigned int siglen = *(tempargs->siglen);
-+ unsigned int siglen = tempargs->siglen;
- int ret, count;
- for (count = 0; COND(dsa_c[testnum][1]); count++) {
- ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
-@@ -1036,7 +1001,7 @@ static int ECDSA_sign_loop(void *args)
- unsigned char *buf = tempargs->buf;
- EC_KEY **ecdsa = tempargs->ecdsa;
- unsigned char *ecdsasig = tempargs->buf2;
-- unsigned int *ecdsasiglen = tempargs->siglen;
-+ unsigned int *ecdsasiglen = &tempargs->siglen;
- int ret, count;
- for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
- ret = ECDSA_sign(0, buf, 20,
-@@ -1057,7 +1022,7 @@ static int ECDSA_verify_loop(void *args)
- unsigned char *buf = tempargs->buf;
- EC_KEY **ecdsa = tempargs->ecdsa;
- unsigned char *ecdsasig = tempargs->buf2;
-- unsigned int ecdsasiglen = *(tempargs->siglen);
-+ unsigned int ecdsasiglen = tempargs->siglen;
- int ret, count;
- for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
- ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen,
-@@ -1072,9 +1037,8 @@ static int ECDSA_verify_loop(void *args)
- return count;
- }
-
--static int outlen;
--static void *(*kdf) (const void *in, size_t inlen, void *out,
-- size_t *xoutlen);
-+/* ******************************************************************** */
-+static long ecdh_c[EC_NUM][1];
-
- static int ECDH_compute_key_loop(void *args)
- {
-@@ -1082,7 +1046,9 @@ static int ECDH_compute_key_loop(void *a
- EC_KEY **ecdh_a = tempargs->ecdh_a;
- EC_KEY **ecdh_b = tempargs->ecdh_b;
- unsigned char *secret_a = tempargs->secret_a;
-- int count;
-+ int count, outlen = tempargs->outlen;
-+ kdf_fn kdf = tempargs->kdf;
-+
- for (count = 0; COND(ecdh_c[testnum][0]); count++) {
- ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[testnum]),
-@@ -1090,16 +1056,26 @@ static int ECDH_compute_key_loop(void *a
- }
- return count;
- }
--#endif
-
-+static const int KDF1_SHA1_len = 20;
-+static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
-+ size_t *outlen)
-+{
-+ if (*outlen < SHA_DIGEST_LENGTH)
-+ return NULL;
-+ *outlen = SHA_DIGEST_LENGTH;
-+ return SHA1(in, inlen, out);
-+}
-+#endif /* ndef OPENSSL_NO_EC */
-
--static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs)
-+
-+static int run_benchmark(int async_jobs,
-+ int (*loop_function)(void *), loopargs_t *loopargs)
- {
- int job_op_count = 0;
- int total_op_count = 0;
- int num_inprogress = 0;
-- int error = 0;
-- int i = 0;
-+ int error = 0, i = 0, ret = 0;
- OSSL_ASYNC_FD job_fd = 0;
- size_t num_job_fds = 0;
-
-@@ -1109,27 +1085,27 @@ static int run_benchmark(int async_jobs,
- return loop_function((void *)loopargs);
- }
-
--
- for (i = 0; i < async_jobs && !error; i++) {
-- switch (ASYNC_start_job(&(loopargs[i].inprogress_job), loopargs[i].wait_ctx,
-- &job_op_count, loop_function,
-- (void *)(loopargs + i), sizeof(loopargs_t))) {
-- case ASYNC_PAUSE:
-- ++num_inprogress;
-- break;
-- case ASYNC_FINISH:
-- if (job_op_count == -1) {
-- error = 1;
-- } else {
-- total_op_count += job_op_count;
-- }
-- break;
-- case ASYNC_NO_JOBS:
-- case ASYNC_ERR:
-- BIO_printf(bio_err, "Failure in the job\n");
-- ERR_print_errors(bio_err);
-+ ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
-+ &job_op_count, loop_function,
-+ (void *)(loopargs + i), sizeof(loopargs_t));
-+ switch (ret) {
-+ case ASYNC_PAUSE:
-+ ++num_inprogress;
-+ break;
-+ case ASYNC_FINISH:
-+ if (job_op_count == -1) {
- error = 1;
-- break;
-+ } else {
-+ total_op_count += job_op_count;
-+ }
-+ break;
-+ case ASYNC_NO_JOBS:
-+ case ASYNC_ERR:
-+ BIO_printf(bio_err, "Failure in the job\n");
-+ ERR_print_errors(bio_err);
-+ error = 1;
-+ break;
- }
- }
-
-@@ -1202,33 +1178,35 @@ static int run_benchmark(int async_jobs,
- if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
- continue;
- #elif defined(OPENSSL_SYS_WINDOWS)
-- if (num_job_fds == 1 &&
-- !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL) && avail > 0)
-+ if (num_job_fds == 1
-+ && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
-+ && avail > 0)
- continue;
- #endif
-
-- switch (ASYNC_start_job(&(loopargs[i].inprogress_job), loopargs[i].wait_ctx,
-- &job_op_count, loop_function, (void *)(loopargs + i),
-- sizeof(loopargs_t))) {
-- case ASYNC_PAUSE:
-- break;
-- case ASYNC_FINISH:
-- if (job_op_count == -1) {
-- error = 1;
-- } else {
-- total_op_count += job_op_count;
-- }
-- --num_inprogress;
-- loopargs[i].inprogress_job = NULL;
-- break;
-- case ASYNC_NO_JOBS:
-- case ASYNC_ERR:
-- --num_inprogress;
-- loopargs[i].inprogress_job = NULL;
-- BIO_printf(bio_err, "Failure in the job\n");
-- ERR_print_errors(bio_err);
-+ ret = ASYNC_start_job(&loopargs[i].inprogress_job,
-+ loopargs[i].wait_ctx, &job_op_count, loop_function,
-+ (void *)(loopargs + i), sizeof(loopargs_t));
-+ switch (ret) {
-+ case ASYNC_PAUSE:
-+ break;
-+ case ASYNC_FINISH:
-+ if (job_op_count == -1) {
- error = 1;
-- break;
-+ } else {
-+ total_op_count += job_op_count;
-+ }
-+ --num_inprogress;
-+ loopargs[i].inprogress_job = NULL;
-+ break;
-+ case ASYNC_NO_JOBS:
-+ case ASYNC_ERR:
-+ --num_inprogress;
-+ loopargs[i].inprogress_job = NULL;
-+ BIO_printf(bio_err, "Failure in the job\n");
-+ ERR_print_errors(bio_err);
-+ error = 1;
-+ break;
- }
- }
- }
-@@ -1239,26 +1217,29 @@ static int run_benchmark(int async_jobs,
- int speed_main(int argc, char **argv)
- {
- loopargs_t *loopargs = NULL;
-+ int async_init = 0;
- int loopargs_len = 0;
- char *prog;
-+#ifndef OPENSSL_NO_ENGINE
-+ const char *engine_id = NULL;
-+#endif
- const EVP_CIPHER *evp_cipher = NULL;
- double d = 0.0;
- OPTION_CHOICE o;
-- int multiblock = 0, doit[ALGOR_NUM], pr_header = 0;
--#ifndef OPENSSL_NO_DSA
-- int dsa_doit[DSA_NUM];
--#endif
-- int rsa_doit[RSA_NUM];
-+ int multiblock = 0, pr_header = 0;
-+ int doit[ALGOR_NUM] = { 0 };
- int ret = 1, i, k, misalign = 0;
-- long c[ALGOR_NUM][SIZE_NUM], count = 0, save_count = 0;
-+ long count = 0;
- #ifndef NO_FORK
- int multi = 0;
- #endif
- int async_jobs = 0;
-- /* What follows are the buffers and key material. */
--#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
-+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
-+ || !defined(OPENSSL_NO_EC)
- long rsa_count = 1;
- #endif
-+
-+ /* What follows are the buffers and key material. */
- #ifndef OPENSSL_NO_RC5
- RC5_32_KEY rc5_ks;
- #endif
-@@ -1318,21 +1299,23 @@ int speed_main(int argc, char **argv)
- };
- #endif
- #ifndef OPENSSL_NO_RSA
-- static unsigned int rsa_bits[RSA_NUM] = {
-+ static const unsigned int rsa_bits[RSA_NUM] = {
- 512, 1024, 2048, 3072, 4096, 7680, 15360
- };
-- static unsigned char *rsa_data[RSA_NUM] = {
-+ static const unsigned char *rsa_data[RSA_NUM] = {
- test512, test1024, test2048, test3072, test4096, test7680, test15360
- };
-- static int rsa_data_length[RSA_NUM] = {
-+ static const int rsa_data_length[RSA_NUM] = {
- sizeof(test512), sizeof(test1024),
- sizeof(test2048), sizeof(test3072),
- sizeof(test4096), sizeof(test7680),
- sizeof(test15360)
- };
-+ int rsa_doit[RSA_NUM] = { 0 };
- #endif
- #ifndef OPENSSL_NO_DSA
-- static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
-+ static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
-+ int dsa_doit[DSA_NUM] = { 0 };
- #endif
- #ifndef OPENSSL_NO_EC
- /*
-@@ -1340,7 +1323,7 @@ int speed_main(int argc, char **argv)
- * add tests over more curves, simply add the curve NID and curve name to
- * the following arrays and increase the EC_NUM value accordingly.
- */
-- static unsigned int test_curves[EC_NUM] = {
-+ static const unsigned int test_curves[EC_NUM] = {
- /* Prime Curves */
- NID_secp160r1, NID_X9_62_prime192v1, NID_secp224r1,
- NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
-@@ -1364,7 +1347,7 @@ int speed_main(int argc, char **argv)
- /* Other */
- "X25519"
- };
-- static int test_curves_bits[EC_NUM] = {
-+ static const int test_curves_bits[EC_NUM] = {
- 160, 192, 224,
- 256, 384, 521,
- 163, 233, 283,
-@@ -1372,40 +1355,10 @@ int speed_main(int argc, char **argv)
- 233, 283, 409,
- 571, 253 /* X25519 */
- };
--#endif
--#ifndef OPENSSL_NO_EC
-- int ecdsa_doit[EC_NUM];
-- int secret_size_a, secret_size_b;
-- int ecdh_checks = 1;
-- int secret_idx = 0;
-- long ecdh_c[EC_NUM][2];
-- int ecdh_doit[EC_NUM];
--#endif
--
-- memset(results, 0, sizeof(results));
--
-- memset(c, 0, sizeof(c));
--#ifndef OPENSSL_NO_DES
-- memset(DES_iv, 0, sizeof(DES_iv));
--#endif
-- memset(iv, 0, sizeof(iv));
--
-- for (i = 0; i < ALGOR_NUM; i++)
-- doit[i] = 0;
-- for (i = 0; i < RSA_NUM; i++)
-- rsa_doit[i] = 0;
--#ifndef OPENSSL_NO_DSA
-- for (i = 0; i < DSA_NUM; i++)
-- dsa_doit[i] = 0;
--#endif
--#ifndef OPENSSL_NO_EC
-- for (i = 0; i < EC_NUM; i++)
-- ecdsa_doit[i] = 0;
-- for (i = 0; i < EC_NUM; i++)
-- ecdh_doit[i] = 0;
--#endif
-
-- misalign = 0;
-+ int ecdsa_doit[EC_NUM] = { 0 };
-+ int ecdh_doit[EC_NUM] = { 0 };
-+#endif /* ndef OPENSSL_NO_EC */
-
- prog = opt_init(argc, argv, speed_options);
- while ((o = opt_next()) != OPT_EOF) {
-@@ -1428,7 +1381,7 @@ int speed_main(int argc, char **argv)
- evp_md = EVP_get_digestbyname(opt_arg());
- if (evp_cipher == NULL && evp_md == NULL) {
- BIO_printf(bio_err,
-- "%s: %s an unknown cipher or digest\n",
-+ "%s: %s is an unknown cipher or digest\n",
- prog, opt_arg());
- goto end;
- }
-@@ -1443,7 +1396,9 @@ int speed_main(int argc, char **argv)
- * initialised by each child process, not by the parent.
- * So store the name here and run setup_engine() later on.
- */
-+#ifndef OPENSSL_NO_ENGINE
- engine_id = opt_arg();
-+#endif
- break;
- case OPT_MULTI:
- #ifndef NO_FORK
-@@ -1565,7 +1520,8 @@ int speed_main(int argc, char **argv)
-
- /* Initialize the job pool if async mode is enabled */
- if (async_jobs > 0) {
-- if (!ASYNC_init_thread(async_jobs, async_jobs)) {
-+ async_init = ASYNC_init_thread(async_jobs, async_jobs);
-+ if (!async_init) {
- BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
- goto end;
- }
-@@ -1589,7 +1545,6 @@ int speed_main(int argc, char **argv)
- /* Align the start of buffers on a 64 byte boundary */
- loopargs[i].buf = loopargs[i].buf_malloc + misalign;
- loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
-- loopargs[i].siglen = app_malloc(sizeof(unsigned int), "signature length");
- #ifndef OPENSSL_NO_EC
- loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
- loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
-@@ -1687,9 +1642,6 @@ int speed_main(int argc, char **argv)
- #ifndef OPENSSL_NO_CAST
- CAST_set_key(&cast_ks, 16, key16);
- #endif
--#ifndef OPENSSL_NO_RSA
-- memset(rsa_c, 0, sizeof(rsa_c));
--#endif
- #ifndef SIGALRM
- # ifndef OPENSSL_NO_DES
- BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
-@@ -1780,11 +1732,11 @@ int speed_main(int argc, char **argv)
- for (i = 1; i < RSA_NUM; i++) {
- rsa_c[i][0] = rsa_c[i - 1][0] / 8;
- rsa_c[i][1] = rsa_c[i - 1][1] / 4;
-- if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
-+ if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
- rsa_doit[i] = 0;
- else {
- if (rsa_c[i][0] == 0) {
-- rsa_c[i][0] = 1;
-+ rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
- rsa_c[i][1] = 20;
- }
- }
-@@ -1797,11 +1749,11 @@ int speed_main(int argc, char **argv)
- for (i = 1; i < DSA_NUM; i++) {
- dsa_c[i][0] = dsa_c[i - 1][0] / 4;
- dsa_c[i][1] = dsa_c[i - 1][1] / 4;
-- if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
-+ if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
- dsa_doit[i] = 0;
- else {
-- if (dsa_c[i] == 0) {
-- dsa_c[i][0] = 1;
-+ if (dsa_c[i][0] == 0) {
-+ dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
- dsa_c[i][1] = 1;
- }
- }
-@@ -1814,10 +1766,10 @@ int speed_main(int argc, char **argv)
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
- ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
- ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-+ if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
- ecdsa_doit[i] = 0;
- else {
-- if (ecdsa_c[i] == 0) {
-+ if (ecdsa_c[i][0] == 0) {
- ecdsa_c[i][0] = 1;
- ecdsa_c[i][1] = 1;
- }
-@@ -1828,10 +1780,10 @@ int speed_main(int argc, char **argv)
- for (i = R_EC_K233; i <= R_EC_K571; i++) {
- ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
- ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-+ if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
- ecdsa_doit[i] = 0;
- else {
-- if (ecdsa_c[i] == 0) {
-+ if (ecdsa_c[i][0] == 0) {
- ecdsa_c[i][0] = 1;
- ecdsa_c[i][1] = 1;
- }
-@@ -1842,10 +1794,10 @@ int speed_main(int argc, char **argv)
- for (i = R_EC_B233; i <= R_EC_B571; i++) {
- ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
- ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-+ if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
- ecdsa_doit[i] = 0;
- else {
-- if (ecdsa_c[i] == 0) {
-+ if (ecdsa_c[i][0] == 0) {
- ecdsa_c[i][0] = 1;
- ecdsa_c[i][1] = 1;
- }
-@@ -1853,44 +1805,35 @@ int speed_main(int argc, char **argv)
- }
-
- ecdh_c[R_EC_P160][0] = count / 1000;
-- ecdh_c[R_EC_P160][1] = count / 1000;
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
- ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-- ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
-- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-+ if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
- ecdh_doit[i] = 0;
- else {
-- if (ecdh_c[i] == 0) {
-+ if (ecdh_c[i][0] == 0) {
- ecdh_c[i][0] = 1;
-- ecdh_c[i][1] = 1;
- }
- }
- }
- ecdh_c[R_EC_K163][0] = count / 1000;
-- ecdh_c[R_EC_K163][1] = count / 1000;
- for (i = R_EC_K233; i <= R_EC_K571; i++) {
- ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-- ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
-- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-+ if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
- ecdh_doit[i] = 0;
- else {
-- if (ecdh_c[i] == 0) {
-+ if (ecdh_c[i][0] == 0) {
- ecdh_c[i][0] = 1;
-- ecdh_c[i][1] = 1;
- }
- }
- }
- ecdh_c[R_EC_B163][0] = count / 1000;
-- ecdh_c[R_EC_B163][1] = count / 1000;
- for (i = R_EC_B233; i <= R_EC_B571; i++) {
- ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-- ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
-- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-+ if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
- ecdh_doit[i] = 0;
- else {
-- if (ecdh_c[i] == 0) {
-+ if (ecdh_c[i][0] == 0) {
- ecdh_c[i][0] = 1;
-- ecdh_c[i][1] = 1;
- }
- }
- }
-@@ -1955,6 +1898,9 @@ int speed_main(int argc, char **argv)
-
- #ifndef OPENSSL_NO_MD5
- if (doit[D_HMAC]) {
-+ char hmac_key[] = "This is a key...";
-+ int len = strlen(hmac_key);
-+
- for (i = 0; i < loopargs_len; i++) {
- loopargs[i].hctx = HMAC_CTX_new();
- if (loopargs[i].hctx == NULL) {
-@@ -1962,8 +1908,7 @@ int speed_main(int argc, char **argv)
- exit(1);
- }
-
-- HMAC_Init_ex(loopargs[i].hctx, (unsigned char *)"This is a key...",
-- 16, EVP_md5(), NULL);
-+ HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
- }
- for (testnum = 0; testnum < SIZE_NUM; testnum++) {
- print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum]);
-@@ -2151,7 +2096,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
- Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &camellia_ks1,
-+ (size_t)lengths[testnum], &camellia_ks1,
- iv, CAMELLIA_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_128_CML, testnum, count, d);
-@@ -2168,7 +2113,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
- Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &camellia_ks2,
-+ (size_t)lengths[testnum], &camellia_ks2,
- iv, CAMELLIA_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_192_CML, testnum, count, d);
-@@ -2185,7 +2130,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
- Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &camellia_ks3,
-+ (size_t)lengths[testnum], &camellia_ks3,
- iv, CAMELLIA_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_256_CML, testnum, count, d);
-@@ -2203,7 +2148,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
- IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &idea_ks,
-+ (size_t)lengths[testnum], &idea_ks,
- iv, IDEA_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_IDEA, testnum, count, d);
-@@ -2221,7 +2166,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
- SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &seed_ks, iv, 1);
-+ (size_t)lengths[testnum], &seed_ks, iv, 1);
- d = Time_F(STOP);
- print_result(D_CBC_SEED, testnum, count, d);
- }
-@@ -2238,7 +2183,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
- RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &rc2_ks,
-+ (size_t)lengths[testnum], &rc2_ks,
- iv, RC2_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_RC2, testnum, count, d);
-@@ -2256,7 +2201,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
- RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &rc5_ks,
-+ (size_t)lengths[testnum], &rc5_ks,
- iv, RC5_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_RC5, testnum, count, d);
-@@ -2274,7 +2219,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
- BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &bf_ks,
-+ (size_t)lengths[testnum], &bf_ks,
- iv, BF_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_BF, testnum, count, d);
-@@ -2292,7 +2237,7 @@ int speed_main(int argc, char **argv)
- Time_F(START);
- for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
- CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
-- (unsigned long)lengths[testnum], &cast_ks,
-+ (size_t)lengths[testnum], &cast_ks,
- iv, CAST_ENCRYPT);
- d = Time_F(STOP);
- print_result(D_CBC_CAST, testnum, count, d);
-@@ -2366,7 +2311,7 @@ int speed_main(int argc, char **argv)
- continue;
- for (i = 0; i < loopargs_len; i++) {
- st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
-- loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
-+ &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
- if (st == 0)
- break;
- }
-@@ -2392,7 +2337,7 @@ int speed_main(int argc, char **argv)
-
- for (i = 0; i < loopargs_len; i++) {
- st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
-- *(loopargs[i].siglen), loopargs[i].rsa_key[testnum]);
-+ loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
- if (st <= 0)
- break;
- }
-@@ -2438,7 +2383,7 @@ int speed_main(int argc, char **argv)
- /* DSA_sign_setup(dsa_key[testnum],NULL); */
- for (i = 0; i < loopargs_len; i++) {
- st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
-- loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
-+ &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
- if (st == 0)
- break;
- }
-@@ -2463,7 +2408,7 @@ int speed_main(int argc, char **argv)
-
- for (i = 0; i < loopargs_len; i++) {
- st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
-- *(loopargs[i].siglen), loopargs[i].dsa_key[testnum]);
-+ loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
- if (st <= 0)
- break;
- }
-@@ -2519,7 +2464,7 @@ int speed_main(int argc, char **argv)
- /* Perform ECDSA signature test */
- EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
- st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
-- loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
-+ &loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
- if (st == 0)
- break;
- }
-@@ -2547,7 +2492,7 @@ int speed_main(int argc, char **argv)
- /* Perform ECDSA verification test */
- for (i = 0; i < loopargs_len; i++) {
- st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
-- *(loopargs[i].siglen), loopargs[i].ecdsa[testnum]);
-+ loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
- if (st != 1)
- break;
- }
-@@ -2577,13 +2522,13 @@ int speed_main(int argc, char **argv)
- }
- }
- }
--#endif
-
--#ifndef OPENSSL_NO_EC
- if (RAND_status() != 1) {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- }
- for (testnum = 0; testnum < EC_NUM; testnum++) {
-+ int ecdh_checks = 1;
-+
- if (!ecdh_doit[testnum])
- continue;
- for (i = 0; i < loopargs_len; i++) {
-@@ -2609,37 +2554,37 @@ int speed_main(int argc, char **argv)
- ecdh_checks = 0;
- rsa_count = 1;
- } else {
-+ int secret_size_a, secret_size_b;
- /*
- * If field size is not more than 24 octets, then use SHA-1
- * hash of result; otherwise, use result (see section 4.8 of
- * draft-ietf-tls-ecc-03.txt).
- */
-- int field_size;
-- field_size =
-- EC_GROUP_get_degree(EC_KEY_get0_group(loopargs[i].ecdh_a[testnum]));
-- if (field_size <= 24 * 8) {
-- outlen = KDF1_SHA1_len;
-- kdf = KDF1_SHA1;
-+ int field_size = EC_GROUP_get_degree(
-+ EC_KEY_get0_group(loopargs[i].ecdh_a[testnum]));
-+
-+ if (field_size <= 24 * 8) { /* 192 bits */
-+ loopargs[i].outlen = KDF1_SHA1_len;
-+ loopargs[i].kdf = KDF1_SHA1;
- } else {
-- outlen = (field_size + 7) / 8;
-- kdf = NULL;
-+ loopargs[i].outlen = (field_size + 7) / 8;
-+ loopargs[i].kdf = NULL;
- }
- secret_size_a =
-- ECDH_compute_key(loopargs[i].secret_a, outlen,
-+ ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen,
- EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]),
-- loopargs[i].ecdh_a[testnum], kdf);
-+ loopargs[i].ecdh_a[testnum], loopargs[i].kdf);
- secret_size_b =
-- ECDH_compute_key(loopargs[i].secret_b, outlen,
-+ ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen,
- EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]),
-- loopargs[i].ecdh_b[testnum], kdf);
-+ loopargs[i].ecdh_b[testnum], loopargs[i].kdf);
- if (secret_size_a != secret_size_b)
- ecdh_checks = 0;
- else
- ecdh_checks = 1;
-
-- for (secret_idx = 0; (secret_idx < secret_size_a)
-- && (ecdh_checks == 1); secret_idx++) {
-- if (loopargs[i].secret_a[secret_idx] != loopargs[i].secret_b[secret_idx])
-+ for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) {
-+ if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
- ecdh_checks = 0;
- }
-
-@@ -2650,20 +2595,20 @@ int speed_main(int argc, char **argv)
- break;
- }
- }
-- if (ecdh_checks != 0) {
-- pkey_print_message("", "ecdh",
-- ecdh_c[testnum][0],
-- test_curves_bits[testnum], ECDH_SECONDS);
-- Time_F(START);
-- count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs);
-- d = Time_F(STOP);
-- BIO_printf(bio_err,
-- mr ? "+R7:%ld:%d:%.2f\n" :
-- "%ld %d-bit ECDH ops in %.2fs\n", count,
-- test_curves_bits[testnum], d);
-- ecdh_results[testnum][0] = d / (double)count;
-- rsa_count = count;
-- }
-+ }
-+ if (ecdh_checks != 0) {
-+ pkey_print_message("", "ecdh",
-+ ecdh_c[testnum][0],
-+ test_curves_bits[testnum], ECDH_SECONDS);
-+ Time_F(START);
-+ count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs);
-+ d = Time_F(STOP);
-+ BIO_printf(bio_err,
-+ mr ? "+R7:%ld:%d:%.2f\n" :
-+ "%ld %d-bit ECDH ops in %.2fs\n", count,
-+ test_curves_bits[testnum], d);
-+ ecdh_results[testnum][0] = d / (double)count;
-+ rsa_count = count;
- }
- }
-
-@@ -2786,9 +2731,7 @@ int speed_main(int argc, char **argv)
- ecdsa_results[k][0], ecdsa_results[k][1],
- 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
- }
--#endif
-
--#ifndef OPENSSL_NO_EC
- testnum = 1;
- for (k = 0; k < EC_NUM; k++) {
- if (!ecdh_doit[k])
-@@ -2817,23 +2760,16 @@ int speed_main(int argc, char **argv)
- for (i = 0; i < loopargs_len; i++) {
- OPENSSL_free(loopargs[i].buf_malloc);
- OPENSSL_free(loopargs[i].buf2_malloc);
-- OPENSSL_free(loopargs[i].siglen);
-- }
-+
- #ifndef OPENSSL_NO_RSA
-- for (i = 0; i < loopargs_len; i++) {
- for (k = 0; k < RSA_NUM; k++)
- RSA_free(loopargs[i].rsa_key[k]);
-- }
- #endif
- #ifndef OPENSSL_NO_DSA
-- for (i = 0; i < loopargs_len; i++) {
- for (k = 0; k < DSA_NUM; k++)
- DSA_free(loopargs[i].dsa_key[k]);
-- }
- #endif
--
- #ifndef OPENSSL_NO_EC
-- for (i = 0; i < loopargs_len; i++) {
- for (k = 0; k < EC_NUM; k++) {
- EC_KEY_free(loopargs[i].ecdsa[k]);
- EC_KEY_free(loopargs[i].ecdh_a[k]);
-@@ -2841,12 +2777,15 @@ int speed_main(int argc, char **argv)
- }
- OPENSSL_free(loopargs[i].secret_a);
- OPENSSL_free(loopargs[i].secret_b);
-- }
- #endif
-+ }
-+
- if (async_jobs > 0) {
- for (i = 0; i < loopargs_len; i++)
- ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
-+ }
-
-+ if (async_init) {
- ASYNC_cleanup_thread();
- }
- OPENSSL_free(loopargs);
-@@ -2888,6 +2827,10 @@ static void pkey_print_message(const cha
-
- static void print_result(int alg, int run_no, int count, double time_used)
- {
-+ if (count == -1) {
-+ BIO_puts(bio_err, "EVP error!\n");
-+ exit(1);
-+ }
- BIO_printf(bio_err,
- mr ? "+R:%d:%s:%f\n"
- : "%d %s's in %.2fs\n", count, names[alg], time_used);
---- a/apps/spkac.c
-+++ b/apps/spkac.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999. Based on an original idea by Massimiliano Pala (madwolf at openca.org).
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
---- a/apps/srp.c
-+++ b/apps/srp.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Peter Sylvester (peter.sylvester at edelweb.fr) for the EdelKey
-- * project and contributed to the OpenSSL project 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -156,9 +107,12 @@ static int update_index(CA_DB *db, char
- return 1;
- }
-
--static void lookup_fail(const char *name, const char *tag)
-+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
- {
-- BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
-+ char *entry = NCONF_get_string(conf, section, tag);
-+ if (entry == NULL)
-+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
-+ return entry;
- }
-
- static char *srp_verify_user(const char *user, const char *srp_verifier,
-@@ -173,7 +127,7 @@ static char *srp_verify_user(const char
- cb_tmp.prompt_info = user;
- cb_tmp.password = passin;
-
-- if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
-+ if (password_callback(password, sizeof(password), 0, &cb_tmp) > 0) {
- if (verbose)
- BIO_printf(bio_err,
- "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
-@@ -206,7 +160,7 @@ static char *srp_create_user(char *user,
- cb_tmp.prompt_info = user;
- cb_tmp.password = passout;
-
-- if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
-+ if (password_callback(password, sizeof(password), 1, &cb_tmp) > 0) {
- if (verbose)
- BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
- user, g, N);
-@@ -256,13 +210,12 @@ OPTIONS srp_options[] = {
- int srp_main(int argc, char **argv)
- {
- CA_DB *db = NULL;
-- DB_ATTR db_attr;
- CONF *conf = NULL;
- int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
- int doupdatedb = 0, mode = OPT_ERR;
- char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
- char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
-- char *randfile = NULL, *tofree = NULL, *section = NULL;
-+ char *randfile = NULL, *section = NULL;
- char **gNrow = NULL, *configfile = NULL;
- char *srpvfile = NULL, **pp, *prog;
- OPTION_CHOICE o;
-@@ -360,7 +313,7 @@ int srp_main(int argc, char **argv)
- conf = app_load_config(configfile);
- if (conf == NULL)
- goto end;
-- if (!app_load_modules(conf))
-+ if (configfile != default_config_file && !app_load_modules(conf))
- goto end;
-
- /* Lets get the config section we are using */
-@@ -370,14 +323,12 @@ int srp_main(int argc, char **argv)
- "trying to read " ENV_DEFAULT_SRP
- " in " BASE_SECTION "\n");
-
-- section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
-- if (section == NULL) {
-- lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
-+ section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
-+ if (section == NULL)
- goto end;
-- }
- }
-
-- if (randfile == NULL && conf)
-+ if (randfile == NULL)
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
-
- if (verbose)
-@@ -385,12 +336,9 @@ int srp_main(int argc, char **argv)
- "trying to read " ENV_DATABASE " in section \"%s\"\n",
- section);
-
-- if ((srpvfile = NCONF_get_string(conf, section, ENV_DATABASE))
-- == NULL) {
-- lookup_fail(section, ENV_DATABASE);
-+ srpvfile = lookup_conf(conf, section, ENV_DATABASE);
-+ if (srpvfile == NULL)
- goto end;
-- }
--
- }
- if (randfile == NULL)
- ERR_clear_error();
-@@ -401,7 +349,7 @@ int srp_main(int argc, char **argv)
- BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
- srpvfile);
-
-- db = load_index(srpvfile, &db_attr);
-+ db = load_index(srpvfile, NULL);
- if (db == NULL)
- goto end;
-
-@@ -441,12 +389,11 @@ int srp_main(int argc, char **argv)
-
- while (mode == OPT_LIST || user) {
- int userindex = -1;
-- if (user)
-- if (verbose > 1)
-- BIO_printf(bio_err, "Processing user \"%s\"\n", user);
-+
-+ if (user != NULL && verbose > 1)
-+ BIO_printf(bio_err, "Processing user \"%s\"\n", user);
- if ((userindex = get_index(db, user, 'U')) >= 0) {
-- print_user(db, userindex, (verbose > 0)
-- || mode == OPT_LIST);
-+ print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
- }
-
- if (mode == OPT_LIST) {
-@@ -646,7 +593,9 @@ int srp_main(int argc, char **argv)
-
- if (verbose)
- BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
-- OPENSSL_free(tofree);
-+
-+ OPENSSL_free(passin);
-+ OPENSSL_free(passout);
- if (ret)
- ERR_print_errors(bio_err);
- if (randfile)
---- a/apps/testdsa.h
-+++ b/apps/testdsa.h
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 199-2015 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* used by speed.c */
---- a/apps/testrsa.h
-+++ b/apps/testrsa.h
-@@ -1,59 +1,10 @@
--/* used by apps/speed.c */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- static unsigned char test512[] = {
---- a/apps/timeouts.h
-+++ b/apps/timeouts.h
-@@ -1,59 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef INCLUDED_TIMEOUTS_H
---- a/apps/ts.c
-+++ b/apps/ts.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -154,7 +105,7 @@ OPTIONS ts_options[] = {
- {"text", OPT_TEXT, '-', "Output text (not DER)"},
- {"reply", OPT_REPLY, '-', "Generate a TS reply"},
- {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
-- {"passin", OPT_PASSIN, 's'},
-+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"inkey", OPT_INKEY, '<', "File with private key for reply"},
- {"signer", OPT_SIGNER, 's'},
- {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
-@@ -187,9 +138,9 @@ static char* opt_helplist[] = {
- " [-chain certs_file.pem] [-tspolicy oid]",
- " [-in file] [-token_in] [-out file] [-token_out]",
- # ifndef OPENSSL_NO_ENGINE
-- " [-text]",
--# else
- " [-text] [-engine id]",
-+# else
-+ " [-text]",
- # endif
- " or",
- "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
-@@ -319,9 +270,7 @@ int ts_main(int argc, char **argv)
- break;
- }
- }
-- argc = opt_num_rest();
-- argv = opt_rest();
-- if (mode == OPT_ERR || argc != 0)
-+ if (mode == OPT_ERR || opt_num_rest() != 0)
- goto opthelp;
-
- /* Seed the random number generator if it is going to be used. */
-@@ -341,7 +290,7 @@ int ts_main(int argc, char **argv)
- }
-
- conf = load_config_file(configfile);
-- if (!app_load_modules(conf))
-+ if (configfile != default_config_file && !app_load_modules(conf))
- goto end;
-
- /* Check parameter consistency and execute the appropriate function. */
-@@ -374,7 +323,7 @@ int ts_main(int argc, char **argv)
- if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest))
- goto opthelp;
- ret = !verify_command(data, digest, queryfile, in, token_in,
-- CApath, CAfile, untrusted,
-+ CApath, CAfile, untrusted,
- vpmtouched ? vpm : NULL);
- }
-
-@@ -543,28 +492,30 @@ static int create_digest(BIO *input, cha
- unsigned char **md_value)
- {
- int md_value_len;
-+ int rv = 0;
-+ EVP_MD_CTX *md_ctx = NULL;
-
- md_value_len = EVP_MD_size(md);
- if (md_value_len < 0)
- return 0;
-
- if (input) {
-- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
- unsigned char buffer[4096];
- int length;
-
-+ md_ctx = EVP_MD_CTX_new();
- if (md_ctx == NULL)
- return 0;
- *md_value = app_malloc(md_value_len, "digest buffer");
-- EVP_DigestInit(md_ctx, md);
-+ if (!EVP_DigestInit(md_ctx, md))
-+ goto err;
- while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
-- EVP_DigestUpdate(md_ctx, buffer, length);
-- }
-- if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) {
-- EVP_MD_CTX_free(md_ctx);
-- return 0;
-+ if (!EVP_DigestUpdate(md_ctx, buffer, length))
-+ goto err;
- }
-- EVP_MD_CTX_free(md_ctx);
-+ if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
-+ goto err;
-+ md_value_len = EVP_MD_size(md);
- } else {
- long digest_len;
- *md_value = OPENSSL_hexstr2buf(digest, &digest_len);
-@@ -576,7 +527,10 @@ static int create_digest(BIO *input, cha
- return 0;
- }
- }
-- return md_value_len;
-+ rv = md_value_len;
-+ err:
-+ EVP_MD_CTX_free(md_ctx);
-+ return rv;
- }
-
- static ASN1_INTEGER *create_nonce(int bits)
-@@ -1015,7 +969,7 @@ static X509_STORE *create_cert_store(cha
- }
- }
-
-- if (vpm != NULL)
-+ if (vpm != NULL)
- X509_STORE_set1_param(cert_ctx, vpm);
-
- return cert_ctx;
-@@ -1029,4 +983,4 @@ static int verify_cb(int ok, X509_STORE_
- {
- return ok;
- }
--#endif
-+#endif /* ndef OPENSSL_NO_TS */
---- a/apps/tsget.in
-+++ b/apps/tsget.in
-@@ -1,7 +1,11 @@
--#!{- $config{perl} -}
--# Written by Zoltan Glozik <zglozik at stones.com>.
--# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
--$::version = '$Id: tsget,v 1.3 2009/09/07 17:57:18 steve Exp $';
-+#!{- $config{hashbangperl} -}
-+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
-+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use IO::Handle;
-@@ -42,7 +46,8 @@ sub create_curl {
- # Error-handling related options.
- $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
- $curl->setopt(CURLOPT_FAILONERROR, 1);
-- $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
-+ $curl->setopt(CURLOPT_USERAGENT,
-+ "OpenTSA tsget.pl/openssl-{- $config{version} -}");
-
- # Options for POST method.
- $curl->setopt(CURLOPT_UPLOAD, 1);
---- a/apps/verify.c
-+++ b/apps/verify.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -262,6 +214,7 @@ static int check(X509_STORE *ctx, char *
- (file == NULL) ? "stdin" : file);
- goto end;
- }
-+
- X509_STORE_set_flags(ctx, vflags);
- if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
- printf("error %s: X.509 store context initialization failed\n",
---- a/apps/version.c
-+++ b/apps/version.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/apps/vms_decc_init.c
-+++ b/apps/vms_decc_init.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by sms and contributed to the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
---- /dev/null
-+++ b/apps/win32_init.c
-@@ -0,0 +1,304 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <windows.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <malloc.h>
-+
-+#if defined(CP_UTF8)
-+
-+static UINT saved_cp;
-+static int newargc;
-+static char **newargv;
-+
-+static void cleanup(void)
-+{
-+ int i;
-+
-+ SetConsoleOutputCP(saved_cp);
-+
-+ for (i = 0; i < newargc; i++)
-+ free(newargv[i]);
-+
-+ free(newargv);
-+}
-+
-+/*
-+ * Incrementally [re]allocate newargv and keep it NULL-terminated.
-+ */
-+static int validate_argv(int argc)
-+{
-+ static int size = 0;
-+
-+ if (argc >= size) {
-+ char **ptr;
-+
-+ while (argc >= size)
-+ size += 64;
-+
-+ ptr = realloc(newargv, size * sizeof(newargv[0]));
-+ if (ptr == NULL)
-+ return 0;
-+
-+ (newargv = ptr)[argc] = NULL;
-+ } else {
-+ newargv[argc] = NULL;
-+ }
-+
-+ return 1;
-+}
-+
-+static int process_glob(WCHAR *wstr, int wlen)
-+{
-+ int i, slash, udlen;
-+ WCHAR saved_char;
-+ WIN32_FIND_DATAW data;
-+ HANDLE h;
-+
-+ /*
-+ * Note that we support wildcard characters only in filename part
-+ * of the path, and not in directories. Windows users are used to
-+ * this, that's why recursive glob processing is not implemented.
-+ */
-+ /*
-+ * Start by looking for last slash or backslash, ...
-+ */
-+ for (slash = 0, i = 0; i < wlen; i++)
-+ if (wstr[i] == L'/' || wstr[i] == L'\\')
-+ slash = i + 1;
-+ /*
-+ * ... then look for asterisk or question mark in the file name.
-+ */
-+ for (i = slash; i < wlen; i++)
-+ if (wstr[i] == L'*' || wstr[i] == L'?')
-+ break;
-+
-+ if (i == wlen)
-+ return 0; /* definitely not a glob */
-+
-+ saved_char = wstr[wlen];
-+ wstr[wlen] = L'\0';
-+ h = FindFirstFileW(wstr, &data);
-+ wstr[wlen] = saved_char;
-+ if (h == INVALID_HANDLE_VALUE)
-+ return 0; /* not a valid glob, just pass... */
-+
-+ if (slash)
-+ udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
-+ NULL, 0, NULL, NULL);
-+ else
-+ udlen = 0;
-+
-+ do {
-+ int uflen;
-+ char *arg;
-+
-+ /*
-+ * skip over . and ..
-+ */
-+ if (data.cFileName[0] == L'.') {
-+ if ((data.cFileName[1] == L'\0') ||
-+ (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
-+ continue;
-+ }
-+
-+ if (!validate_argv(newargc + 1))
-+ break;
-+
-+ /*
-+ * -1 below means "scan for trailing '\0' *and* count it",
-+ * so that |uflen| covers even trailing '\0'.
-+ */
-+ uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
-+ NULL, 0, NULL, NULL);
-+
-+ arg = malloc(udlen + uflen);
-+ if (arg == NULL)
-+ break;
-+
-+ if (udlen)
-+ WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
-+ arg, udlen, NULL, NULL);
-+
-+ WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
-+ arg + udlen, uflen, NULL, NULL);
-+
-+ newargv[newargc++] = arg;
-+ } while (FindNextFileW(h, &data));
-+
-+ CloseHandle(h);
-+
-+ return 1;
-+}
-+
-+void win32_utf8argv(int *argc, char **argv[])
-+{
-+ const WCHAR *wcmdline;
-+ WCHAR *warg, *wend, *p;
-+ int wlen, ulen, valid = 1;
-+ char *arg;
-+
-+ newargc = 0;
-+ newargv = NULL;
-+ if (!validate_argv(newargc))
-+ return;
-+
-+ wcmdline = GetCommandLineW();
-+ if (wcmdline == NULL) return;
-+
-+ /*
-+ * make a copy of the command line, since we might have to modify it...
-+ */
-+ wlen = wcslen(wcmdline);
-+ p = _alloca((wlen + 1) * sizeof(WCHAR));
-+ wcscpy(p, wcmdline);
-+
-+ while (*p != L'\0') {
-+ int in_quote = 0;
-+
-+ if (*p == L' ' || *p == L'\t') {
-+ p++; /* skip over white spaces */
-+ continue;
-+ }
-+
-+ /*
-+ * Note: because we may need to fiddle with the number of backslashes,
-+ * the argument string is copied into itself. This is safe because
-+ * the number of characters will never expand.
-+ */
-+ warg = wend = p;
-+ while (*p != L'\0'
-+ && (in_quote || (*p != L' ' && *p != L'\t'))) {
-+ switch (*p) {
-+ case L'\\':
-+ /*
-+ * Microsoft documentation on how backslashes are treated
-+ * is:
-+ *
-+ * + Backslashes are interpreted literally, unless they
-+ * immediately precede a double quotation mark.
-+ * + If an even number of backslashes is followed by a double
-+ * quotation mark, one backslash is placed in the argv array
-+ * for every pair of backslashes, and the double quotation
-+ * mark is interpreted as a string delimiter.
-+ * + If an odd number of backslashes is followed by a double
-+ * quotation mark, one backslash is placed in the argv array
-+ * for every pair of backslashes, and the double quotation
-+ * mark is "escaped" by the remaining backslash, causing a
-+ * literal double quotation mark (") to be placed in argv.
-+ *
-+ * Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx
-+ *
-+ * Though referred page doesn't mention it, multiple qouble
-+ * quotes are also special. Pair of double quotes in quoted
-+ * string is counted as single double quote.
-+ */
-+ {
-+ const WCHAR *q = p;
-+ int i;
-+
-+ while (*p == L'\\')
-+ p++;
-+
-+ if (*p == L'"') {
-+ int i;
-+
-+ for (i = (p - q) / 2; i > 0; i--)
-+ *wend++ = L'\\';
-+
-+ /*
-+ * if odd amount of backslashes before the quote,
-+ * said quote is part of the argument, not a delimiter
-+ */
-+ if ((p - q) % 2 == 1)
-+ *wend++ = *p++;
-+ } else {
-+ for (i = p - q; i > 0; i--)
-+ *wend++ = L'\\';
-+ }
-+ }
-+ break;
-+ case L'"':
-+ /*
-+ * Without the preceding backslash (or when preceded with an
-+ * even number of backslashes), the double quote is a simple
-+ * string delimiter and just slightly change the parsing state
-+ */
-+ if (in_quote && p[1] == L'"')
-+ *wend++ = *p++;
-+ else
-+ in_quote = !in_quote;
-+ p++;
-+ break;
-+ default:
-+ /*
-+ * Any other non-delimiter character is just taken verbatim
-+ */
-+ *wend++ = *p++;
-+ }
-+ }
-+
-+ wlen = wend - warg;
-+
-+ if (wlen == 0 || !process_glob(warg, wlen)) {
-+ if (!validate_argv(newargc + 1)) {
-+ valid = 0;
-+ break;
-+ }
-+
-+ ulen = 0;
-+ if (wlen > 0) {
-+ ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
-+ NULL, 0, NULL, NULL);
-+ if (ulen <= 0)
-+ continue;
-+ }
-+
-+ arg = malloc(ulen + 1);
-+ if (arg == NULL) {
-+ valid = 0;
-+ break;
-+ }
-+
-+ if (wlen > 0)
-+ WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
-+ arg, ulen, NULL, NULL);
-+ arg[ulen] = '\0';
-+
-+ newargv[newargc++] = arg;
-+ }
-+ }
-+
-+ if (valid) {
-+ saved_cp = GetConsoleOutputCP();
-+ SetConsoleOutputCP(CP_UTF8);
-+
-+ *argc = newargc;
-+ *argv = newargv;
-+
-+ atexit(cleanup);
-+ } else if (newargv != NULL) {
-+ int i;
-+
-+ for (i = 0; i < newargc; i++)
-+ free(newargv[i]);
-+
-+ free(newargv);
-+
-+ newargc = 0;
-+ newargv = NULL;
-+ }
-+
-+ return;
-+}
-+#else
-+void win32_utf8argv(int &argc, char **argv[])
-+{ return; }
-+#endif
---- a/apps/winrand.c
-+++ /dev/null
-@@ -1,145 +0,0 @@
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
--/*-
-- * Usage: winrand [filename]
-- *
-- * Collects entropy from mouse movements and other events and writes
-- * random data to filename or .rnd
-- */
--
--#include <windows.h>
--#include <openssl/opensslv.h>
--#include <openssl/rand.h>
--
--LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
--const char *filename;
--
--int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
-- PSTR cmdline, int iCmdShow)
--{
-- static char appname[] = "OpenSSL";
-- HWND hwnd;
-- MSG msg;
-- WNDCLASSEX wndclass;
-- char buffer[200];
--
-- if (cmdline[0] == '\0')
-- filename = RAND_file_name(buffer, sizeof buffer);
-- else
-- filename = cmdline;
--
-- RAND_load_file(filename, -1);
--
-- wndclass.cbSize = sizeof(wndclass);
-- wndclass.style = CS_HREDRAW | CS_VREDRAW;
-- wndclass.lpfnWndProc = WndProc;
-- wndclass.cbClsExtra = 0;
-- wndclass.cbWndExtra = 0;
-- wndclass.hInstance = hInstance;
-- wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
-- wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
-- wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
-- wndclass.lpszMenuName = NULL;
-- wndclass.lpszClassName = appname;
-- wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
-- RegisterClassEx(&wndclass);
--
-- hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
-- WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-- CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
-- NULL);
--
-- ShowWindow(hwnd, iCmdShow);
-- UpdateWindow(hwnd);
--
-- while (GetMessage(&msg, NULL, 0, 0)) {
-- TranslateMessage(&msg);
-- DispatchMessage(&msg);
-- }
--
-- return msg.wParam;
--}
--
--LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
--{
-- HDC hdc;
-- PAINTSTRUCT ps;
-- RECT rect;
-- static int seeded = 0;
--
-- switch (iMsg) {
-- case WM_PAINT:
-- hdc = BeginPaint(hwnd, &ps);
-- GetClientRect(hwnd, &rect);
-- DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
-- &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
-- EndPaint(hwnd, &ps);
-- return 0;
--
-- case WM_DESTROY:
-- PostQuitMessage(0);
-- return 0;
-- }
--
-- if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
-- seeded = 1;
-- if (RAND_write_file(filename) <= 0)
-- MessageBox(hwnd, "Couldn't write random file!",
-- "OpenSSL", MB_OK | MB_ICONERROR);
-- PostQuitMessage(0);
-- }
--
-- return DefWindowProc(hwnd, iMsg, wParam, lParam);
--}
---- a/apps/x509.c
-+++ b/apps/x509.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -116,7 +68,7 @@ OPTIONS x509_options[] = {
- "Output format - default PEM (one of DER, NET or PEM)"},
- {"out", OPT_OUT, '>', "Output file - default stdout"},
- {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
-- {"passin", OPT_PASSIN, 's', "Private key password source"},
-+ {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
- {"serial", OPT_SERIAL, '-', "Print serial number value"},
- {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
- {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
-@@ -172,11 +124,11 @@ OPTIONS x509_options[] = {
- {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
- {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
- {"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"},
-- {"sigopt", OPT_SIGOPT, 's'},
-+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
- {"force_pubkey", OPT_FORCE_PUBKEY, '<'},
- {"next_serial", OPT_NEXT_SERIAL, '-'},
- {"clrreject", OPT_CLRREJECT, '-'},
-- {"badsig", OPT_BADSIG, '-'},
-+ {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
- {"", OPT_MD, '-', "Any supported digest"},
- #ifndef OPENSSL_NO_MD5
- {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
-@@ -193,7 +145,7 @@ OPTIONS x509_options[] = {
- int x509_main(int argc, char **argv)
- {
- ASN1_INTEGER *sno = NULL;
-- ASN1_OBJECT *objtmp;
-+ ASN1_OBJECT *objtmp = NULL;
- BIO *out = NULL;
- CONF *extconf = NULL;
- EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
-@@ -325,6 +277,7 @@ int x509_main(int argc, char **argv)
- if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
- goto end;
- sk_ASN1_OBJECT_push(trust, objtmp);
-+ objtmp = NULL;
- trustout = 1;
- break;
- case OPT_ADDREJECT:
-@@ -338,6 +291,7 @@ int x509_main(int argc, char **argv)
- && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
- goto end;
- sk_ASN1_OBJECT_push(reject, objtmp);
-+ objtmp = NULL;
- trustout = 1;
- break;
- case OPT_SETALIAS:
-@@ -638,6 +592,7 @@ int x509_main(int argc, char **argv)
- objtmp = sk_ASN1_OBJECT_value(trust, i);
- X509_add1_trust_object(x, objtmp);
- }
-+ objtmp = NULL;
- }
-
- if (reject) {
-@@ -645,14 +600,15 @@ int x509_main(int argc, char **argv)
- objtmp = sk_ASN1_OBJECT_value(reject, i);
- X509_add1_reject_object(x, objtmp);
- }
-+ objtmp = NULL;
- }
-
- if (num) {
- for (i = 1; i <= num; i++) {
- if (issuer == i) {
-- print_name(out, "issuer= ", X509_get_issuer_name(x), nmflag);
-+ print_name(out, "issuer=", X509_get_issuer_name(x), nmflag);
- } else if (subject == i) {
-- print_name(out, "subject= ",
-+ print_name(out, "subject=",
- X509_get_subject_name(x), nmflag);
- } else if (serial == i) {
- BIO_printf(out, "serial=");
-@@ -728,14 +684,14 @@ int x509_main(int argc, char **argv)
- BIO_printf(out, "Modulus=");
- #ifndef OPENSSL_NO_RSA
- if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
-- BIGNUM *n;
-+ const BIGNUM *n;
- RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
- BN_print(out, n);
- } else
- #endif
- #ifndef OPENSSL_NO_DSA
- if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
-- BIGNUM *dsapub = NULL;
-+ const BIGNUM *dsapub = NULL;
- DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
- BN_print(out, dsapub);
- } else
-@@ -763,7 +719,7 @@ int x509_main(int argc, char **argv)
- BIO_printf(out, "/*\n"
- " * Subject: %s\n", buf);
-
-- m = X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf);
-+ X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf);
- BIO_printf(out, " * Issuer: %s\n"
- " */\n", buf);
-
-@@ -933,6 +889,7 @@ int x509_main(int argc, char **argv)
- ASN1_INTEGER_free(sno);
- sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
- sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
-+ ASN1_OBJECT_free(objtmp);
- OPENSSL_free(passin);
- return (ret);
- }
-@@ -991,6 +948,10 @@ static int x509_certify(X509_STORE *ctx,
- EVP_PKEY *upkey;
-
- upkey = X509_get0_pubkey(xca);
-+ if (upkey == NULL) {
-+ BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
-+ goto end;
-+ }
- EVP_PKEY_copy_parameters(upkey, pkey);
-
- xsc = X509_STORE_CTX_new();
-@@ -1127,7 +1088,7 @@ static int sign(X509 *x, EVP_PKEY *pkey,
- static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
- {
- int id, i, idret;
-- char *pname;
-+ const char *pname;
- id = X509_PURPOSE_get_id(pt);
- pname = X509_PURPOSE_get0_name(pt);
- for (i = 0; i < 2; i++) {
---- a/appveyor.yml
-+++ b/appveyor.yml
-@@ -27,13 +27,27 @@
- }
- - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
- - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
-- - perl Configure %TARGET% no-asm %SHARED%
-+ - mkdir _build
-+ - cd _build
-+ - perl ..\Configure %TARGET% no-asm %SHARED%
-+ - cd ..
-
- build_script:
-+ - cd _build
- - nmake
-+ - cd ..
-
- test_script:
-+ - cd _build
- - nmake test
-+ - cd ..
-+
-+# Fake deploy script to test installation
-+deploy_script:
-+ - mkdir _install
-+ - cd _build
-+ - nmake install install_docs DESTDIR=..\_install
-+ - cd ..
-
- notifications:
- - provider: Email
---- a/build.info
-+++ b/build.info
-@@ -1,11 +1,22 @@
--{- use File::Spec::Functions qw/catdir rel2abs/; -}
- LIBS=libcrypto libssl
- ORDINALS[libcrypto]=crypto
- ORDINALS[libssl]=ssl
--INCLUDE[libcrypto]={- rel2abs(catdir($builddir,"include")) -} . crypto/include include
--INCLUDE[libssl]={- rel2abs(catdir($builddir,"include")) -} . include
-+INCLUDE[libcrypto]=. crypto/include include
-+INCLUDE[libssl]=. include
- DEPEND[libssl]=libcrypto
-
-+# Empty DEPEND "indices" means the dependencies are expected to be built
-+# unconditionally before anything else.
-+DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \
-+ crypto/include/internal/dso_conf.h
-+DEPEND[include/openssl/opensslconf.h]=configdata.pm
-+GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
-+DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm
-+GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in
-+DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm
-+GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in
-+
-+
- IF[{- $config{target} =~ /^Cygwin/ -}]
- SHARED_NAME[libcrypto]=cygcrypto-{- $config{shlib_major}.".".$config{shlib_minor} -}
- SHARED_NAME[libssl]=cygssl-{- $config{shlib_major}.".".$config{shlib_minor} -}
-@@ -20,11 +31,11 @@ ENDIF
- # VMS has a cultural standard where all libraries are prefixed.
- # For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
- # conversation with VSI, Tuesday January 26 2016)
--# Also, it seems it's usual to have a suffix to the shared library name
--# for the different pointer sizes that were built for.
-+# Also, it seems it's usual to have the pointer size the libraries
-+# were built for as part of the name.
- IF[{- $config{target} =~ /^vms/ -}]
-- RENAME[libcrypto]=ossl$libcrypto
-- RENAME[libssl]=ossl$libssl
-- SHARED_NAME[libcrypto]=ossl$libcrypto_shr{- $target{pointer_size} -}
-- SHARED_NAME[libssl]=ossl$libssl_shr{- $target{pointer_size} -}
-+ RENAME[libcrypto]=ossl$libcrypto{- $target{pointer_size} -}
-+ RENAME[libssl]=ossl$libssl{- $target{pointer_size} -}
-+ SHARED_NAME[libcrypto]=ossl$libcrypto{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -}
-+ SHARED_NAME[libssl]=ossl$libssl{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -}
- ENDIF
---- a/config
-+++ b/config
-@@ -1,25 +1,15 @@
- #!/bin/sh
-+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# OpenSSL config: determine the operating system and run ./Configure
--#
--# "config -h" for usage information.
--#
--# this is a merge of minarch and GuessOS from the Apache Group.
--# Originally written by Tim Hudson <tjh at cryptsoft.com>.
--
--# Original Apache Group comments on GuessOS
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
--# Simple OS/Platform guesser. Similar to config.guess but
--# much, much smaller. Since it was developed for use with
--# Apache, it follows under Apache's regular licensing
--# with one specific addition: Any changes or additions
--# to this script should be Emailed to the Apache
--# group (apache at apache.org) in general and to
--# Jim Jagielski (jim at jaguNET.com) in specific.
-+# OpenSSL config: determine the operating system and run ./Configure
-+# Derived from minarch and GuessOS from Apache.
- #
--# Be as similar to the output of config.guess/config.sub
--# as possible.
--
-+# Do "config -h" for usage information.
- SUFFIX=""
- TEST="false"
- EXE=""
-@@ -134,10 +124,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
- esac
- ;;
-
-- IRIX:5.*)
-- echo "mips2-sgi-irix"; exit 0
-- ;;
--
- IRIX:6.*)
- echo "mips3-sgi-irix"; exit 0
- ;;
-@@ -265,6 +251,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
- Power*)
- echo "ppc-apple-darwin${VERSION}"
- ;;
-+ x86_64)
-+ echo "x86_64-apple-darwin${VERSION}"
-+ ;;
- *)
- echo "i686-apple-darwin${VERSION}"
- ;;
-@@ -427,19 +416,6 @@ if [ "$SYSTEM" = "SunOS" ]; then
- fi
- fi
-
--if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
-- # check for Compaq C, expected output is "blah-blah C Vx.x"
-- CCCVER=`(ccc -V 2>&1) 2>/dev/null | \
-- egrep -e '.* C V[0-9]\.[0-9]' | \
-- sed 's/.* C V\([0-9]\)\.\([0-9]\).*/\1\2/'`
-- CCCVER=${CCCVER:-0}
-- if [ $CCCVER -gt 60 ]; then
-- CC=ccc # overrides gcc!!! well, ccc outperforms inoticeably
-- # only on hash routines and des, otherwise gcc (2.95)
-- # keeps along rather tight...
-- fi
--fi
--
- if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
- (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
- fi
-@@ -461,14 +437,6 @@ case "$GUESSOS" in
- uClinux*)
- OUT=uClinux-dist
- ;;
-- mips2-sgi-irix)
-- CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-- CPU=${CPU:-0}
-- if [ $CPU -ge 4000 ]; then
-- options="$options -mips2"
-- fi
-- OUT="irix-$CC"
-- ;;
- mips3-sgi-irix)
- #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
- #CPU=${CPU:-0}
-@@ -515,7 +483,7 @@ case "$GUESSOS" in
- ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
- if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
- echo "WARNING! If you wish to build 64-bit library, then you have to"
-- echo " invoke '$THERE/Configure darwin64-x86_64-cc $options' *manually*."
-+ echo " invoke 'KERNEL_BITS=64 $THERE/config $options'."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- # The stty technique used elsewhere doesn't work on
-@@ -528,6 +496,22 @@ case "$GUESSOS" in
- else
- OUT="darwin-i386-cc"
- fi ;;
-+ x86_64-apple-darwin*)
-+ if [ -z "$KERNEL_BITS" ]; then
-+ echo "WARNING! If you wish to build 32-bit library, then you have to"
-+ echo " invoke 'KERNEL_BITS=32 $THERE/config $options'."
-+ if [ "$TEST" = "false" -a -t 1 ]; then
-+ echo " You have about 5 seconds to press Ctrl-C to abort."
-+ # The stty technique used elsewhere doesn't work on
-+ # MacOS. At least, right now on this Mac.
-+ sleep 5
-+ fi
-+ fi
-+ if [ "$KERNEL_BITS" = "32" ]; then
-+ OUT="darwin-i386-cc"
-+ else
-+ OUT="darwin64-x86_64-cc"
-+ fi ;;
- armv6+7-*-iphoneos)
- options="$options -arch%20armv6 -arch%20armv7"
- OUT="iphoneos-cross" ;;
-@@ -643,21 +627,15 @@ case "$GUESSOS" in
- #fi
- OUT="linux64-s390x"
- ;;
-- x86_64-*-linux?) OUT="linux-x86_64" ;;
-- *86-*-linux2) OUT="linux-elf"
-- if [ "$GCCVER" -gt 28 ]; then
-- if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
-- options="$options -march=pentium"
-- fi
-- if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
-- options="$options -march=pentiumpro"
-- fi
-- if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
-- options="$options -march=k6"
-- fi
-- fi ;;
-- *-*-linux1) OUT="linux-aout" ;;
-- *-*-linux2) OUT="linux-generic32" ;;
-+ x86_64-*-linux?)
-+ if $CC -dM -E -x c /dev/null 2>&1 | grep -q ILP32 > /dev/null; then
-+ OUT="linux-x32"
-+ else
-+ OUT="linux-x86_64"
-+ fi ;;
-+ *86-*-linux2) OUT="linux-elf" ;;
-+ *86-*-linux1) OUT="linux-aout" ;;
-+ *-*-linux?) OUT="linux-generic32" ;;
- sun4[uv]*-*-solaris2)
- OUT="solaris-sparcv9-$CC"
- ISA64=`(isainfo) 2>/dev/null | grep sparcv9`
-@@ -728,9 +706,10 @@ case "$GUESSOS" in
- *ELF*) OUT="BSD-x86-elf" ;;
- *) OUT="BSD-x86"; options="$options no-sse2" ;;
- esac ;;
-+ *-*-*bsd*) OUT="BSD-generic32" ;;
-+
- x86_64-*-haiku) OUT="haiku-x86_64" ;;
- *-*-haiku) OUT="haiku-x86" ;;
-- *-*-*bsd*) OUT="BSD-generic32" ;;
-
- *-*-osf) OUT="osf1-alpha-cc" ;;
- *-*-tru64) OUT="tru64-alpha-cc" ;;
---- a/config.com
-+++ b/config.com
-@@ -1,4 +1,10 @@
- $ ! OpenSSL config: determine the architecture and run Configure
-+$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+$ !
-+$ ! Licensed under the OpenSSL license (the "License"). You may not use
-+$ ! this file except in compliance with the License. You can obtain a
-+$ ! copy in the file LICENSE in the source distribution or at
-+$ ! https://www.openssl.org/source/license.html
- $ !
- $ ! Very simple for the moment, it will take the following arguments:
- $ !
-@@ -8,7 +14,7 @@
- $ ! -h prints a usage and exits
- $ ! -t test mode, doesn't run Configure
- $
--$ arch == f$edit( f$getsyi( "arch_name"), "lowercase")
-+$ arch = f$edit( f$getsyi( "arch_name"), "lowercase")
- $ pointer_size = ""
- $ test = 0
- $ here = F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"),,,"SYNTAX_ONLY") - "A.;"
---- a/crypto/LPdir_nyi.c
-+++ b/crypto/LPdir_nyi.c
-@@ -1,6 +1,12 @@
- /*
-- * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
---- a/crypto/LPdir_unix.c
-+++ b/crypto/LPdir_unix.c
-@@ -1,7 +1,12 @@
- /*
-- * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
-- * $
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
---- a/crypto/LPdir_vms.c
-+++ b/crypto/LPdir_vms.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
---- a/crypto/LPdir_win.c
-+++ b/crypto/LPdir_win.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
-@@ -23,8 +32,10 @@
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-+
- #include <windows.h>
- #include <tchar.h>
-+#include "internal/numbers.h"
- #ifndef LPDIR_H
- # include "LPdir.h"
- #endif
-@@ -45,6 +56,12 @@
- # define NAME_MAX 255
- #endif
-
-+#ifdef CP_UTF8
-+# define CP_DEFAULT CP_UTF8
-+#else
-+# define CP_DEFAULT CP_ACP
-+#endif
-+
- struct LP_dir_context_st {
- WIN32_FIND_DATA ctx;
- HANDLE handle;
-@@ -60,11 +77,9 @@ const char *LP_find_file(LP_DIR_CTX **ct
-
- errno = 0;
- if (*ctx == NULL) {
-- const char *extdir = directory;
-- char *extdirbuf = NULL;
- size_t dirlen = strlen(directory);
-
-- if (dirlen == 0) {
-+ if (dirlen == 0 || dirlen > INT_MAX - 3) {
- errno = ENOENT;
- return 0;
- }
-@@ -76,50 +91,76 @@ const char *LP_find_file(LP_DIR_CTX **ct
- }
- memset(*ctx, 0, sizeof(**ctx));
-
-- if (directory[dirlen - 1] != '*') {
-- extdirbuf = (char *)malloc(dirlen + 3);
-- if (extdirbuf == NULL) {
-- free(*ctx);
-- *ctx = NULL;
-- errno = ENOMEM;
-- return 0;
-- }
-- if (directory[dirlen - 1] != '/' && directory[dirlen - 1] != '\\')
-- extdir = strcat(strcpy(extdirbuf, directory), "/*");
-- else
-- extdir = strcat(strcpy(extdirbuf, directory), "*");
-- }
--
- if (sizeof(TCHAR) != sizeof(char)) {
- TCHAR *wdir = NULL;
- /* len_0 denotes string length *with* trailing 0 */
-- size_t index = 0, len_0 = strlen(extdir) + 1;
-+ size_t index = 0, len_0 = dirlen + 1;
-+#ifdef LP_MULTIBYTE_AVAILABLE
-+ int sz = 0;
-+ UINT cp;
-
-- wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
-- if (wdir == NULL) {
-- if (extdirbuf != NULL) {
-- free(extdirbuf);
-+ do {
-+# ifdef CP_UTF8
-+ if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
-+ directory, len_0,
-+ NULL, 0)) > 0 ||
-+ GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
-+ break;
-+# endif
-+ sz = MultiByteToWideChar((cp = CP_ACP), 0,
-+ directory, len_0,
-+ NULL, 0);
-+ } while (0);
-+
-+ if (sz > 0) {
-+ /*
-+ * allocate two additional characters in case we need to
-+ * concatenate asterisk, |sz| covers trailing '\0'!
-+ */
-+ wdir = _alloca((sz + 2) * sizeof(TCHAR));
-+ if (!MultiByteToWideChar(cp, 0, directory, len_0,
-+ (WCHAR *)wdir, sz)) {
-+ free(*ctx);
-+ *ctx = NULL;
-+ errno = EINVAL;
-+ return 0;
- }
-- free(*ctx);
-- *ctx = NULL;
-- errno = ENOMEM;
-- return 0;
-- }
--#ifdef LP_MULTIBYTE_AVAILABLE
-- if (!MultiByteToWideChar
-- (CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
-+ } else
- #endif
-+ {
-+ sz = len_0;
-+ /*
-+ * allocate two additional characters in case we need to
-+ * concatenate asterisk, |sz| covers trailing '\0'!
-+ */
-+ wdir = _alloca((sz + 2) * sizeof(TCHAR));
- for (index = 0; index < len_0; index++)
-- wdir[index] = (TCHAR)extdir[index];
-+ wdir[index] = (TCHAR)directory[index];
-+ }
-
-- (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
-+ sz--; /* wdir[sz] is trailing '\0' now */
-+ if (wdir[sz - 1] != TEXT('*')) {
-+ if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\'))
-+ _tcscpy(wdir + sz, TEXT("/*"));
-+ else
-+ _tcscpy(wdir + sz, TEXT("*"));
-+ }
-
-- free(wdir);
-+ (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
- } else {
-- (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
-- }
-- if (extdirbuf != NULL) {
-- free(extdirbuf);
-+ if (directory[dirlen - 1] != '*') {
-+ char *buf = _alloca(dirlen + 3);
-+
-+ strcpy(buf, directory);
-+ if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\')
-+ strcpy(buf + dirlen, "/*");
-+ else
-+ strcpy(buf + dirlen, "*");
-+
-+ directory = buf;
-+ }
-+
-+ (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
- }
-
- if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
-@@ -142,9 +183,9 @@ const char *LP_find_file(LP_DIR_CTX **ct
- len_0++;
-
- #ifdef LP_MULTIBYTE_AVAILABLE
-- if (!WideCharToMultiByte
-- (CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
-- sizeof((*ctx)->entry_name), NULL, 0))
-+ if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
-+ (*ctx)->entry_name,
-+ sizeof((*ctx)->entry_name), NULL, 0))
- #endif
- for (index = 0; index < len_0; index++)
- (*ctx)->entry_name[index] = (char)wdir[index];
---- a/crypto/LPdir_win32.c
-+++ b/crypto/LPdir_win32.c
-@@ -1,7 +1,12 @@
- /*
-- * $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
-- * $
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
---- a/crypto/LPdir_wince.c
-+++ b/crypto/LPdir_wince.c
-@@ -1,7 +1,12 @@
- /*
-- * $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
-- * $
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
---- a/crypto/Makefile.in
-+++ /dev/null
-@@ -1,117 +0,0 @@
--#
--# OpenSSL/crypto/Makefile
--#
--
--DIR= crypto
--TOP= ..
--CC= cc
--INCLUDE= -I. -I$(TOP) -I../include -Iinclude $(ZLIB_INCLUDE)
--# INCLUDES targets sudbirs!
--INCLUDES= -I.. -I../.. -I../modes -I../include -I../../include $(ZLIB_INCLUDE)
--CFLAG= -g
--MAKEFILE= Makefile
--RM= rm -f
--AR= ar r
--
--RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
-- (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
-- $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \
-- done;
--
--PLIB_LDFLAG=
--EX_LIBS=
--
--CFLAGS= $(INCLUDE) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDE) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS=$(ASFLAGS)
--CPUID_OBJ=mem_clr.o
--UPLINK_OBJ=
--
--LIBS=
--
--GENERAL=Makefile README crypto-lib.com install.com
--
--LIB= $(TOP)/libcrypto.a
--SHARED_LIB= libcrypto$(SHLIB_EXT)
--LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-- ebcdic.c uid.c o_time.c o_str.c o_dir.c \
-- threads_pthread.c threads_win.c threads_none.c \
-- o_init.c o_fips.c mem_sec.c init.c
--LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
-- ebcdic.o uid.o o_time.o o_str.o o_dir.o \
-- threads_pthread.o threads_win.o threads_none.o \
-- o_init.o o_fips.o mem_sec.o init.o $(CPUID_OBJ) $(UPLINK_OBJ)
--
--SRC= $(LIBSRC)
--
--HEADER= buildinf.h arm_arch.h ppc_arch.h sparc_arch.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- @(cd ..; $(MAKE) DIRS=$(DIR) all)
--
--all: shared
--
--fips: cryptlib.o thr_id.o uid.o $(CPUID_OBJ)
-- [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
-- ( obj=`$(PERL) $(TOP)/util/fipsobj.pl $$i` && \
-- cd $$i && echo "making fips in $(DIR)/$$i..." && \
-- $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$obj ) || exit 1; \
-- done;
--
--buildinf.h: ../Makefile
-- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS_Q)" "$(PLATFORM)" >buildinf.h
--
--x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
-- $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--applink.o: $(TOP)/ms/applink.c
-- $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c
--
--uplink.o: $(TOP)/ms/uplink.c applink.o
-- $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c
--
--uplink-x86.s: $(TOP)/ms/uplink-x86.pl
-- $(PERL) $(TOP)/ms/uplink-x86.pl $(PERLASM_SCHEME) $@
--
--x86_64cpuid.s: x86_64cpuid.pl; $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) $@
--ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@
--ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
--pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
--alphacpuid.s: alphacpuid.pl
-- (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \
-- $(PERL) alphacpuid.pl $$preproc && \
-- $(CC) -E -P $$preproc > $@ && rm $$preproc)
--arm64cpuid.S: arm64cpuid.pl; $(PERL) arm64cpuid.pl $(PERLASM_SCHEME) $@
--armv4cpuid.S: armv4cpuid.pl; $(PERL) armv4cpuid.pl $(PERLASM_SCHEME) $@
--
--subdirs:
-- @target=all; $(RECURSIVE_MAKE)
--
--# lib: $(LIB): are splitted to avoid end-less loop
--lib: $(LIB)
-- @touch lib
--$(LIB): $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
--
--shared: buildinf.h lib subdirs
-- if [ -n "$(SHARED_LIBS)" ]; then \
-- (cd ..; $(MAKE) $(SHARED_LIB)); \
-- fi
--
--libs:
-- @target=lib; $(RECURSIVE_MAKE)
--
--depend:
-- @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
-- @[ -z "$(THIS)" ] || $(TOP)/util/domd $(CFLAG) $(INCLUDE) -- $(PROGS) $(LIBSRC)
-- @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
-- @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
-- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
--clean:
-- rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-- @target=clean; $(RECURSIVE_MAKE)
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/aes/Makefile.in
-+++ /dev/null
-@@ -1,106 +0,0 @@
--#
--# crypto/aes/Makefile
--#
--
--DIR= aes
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--AES_ENC=aes_core.o aes_cbc.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
-- aes_ige.c aes_wrap.c
--LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ige.o aes_wrap.o \
-- $(AES_ENC)
--
--SRC= $(LIBSRC)
--
--HEADER= aes_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--aes-ia64.s: asm/aes-ia64.S
-- $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
--
--aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--vpaes-x86.s: asm/vpaes-x86.pl ../perlasm/x86asm.pl
-- $(PERL) asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--aesni-x86.s: asm/aesni-x86.pl ../perlasm/x86asm.pl
-- $(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--aes-x86_64.s: asm/aes-x86_64.pl
-- $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) $@
--vpaes-x86_64.s: asm/vpaes-x86_64.pl
-- $(PERL) asm/vpaes-x86_64.pl $(PERLASM_SCHEME) $@
--bsaes-x86_64.s: asm/bsaes-x86_64.pl
-- $(PERL) asm/bsaes-x86_64.pl $(PERLASM_SCHEME) $@
--aesni-x86_64.s: asm/aesni-x86_64.pl
-- $(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) $@
--aesni-sha1-x86_64.s: asm/aesni-sha1-x86_64.pl
-- $(PERL) asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME) $@
--aesni-sha256-x86_64.s: asm/aesni-sha256-x86_64.pl
-- $(PERL) asm/aesni-sha256-x86_64.pl $(PERLASM_SCHEME) $@
--aesni-mb-x86_64.s: asm/aesni-mb-x86_64.pl
-- $(PERL) asm/aesni-mb-x86_64.pl $(PERLASM_SCHEME) $@
--
--aes-sparcv9.S: asm/aes-sparcv9.pl
-- $(PERL) asm/aes-sparcv9.pl $(PERLASM_SCHEME) $@
--aest4-sparcv9.S: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl
-- $(PERL) asm/aest4-sparcv9.pl $(PERLASM_SCHEME) $@
--
--aes-ppc.s: asm/aes-ppc.pl
-- $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
--vpaes-ppc.s: asm/vpaes-ppc.pl
-- $(PERL) asm/vpaes-ppc.pl $(PERLASM_SCHEME) $@
--aesp8-ppc.s: asm/aesp8-ppc.pl
-- $(PERL) asm/aesp8-ppc.pl $(PERLASM_SCHEME) $@
--
--aes-parisc.s: asm/aes-parisc.pl
-- $(PERL) asm/aes-parisc.pl $(PERLASM_SCHEME) $@
--
--aes-mips.S: asm/aes-mips.pl
-- $(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@
--
--aesv8-armx.S: asm/aesv8-armx.pl
-- $(PERL) asm/aesv8-armx.pl $(PERLASM_SCHEME) $@
--aesv8-armx.o: aesv8-armx.S
--vpaes-armv8.S: asm/vpaes-armv8.pl
-- $(PERL) asm/vpaes-armv8.pl $(PERLASM_SCHEME) $@
--vpaes-armv8.o: vpaes-armv8.S
--
--# GNU make "catch all"
--aes-%.S: asm/aes-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--aes-armv4.o: aes-armv4.S
--bsaes-%.S: asm/bsaes-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--bsaes-armv7.o: bsaes-armv7.S
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/aes/aes_cbc.c
-+++ b/crypto/aes/aes_cbc.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/aes.h>
---- a/crypto/aes/aes_cfb.c
-+++ b/crypto/aes/aes_cfb.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/aes.h>
---- a/crypto/aes/aes_core.c
-+++ b/crypto/aes/aes_core.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /**
- * rijndael-alg-fst.c
- *
-@@ -635,9 +644,9 @@ int AES_set_encrypt_key(const unsigned c
-
- rk = key->rd_key;
-
-- if (bits==128)
-+ if (bits == 128)
- key->rounds = 10;
-- else if (bits==192)
-+ else if (bits == 192)
- key->rounds = 12;
- else
- key->rounds = 14;
-@@ -1213,9 +1222,9 @@ int AES_set_encrypt_key(const unsigned c
-
- rk = key->rd_key;
-
-- if (bits==128)
-+ if (bits == 128)
- key->rounds = 10;
-- else if (bits==192)
-+ else if (bits == 192)
- key->rounds = 12;
- else
- key->rounds = 14;
-@@ -1346,7 +1355,7 @@ int AES_set_decrypt_key(const unsigned c
- rk[j] = tpe ^ ROTATE(tpd,16) ^
- ROTATE(tp9,24) ^ ROTATE(tpb,8);
- #else
-- rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
-+ rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
- (tp9 >> 8) ^ (tp9 << 24) ^
- (tpb >> 24) ^ (tpb << 8);
- #endif
---- a/crypto/aes/aes_ecb.c
-+++ b/crypto/aes/aes_ecb.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <assert.h>
---- a/crypto/aes/aes_ige.c
-+++ b/crypto/aes/aes_ige.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/aes/aes_locl.h
-+++ b/crypto/aes/aes_locl.h
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_AES_LOCL_H
---- a/crypto/aes/aes_misc.c
-+++ b/crypto/aes/aes_misc.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslv.h>
---- a/crypto/aes/aes_ofb.c
-+++ b/crypto/aes/aes_ofb.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/aes.h>
---- a/crypto/aes/aes_wrap.c
-+++ b/crypto/aes/aes_wrap.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/aes/aes_x86core.c
-+++ b/crypto/aes/aes_x86core.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /**
- * rijndael-alg-fst.c
- *
-@@ -612,7 +621,7 @@ int AES_set_decrypt_key(const unsigned c
- rk[j] = tpe ^ ROTATE(tpd,16) ^
- ROTATE(tp9,8) ^ ROTATE(tpb,24);
- #else
-- rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
-+ rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
- (tp9 >> 24) ^ (tp9 << 8) ^
- (tpb >> 8) ^ (tpb << 24);
- #endif
-@@ -901,7 +910,7 @@ void AES_decrypt(const unsigned char *in
- (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
- (u32)Td4[(s0 >> 24) ] << 24;
-
-- /* now do the linear transform using words */
-+ /* now do the linear transform using words */
- {
- int i;
- u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-@@ -925,7 +934,7 @@ void AES_decrypt(const unsigned char *in
- t[i] = tpe ^ ROTATE(tpd,16) ^
- ROTATE(tp9,8) ^ ROTATE(tpb,24);
- #else
-- t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
-+ t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
- (tp9 >> 24) ^ (tp9 << 8) ^
- (tpb >> 8) ^ (tpb << 24);
- #endif
-@@ -978,7 +987,7 @@ void AES_decrypt(const unsigned char *in
- (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
- (u32)Td4[(s0 >> 24) ] << 24;
-
-- /* now do the linear transform using words */
-+ /* now do the linear transform using words */
- {
- int i;
- u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-@@ -1002,7 +1011,7 @@ void AES_decrypt(const unsigned char *in
- t[i] = tpe ^ ROTATE(tpd,16) ^
- ROTATE(tp9,8) ^ ROTATE(tpb,24);
- #else
-- t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
-+ t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
- (tp9 >> 24) ^ (tp9 << 8) ^
- (tpb >> 8) ^ (tpb << 24);
- #endif
---- a/crypto/aes/asm/aes-586.pl
-+++ b/crypto/aes/asm/aes-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/aes/asm/aes-armv4.pl
-+++ b/crypto/aes/asm/aes-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/aes/asm/aes-c64xplus.pl
-+++ b/crypto/aes/asm/aes-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/aes/asm/aes-ia64.S
-+++ b/crypto/aes/asm/aes-ia64.S
-@@ -1,3 +1,10 @@
-+// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+//
-+// Licensed under the OpenSSL license (the "License"). You may not use
-+// this file except in compliance with the License. You can obtain a copy
-+// in the file LICENSE in the source distribution or at
-+// https://www.openssl.org/source/license.html
-+//
- // ====================================================================
- // Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
- // project. Rights for redistribution and usage in source and binary
---- a/crypto/aes/asm/aes-mips.pl
-+++ b/crypto/aes/asm/aes-mips.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -57,6 +64,7 @@
- $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
-
- if ($flavour =~ /64|n32/i) {
-+ $PTR_LA="dla";
- $PTR_ADD="dadd"; # incidentally works even on n32
- $PTR_SUB="dsub"; # incidentally works even on n32
- $PTR_INS="dins";
-@@ -65,6 +73,7 @@ if ($flavour =~ /64|n32/i) {
- $PTR_SLL="dsll"; # incidentally works even on n32
- $SZREG=8;
- } else {
-+ $PTR_LA="la";
- $PTR_ADD="add";
- $PTR_SUB="sub";
- $PTR_INS="ins";
-@@ -110,7 +119,7 @@ my ($MSB,$LSB)=(0,3); # automatically co
-
- {{{
- my $FRAMESIZE=16*$SZREG;
--my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
-+my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
-
- my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7);
- my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
-@@ -646,7 +655,7 @@ my ($key0,$cnt)=($gp,$fp);
- ___
- $code.=<<___;
- .set reorder
-- la $Tbl,AES_Te # PIC-ified 'load address'
-+ $PTR_LA $Tbl,AES_Te # PIC-ified 'load address'
-
- lwl $s0,0+$MSB($inp)
- lwl $s1,4+$MSB($inp)
-@@ -1217,7 +1226,7 @@ my ($key0,$cnt)=($gp,$fp);
- ___
- $code.=<<___;
- .set reorder
-- la $Tbl,AES_Td # PIC-ified 'load address'
-+ $PTR_LA $Tbl,AES_Td # PIC-ified 'load address'
-
- lwl $s0,0+$MSB($inp)
- lwl $s1,4+$MSB($inp)
-@@ -1267,7 +1276,7 @@ my ($key0,$cnt)=($gp,$fp);
-
- {{{
- my $FRAMESIZE=8*$SZREG;
--my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc000f008 : 0xc0000000;
-+my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc000f008" : "0xc0000000";
-
- my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3);
- my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
-@@ -1556,7 +1565,7 @@ my ($rcon,$cnt)=($gp,$fp);
- ___
- $code.=<<___;
- .set reorder
-- la $Tbl,AES_Te4 # PIC-ified 'load address'
-+ $PTR_LA $Tbl,AES_Te4 # PIC-ified 'load address'
-
- bal _mips_AES_set_encrypt_key
-
-@@ -1611,7 +1620,7 @@ my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)
- ___
- $code.=<<___;
- .set reorder
-- la $Tbl,AES_Te4 # PIC-ified 'load address'
-+ $PTR_LA $Tbl,AES_Te4 # PIC-ified 'load address'
-
- bal _mips_AES_set_encrypt_key
-
---- a/crypto/aes/asm/aes-parisc.pl
-+++ b/crypto/aes/asm/aes-parisc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/aes/asm/aes-ppc.pl
-+++ b/crypto/aes/asm/aes-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/aes/asm/aes-s390x.pl
-+++ b/crypto/aes/asm/aes-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -818,13 +825,9 @@ sub _data_word()
- tmhl %r0,0x4000 # check for message-security assist
- jz .Lekey_internal
-
-- lghi %r0,0 # query capability vector
-- la %r1,16($sp)
-- .long 0xb92f0042 # kmc %r4,%r2
--
-- llihh %r1,0x8000
-- srlg %r1,%r1,0(%r5)
-- ng %r1,16($sp)
-+ llihh %r0,0x8000
-+ srlg %r0,%r0,0(%r5)
-+ ng %r0,48(%r1) # check kmc capability vector
- jz .Lekey_internal
-
- lmg %r0,%r1,0($inp) # just copy 128 bits...
-@@ -1444,13 +1447,10 @@ my $fp ="%r7";
-
- llgfr $s0,%r0
- lgr $s1,%r1
-- lghi %r0,0
-- la %r1,16($sp)
-- .long 0xb92d2042 # kmctr %r4,%r2,%r2
--
-+ larl %r1,OPENSSL_s390xcap_P
- llihh %r0,0x8000 # check if kmctr supports the function code
- srlg %r0,%r0,0($s0)
-- ng %r0,16($sp)
-+ ng %r0,64(%r1) # check kmctr capability vector
- lgr %r0,$s0
- lgr %r1,$s1
- jz .Lctr32_km_loop
-@@ -1597,12 +1597,10 @@ my $tweak=16*$SIZE_T+16; # or $stdframe-
- llgfr $s0,%r0 # put aside the function code
- lghi $s1,0x7f
- nr $s1,%r0
-- lghi %r0,0 # query capability vector
-- la %r1,$tweak-16($sp)
-- .long 0xb92e0042 # km %r4,%r2
-- llihh %r1,0x8000
-- srlg %r1,%r1,32($s1) # check for 32+function code
-- ng %r1,$tweak-16($sp)
-+ larl %r1,OPENSSL_s390xcap_P
-+ llihh %r0,0x8000
-+ srlg %r0,%r0,32($s1) # check for 32+function code
-+ ng %r0,32(%r1) # check km capability vector
- lgr %r0,$s0 # restore the function code
- la %r1,0($key1) # restore $key1
- jz .Lxts_km_vanilla
-@@ -2229,7 +2227,7 @@ my $tweak=16*$SIZE_T+16; # or $stdframe-
- }
- $code.=<<___;
- .string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
--.comm OPENSSL_s390xcap_P,16,8
-+.comm OPENSSL_s390xcap_P,80,8
- ___
-
- $code =~ s/\`([^\`]*)\`/eval $1/gem;
---- a/crypto/aes/asm/aes-sparcv9.pl
-+++ b/crypto/aes/asm/aes-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/aes/asm/aes-x86_64.pl
-+++ b/crypto/aes/asm/aes-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -37,7 +44,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $verticalspin=1; # unlike 32-bit version $verticalspin performs
---- /dev/null
-+++ b/crypto/aes/asm/aesfx-sparcv9.pl
-@@ -0,0 +1,1270 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+#
-+# ====================================================================
-+# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+
-+# March 2016
-+#
-+# Initial support for Fujitsu SPARC64 X/X+ comprises minimally
-+# required key setup and single-block procedures.
-+#
-+# April 2016
-+#
-+# Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means
-+# that parallelizeable nature of CBC decrypt and CTR is not utilized
-+# yet. CBC encrypt on the other hand is as good as it can possibly
-+# get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X.
-+# This is ~6x faster than pure software implementation...
-+#
-+# July 2016
-+#
-+# Switch from faligndata to fshiftorx, which allows to omit alignaddr
-+# instructions and improve single-block and short-input performance
-+# with misaligned data.
-+
-+$output = pop;
-+open STDOUT,">$output";
-+
-+{
-+my ($inp,$out,$key,$rounds,$tmp,$mask) = map("%o$_",(0..5));
-+
-+$code.=<<___;
-+#include "sparc_arch.h"
-+
-+#define LOCALS (STACK_BIAS+STACK_FRAME)
-+
-+.text
-+
-+.globl aes_fx_encrypt
-+.align 32
-+aes_fx_encrypt:
-+ and $inp, 7, $tmp ! is input aligned?
-+ andn $inp, 7, $inp
-+ ldd [$key + 0], %f6 ! round[0]
-+ ldd [$key + 8], %f8
-+ mov %o7, %g1
-+ ld [$key + 240], $rounds
-+
-+1: call .+8
-+ add %o7, .Linp_align-1b, %o7
-+
-+ sll $tmp, 3, $tmp
-+ ldd [$inp + 0], %f0 ! load input
-+ brz,pt $tmp, .Lenc_inp_aligned
-+ ldd [$inp + 8], %f2
-+
-+ ldd [%o7 + $tmp], %f14 ! shift left params
-+ ldd [$inp + 16], %f4
-+ fshiftorx %f0, %f2, %f14, %f0
-+ fshiftorx %f2, %f4, %f14, %f2
-+
-+.Lenc_inp_aligned:
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fxor %f0, %f6, %f0 ! ^=round[0]
-+ fxor %f2, %f8, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+ add $key, 32, $key
-+ sub $rounds, 4, $rounds
-+
-+.Loop_enc:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 16], %f10
-+ ldd [$key + 24], %f12
-+ add $key, 32, $key
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$key + 0], %f6
-+ ldd [$key + 8], %f8
-+
-+ brnz,a $rounds, .Loop_enc
-+ sub $rounds, 2, $rounds
-+
-+ andcc $out, 7, $tmp ! is output aligned?
-+ andn $out, 7, $out
-+ mov 0xff, $mask
-+ srl $mask, $tmp, $mask
-+ add %o7, 64, %o7
-+ sll $tmp, 3, $tmp
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [%o7 + $tmp], %f14 ! shift right params
-+
-+ fmovd %f0, %f4
-+ faesenclx %f2, %f6, %f0
-+ faesenclx %f4, %f8, %f2
-+
-+ bnz,pn %icc, .Lenc_out_unaligned
-+ mov %g1, %o7
-+
-+ std %f0, [$out + 0]
-+ retl
-+ std %f2, [$out + 8]
-+
-+.align 16
-+.Lenc_out_unaligned:
-+ add $out, 16, $inp
-+ orn %g0, $mask, $tmp
-+ fshiftorx %f0, %f0, %f14, %f4
-+ fshiftorx %f0, %f2, %f14, %f6
-+ fshiftorx %f2, %f2, %f14, %f8
-+
-+ stda %f4, [$out + $mask]0xc0 ! partial store
-+ std %f6, [$out + 8]
-+ stda %f8, [$inp + $tmp]0xc0 ! partial store
-+ retl
-+ nop
-+.type aes_fx_encrypt,#function
-+.size aes_fx_encrypt,.-aes_fx_encrypt
-+
-+.globl aes_fx_decrypt
-+.align 32
-+aes_fx_decrypt:
-+ and $inp, 7, $tmp ! is input aligned?
-+ andn $inp, 7, $inp
-+ ldd [$key + 0], %f6 ! round[0]
-+ ldd [$key + 8], %f8
-+ mov %o7, %g1
-+ ld [$key + 240], $rounds
-+
-+1: call .+8
-+ add %o7, .Linp_align-1b, %o7
-+
-+ sll $tmp, 3, $tmp
-+ ldd [$inp + 0], %f0 ! load input
-+ brz,pt $tmp, .Ldec_inp_aligned
-+ ldd [$inp + 8], %f2
-+
-+ ldd [%o7 + $tmp], %f14 ! shift left params
-+ ldd [$inp + 16], %f4
-+ fshiftorx %f0, %f2, %f14, %f0
-+ fshiftorx %f2, %f4, %f14, %f2
-+
-+.Ldec_inp_aligned:
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fxor %f0, %f6, %f0 ! ^=round[0]
-+ fxor %f2, %f8, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+ add $key, 32, $key
-+ sub $rounds, 4, $rounds
-+
-+.Loop_dec:
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$key + 16], %f10
-+ ldd [$key + 24], %f12
-+ add $key, 32, $key
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f6, %f0
-+ faesdecx %f4, %f8, %f2
-+ ldd [$key + 0], %f6
-+ ldd [$key + 8], %f8
-+
-+ brnz,a $rounds, .Loop_dec
-+ sub $rounds, 2, $rounds
-+
-+ andcc $out, 7, $tmp ! is output aligned?
-+ andn $out, 7, $out
-+ mov 0xff, $mask
-+ srl $mask, $tmp, $mask
-+ add %o7, 64, %o7
-+ sll $tmp, 3, $tmp
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [%o7 + $tmp], %f14 ! shift right params
-+
-+ fmovd %f0, %f4
-+ faesdeclx %f2, %f6, %f0
-+ faesdeclx %f4, %f8, %f2
-+
-+ bnz,pn %icc, .Ldec_out_unaligned
-+ mov %g1, %o7
-+
-+ std %f0, [$out + 0]
-+ retl
-+ std %f2, [$out + 8]
-+
-+.align 16
-+.Ldec_out_unaligned:
-+ add $out, 16, $inp
-+ orn %g0, $mask, $tmp
-+ fshiftorx %f0, %f0, %f14, %f4
-+ fshiftorx %f0, %f2, %f14, %f6
-+ fshiftorx %f2, %f2, %f14, %f8
-+
-+ stda %f4, [$out + $mask]0xc0 ! partial store
-+ std %f6, [$out + 8]
-+ stda %f8, [$inp + $tmp]0xc0 ! partial store
-+ retl
-+ nop
-+.type aes_fx_decrypt,#function
-+.size aes_fx_decrypt,.-aes_fx_decrypt
-+___
-+}
-+{
-+my ($inp,$bits,$out,$tmp,$inc) = map("%o$_",(0..5));
-+$code.=<<___;
-+.globl aes_fx_set_decrypt_key
-+.align 32
-+aes_fx_set_decrypt_key:
-+ b .Lset_encrypt_key
-+ mov -1, $inc
-+ retl
-+ nop
-+.type aes_fx_set_decrypt_key,#function
-+.size aes_fx_set_decrypt_key,.-aes_fx_set_decrypt_key
-+
-+.globl aes_fx_set_encrypt_key
-+.align 32
-+aes_fx_set_encrypt_key:
-+ mov 1, $inc
-+ nop
-+.Lset_encrypt_key:
-+ and $inp, 7, $tmp
-+ andn $inp, 7, $inp
-+ sll $tmp, 3, $tmp
-+ mov %o7, %g1
-+
-+1: call .+8
-+ add %o7, .Linp_align-1b, %o7
-+
-+ ldd [%o7 + $tmp], %f10 ! shift left params
-+ mov %g1, %o7
-+
-+ cmp $bits, 192
-+ ldd [$inp + 0], %f0
-+ bl,pt %icc, .L128
-+ ldd [$inp + 8], %f2
-+
-+ be,pt %icc, .L192
-+ ldd [$inp + 16], %f4
-+ brz,pt $tmp, .L256aligned
-+ ldd [$inp + 24], %f6
-+
-+ ldd [$inp + 32], %f8
-+ fshiftorx %f0, %f2, %f10, %f0
-+ fshiftorx %f2, %f4, %f10, %f2
-+ fshiftorx %f4, %f6, %f10, %f4
-+ fshiftorx %f6, %f8, %f10, %f6
-+
-+.L256aligned:
-+ mov 14, $bits
-+ and $inc, `14*16`, $tmp
-+ st $bits, [$out + 240] ! store rounds
-+ add $out, $tmp, $out ! start or end of key schedule
-+ sllx $inc, 4, $inc ! 16 or -16
-+___
-+for ($i=0; $i<6; $i++) {
-+ $code.=<<___;
-+ std %f0, [$out + 0]
-+ faeskeyx %f6, `0x10+$i`, %f0
-+ std %f2, [$out + 8]
-+ add $out, $inc, $out
-+ faeskeyx %f0, 0x00, %f2
-+ std %f4, [$out + 0]
-+ faeskeyx %f2, 0x01, %f4
-+ std %f6, [$out + 8]
-+ add $out, $inc, $out
-+ faeskeyx %f4, 0x00, %f6
-+___
-+}
-+$code.=<<___;
-+ std %f0, [$out + 0]
-+ faeskeyx %f6, `0x10+$i`, %f0
-+ std %f2, [$out + 8]
-+ add $out, $inc, $out
-+ faeskeyx %f0, 0x00, %f2
-+ std %f4,[$out + 0]
-+ std %f6,[$out + 8]
-+ add $out, $inc, $out
-+ std %f0,[$out + 0]
-+ std %f2,[$out + 8]
-+ retl
-+ xor %o0, %o0, %o0 ! return 0
-+
-+.align 16
-+.L192:
-+ brz,pt $tmp, .L192aligned
-+ nop
-+
-+ ldd [$inp + 24], %f6
-+ fshiftorx %f0, %f2, %f10, %f0
-+ fshiftorx %f2, %f4, %f10, %f2
-+ fshiftorx %f4, %f6, %f10, %f4
-+
-+.L192aligned:
-+ mov 12, $bits
-+ and $inc, `12*16`, $tmp
-+ st $bits, [$out + 240] ! store rounds
-+ add $out, $tmp, $out ! start or end of key schedule
-+ sllx $inc, 4, $inc ! 16 or -16
-+___
-+for ($i=0; $i<8; $i+=2) {
-+ $code.=<<___;
-+ std %f0, [$out + 0]
-+ faeskeyx %f4, `0x10+$i`, %f0
-+ std %f2, [$out + 8]
-+ add $out, $inc, $out
-+ faeskeyx %f0, 0x00, %f2
-+ std %f4, [$out + 0]
-+ faeskeyx %f2, 0x00, %f4
-+ std %f0, [$out + 8]
-+ add $out, $inc, $out
-+ faeskeyx %f4, `0x10+$i+1`, %f0
-+ std %f2, [$out + 0]
-+ faeskeyx %f0, 0x00, %f2
-+ std %f4, [$out + 8]
-+ add $out, $inc, $out
-+___
-+$code.=<<___ if ($i<6);
-+ faeskeyx %f2, 0x00, %f4
-+___
-+}
-+$code.=<<___;
-+ std %f0, [$out + 0]
-+ std %f2, [$out + 8]
-+ retl
-+ xor %o0, %o0, %o0 ! return 0
-+
-+.align 16
-+.L128:
-+ brz,pt $tmp, .L128aligned
-+ nop
-+
-+ ldd [$inp + 16], %f4
-+ fshiftorx %f0, %f2, %f10, %f0
-+ fshiftorx %f2, %f4, %f10, %f2
-+
-+.L128aligned:
-+ mov 10, $bits
-+ and $inc, `10*16`, $tmp
-+ st $bits, [$out + 240] ! store rounds
-+ add $out, $tmp, $out ! start or end of key schedule
-+ sllx $inc, 4, $inc ! 16 or -16
-+___
-+for ($i=0; $i<10; $i++) {
-+ $code.=<<___;
-+ std %f0, [$out + 0]
-+ faeskeyx %f2, `0x10+$i`, %f0
-+ std %f2, [$out + 8]
-+ add $out, $inc, $out
-+ faeskeyx %f0, 0x00, %f2
-+___
-+}
-+$code.=<<___;
-+ std %f0, [$out + 0]
-+ std %f2, [$out + 8]
-+ retl
-+ xor %o0, %o0, %o0 ! return 0
-+.type aes_fx_set_encrypt_key,#function
-+.size aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key
-+___
-+}
-+{
-+my ($inp,$out,$len,$key,$ivp,$dir) = map("%i$_",(0..5));
-+my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
-+my ($iv0,$iv1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
-+ = map("%f$_",grep { !($_ & 1) } (16 .. 62));
-+my ($ileft,$iright) = ($ialign,$oalign);
-+
-+$code.=<<___;
-+.globl aes_fx_cbc_encrypt
-+.align 32
-+aes_fx_cbc_encrypt:
-+ save %sp, -STACK_FRAME-16, %sp
-+ srln $len, 4, $len
-+ and $inp, 7, $ialign
-+ andn $inp, 7, $inp
-+ brz,pn $len, .Lcbc_no_data
-+ sll $ialign, 3, $ileft
-+
-+1: call .+8
-+ add %o7, .Linp_align-1b, %o7
-+
-+ ld [$key + 240], $rounds
-+ and $out, 7, $oalign
-+ ld [$ivp + 0], %f0 ! load ivec
-+ andn $out, 7, $out
-+ ld [$ivp + 4], %f1
-+ sll $oalign, 3, $mask
-+ ld [$ivp + 8], %f2
-+ ld [$ivp + 12], %f3
-+
-+ sll $rounds, 4, $rounds
-+ add $rounds, $key, $end
-+ ldd [$key + 0], $r0hi ! round[0]
-+ ldd [$key + 8], $r0lo
-+
-+ add $inp, 16, $inp
-+ sub $len, 1, $len
-+ ldd [$end + 0], $rlhi ! round[last]
-+ ldd [$end + 8], $rllo
-+
-+ mov 16, $inc
-+ movrz $len, 0, $inc
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ ldd [%o7 + $ileft], $fshift ! shift left params
-+ add %o7, 64, %o7
-+ ldd [$inp - 16], $in0 ! load input
-+ ldd [$inp - 8], $in1
-+ ldda [$inp]0x82, $intail ! non-faulting load
-+ brz $dir, .Lcbc_decrypt
-+ add $inp, $inc, $inp ! inp+=16
-+
-+ fxor $r0hi, %f0, %f0 ! ivec^=round[0]
-+ fxor $r0lo, %f2, %f2
-+ fshiftorx $in0, $in1, $fshift, $in0
-+ fshiftorx $in1, $intail, $fshift, $in1
-+ nop
-+
-+.Loop_cbc_enc:
-+ fxor $in0, %f0, %f0 ! inp^ivec^round[0]
-+ fxor $in1, %f2, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+ add $key, 32, $end
-+ sub $rounds, 16*6, $inner
-+
-+.Lcbc_enc:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10
-+ ldd [$end + 24], %f12
-+ add $end, 32, $end
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$end + 0], %f6
-+ ldd [$end + 8], %f8
-+
-+ brnz,a $inner, .Lcbc_enc
-+ sub $inner, 16*2, $inner
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10 ! round[last-1]
-+ ldd [$end + 24], %f12
-+
-+ movrz $len, 0, $inc
-+ fmovd $intail, $in0
-+ ldd [$inp - 8], $in1 ! load next input block
-+ ldda [$inp]0x82, $intail ! non-faulting load
-+ add $inp, $inc, $inp ! inp+=16
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+
-+ fshiftorx $in0, $in1, $fshift, $in0
-+ fshiftorx $in1, $intail, $fshift, $in1
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fxor $r0hi, $in0, $in0 ! inp^=round[0]
-+ fxor $r0lo, $in1, $in1
-+
-+ fmovd %f0, %f4
-+ faesenclx %f2, $rlhi, %f0
-+ faesenclx %f4, $rllo, %f2
-+
-+ brnz,pn $oalign, .Lcbc_enc_unaligned_out
-+ nop
-+
-+ std %f0, [$out + 0]
-+ std %f2, [$out + 8]
-+ add $out, 16, $out
-+
-+ brnz,a $len, .Loop_cbc_enc
-+ sub $len, 1, $len
-+
-+ st %f0, [$ivp + 0] ! output ivec
-+ st %f1, [$ivp + 4]
-+ st %f2, [$ivp + 8]
-+ st %f3, [$ivp + 12]
-+
-+.Lcbc_no_data:
-+ ret
-+ restore
-+
-+.align 32
-+.Lcbc_enc_unaligned_out:
-+ ldd [%o7 + $mask], $fshift ! shift right params
-+ mov 0xff, $mask
-+ srl $mask, $oalign, $mask
-+ sub %g0, $ileft, $iright
-+
-+ fshiftorx %f0, %f0, $fshift, %f6
-+ fshiftorx %f0, %f2, $fshift, %f8
-+
-+ stda %f6, [$out + $mask]0xc0 ! partial store
-+ orn %g0, $mask, $mask
-+ std %f8, [$out + 8]
-+ add $out, 16, $out
-+ brz $len, .Lcbc_enc_unaligned_out_done
-+ sub $len, 1, $len
-+ b .Loop_cbc_enc_unaligned_out
-+ nop
-+
-+.align 32
-+.Loop_cbc_enc_unaligned_out:
-+ fmovd %f2, $outhead
-+ fxor $in0, %f0, %f0 ! inp^ivec^round[0]
-+ fxor $in1, %f2, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 48], %f10 ! round[3]
-+ ldd [$key + 56], %f12
-+
-+ ldx [$inp - 16], %o0
-+ ldx [$inp - 8], %o1
-+ brz $ileft, .Lcbc_enc_aligned_inp
-+ movrz $len, 0, $inc
-+
-+ ldx [$inp], %o2
-+ sllx %o0, $ileft, %o0
-+ srlx %o1, $iright, %g1
-+ sllx %o1, $ileft, %o1
-+ or %g1, %o0, %o0
-+ srlx %o2, $iright, %o2
-+ or %o2, %o1, %o1
-+
-+.Lcbc_enc_aligned_inp:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$key + 64], %f6 ! round[4]
-+ ldd [$key + 72], %f8
-+ add $key, 64, $end
-+ sub $rounds, 16*8, $inner
-+
-+ stx %o0, [%sp + LOCALS + 0]
-+ stx %o1, [%sp + LOCALS + 8]
-+ add $inp, $inc, $inp ! inp+=16
-+ nop
-+
-+.Lcbc_enc_unaligned:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10
-+ ldd [$end + 24], %f12
-+ add $end, 32, $end
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$end + 0], %f6
-+ ldd [$end + 8], %f8
-+
-+ brnz,a $inner, .Lcbc_enc_unaligned
-+ sub $inner, 16*2, $inner
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10 ! round[last-1]
-+ ldd [$end + 24], %f12
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+
-+ ldd [%sp + LOCALS + 0], $in0
-+ ldd [%sp + LOCALS + 8], $in1
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fxor $r0hi, $in0, $in0 ! inp^=round[0]
-+ fxor $r0lo, $in1, $in1
-+
-+ fmovd %f0, %f4
-+ faesenclx %f2, $rlhi, %f0
-+ faesenclx %f4, $rllo, %f2
-+
-+ fshiftorx $outhead, %f0, $fshift, %f6
-+ fshiftorx %f0, %f2, $fshift, %f8
-+ std %f6, [$out + 0]
-+ std %f8, [$out + 8]
-+ add $out, 16, $out
-+
-+ brnz,a $len, .Loop_cbc_enc_unaligned_out
-+ sub $len, 1, $len
-+
-+.Lcbc_enc_unaligned_out_done:
-+ fshiftorx %f2, %f2, $fshift, %f8
-+ stda %f8, [$out + $mask]0xc0 ! partial store
-+
-+ st %f0, [$ivp + 0] ! output ivec
-+ st %f1, [$ivp + 4]
-+ st %f2, [$ivp + 8]
-+ st %f3, [$ivp + 12]
-+
-+ ret
-+ restore
-+
-+.align 32
-+.Lcbc_decrypt:
-+ fshiftorx $in0, $in1, $fshift, $in0
-+ fshiftorx $in1, $intail, $fshift, $in1
-+ fmovd %f0, $iv0
-+ fmovd %f2, $iv1
-+
-+.Loop_cbc_dec:
-+ fxor $in0, $r0hi, %f0 ! inp^round[0]
-+ fxor $in1, $r0lo, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+ add $key, 32, $end
-+ sub $rounds, 16*6, $inner
-+
-+.Lcbc_dec:
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$end + 16], %f10
-+ ldd [$end + 24], %f12
-+ add $end, 32, $end
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f6, %f0
-+ faesdecx %f4, %f8, %f2
-+ ldd [$end + 0], %f6
-+ ldd [$end + 8], %f8
-+
-+ brnz,a $inner, .Lcbc_dec
-+ sub $inner, 16*2, $inner
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$end + 16], %f10 ! round[last-1]
-+ ldd [$end + 24], %f12
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f6, %f0
-+ faesdecx %f4, %f8, %f2
-+ fxor $iv0, $rlhi, %f6 ! ivec^round[last]
-+ fxor $iv1, $rllo, %f8
-+ fmovd $in0, $iv0
-+ fmovd $in1, $iv1
-+
-+ movrz $len, 0, $inc
-+ fmovd $intail, $in0
-+ ldd [$inp - 8], $in1 ! load next input block
-+ ldda [$inp]0x82, $intail ! non-faulting load
-+ add $inp, $inc, $inp ! inp+=16
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fshiftorx $in0, $in1, $fshift, $in0
-+ fshiftorx $in1, $intail, $fshift, $in1
-+
-+ fmovd %f0, %f4
-+ faesdeclx %f2, %f6, %f0
-+ faesdeclx %f4, %f8, %f2
-+
-+ brnz,pn $oalign, .Lcbc_dec_unaligned_out
-+ nop
-+
-+ std %f0, [$out + 0]
-+ std %f2, [$out + 8]
-+ add $out, 16, $out
-+
-+ brnz,a $len, .Loop_cbc_dec
-+ sub $len, 1, $len
-+
-+ st $iv0, [$ivp + 0] ! output ivec
-+ st $iv0#lo, [$ivp + 4]
-+ st $iv1, [$ivp + 8]
-+ st $iv1#lo, [$ivp + 12]
-+
-+ ret
-+ restore
-+
-+.align 32
-+.Lcbc_dec_unaligned_out:
-+ ldd [%o7 + $mask], $fshift ! shift right params
-+ mov 0xff, $mask
-+ srl $mask, $oalign, $mask
-+ sub %g0, $ileft, $iright
-+
-+ fshiftorx %f0, %f0, $fshift, %f6
-+ fshiftorx %f0, %f2, $fshift, %f8
-+
-+ stda %f6, [$out + $mask]0xc0 ! partial store
-+ orn %g0, $mask, $mask
-+ std %f8, [$out + 8]
-+ add $out, 16, $out
-+ brz $len, .Lcbc_dec_unaligned_out_done
-+ sub $len, 1, $len
-+ b .Loop_cbc_dec_unaligned_out
-+ nop
-+
-+.align 32
-+.Loop_cbc_dec_unaligned_out:
-+ fmovd %f2, $outhead
-+ fxor $in0, $r0hi, %f0 ! inp^round[0]
-+ fxor $in1, $r0lo, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$key + 48], %f10 ! round[3]
-+ ldd [$key + 56], %f12
-+
-+ ldx [$inp - 16], %o0
-+ ldx [$inp - 8], %o1
-+ brz $ileft, .Lcbc_dec_aligned_inp
-+ movrz $len, 0, $inc
-+
-+ ldx [$inp], %o2
-+ sllx %o0, $ileft, %o0
-+ srlx %o1, $iright, %g1
-+ sllx %o1, $ileft, %o1
-+ or %g1, %o0, %o0
-+ srlx %o2, $iright, %o2
-+ or %o2, %o1, %o1
-+
-+.Lcbc_dec_aligned_inp:
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f6, %f0
-+ faesdecx %f4, %f8, %f2
-+ ldd [$key + 64], %f6 ! round[4]
-+ ldd [$key + 72], %f8
-+ add $key, 64, $end
-+ sub $rounds, 16*8, $inner
-+
-+ stx %o0, [%sp + LOCALS + 0]
-+ stx %o1, [%sp + LOCALS + 8]
-+ add $inp, $inc, $inp ! inp+=16
-+ nop
-+
-+.Lcbc_dec_unaligned:
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$end + 16], %f10
-+ ldd [$end + 24], %f12
-+ add $end, 32, $end
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f6, %f0
-+ faesdecx %f4, %f8, %f2
-+ ldd [$end + 0], %f6
-+ ldd [$end + 8], %f8
-+
-+ brnz,a $inner, .Lcbc_dec_unaligned
-+ sub $inner, 16*2, $inner
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$end + 16], %f10 ! round[last-1]
-+ ldd [$end + 24], %f12
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f6, %f0
-+ faesdecx %f4, %f8, %f2
-+
-+ fxor $iv0, $rlhi, %f6 ! ivec^round[last]
-+ fxor $iv1, $rllo, %f8
-+ fmovd $in0, $iv0
-+ fmovd $in1, $iv1
-+ ldd [%sp + LOCALS + 0], $in0
-+ ldd [%sp + LOCALS + 8], $in1
-+
-+ fmovd %f0, %f4
-+ faesdecx %f2, %f10, %f0
-+ faesdecx %f4, %f12, %f2
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fmovd %f0, %f4
-+ faesdeclx %f2, %f6, %f0
-+ faesdeclx %f4, %f8, %f2
-+
-+ fshiftorx $outhead, %f0, $fshift, %f6
-+ fshiftorx %f0, %f2, $fshift, %f8
-+ std %f6, [$out + 0]
-+ std %f8, [$out + 8]
-+ add $out, 16, $out
-+
-+ brnz,a $len, .Loop_cbc_dec_unaligned_out
-+ sub $len, 1, $len
-+
-+.Lcbc_dec_unaligned_out_done:
-+ fshiftorx %f2, %f2, $fshift, %f8
-+ stda %f8, [$out + $mask]0xc0 ! partial store
-+
-+ st $iv0, [$ivp + 0] ! output ivec
-+ st $iv0#lo, [$ivp + 4]
-+ st $iv1, [$ivp + 8]
-+ st $iv1#lo, [$ivp + 12]
-+
-+ ret
-+ restore
-+.type aes_fx_cbc_encrypt,#function
-+.size aes_fx_cbc_encrypt,.-aes_fx_cbc_encrypt
-+___
-+}
-+{
-+my ($inp,$out,$len,$key,$ivp) = map("%i$_",(0..5));
-+my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7));
-+my ($ctr0,$ctr1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift)
-+ = map("%f$_",grep { !($_ & 1) } (16 .. 62));
-+my ($ileft,$iright) = ($ialign, $oalign);
-+my $one = "%f14";
-+
-+$code.=<<___;
-+.globl aes_fx_ctr32_encrypt_blocks
-+.align 32
-+aes_fx_ctr32_encrypt_blocks:
-+ save %sp, -STACK_FRAME-16, %sp
-+ srln $len, 0, $len
-+ and $inp, 7, $ialign
-+ andn $inp, 7, $inp
-+ brz,pn $len, .Lctr32_no_data
-+ sll $ialign, 3, $ileft
-+
-+.Lpic: call .+8
-+ add %o7, .Linp_align - .Lpic, %o7
-+
-+ ld [$key + 240], $rounds
-+ and $out, 7, $oalign
-+ ld [$ivp + 0], $ctr0 ! load counter
-+ andn $out, 7, $out
-+ ld [$ivp + 4], $ctr0#lo
-+ sll $oalign, 3, $mask
-+ ld [$ivp + 8], $ctr1
-+ ld [$ivp + 12], $ctr1#lo
-+ ldd [%o7 + 128], $one
-+
-+ sll $rounds, 4, $rounds
-+ add $rounds, $key, $end
-+ ldd [$key + 0], $r0hi ! round[0]
-+ ldd [$key + 8], $r0lo
-+
-+ add $inp, 16, $inp
-+ sub $len, 1, $len
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ mov 16, $inc
-+ movrz $len, 0, $inc
-+ ldd [$end + 0], $rlhi ! round[last]
-+ ldd [$end + 8], $rllo
-+
-+ ldd [%o7 + $ileft], $fshift ! shiftleft params
-+ add %o7, 64, %o7
-+ ldd [$inp - 16], $in0 ! load input
-+ ldd [$inp - 8], $in1
-+ ldda [$inp]0x82, $intail ! non-faulting load
-+ add $inp, $inc, $inp ! inp+=16
-+
-+ fshiftorx $in0, $in1, $fshift, $in0
-+ fshiftorx $in1, $intail, $fshift, $in1
-+
-+.Loop_ctr32:
-+ fxor $ctr0, $r0hi, %f0 ! counter^round[0]
-+ fxor $ctr1, $r0lo, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+ add $key, 32, $end
-+ sub $rounds, 16*6, $inner
-+
-+.Lctr32_enc:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10
-+ ldd [$end + 24], %f12
-+ add $end, 32, $end
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$end + 0], %f6
-+ ldd [$end + 8], %f8
-+
-+ brnz,a $inner, .Lctr32_enc
-+ sub $inner, 16*2, $inner
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10 ! round[last-1]
-+ ldd [$end + 24], %f12
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ fxor $in0, $rlhi, %f6 ! inp^round[last]
-+ fxor $in1, $rllo, %f8
-+
-+ movrz $len, 0, $inc
-+ fmovd $intail, $in0
-+ ldd [$inp - 8], $in1 ! load next input block
-+ ldda [$inp]0x82, $intail ! non-faulting load
-+ add $inp, $inc, $inp ! inp+=16
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fshiftorx $in0, $in1, $fshift, $in0
-+ fshiftorx $in1, $intail, $fshift, $in1
-+ fpadd32 $ctr1, $one, $ctr1 ! increment counter
-+
-+ fmovd %f0, %f4
-+ faesenclx %f2, %f6, %f0
-+ faesenclx %f4, %f8, %f2
-+
-+ brnz,pn $oalign, .Lctr32_unaligned_out
-+ nop
-+
-+ std %f0, [$out + 0]
-+ std %f2, [$out + 8]
-+ add $out, 16, $out
-+
-+ brnz,a $len, .Loop_ctr32
-+ sub $len, 1, $len
-+
-+.Lctr32_no_data:
-+ ret
-+ restore
-+
-+.align 32
-+.Lctr32_unaligned_out:
-+ ldd [%o7 + $mask], $fshift ! shift right params
-+ mov 0xff, $mask
-+ srl $mask, $oalign, $mask
-+ sub %g0, $ileft, $iright
-+
-+ fshiftorx %f0, %f0, $fshift, %f6
-+ fshiftorx %f0, %f2, $fshift, %f8
-+
-+ stda %f6, [$out + $mask]0xc0 ! partial store
-+ orn %g0, $mask, $mask
-+ std %f8, [$out + 8]
-+ add $out, 16, $out
-+ brz $len, .Lctr32_unaligned_out_done
-+ sub $len, 1, $len
-+ b .Loop_ctr32_unaligned_out
-+ nop
-+
-+.align 32
-+.Loop_ctr32_unaligned_out:
-+ fmovd %f2, $outhead
-+ fxor $ctr0, $r0hi, %f0 ! counter^round[0]
-+ fxor $ctr1, $r0lo, %f2
-+ ldd [$key + 32], %f6 ! round[2]
-+ ldd [$key + 40], %f8
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 48], %f10 ! round[3]
-+ ldd [$key + 56], %f12
-+
-+ ldx [$inp - 16], %o0
-+ ldx [$inp - 8], %o1
-+ brz $ileft, .Lctr32_aligned_inp
-+ movrz $len, 0, $inc
-+
-+ ldx [$inp], %o2
-+ sllx %o0, $ileft, %o0
-+ srlx %o1, $iright, %g1
-+ sllx %o1, $ileft, %o1
-+ or %g1, %o0, %o0
-+ srlx %o2, $iright, %o2
-+ or %o2, %o1, %o1
-+
-+.Lctr32_aligned_inp:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$key + 64], %f6 ! round[4]
-+ ldd [$key + 72], %f8
-+ add $key, 64, $end
-+ sub $rounds, 16*8, $inner
-+
-+ stx %o0, [%sp + LOCALS + 0]
-+ stx %o1, [%sp + LOCALS + 8]
-+ add $inp, $inc, $inp ! inp+=16
-+ nop
-+
-+.Lctr32_enc_unaligned:
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10
-+ ldd [$end + 24], %f12
-+ add $end, 32, $end
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ ldd [$end + 0], %f6
-+ ldd [$end + 8], %f8
-+
-+ brnz,a $inner, .Lctr32_enc_unaligned
-+ sub $inner, 16*2, $inner
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$end + 16], %f10 ! round[last-1]
-+ ldd [$end + 24], %f12
-+ fpadd32 $ctr1, $one, $ctr1 ! increment counter
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f6, %f0
-+ faesencx %f4, %f8, %f2
-+ fxor $in0, $rlhi, %f6 ! inp^round[last]
-+ fxor $in1, $rllo, %f8
-+ ldd [%sp + LOCALS + 0], $in0
-+ ldd [%sp + LOCALS + 8], $in1
-+
-+ fmovd %f0, %f4
-+ faesencx %f2, %f10, %f0
-+ faesencx %f4, %f12, %f2
-+ ldd [$key + 16], %f10 ! round[1]
-+ ldd [$key + 24], %f12
-+
-+ fmovd %f0, %f4
-+ faesenclx %f2, %f6, %f0
-+ faesenclx %f4, %f8, %f2
-+
-+ fshiftorx $outhead, %f0, $fshift, %f6
-+ fshiftorx %f0, %f2, $fshift, %f8
-+ std %f6, [$out + 0]
-+ std %f8, [$out + 8]
-+ add $out, 16, $out
-+
-+ brnz,a $len, .Loop_ctr32_unaligned_out
-+ sub $len, 1, $len
-+
-+.Lctr32_unaligned_out_done:
-+ fshiftorx %f2, %f2, $fshift, %f8
-+ stda %f8, [$out + $mask]0xc0 ! partial store
-+
-+ ret
-+ restore
-+.type aes_fx_ctr32_encrypt_blocks,#function
-+.size aes_fx_ctr32_encrypt_blocks,.-aes_fx_ctr32_encrypt_blocks
-+
-+.align 32
-+.Linp_align: ! fshiftorx parameters for left shift toward %rs1
-+ .byte 0, 0, 64, 0, 0, 64, 0, -64
-+ .byte 0, 0, 56, 8, 0, 56, 8, -56
-+ .byte 0, 0, 48, 16, 0, 48, 16, -48
-+ .byte 0, 0, 40, 24, 0, 40, 24, -40
-+ .byte 0, 0, 32, 32, 0, 32, 32, -32
-+ .byte 0, 0, 24, 40, 0, 24, 40, -24
-+ .byte 0, 0, 16, 48, 0, 16, 48, -16
-+ .byte 0, 0, 8, 56, 0, 8, 56, -8
-+.Lout_align: ! fshiftorx parameters for right shift toward %rs2
-+ .byte 0, 0, 0, 64, 0, 0, 64, 0
-+ .byte 0, 0, 8, 56, 0, 8, 56, -8
-+ .byte 0, 0, 16, 48, 0, 16, 48, -16
-+ .byte 0, 0, 24, 40, 0, 24, 40, -24
-+ .byte 0, 0, 32, 32, 0, 32, 32, -32
-+ .byte 0, 0, 40, 24, 0, 40, 24, -40
-+ .byte 0, 0, 48, 16, 0, 48, 16, -48
-+ .byte 0, 0, 56, 8, 0, 56, 8, -56
-+.Lone:
-+ .word 0, 1
-+.asciz "AES for Fujitsu SPARC64 X, CRYPTOGAMS by <appro\@openssl.org>"
-+.align 4
-+___
-+}
-+# Purpose of these subroutines is to explicitly encode VIS instructions,
-+# so that one can compile the module without having to specify VIS
-+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
-+# Idea is to reserve for option to produce "universal" binary and let
-+# programmer detect if current CPU is VIS capable at run-time.
-+sub unvis {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my ($ref,$opf);
-+my %visopf = ( "faligndata" => 0x048,
-+ "bshuffle" => 0x04c,
-+ "fpadd32" => 0x052,
-+ "fxor" => 0x06c,
-+ "fsrc2" => 0x078 );
-+
-+ $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+ if ($opf=$visopf{$mnemonic}) {
-+ foreach ($rs1,$rs2,$rd) {
-+ return $ref if (!/%f([0-9]{1,2})/);
-+ $_=$1;
-+ if ($1>=32) {
-+ return $ref if ($1&1);
-+ # re-encode for upper double register addressing
-+ $_=($1|$1>>5)&31;
-+ }
-+ }
-+
-+ return sprintf ".word\t0x%08x !%s",
-+ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-+ $ref;
-+ } else {
-+ return $ref;
-+ }
-+}
-+
-+sub unvis3 {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
-+my ($ref,$opf);
-+my %visopf = ( "alignaddr" => 0x018,
-+ "bmask" => 0x019,
-+ "alignaddrl" => 0x01a );
-+
-+ $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+ if ($opf=$visopf{$mnemonic}) {
-+ foreach ($rs1,$rs2,$rd) {
-+ return $ref if (!/%([goli])([0-9])/);
-+ $_=$bias{$1}+$2;
-+ }
-+
-+ return sprintf ".word\t0x%08x !%s",
-+ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-+ $ref;
-+ } else {
-+ return $ref;
-+ }
-+}
-+
-+sub unfx {
-+my ($mnemonic,$rs1,$rs2,$rd)=@_;
-+my ($ref,$opf);
-+my %aesopf = ( "faesencx" => 0x90,
-+ "faesdecx" => 0x91,
-+ "faesenclx" => 0x92,
-+ "faesdeclx" => 0x93,
-+ "faeskeyx" => 0x94 );
-+
-+ $ref = "$mnemonic\t$rs1,$rs2,$rd";
-+
-+ if (defined($opf=$aesopf{$mnemonic})) {
-+ $rs2 = ($rs2 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs2;
-+ $rs2 = oct($rs2) if ($rs2 =~ /^0/);
-+
-+ foreach ($rs1,$rd) {
-+ return $ref if (!/%f([0-9]{1,2})/);
-+ $_=$1;
-+ if ($1>=32) {
-+ return $ref if ($1&1);
-+ # re-encode for upper double register addressing
-+ $_=($1|$1>>5)&31;
-+ }
-+ }
-+
-+ return sprintf ".word\t0x%08x !%s",
-+ 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
-+ $ref;
-+ } else {
-+ return $ref;
-+ }
-+}
-+
-+sub unfx3src {
-+my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
-+my ($ref,$opf);
-+my %aesopf = ( "fshiftorx" => 0x0b );
-+
-+ $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
-+
-+ if (defined($opf=$aesopf{$mnemonic})) {
-+ foreach ($rs1,$rs2,$rs3,$rd) {
-+ return $ref if (!/%f([0-9]{1,2})/);
-+ $_=$1;
-+ if ($1>=32) {
-+ return $ref if ($1&1);
-+ # re-encode for upper double register addressing
-+ $_=($1|$1>>5)&31;
-+ }
-+ }
-+
-+ return sprintf ".word\t0x%08x !%s",
-+ 2<<30|$rd<<25|0x37<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
-+ $ref;
-+ } else {
-+ return $ref;
-+ }
-+}
-+
-+foreach (split("\n",$code)) {
-+ s/\`([^\`]*)\`/eval $1/ge;
-+
-+ s/%f([0-9]+)#lo/sprintf "%%f%d",$1+1/ge;
-+
-+ s/\b(faes[^x]{3,4}x)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
-+ &unfx($1,$2,$3,$4)
-+ /ge or
-+ s/\b([f][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
-+ &unfx3src($1,$2,$3,$4,$5)
-+ /ge or
-+ s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
-+ &unvis($1,$2,$3,$4)
-+ /ge or
-+ s/\b(alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
-+ &unvis3($1,$2,$3,$4)
-+ /ge;
-+ print $_,"\n";
-+}
-+
-+close STDOUT;
---- a/crypto/aes/asm/aesni-mb-x86_64.pl
-+++ b/crypto/aes/asm/aesni-mb-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- # void aesni_multi_cbc_encrypt (
---- a/crypto/aes/asm/aesni-sha1-x86_64.pl
-+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -102,7 +109,7 @@ die "can't locate x86_64-xlate.pl";
-
- $stitched_decrypt=0;
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- # void aesni_cbc_sha1_enc(const void *inp,
---- a/crypto/aes/asm/aesni-sha256-x86_64.pl
-+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $shaext=$avx; ### set to zero if compiling for 1.0.1
- $avx=1 if (!$shaext && $avx);
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $func="aesni_cbc_sha256_enc";
---- a/crypto/aes/asm/aesni-x86.pl
-+++ b/crypto/aes/asm/aesni-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/aes/asm/aesni-x86_64.pl
-+++ b/crypto/aes/asm/aesni-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -193,7 +200,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
---- a/crypto/aes/asm/aesp8-ppc.pl
-+++ b/crypto/aes/asm/aesp8-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -20,6 +27,19 @@
- # instructions are interleaved. It's reckoned that eventual
- # misalignment penalties at page boundaries are in average lower
- # than additional overhead in pure AltiVec approach.
-+#
-+# May 2016
-+#
-+# Add XTS subroutine, 9x on little- and 12x improvement on big-endian
-+# systems were measured.
-+#
-+######################################################################
-+# Current large-block performance in cycles per byte processed with
-+# 128-bit key (less is better).
-+#
-+# CBC en-/decrypt CTR XTS
-+# POWER8[le] 3.96/0.72 0.74 1.1
-+# POWER8[be] 3.75/0.65 0.66 1.0
-
- $flavour = shift;
-
-@@ -1887,6 +1907,1849 @@ my ($two,$three,$four)=($outhead,$outper
- ___
- }} }}}
-
-+#########################################################################
-+{{{ # XTS procedures #
-+# int aes_p8_xts_[en|de]crypt(const char *inp, char *out, size_t len, #
-+# const AES_KEY *key1, const AES_KEY *key2, #
-+# [const] unsigned char iv[16]); #
-+# If $key2 is NULL, then a "tweak chaining" mode is engaged, in which #
-+# input tweak value is assumed to be encrypted already, and last tweak #
-+# value, one suitable for consecutive call on same chunk of data, is #
-+# written back to original buffer. In addition, in "tweak chaining" #
-+# mode only complete input blocks are processed. #
-+
-+my ($inp,$out,$len,$key1,$key2,$ivp,$rounds,$idx) = map("r$_",(3..10));
-+my ($rndkey0,$rndkey1,$inout) = map("v$_",(0..2));
-+my ($output,$inptail,$inpperm,$leperm,$keyperm) = map("v$_",(3..7));
-+my ($tweak,$seven,$eighty7,$tmp,$tweak1) = map("v$_",(8..12));
-+my $taillen = $key2;
-+
-+ ($inp,$idx) = ($idx,$inp); # reassign
-+
-+$code.=<<___;
-+.globl .${prefix}_xts_encrypt
-+.align 5
-+.${prefix}_xts_encrypt:
-+ mr $inp,r3 # reassign
-+ li r3,-1
-+ ${UCMP}i $len,16
-+ bltlr-
-+
-+ lis r0,0xfff0
-+ mfspr r12,256 # save vrsave
-+ li r11,0
-+ mtspr 256,r0
-+
-+ vspltisb $seven,0x07 # 0x070707..07
-+ le?lvsl $leperm,r11,r11
-+ le?vspltisb $tmp,0x0f
-+ le?vxor $leperm,$leperm,$seven
-+
-+ li $idx,15
-+ lvx $tweak,0,$ivp # load [unaligned] iv
-+ lvsl $inpperm,0,$ivp
-+ lvx $inptail,$idx,$ivp
-+ le?vxor $inpperm,$inpperm,$tmp
-+ vperm $tweak,$tweak,$inptail,$inpperm
-+
-+ neg r11,$inp
-+ lvsr $inpperm,0,r11 # prepare for unaligned load
-+ lvx $inout,0,$inp
-+ addi $inp,$inp,15 # 15 is not typo
-+ le?vxor $inpperm,$inpperm,$tmp
-+
-+ ${UCMP}i $key2,0 # key2==NULL?
-+ beq Lxts_enc_no_key2
-+
-+ ?lvsl $keyperm,0,$key2 # prepare for unaligned key
-+ lwz $rounds,240($key2)
-+ srwi $rounds,$rounds,1
-+ subi $rounds,$rounds,1
-+ li $idx,16
-+
-+ lvx $rndkey0,0,$key2
-+ lvx $rndkey1,$idx,$key2
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $tweak,$tweak,$rndkey0
-+ lvx $rndkey0,$idx,$key2
-+ addi $idx,$idx,16
-+ mtctr $rounds
-+
-+Ltweak_xts_enc:
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vcipher $tweak,$tweak,$rndkey1
-+ lvx $rndkey1,$idx,$key2
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vcipher $tweak,$tweak,$rndkey0
-+ lvx $rndkey0,$idx,$key2
-+ addi $idx,$idx,16
-+ bdnz Ltweak_xts_enc
-+
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vcipher $tweak,$tweak,$rndkey1
-+ lvx $rndkey1,$idx,$key2
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vcipherlast $tweak,$tweak,$rndkey0
-+
-+ li $ivp,0 # don't chain the tweak
-+ b Lxts_enc
-+
-+Lxts_enc_no_key2:
-+ li $idx,-16
-+ and $len,$len,$idx # in "tweak chaining"
-+ # mode only complete
-+ # blocks are processed
-+Lxts_enc:
-+ lvx $inptail,0,$inp
-+ addi $inp,$inp,16
-+
-+ ?lvsl $keyperm,0,$key1 # prepare for unaligned key
-+ lwz $rounds,240($key1)
-+ srwi $rounds,$rounds,1
-+ subi $rounds,$rounds,1
-+ li $idx,16
-+
-+ vslb $eighty7,$seven,$seven # 0x808080..80
-+ vor $eighty7,$eighty7,$seven # 0x878787..87
-+ vspltisb $tmp,1 # 0x010101..01
-+ vsldoi $eighty7,$eighty7,$tmp,15 # 0x870101..01
-+
-+ ${UCMP}i $len,96
-+ bge _aesp8_xts_encrypt6x
-+
-+ andi. $taillen,$len,15
-+ subic r0,$len,32
-+ subi $taillen,$taillen,16
-+ subfe r0,r0,r0
-+ and r0,r0,$taillen
-+ add $inp,$inp,r0
-+
-+ lvx $rndkey0,0,$key1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+ vperm $inout,$inout,$inptail,$inpperm
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $inout,$inout,$tweak
-+ vxor $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+ mtctr $rounds
-+ b Loop_xts_enc
-+
-+.align 5
-+Loop_xts_enc:
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vcipher $inout,$inout,$rndkey1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vcipher $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+ bdnz Loop_xts_enc
-+
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vcipher $inout,$inout,$rndkey1
-+ lvx $rndkey1,$idx,$key1
-+ li $idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $rndkey0,$rndkey0,$tweak
-+ vcipherlast $output,$inout,$rndkey0
-+
-+ le?vperm $tmp,$output,$output,$leperm
-+ be?nop
-+ le?stvx_u $tmp,0,$out
-+ be?stvx_u $output,0,$out
-+ addi $out,$out,16
-+
-+ subic. $len,$len,16
-+ beq Lxts_enc_done
-+
-+ vmr $inout,$inptail
-+ lvx $inptail,0,$inp
-+ addi $inp,$inp,16
-+ lvx $rndkey0,0,$key1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+
-+ subic r0,$len,32
-+ subfe r0,r0,r0
-+ and r0,r0,$taillen
-+ add $inp,$inp,r0
-+
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $tweak,$tweak,$tmp
-+
-+ vperm $inout,$inout,$inptail,$inpperm
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $inout,$inout,$tweak
-+ vxor $output,$output,$rndkey0 # just in case $len<16
-+ vxor $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+
-+ mtctr $rounds
-+ ${UCMP}i $len,16
-+ bge Loop_xts_enc
-+
-+ vxor $output,$output,$tweak
-+ lvsr $inpperm,0,$len # $inpperm is no longer needed
-+ vxor $inptail,$inptail,$inptail # $inptail is no longer needed
-+ vspltisb $tmp,-1
-+ vperm $inptail,$inptail,$tmp,$inpperm
-+ vsel $inout,$inout,$output,$inptail
-+
-+ subi r11,$out,17
-+ subi $out,$out,16
-+ mtctr $len
-+ li $len,16
-+Loop_xts_enc_steal:
-+ lbzu r0,1(r11)
-+ stb r0,16(r11)
-+ bdnz Loop_xts_enc_steal
-+
-+ mtctr $rounds
-+ b Loop_xts_enc # one more time...
-+
-+Lxts_enc_done:
-+ ${UCMP}i $ivp,0
-+ beq Lxts_enc_ret
-+
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $tweak,$tweak,$tmp
-+
-+ le?vperm $tweak,$tweak,$tweak,$leperm
-+ stvx_u $tweak,0,$ivp
-+
-+Lxts_enc_ret:
-+ mtspr 256,r12 # restore vrsave
-+ li r3,0
-+ blr
-+ .long 0
-+ .byte 0,12,0x04,0,0x80,6,6,0
-+ .long 0
-+.size .${prefix}_xts_encrypt,.-.${prefix}_xts_encrypt
-+
-+.globl .${prefix}_xts_decrypt
-+.align 5
-+.${prefix}_xts_decrypt:
-+ mr $inp,r3 # reassign
-+ li r3,-1
-+ ${UCMP}i $len,16
-+ bltlr-
-+
-+ lis r0,0xfff8
-+ mfspr r12,256 # save vrsave
-+ li r11,0
-+ mtspr 256,r0
-+
-+ andi. r0,$len,15
-+ neg r0,r0
-+ andi. r0,r0,16
-+ sub $len,$len,r0
-+
-+ vspltisb $seven,0x07 # 0x070707..07
-+ le?lvsl $leperm,r11,r11
-+ le?vspltisb $tmp,0x0f
-+ le?vxor $leperm,$leperm,$seven
-+
-+ li $idx,15
-+ lvx $tweak,0,$ivp # load [unaligned] iv
-+ lvsl $inpperm,0,$ivp
-+ lvx $inptail,$idx,$ivp
-+ le?vxor $inpperm,$inpperm,$tmp
-+ vperm $tweak,$tweak,$inptail,$inpperm
-+
-+ neg r11,$inp
-+ lvsr $inpperm,0,r11 # prepare for unaligned load
-+ lvx $inout,0,$inp
-+ addi $inp,$inp,15 # 15 is not typo
-+ le?vxor $inpperm,$inpperm,$tmp
-+
-+ ${UCMP}i $key2,0 # key2==NULL?
-+ beq Lxts_dec_no_key2
-+
-+ ?lvsl $keyperm,0,$key2 # prepare for unaligned key
-+ lwz $rounds,240($key2)
-+ srwi $rounds,$rounds,1
-+ subi $rounds,$rounds,1
-+ li $idx,16
-+
-+ lvx $rndkey0,0,$key2
-+ lvx $rndkey1,$idx,$key2
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $tweak,$tweak,$rndkey0
-+ lvx $rndkey0,$idx,$key2
-+ addi $idx,$idx,16
-+ mtctr $rounds
-+
-+Ltweak_xts_dec:
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vcipher $tweak,$tweak,$rndkey1
-+ lvx $rndkey1,$idx,$key2
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vcipher $tweak,$tweak,$rndkey0
-+ lvx $rndkey0,$idx,$key2
-+ addi $idx,$idx,16
-+ bdnz Ltweak_xts_dec
-+
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vcipher $tweak,$tweak,$rndkey1
-+ lvx $rndkey1,$idx,$key2
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vcipherlast $tweak,$tweak,$rndkey0
-+
-+ li $ivp,0 # don't chain the tweak
-+ b Lxts_dec
-+
-+Lxts_dec_no_key2:
-+ neg $idx,$len
-+ andi. $idx,$idx,15
-+ add $len,$len,$idx # in "tweak chaining"
-+ # mode only complete
-+ # blocks are processed
-+Lxts_dec:
-+ lvx $inptail,0,$inp
-+ addi $inp,$inp,16
-+
-+ ?lvsl $keyperm,0,$key1 # prepare for unaligned key
-+ lwz $rounds,240($key1)
-+ srwi $rounds,$rounds,1
-+ subi $rounds,$rounds,1
-+ li $idx,16
-+
-+ vslb $eighty7,$seven,$seven # 0x808080..80
-+ vor $eighty7,$eighty7,$seven # 0x878787..87
-+ vspltisb $tmp,1 # 0x010101..01
-+ vsldoi $eighty7,$eighty7,$tmp,15 # 0x870101..01
-+
-+ ${UCMP}i $len,96
-+ bge _aesp8_xts_decrypt6x
-+
-+ lvx $rndkey0,0,$key1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+ vperm $inout,$inout,$inptail,$inpperm
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $inout,$inout,$tweak
-+ vxor $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+ mtctr $rounds
-+
-+ ${UCMP}i $len,16
-+ blt Ltail_xts_dec
-+ be?b Loop_xts_dec
-+
-+.align 5
-+Loop_xts_dec:
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vncipher $inout,$inout,$rndkey1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vncipher $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+ bdnz Loop_xts_dec
-+
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vncipher $inout,$inout,$rndkey1
-+ lvx $rndkey1,$idx,$key1
-+ li $idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $rndkey0,$rndkey0,$tweak
-+ vncipherlast $output,$inout,$rndkey0
-+
-+ le?vperm $tmp,$output,$output,$leperm
-+ be?nop
-+ le?stvx_u $tmp,0,$out
-+ be?stvx_u $output,0,$out
-+ addi $out,$out,16
-+
-+ subic. $len,$len,16
-+ beq Lxts_dec_done
-+
-+ vmr $inout,$inptail
-+ lvx $inptail,0,$inp
-+ addi $inp,$inp,16
-+ lvx $rndkey0,0,$key1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $tweak,$tweak,$tmp
-+
-+ vperm $inout,$inout,$inptail,$inpperm
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $inout,$inout,$tweak
-+ vxor $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+
-+ mtctr $rounds
-+ ${UCMP}i $len,16
-+ bge Loop_xts_dec
-+
-+Ltail_xts_dec:
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak1,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $tweak1,$tweak1,$tmp
-+
-+ subi $inp,$inp,16
-+ add $inp,$inp,$len
-+
-+ vxor $inout,$inout,$tweak # :-(
-+ vxor $inout,$inout,$tweak1 # :-)
-+
-+Loop_xts_dec_short:
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vncipher $inout,$inout,$rndkey1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vncipher $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+ bdnz Loop_xts_dec_short
-+
-+ ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm
-+ vncipher $inout,$inout,$rndkey1
-+ lvx $rndkey1,$idx,$key1
-+ li $idx,16
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+ vxor $rndkey0,$rndkey0,$tweak1
-+ vncipherlast $output,$inout,$rndkey0
-+
-+ le?vperm $tmp,$output,$output,$leperm
-+ be?nop
-+ le?stvx_u $tmp,0,$out
-+ be?stvx_u $output,0,$out
-+
-+ vmr $inout,$inptail
-+ lvx $inptail,0,$inp
-+ #addi $inp,$inp,16
-+ lvx $rndkey0,0,$key1
-+ lvx $rndkey1,$idx,$key1
-+ addi $idx,$idx,16
-+ vperm $inout,$inout,$inptail,$inpperm
-+ ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm
-+
-+ lvsr $inpperm,0,$len # $inpperm is no longer needed
-+ vxor $inptail,$inptail,$inptail # $inptail is no longer needed
-+ vspltisb $tmp,-1
-+ vperm $inptail,$inptail,$tmp,$inpperm
-+ vsel $inout,$inout,$output,$inptail
-+
-+ vxor $rndkey0,$rndkey0,$tweak
-+ vxor $inout,$inout,$rndkey0
-+ lvx $rndkey0,$idx,$key1
-+ addi $idx,$idx,16
-+
-+ subi r11,$out,1
-+ mtctr $len
-+ li $len,16
-+Loop_xts_dec_steal:
-+ lbzu r0,1(r11)
-+ stb r0,16(r11)
-+ bdnz Loop_xts_dec_steal
-+
-+ mtctr $rounds
-+ b Loop_xts_dec # one more time...
-+
-+Lxts_dec_done:
-+ ${UCMP}i $ivp,0
-+ beq Lxts_dec_ret
-+
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $tweak,$tweak,$tmp
-+
-+ le?vperm $tweak,$tweak,$tweak,$leperm
-+ stvx_u $tweak,0,$ivp
-+
-+Lxts_dec_ret:
-+ mtspr 256,r12 # restore vrsave
-+ li r3,0
-+ blr
-+ .long 0
-+ .byte 0,12,0x04,0,0x80,6,6,0
-+ .long 0
-+.size .${prefix}_xts_decrypt,.-.${prefix}_xts_decrypt
-+___
-+#########################################################################
-+{{ # Optimized XTS procedures #
-+my $key_=$key2;
-+my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
-+ $x00=0 if ($flavour =~ /osx/);
-+my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5));
-+my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
-+my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
-+my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys
-+ # v26-v31 last 6 round keys
-+my ($keyperm)=($out0); # aliases with "caller", redundant assignment
-+my $taillen=$x70;
-+
-+$code.=<<___;
-+.align 5
-+_aesp8_xts_encrypt6x:
-+ $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
-+ mflr r11
-+ li r7,`$FRAME+8*16+15`
-+ li r3,`$FRAME+8*16+31`
-+ $PUSH r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
-+ stvx v20,r7,$sp # ABI says so
-+ addi r7,r7,32
-+ stvx v21,r3,$sp
-+ addi r3,r3,32
-+ stvx v22,r7,$sp
-+ addi r7,r7,32
-+ stvx v23,r3,$sp
-+ addi r3,r3,32
-+ stvx v24,r7,$sp
-+ addi r7,r7,32
-+ stvx v25,r3,$sp
-+ addi r3,r3,32
-+ stvx v26,r7,$sp
-+ addi r7,r7,32
-+ stvx v27,r3,$sp
-+ addi r3,r3,32
-+ stvx v28,r7,$sp
-+ addi r7,r7,32
-+ stvx v29,r3,$sp
-+ addi r3,r3,32
-+ stvx v30,r7,$sp
-+ stvx v31,r3,$sp
-+ li r0,-1
-+ stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave
-+ li $x10,0x10
-+ $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp)
-+ li $x20,0x20
-+ $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp)
-+ li $x30,0x30
-+ $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp)
-+ li $x40,0x40
-+ $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp)
-+ li $x50,0x50
-+ $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp)
-+ li $x60,0x60
-+ $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp)
-+ li $x70,0x70
-+ mtspr 256,r0
-+
-+ subi $rounds,$rounds,3 # -4 in total
-+
-+ lvx $rndkey0,$x00,$key1 # load key schedule
-+ lvx v30,$x10,$key1
-+ addi $key1,$key1,0x20
-+ lvx v31,$x00,$key1
-+ ?vperm $rndkey0,$rndkey0,v30,$keyperm
-+ addi $key_,$sp,$FRAME+15
-+ mtctr $rounds
-+
-+Load_xts_enc_key:
-+ ?vperm v24,v30,v31,$keyperm
-+ lvx v30,$x10,$key1
-+ addi $key1,$key1,0x20
-+ stvx v24,$x00,$key_ # off-load round[1]
-+ ?vperm v25,v31,v30,$keyperm
-+ lvx v31,$x00,$key1
-+ stvx v25,$x10,$key_ # off-load round[2]
-+ addi $key_,$key_,0x20
-+ bdnz Load_xts_enc_key
-+
-+ lvx v26,$x10,$key1
-+ ?vperm v24,v30,v31,$keyperm
-+ lvx v27,$x20,$key1
-+ stvx v24,$x00,$key_ # off-load round[3]
-+ ?vperm v25,v31,v26,$keyperm
-+ lvx v28,$x30,$key1
-+ stvx v25,$x10,$key_ # off-load round[4]
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ ?vperm v26,v26,v27,$keyperm
-+ lvx v29,$x40,$key1
-+ ?vperm v27,v27,v28,$keyperm
-+ lvx v30,$x50,$key1
-+ ?vperm v28,v28,v29,$keyperm
-+ lvx v31,$x60,$key1
-+ ?vperm v29,v29,v30,$keyperm
-+ lvx $twk5,$x70,$key1 # borrow $twk5
-+ ?vperm v30,v30,v31,$keyperm
-+ lvx v24,$x00,$key_ # pre-load round[1]
-+ ?vperm v31,v31,$twk5,$keyperm
-+ lvx v25,$x10,$key_ # pre-load round[2]
-+
-+ vperm $in0,$inout,$inptail,$inpperm
-+ subi $inp,$inp,31 # undo "caller"
-+ vxor $twk0,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out0,$in0,$twk0
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in1,$x10,$inp
-+ vxor $twk1,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in1,$in1,$in1,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out1,$in1,$twk1
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in2,$x20,$inp
-+ andi. $taillen,$len,15
-+ vxor $twk2,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in2,$in2,$in2,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out2,$in2,$twk2
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in3,$x30,$inp
-+ sub $len,$len,$taillen
-+ vxor $twk3,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in3,$in3,$in3,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out3,$in3,$twk3
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in4,$x40,$inp
-+ subi $len,$len,0x60
-+ vxor $twk4,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in4,$in4,$in4,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out4,$in4,$twk4
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in5,$x50,$inp
-+ addi $inp,$inp,0x60
-+ vxor $twk5,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in5,$in5,$in5,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out5,$in5,$twk5
-+ vxor $tweak,$tweak,$tmp
-+
-+ vxor v31,v31,$rndkey0
-+ mtctr $rounds
-+ b Loop_xts_enc6x
-+
-+.align 5
-+Loop_xts_enc6x:
-+ vcipher $out0,$out0,v24
-+ vcipher $out1,$out1,v24
-+ vcipher $out2,$out2,v24
-+ vcipher $out3,$out3,v24
-+ vcipher $out4,$out4,v24
-+ vcipher $out5,$out5,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vcipher $out0,$out0,v25
-+ vcipher $out1,$out1,v25
-+ vcipher $out2,$out2,v25
-+ vcipher $out3,$out3,v25
-+ vcipher $out4,$out4,v25
-+ vcipher $out5,$out5,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz Loop_xts_enc6x
-+
-+ subic $len,$len,96 # $len-=96
-+ vxor $in0,$twk0,v31 # xor with last round key
-+ vcipher $out0,$out0,v24
-+ vcipher $out1,$out1,v24
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk0,$tweak,$rndkey0
-+ vaddubm $tweak,$tweak,$tweak
-+ vcipher $out2,$out2,v24
-+ vcipher $out3,$out3,v24
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vcipher $out4,$out4,v24
-+ vcipher $out5,$out5,v24
-+
-+ subfe. r0,r0,r0 # borrow?-1:0
-+ vand $tmp,$tmp,$eighty7
-+ vcipher $out0,$out0,v25
-+ vcipher $out1,$out1,v25
-+ vxor $tweak,$tweak,$tmp
-+ vcipher $out2,$out2,v25
-+ vcipher $out3,$out3,v25
-+ vxor $in1,$twk1,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk1,$tweak,$rndkey0
-+ vcipher $out4,$out4,v25
-+ vcipher $out5,$out5,v25
-+
-+ and r0,r0,$len
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vcipher $out0,$out0,v26
-+ vcipher $out1,$out1,v26
-+ vand $tmp,$tmp,$eighty7
-+ vcipher $out2,$out2,v26
-+ vcipher $out3,$out3,v26
-+ vxor $tweak,$tweak,$tmp
-+ vcipher $out4,$out4,v26
-+ vcipher $out5,$out5,v26
-+
-+ add $inp,$inp,r0 # $inp is adjusted in such
-+ # way that at exit from the
-+ # loop inX-in5 are loaded
-+ # with last "words"
-+ vxor $in2,$twk2,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk2,$tweak,$rndkey0
-+ vaddubm $tweak,$tweak,$tweak
-+ vcipher $out0,$out0,v27
-+ vcipher $out1,$out1,v27
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vcipher $out2,$out2,v27
-+ vcipher $out3,$out3,v27
-+ vand $tmp,$tmp,$eighty7
-+ vcipher $out4,$out4,v27
-+ vcipher $out5,$out5,v27
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vxor $tweak,$tweak,$tmp
-+ vcipher $out0,$out0,v28
-+ vcipher $out1,$out1,v28
-+ vxor $in3,$twk3,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk3,$tweak,$rndkey0
-+ vcipher $out2,$out2,v28
-+ vcipher $out3,$out3,v28
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vcipher $out4,$out4,v28
-+ vcipher $out5,$out5,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+ vand $tmp,$tmp,$eighty7
-+
-+ vcipher $out0,$out0,v29
-+ vcipher $out1,$out1,v29
-+ vxor $tweak,$tweak,$tmp
-+ vcipher $out2,$out2,v29
-+ vcipher $out3,$out3,v29
-+ vxor $in4,$twk4,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk4,$tweak,$rndkey0
-+ vcipher $out4,$out4,v29
-+ vcipher $out5,$out5,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+
-+ vcipher $out0,$out0,v30
-+ vcipher $out1,$out1,v30
-+ vand $tmp,$tmp,$eighty7
-+ vcipher $out2,$out2,v30
-+ vcipher $out3,$out3,v30
-+ vxor $tweak,$tweak,$tmp
-+ vcipher $out4,$out4,v30
-+ vcipher $out5,$out5,v30
-+ vxor $in5,$twk5,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk5,$tweak,$rndkey0
-+
-+ vcipherlast $out0,$out0,$in0
-+ lvx_u $in0,$x00,$inp # load next input block
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vcipherlast $out1,$out1,$in1
-+ lvx_u $in1,$x10,$inp
-+ vcipherlast $out2,$out2,$in2
-+ le?vperm $in0,$in0,$in0,$leperm
-+ lvx_u $in2,$x20,$inp
-+ vand $tmp,$tmp,$eighty7
-+ vcipherlast $out3,$out3,$in3
-+ le?vperm $in1,$in1,$in1,$leperm
-+ lvx_u $in3,$x30,$inp
-+ vcipherlast $out4,$out4,$in4
-+ le?vperm $in2,$in2,$in2,$leperm
-+ lvx_u $in4,$x40,$inp
-+ vxor $tweak,$tweak,$tmp
-+ vcipherlast $tmp,$out5,$in5 # last block might be needed
-+ # in stealing mode
-+ le?vperm $in3,$in3,$in3,$leperm
-+ lvx_u $in5,$x50,$inp
-+ addi $inp,$inp,0x60
-+ le?vperm $in4,$in4,$in4,$leperm
-+ le?vperm $in5,$in5,$in5,$leperm
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $out0,$in0,$twk0
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ vxor $out1,$in1,$twk1
-+ le?vperm $out3,$out3,$out3,$leperm
-+ stvx_u $out2,$x20,$out
-+ vxor $out2,$in2,$twk2
-+ le?vperm $out4,$out4,$out4,$leperm
-+ stvx_u $out3,$x30,$out
-+ vxor $out3,$in3,$twk3
-+ le?vperm $out5,$tmp,$tmp,$leperm
-+ stvx_u $out4,$x40,$out
-+ vxor $out4,$in4,$twk4
-+ le?stvx_u $out5,$x50,$out
-+ be?stvx_u $tmp, $x50,$out
-+ vxor $out5,$in5,$twk5
-+ addi $out,$out,0x60
-+
-+ mtctr $rounds
-+ beq Loop_xts_enc6x # did $len-=96 borrow?
-+
-+ addic. $len,$len,0x60
-+ beq Lxts_enc6x_zero
-+ cmpwi $len,0x20
-+ blt Lxts_enc6x_one
-+ nop
-+ beq Lxts_enc6x_two
-+ cmpwi $len,0x40
-+ blt Lxts_enc6x_three
-+ nop
-+ beq Lxts_enc6x_four
-+
-+Lxts_enc6x_five:
-+ vxor $out0,$in1,$twk0
-+ vxor $out1,$in2,$twk1
-+ vxor $out2,$in3,$twk2
-+ vxor $out3,$in4,$twk3
-+ vxor $out4,$in5,$twk4
-+
-+ bl _aesp8_xts_enc5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk5 # unused tweak
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ le?vperm $out3,$out3,$out3,$leperm
-+ stvx_u $out2,$x20,$out
-+ vxor $tmp,$out4,$twk5 # last block prep for stealing
-+ le?vperm $out4,$out4,$out4,$leperm
-+ stvx_u $out3,$x30,$out
-+ stvx_u $out4,$x40,$out
-+ addi $out,$out,0x50
-+ bne Lxts_enc6x_steal
-+ b Lxts_enc6x_done
-+
-+.align 4
-+Lxts_enc6x_four:
-+ vxor $out0,$in2,$twk0
-+ vxor $out1,$in3,$twk1
-+ vxor $out2,$in4,$twk2
-+ vxor $out3,$in5,$twk3
-+ vxor $out4,$out4,$out4
-+
-+ bl _aesp8_xts_enc5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk4 # unused tweak
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ vxor $tmp,$out3,$twk4 # last block prep for stealing
-+ le?vperm $out3,$out3,$out3,$leperm
-+ stvx_u $out2,$x20,$out
-+ stvx_u $out3,$x30,$out
-+ addi $out,$out,0x40
-+ bne Lxts_enc6x_steal
-+ b Lxts_enc6x_done
-+
-+.align 4
-+Lxts_enc6x_three:
-+ vxor $out0,$in3,$twk0
-+ vxor $out1,$in4,$twk1
-+ vxor $out2,$in5,$twk2
-+ vxor $out3,$out3,$out3
-+ vxor $out4,$out4,$out4
-+
-+ bl _aesp8_xts_enc5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk3 # unused tweak
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $tmp,$out2,$twk3 # last block prep for stealing
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ stvx_u $out2,$x20,$out
-+ addi $out,$out,0x30
-+ bne Lxts_enc6x_steal
-+ b Lxts_enc6x_done
-+
-+.align 4
-+Lxts_enc6x_two:
-+ vxor $out0,$in4,$twk0
-+ vxor $out1,$in5,$twk1
-+ vxor $out2,$out2,$out2
-+ vxor $out3,$out3,$out3
-+ vxor $out4,$out4,$out4
-+
-+ bl _aesp8_xts_enc5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk2 # unused tweak
-+ vxor $tmp,$out1,$twk2 # last block prep for stealing
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ stvx_u $out1,$x10,$out
-+ addi $out,$out,0x20
-+ bne Lxts_enc6x_steal
-+ b Lxts_enc6x_done
-+
-+.align 4
-+Lxts_enc6x_one:
-+ vxor $out0,$in5,$twk0
-+ nop
-+Loop_xts_enc1x:
-+ vcipher $out0,$out0,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vcipher $out0,$out0,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz Loop_xts_enc1x
-+
-+ add $inp,$inp,$taillen
-+ cmpwi $taillen,0
-+ vcipher $out0,$out0,v24
-+
-+ subi $inp,$inp,16
-+ vcipher $out0,$out0,v25
-+
-+ lvsr $inpperm,0,$taillen
-+ vcipher $out0,$out0,v26
-+
-+ lvx_u $in0,0,$inp
-+ vcipher $out0,$out0,v27
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vcipher $out0,$out0,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+
-+ vcipher $out0,$out0,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vxor $twk0,$twk0,v31
-+
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vcipher $out0,$out0,v30
-+
-+ vperm $in0,$in0,$in0,$inpperm
-+ vcipherlast $out0,$out0,$twk0
-+
-+ vmr $twk0,$twk1 # unused tweak
-+ vxor $tmp,$out0,$twk1 # last block prep for stealing
-+ le?vperm $out0,$out0,$out0,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ addi $out,$out,0x10
-+ bne Lxts_enc6x_steal
-+ b Lxts_enc6x_done
-+
-+.align 4
-+Lxts_enc6x_zero:
-+ cmpwi $taillen,0
-+ beq Lxts_enc6x_done
-+
-+ add $inp,$inp,$taillen
-+ subi $inp,$inp,16
-+ lvx_u $in0,0,$inp
-+ lvsr $inpperm,0,$taillen # $in5 is no more
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vperm $in0,$in0,$in0,$inpperm
-+ vxor $tmp,$tmp,$twk0
-+Lxts_enc6x_steal:
-+ vxor $in0,$in0,$twk0
-+ vxor $out0,$out0,$out0
-+ vspltisb $out1,-1
-+ vperm $out0,$out0,$out1,$inpperm
-+ vsel $out0,$in0,$tmp,$out0 # $tmp is last block, remember?
-+
-+ subi r30,$out,17
-+ subi $out,$out,16
-+ mtctr $taillen
-+Loop_xts_enc6x_steal:
-+ lbzu r0,1(r30)
-+ stb r0,16(r30)
-+ bdnz Loop_xts_enc6x_steal
-+
-+ li $taillen,0
-+ mtctr $rounds
-+ b Loop_xts_enc1x # one more time...
-+
-+.align 4
-+Lxts_enc6x_done:
-+ ${UCMP}i $ivp,0
-+ beq Lxts_enc6x_ret
-+
-+ vxor $tweak,$twk0,$rndkey0
-+ le?vperm $tweak,$tweak,$tweak,$leperm
-+ stvx_u $tweak,0,$ivp
-+
-+Lxts_enc6x_ret:
-+ mtlr r11
-+ li r10,`$FRAME+15`
-+ li r11,`$FRAME+31`
-+ stvx $seven,r10,$sp # wipe copies of round keys
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+ stvx $seven,r10,$sp
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+ stvx $seven,r10,$sp
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+ stvx $seven,r10,$sp
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+
-+ mtspr 256,$vrsave
-+ lvx v20,r10,$sp # ABI says so
-+ addi r10,r10,32
-+ lvx v21,r11,$sp
-+ addi r11,r11,32
-+ lvx v22,r10,$sp
-+ addi r10,r10,32
-+ lvx v23,r11,$sp
-+ addi r11,r11,32
-+ lvx v24,r10,$sp
-+ addi r10,r10,32
-+ lvx v25,r11,$sp
-+ addi r11,r11,32
-+ lvx v26,r10,$sp
-+ addi r10,r10,32
-+ lvx v27,r11,$sp
-+ addi r11,r11,32
-+ lvx v28,r10,$sp
-+ addi r10,r10,32
-+ lvx v29,r11,$sp
-+ addi r11,r11,32
-+ lvx v30,r10,$sp
-+ lvx v31,r11,$sp
-+ $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp)
-+ $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp)
-+ $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp)
-+ $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp)
-+ $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp)
-+ $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp)
-+ addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T`
-+ blr
-+ .long 0
-+ .byte 0,12,0x04,1,0x80,6,6,0
-+ .long 0
-+
-+.align 5
-+_aesp8_xts_enc5x:
-+ vcipher $out0,$out0,v24
-+ vcipher $out1,$out1,v24
-+ vcipher $out2,$out2,v24
-+ vcipher $out3,$out3,v24
-+ vcipher $out4,$out4,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vcipher $out0,$out0,v25
-+ vcipher $out1,$out1,v25
-+ vcipher $out2,$out2,v25
-+ vcipher $out3,$out3,v25
-+ vcipher $out4,$out4,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz _aesp8_xts_enc5x
-+
-+ add $inp,$inp,$taillen
-+ cmpwi $taillen,0
-+ vcipher $out0,$out0,v24
-+ vcipher $out1,$out1,v24
-+ vcipher $out2,$out2,v24
-+ vcipher $out3,$out3,v24
-+ vcipher $out4,$out4,v24
-+
-+ subi $inp,$inp,16
-+ vcipher $out0,$out0,v25
-+ vcipher $out1,$out1,v25
-+ vcipher $out2,$out2,v25
-+ vcipher $out3,$out3,v25
-+ vcipher $out4,$out4,v25
-+ vxor $twk0,$twk0,v31
-+
-+ vcipher $out0,$out0,v26
-+ lvsr $inpperm,r0,$taillen # $in5 is no more
-+ vcipher $out1,$out1,v26
-+ vcipher $out2,$out2,v26
-+ vcipher $out3,$out3,v26
-+ vcipher $out4,$out4,v26
-+ vxor $in1,$twk1,v31
-+
-+ vcipher $out0,$out0,v27
-+ lvx_u $in0,0,$inp
-+ vcipher $out1,$out1,v27
-+ vcipher $out2,$out2,v27
-+ vcipher $out3,$out3,v27
-+ vcipher $out4,$out4,v27
-+ vxor $in2,$twk2,v31
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vcipher $out0,$out0,v28
-+ vcipher $out1,$out1,v28
-+ vcipher $out2,$out2,v28
-+ vcipher $out3,$out3,v28
-+ vcipher $out4,$out4,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+ vxor $in3,$twk3,v31
-+
-+ vcipher $out0,$out0,v29
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vcipher $out1,$out1,v29
-+ vcipher $out2,$out2,v29
-+ vcipher $out3,$out3,v29
-+ vcipher $out4,$out4,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vxor $in4,$twk4,v31
-+
-+ vcipher $out0,$out0,v30
-+ vperm $in0,$in0,$in0,$inpperm
-+ vcipher $out1,$out1,v30
-+ vcipher $out2,$out2,v30
-+ vcipher $out3,$out3,v30
-+ vcipher $out4,$out4,v30
-+
-+ vcipherlast $out0,$out0,$twk0
-+ vcipherlast $out1,$out1,$in1
-+ vcipherlast $out2,$out2,$in2
-+ vcipherlast $out3,$out3,$in3
-+ vcipherlast $out4,$out4,$in4
-+ blr
-+ .long 0
-+ .byte 0,12,0x14,0,0,0,0,0
-+
-+.align 5
-+_aesp8_xts_decrypt6x:
-+ $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp)
-+ mflr r11
-+ li r7,`$FRAME+8*16+15`
-+ li r3,`$FRAME+8*16+31`
-+ $PUSH r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp)
-+ stvx v20,r7,$sp # ABI says so
-+ addi r7,r7,32
-+ stvx v21,r3,$sp
-+ addi r3,r3,32
-+ stvx v22,r7,$sp
-+ addi r7,r7,32
-+ stvx v23,r3,$sp
-+ addi r3,r3,32
-+ stvx v24,r7,$sp
-+ addi r7,r7,32
-+ stvx v25,r3,$sp
-+ addi r3,r3,32
-+ stvx v26,r7,$sp
-+ addi r7,r7,32
-+ stvx v27,r3,$sp
-+ addi r3,r3,32
-+ stvx v28,r7,$sp
-+ addi r7,r7,32
-+ stvx v29,r3,$sp
-+ addi r3,r3,32
-+ stvx v30,r7,$sp
-+ stvx v31,r3,$sp
-+ li r0,-1
-+ stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave
-+ li $x10,0x10
-+ $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp)
-+ li $x20,0x20
-+ $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp)
-+ li $x30,0x30
-+ $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp)
-+ li $x40,0x40
-+ $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp)
-+ li $x50,0x50
-+ $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp)
-+ li $x60,0x60
-+ $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp)
-+ li $x70,0x70
-+ mtspr 256,r0
-+
-+ subi $rounds,$rounds,3 # -4 in total
-+
-+ lvx $rndkey0,$x00,$key1 # load key schedule
-+ lvx v30,$x10,$key1
-+ addi $key1,$key1,0x20
-+ lvx v31,$x00,$key1
-+ ?vperm $rndkey0,$rndkey0,v30,$keyperm
-+ addi $key_,$sp,$FRAME+15
-+ mtctr $rounds
-+
-+Load_xts_dec_key:
-+ ?vperm v24,v30,v31,$keyperm
-+ lvx v30,$x10,$key1
-+ addi $key1,$key1,0x20
-+ stvx v24,$x00,$key_ # off-load round[1]
-+ ?vperm v25,v31,v30,$keyperm
-+ lvx v31,$x00,$key1
-+ stvx v25,$x10,$key_ # off-load round[2]
-+ addi $key_,$key_,0x20
-+ bdnz Load_xts_dec_key
-+
-+ lvx v26,$x10,$key1
-+ ?vperm v24,v30,v31,$keyperm
-+ lvx v27,$x20,$key1
-+ stvx v24,$x00,$key_ # off-load round[3]
-+ ?vperm v25,v31,v26,$keyperm
-+ lvx v28,$x30,$key1
-+ stvx v25,$x10,$key_ # off-load round[4]
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ ?vperm v26,v26,v27,$keyperm
-+ lvx v29,$x40,$key1
-+ ?vperm v27,v27,v28,$keyperm
-+ lvx v30,$x50,$key1
-+ ?vperm v28,v28,v29,$keyperm
-+ lvx v31,$x60,$key1
-+ ?vperm v29,v29,v30,$keyperm
-+ lvx $twk5,$x70,$key1 # borrow $twk5
-+ ?vperm v30,v30,v31,$keyperm
-+ lvx v24,$x00,$key_ # pre-load round[1]
-+ ?vperm v31,v31,$twk5,$keyperm
-+ lvx v25,$x10,$key_ # pre-load round[2]
-+
-+ vperm $in0,$inout,$inptail,$inpperm
-+ subi $inp,$inp,31 # undo "caller"
-+ vxor $twk0,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out0,$in0,$twk0
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in1,$x10,$inp
-+ vxor $twk1,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in1,$in1,$in1,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out1,$in1,$twk1
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in2,$x20,$inp
-+ andi. $taillen,$len,15
-+ vxor $twk2,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in2,$in2,$in2,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out2,$in2,$twk2
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in3,$x30,$inp
-+ sub $len,$len,$taillen
-+ vxor $twk3,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in3,$in3,$in3,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out3,$in3,$twk3
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in4,$x40,$inp
-+ subi $len,$len,0x60
-+ vxor $twk4,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in4,$in4,$in4,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out4,$in4,$twk4
-+ vxor $tweak,$tweak,$tmp
-+
-+ lvx_u $in5,$x50,$inp
-+ addi $inp,$inp,0x60
-+ vxor $twk5,$tweak,$rndkey0
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ le?vperm $in5,$in5,$in5,$leperm
-+ vand $tmp,$tmp,$eighty7
-+ vxor $out5,$in5,$twk5
-+ vxor $tweak,$tweak,$tmp
-+
-+ vxor v31,v31,$rndkey0
-+ mtctr $rounds
-+ b Loop_xts_dec6x
-+
-+.align 5
-+Loop_xts_dec6x:
-+ vncipher $out0,$out0,v24
-+ vncipher $out1,$out1,v24
-+ vncipher $out2,$out2,v24
-+ vncipher $out3,$out3,v24
-+ vncipher $out4,$out4,v24
-+ vncipher $out5,$out5,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vncipher $out0,$out0,v25
-+ vncipher $out1,$out1,v25
-+ vncipher $out2,$out2,v25
-+ vncipher $out3,$out3,v25
-+ vncipher $out4,$out4,v25
-+ vncipher $out5,$out5,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz Loop_xts_dec6x
-+
-+ subic $len,$len,96 # $len-=96
-+ vxor $in0,$twk0,v31 # xor with last round key
-+ vncipher $out0,$out0,v24
-+ vncipher $out1,$out1,v24
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk0,$tweak,$rndkey0
-+ vaddubm $tweak,$tweak,$tweak
-+ vncipher $out2,$out2,v24
-+ vncipher $out3,$out3,v24
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vncipher $out4,$out4,v24
-+ vncipher $out5,$out5,v24
-+
-+ subfe. r0,r0,r0 # borrow?-1:0
-+ vand $tmp,$tmp,$eighty7
-+ vncipher $out0,$out0,v25
-+ vncipher $out1,$out1,v25
-+ vxor $tweak,$tweak,$tmp
-+ vncipher $out2,$out2,v25
-+ vncipher $out3,$out3,v25
-+ vxor $in1,$twk1,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk1,$tweak,$rndkey0
-+ vncipher $out4,$out4,v25
-+ vncipher $out5,$out5,v25
-+
-+ and r0,r0,$len
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vncipher $out0,$out0,v26
-+ vncipher $out1,$out1,v26
-+ vand $tmp,$tmp,$eighty7
-+ vncipher $out2,$out2,v26
-+ vncipher $out3,$out3,v26
-+ vxor $tweak,$tweak,$tmp
-+ vncipher $out4,$out4,v26
-+ vncipher $out5,$out5,v26
-+
-+ add $inp,$inp,r0 # $inp is adjusted in such
-+ # way that at exit from the
-+ # loop inX-in5 are loaded
-+ # with last "words"
-+ vxor $in2,$twk2,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk2,$tweak,$rndkey0
-+ vaddubm $tweak,$tweak,$tweak
-+ vncipher $out0,$out0,v27
-+ vncipher $out1,$out1,v27
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vncipher $out2,$out2,v27
-+ vncipher $out3,$out3,v27
-+ vand $tmp,$tmp,$eighty7
-+ vncipher $out4,$out4,v27
-+ vncipher $out5,$out5,v27
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vxor $tweak,$tweak,$tmp
-+ vncipher $out0,$out0,v28
-+ vncipher $out1,$out1,v28
-+ vxor $in3,$twk3,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk3,$tweak,$rndkey0
-+ vncipher $out2,$out2,v28
-+ vncipher $out3,$out3,v28
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vncipher $out4,$out4,v28
-+ vncipher $out5,$out5,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+ vand $tmp,$tmp,$eighty7
-+
-+ vncipher $out0,$out0,v29
-+ vncipher $out1,$out1,v29
-+ vxor $tweak,$tweak,$tmp
-+ vncipher $out2,$out2,v29
-+ vncipher $out3,$out3,v29
-+ vxor $in4,$twk4,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk4,$tweak,$rndkey0
-+ vncipher $out4,$out4,v29
-+ vncipher $out5,$out5,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+
-+ vncipher $out0,$out0,v30
-+ vncipher $out1,$out1,v30
-+ vand $tmp,$tmp,$eighty7
-+ vncipher $out2,$out2,v30
-+ vncipher $out3,$out3,v30
-+ vxor $tweak,$tweak,$tmp
-+ vncipher $out4,$out4,v30
-+ vncipher $out5,$out5,v30
-+ vxor $in5,$twk5,v31
-+ vsrab $tmp,$tweak,$seven # next tweak value
-+ vxor $twk5,$tweak,$rndkey0
-+
-+ vncipherlast $out0,$out0,$in0
-+ lvx_u $in0,$x00,$inp # load next input block
-+ vaddubm $tweak,$tweak,$tweak
-+ vsldoi $tmp,$tmp,$tmp,15
-+ vncipherlast $out1,$out1,$in1
-+ lvx_u $in1,$x10,$inp
-+ vncipherlast $out2,$out2,$in2
-+ le?vperm $in0,$in0,$in0,$leperm
-+ lvx_u $in2,$x20,$inp
-+ vand $tmp,$tmp,$eighty7
-+ vncipherlast $out3,$out3,$in3
-+ le?vperm $in1,$in1,$in1,$leperm
-+ lvx_u $in3,$x30,$inp
-+ vncipherlast $out4,$out4,$in4
-+ le?vperm $in2,$in2,$in2,$leperm
-+ lvx_u $in4,$x40,$inp
-+ vxor $tweak,$tweak,$tmp
-+ vncipherlast $out5,$out5,$in5
-+ le?vperm $in3,$in3,$in3,$leperm
-+ lvx_u $in5,$x50,$inp
-+ addi $inp,$inp,0x60
-+ le?vperm $in4,$in4,$in4,$leperm
-+ le?vperm $in5,$in5,$in5,$leperm
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $out0,$in0,$twk0
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ vxor $out1,$in1,$twk1
-+ le?vperm $out3,$out3,$out3,$leperm
-+ stvx_u $out2,$x20,$out
-+ vxor $out2,$in2,$twk2
-+ le?vperm $out4,$out4,$out4,$leperm
-+ stvx_u $out3,$x30,$out
-+ vxor $out3,$in3,$twk3
-+ le?vperm $out5,$out5,$out5,$leperm
-+ stvx_u $out4,$x40,$out
-+ vxor $out4,$in4,$twk4
-+ stvx_u $out5,$x50,$out
-+ vxor $out5,$in5,$twk5
-+ addi $out,$out,0x60
-+
-+ mtctr $rounds
-+ beq Loop_xts_dec6x # did $len-=96 borrow?
-+
-+ addic. $len,$len,0x60
-+ beq Lxts_dec6x_zero
-+ cmpwi $len,0x20
-+ blt Lxts_dec6x_one
-+ nop
-+ beq Lxts_dec6x_two
-+ cmpwi $len,0x40
-+ blt Lxts_dec6x_three
-+ nop
-+ beq Lxts_dec6x_four
-+
-+Lxts_dec6x_five:
-+ vxor $out0,$in1,$twk0
-+ vxor $out1,$in2,$twk1
-+ vxor $out2,$in3,$twk2
-+ vxor $out3,$in4,$twk3
-+ vxor $out4,$in5,$twk4
-+
-+ bl _aesp8_xts_dec5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk5 # unused tweak
-+ vxor $twk1,$tweak,$rndkey0
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $out0,$in0,$twk1
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ le?vperm $out3,$out3,$out3,$leperm
-+ stvx_u $out2,$x20,$out
-+ le?vperm $out4,$out4,$out4,$leperm
-+ stvx_u $out3,$x30,$out
-+ stvx_u $out4,$x40,$out
-+ addi $out,$out,0x50
-+ bne Lxts_dec6x_steal
-+ b Lxts_dec6x_done
-+
-+.align 4
-+Lxts_dec6x_four:
-+ vxor $out0,$in2,$twk0
-+ vxor $out1,$in3,$twk1
-+ vxor $out2,$in4,$twk2
-+ vxor $out3,$in5,$twk3
-+ vxor $out4,$out4,$out4
-+
-+ bl _aesp8_xts_dec5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk4 # unused tweak
-+ vmr $twk1,$twk5
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $out0,$in0,$twk5
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ le?vperm $out3,$out3,$out3,$leperm
-+ stvx_u $out2,$x20,$out
-+ stvx_u $out3,$x30,$out
-+ addi $out,$out,0x40
-+ bne Lxts_dec6x_steal
-+ b Lxts_dec6x_done
-+
-+.align 4
-+Lxts_dec6x_three:
-+ vxor $out0,$in3,$twk0
-+ vxor $out1,$in4,$twk1
-+ vxor $out2,$in5,$twk2
-+ vxor $out3,$out3,$out3
-+ vxor $out4,$out4,$out4
-+
-+ bl _aesp8_xts_dec5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk3 # unused tweak
-+ vmr $twk1,$twk4
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $out0,$in0,$twk4
-+ le?vperm $out2,$out2,$out2,$leperm
-+ stvx_u $out1,$x10,$out
-+ stvx_u $out2,$x20,$out
-+ addi $out,$out,0x30
-+ bne Lxts_dec6x_steal
-+ b Lxts_dec6x_done
-+
-+.align 4
-+Lxts_dec6x_two:
-+ vxor $out0,$in4,$twk0
-+ vxor $out1,$in5,$twk1
-+ vxor $out2,$out2,$out2
-+ vxor $out3,$out3,$out3
-+ vxor $out4,$out4,$out4
-+
-+ bl _aesp8_xts_dec5x
-+
-+ le?vperm $out0,$out0,$out0,$leperm
-+ vmr $twk0,$twk2 # unused tweak
-+ vmr $twk1,$twk3
-+ le?vperm $out1,$out1,$out1,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ vxor $out0,$in0,$twk3
-+ stvx_u $out1,$x10,$out
-+ addi $out,$out,0x20
-+ bne Lxts_dec6x_steal
-+ b Lxts_dec6x_done
-+
-+.align 4
-+Lxts_dec6x_one:
-+ vxor $out0,$in5,$twk0
-+ nop
-+Loop_xts_dec1x:
-+ vncipher $out0,$out0,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vncipher $out0,$out0,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz Loop_xts_dec1x
-+
-+ subi r0,$taillen,1
-+ vncipher $out0,$out0,v24
-+
-+ andi. r0,r0,16
-+ cmpwi $taillen,0
-+ vncipher $out0,$out0,v25
-+
-+ sub $inp,$inp,r0
-+ vncipher $out0,$out0,v26
-+
-+ lvx_u $in0,0,$inp
-+ vncipher $out0,$out0,v27
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vncipher $out0,$out0,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+
-+ vncipher $out0,$out0,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vxor $twk0,$twk0,v31
-+
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vncipher $out0,$out0,v30
-+
-+ mtctr $rounds
-+ vncipherlast $out0,$out0,$twk0
-+
-+ vmr $twk0,$twk1 # unused tweak
-+ vmr $twk1,$twk2
-+ le?vperm $out0,$out0,$out0,$leperm
-+ stvx_u $out0,$x00,$out # store output
-+ addi $out,$out,0x10
-+ vxor $out0,$in0,$twk2
-+ bne Lxts_dec6x_steal
-+ b Lxts_dec6x_done
-+
-+.align 4
-+Lxts_dec6x_zero:
-+ cmpwi $taillen,0
-+ beq Lxts_dec6x_done
-+
-+ lvx_u $in0,0,$inp
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vxor $out0,$in0,$twk1
-+Lxts_dec6x_steal:
-+ vncipher $out0,$out0,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vncipher $out0,$out0,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz Lxts_dec6x_steal
-+
-+ add $inp,$inp,$taillen
-+ vncipher $out0,$out0,v24
-+
-+ cmpwi $taillen,0
-+ vncipher $out0,$out0,v25
-+
-+ lvx_u $in0,0,$inp
-+ vncipher $out0,$out0,v26
-+
-+ lvsr $inpperm,0,$taillen # $in5 is no more
-+ vncipher $out0,$out0,v27
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vncipher $out0,$out0,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+
-+ vncipher $out0,$out0,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vxor $twk1,$twk1,v31
-+
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vncipher $out0,$out0,v30
-+
-+ vperm $in0,$in0,$in0,$inpperm
-+ vncipherlast $tmp,$out0,$twk1
-+
-+ le?vperm $out0,$tmp,$tmp,$leperm
-+ le?stvx_u $out0,0,$out
-+ be?stvx_u $tmp,0,$out
-+
-+ vxor $out0,$out0,$out0
-+ vspltisb $out1,-1
-+ vperm $out0,$out0,$out1,$inpperm
-+ vsel $out0,$in0,$tmp,$out0
-+ vxor $out0,$out0,$twk0
-+
-+ subi r30,$out,1
-+ mtctr $taillen
-+Loop_xts_dec6x_steal:
-+ lbzu r0,1(r30)
-+ stb r0,16(r30)
-+ bdnz Loop_xts_dec6x_steal
-+
-+ li $taillen,0
-+ mtctr $rounds
-+ b Loop_xts_dec1x # one more time...
-+
-+.align 4
-+Lxts_dec6x_done:
-+ ${UCMP}i $ivp,0
-+ beq Lxts_dec6x_ret
-+
-+ vxor $tweak,$twk0,$rndkey0
-+ le?vperm $tweak,$tweak,$tweak,$leperm
-+ stvx_u $tweak,0,$ivp
-+
-+Lxts_dec6x_ret:
-+ mtlr r11
-+ li r10,`$FRAME+15`
-+ li r11,`$FRAME+31`
-+ stvx $seven,r10,$sp # wipe copies of round keys
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+ stvx $seven,r10,$sp
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+ stvx $seven,r10,$sp
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+ stvx $seven,r10,$sp
-+ addi r10,r10,32
-+ stvx $seven,r11,$sp
-+ addi r11,r11,32
-+
-+ mtspr 256,$vrsave
-+ lvx v20,r10,$sp # ABI says so
-+ addi r10,r10,32
-+ lvx v21,r11,$sp
-+ addi r11,r11,32
-+ lvx v22,r10,$sp
-+ addi r10,r10,32
-+ lvx v23,r11,$sp
-+ addi r11,r11,32
-+ lvx v24,r10,$sp
-+ addi r10,r10,32
-+ lvx v25,r11,$sp
-+ addi r11,r11,32
-+ lvx v26,r10,$sp
-+ addi r10,r10,32
-+ lvx v27,r11,$sp
-+ addi r11,r11,32
-+ lvx v28,r10,$sp
-+ addi r10,r10,32
-+ lvx v29,r11,$sp
-+ addi r11,r11,32
-+ lvx v30,r10,$sp
-+ lvx v31,r11,$sp
-+ $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp)
-+ $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp)
-+ $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp)
-+ $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp)
-+ $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp)
-+ $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp)
-+ addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T`
-+ blr
-+ .long 0
-+ .byte 0,12,0x04,1,0x80,6,6,0
-+ .long 0
-+
-+.align 5
-+_aesp8_xts_dec5x:
-+ vncipher $out0,$out0,v24
-+ vncipher $out1,$out1,v24
-+ vncipher $out2,$out2,v24
-+ vncipher $out3,$out3,v24
-+ vncipher $out4,$out4,v24
-+ lvx v24,$x20,$key_ # round[3]
-+ addi $key_,$key_,0x20
-+
-+ vncipher $out0,$out0,v25
-+ vncipher $out1,$out1,v25
-+ vncipher $out2,$out2,v25
-+ vncipher $out3,$out3,v25
-+ vncipher $out4,$out4,v25
-+ lvx v25,$x10,$key_ # round[4]
-+ bdnz _aesp8_xts_dec5x
-+
-+ subi r0,$taillen,1
-+ vncipher $out0,$out0,v24
-+ vncipher $out1,$out1,v24
-+ vncipher $out2,$out2,v24
-+ vncipher $out3,$out3,v24
-+ vncipher $out4,$out4,v24
-+
-+ andi. r0,r0,16
-+ cmpwi $taillen,0
-+ vncipher $out0,$out0,v25
-+ vncipher $out1,$out1,v25
-+ vncipher $out2,$out2,v25
-+ vncipher $out3,$out3,v25
-+ vncipher $out4,$out4,v25
-+ vxor $twk0,$twk0,v31
-+
-+ sub $inp,$inp,r0
-+ vncipher $out0,$out0,v26
-+ vncipher $out1,$out1,v26
-+ vncipher $out2,$out2,v26
-+ vncipher $out3,$out3,v26
-+ vncipher $out4,$out4,v26
-+ vxor $in1,$twk1,v31
-+
-+ vncipher $out0,$out0,v27
-+ lvx_u $in0,0,$inp
-+ vncipher $out1,$out1,v27
-+ vncipher $out2,$out2,v27
-+ vncipher $out3,$out3,v27
-+ vncipher $out4,$out4,v27
-+ vxor $in2,$twk2,v31
-+
-+ addi $key_,$sp,$FRAME+15 # rewind $key_
-+ vncipher $out0,$out0,v28
-+ vncipher $out1,$out1,v28
-+ vncipher $out2,$out2,v28
-+ vncipher $out3,$out3,v28
-+ vncipher $out4,$out4,v28
-+ lvx v24,$x00,$key_ # re-pre-load round[1]
-+ vxor $in3,$twk3,v31
-+
-+ vncipher $out0,$out0,v29
-+ le?vperm $in0,$in0,$in0,$leperm
-+ vncipher $out1,$out1,v29
-+ vncipher $out2,$out2,v29
-+ vncipher $out3,$out3,v29
-+ vncipher $out4,$out4,v29
-+ lvx v25,$x10,$key_ # re-pre-load round[2]
-+ vxor $in4,$twk4,v31
-+
-+ vncipher $out0,$out0,v30
-+ vncipher $out1,$out1,v30
-+ vncipher $out2,$out2,v30
-+ vncipher $out3,$out3,v30
-+ vncipher $out4,$out4,v30
-+
-+ vncipherlast $out0,$out0,$twk0
-+ vncipherlast $out1,$out1,$in1
-+ vncipherlast $out2,$out2,$in2
-+ vncipherlast $out3,$out3,$in3
-+ vncipherlast $out4,$out4,$in4
-+ mtctr $rounds
-+ blr
-+ .long 0
-+ .byte 0,12,0x14,0,0,0,0,0
-+___
-+}} }}}
-+
- my $consts=1;
- foreach(split("\n",$code)) {
- s/\`([^\`]*)\`/eval($1)/geo;
---- a/crypto/aes/asm/aest4-sparcv9.pl
-+++ b/crypto/aes/asm/aest4-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
---- a/crypto/aes/asm/aesv8-armx.pl
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/aes/asm/bsaes-armv7.pl
-+++ b/crypto/aes/asm/bsaes-armv7.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -1832,8 +1839,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_enc_done
- .align 4
- .Lxts_enc_6:
-- vst1.64 {@XMM[14]}, [r0,:128] @ next round tweak
--
- veor @XMM[4], @XMM[4], @XMM[12]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -1869,8 +1874,6 @@ for($i=9;$i<16;$i++) {
-
- .align 5
- .Lxts_enc_5:
-- vst1.64 {@XMM[13]}, [r0,:128] @ next round tweak
--
- veor @XMM[3], @XMM[3], @XMM[11]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -1899,8 +1902,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_enc_done
- .align 4
- .Lxts_enc_4:
-- vst1.64 {@XMM[12]}, [r0,:128] @ next round tweak
--
- veor @XMM[2], @XMM[2], @XMM[10]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -1926,8 +1927,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_enc_done
- .align 4
- .Lxts_enc_3:
-- vst1.64 {@XMM[11]}, [r0,:128] @ next round tweak
--
- veor @XMM[1], @XMM[1], @XMM[9]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -1952,8 +1951,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_enc_done
- .align 4
- .Lxts_enc_2:
-- vst1.64 {@XMM[10]}, [r0,:128] @ next round tweak
--
- veor @XMM[0], @XMM[0], @XMM[8]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -1976,7 +1973,7 @@ for($i=9;$i<16;$i++) {
- .align 4
- .Lxts_enc_1:
- mov r0, sp
-- veor @XMM[0], @XMM[8]
-+ veor @XMM[0], @XMM[0], @XMM[8]
- mov r1, sp
- vst1.8 {@XMM[0]}, [sp,:128]
- mov r2, $key
-@@ -2288,8 +2285,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_dec_done
- .align 4
- .Lxts_dec_5:
-- vst1.64 {@XMM[13]}, [r0,:128] @ next round tweak
--
- veor @XMM[3], @XMM[3], @XMM[11]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -2318,8 +2313,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_dec_done
- .align 4
- .Lxts_dec_4:
-- vst1.64 {@XMM[12]}, [r0,:128] @ next round tweak
--
- veor @XMM[2], @XMM[2], @XMM[10]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -2345,8 +2338,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_dec_done
- .align 4
- .Lxts_dec_3:
-- vst1.64 {@XMM[11]}, [r0,:128] @ next round tweak
--
- veor @XMM[1], @XMM[1], @XMM[9]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -2371,8 +2362,6 @@ for($i=9;$i<16;$i++) {
- b .Lxts_dec_done
- .align 4
- .Lxts_dec_2:
-- vst1.64 {@XMM[10]}, [r0,:128] @ next round tweak
--
- veor @XMM[0], @XMM[0], @XMM[8]
- #ifndef BSAES_ASM_EXTENDED_KEY
- add r4, sp, #0x90 @ pass key schedule
-@@ -2395,12 +2384,12 @@ for($i=9;$i<16;$i++) {
- .align 4
- .Lxts_dec_1:
- mov r0, sp
-- veor @XMM[0], @XMM[8]
-+ veor @XMM[0], @XMM[0], @XMM[8]
- mov r1, sp
- vst1.8 {@XMM[0]}, [sp,:128]
-+ mov r5, $magic @ preserve magic
- mov r2, $key
- mov r4, $fp @ preserve fp
-- mov r5, $magic @ preserve magic
-
- bl AES_decrypt
-
---- a/crypto/aes/asm/bsaes-x86_64.pl
-+++ b/crypto/aes/asm/bsaes-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ###################################################################
- ### AES-128 [originally in CTR mode] ###
-@@ -99,7 +106,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
---- a/crypto/aes/asm/vpaes-armv8.pl
-+++ b/crypto/aes/asm/vpaes-armv8.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ######################################################################
- ## Constant-time SSSE3 AES core implementation.
---- a/crypto/aes/asm/vpaes-ppc.pl
-+++ b/crypto/aes/asm/vpaes-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ######################################################################
- ## Constant-time SSSE3 AES core implementation.
---- a/crypto/aes/asm/vpaes-x86.pl
-+++ b/crypto/aes/asm/vpaes-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ######################################################################
- ## Constant-time SSSE3 AES core implementation.
---- a/crypto/aes/asm/vpaes-x86_64.pl
-+++ b/crypto/aes/asm/vpaes-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ######################################################################
- ## Constant-time SSSE3 AES core implementation.
-@@ -57,7 +64,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $PREFIX="vpaes";
---- a/crypto/aes/build.info
-+++ b/crypto/aes/build.info
-@@ -25,6 +25,8 @@ INCLUDE[aes-sparcv9.o]=..
- GENERATE[aest4-sparcv9.S]=asm/aest4-sparcv9.pl $(PERLASM_SCHEME)
- INCLUDE[aest4-sparcv9.o]=..
- DEPEND[aest4-sparcv9.S]=../perlasm/sparcv9_modes.pl
-+GENERATE[aesfx-sparcv9.S]=asm/aesfx-sparcv9.pl $(PERLASM_SCHEME)
-+INCLUDE[aesfx-sparcv9.o]=..
-
- GENERATE[aes-ppc.s]=asm/aes-ppc.pl $(PERLASM_SCHEME)
- GENERATE[vpaes-ppc.s]=asm/vpaes-ppc.pl $(PERLASM_SCHEME)
---- a/crypto/alphacpuid.pl
-+++ b/crypto/alphacpuid.pl
-@@ -1,7 +1,14 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $output = pop;
--open STDOUT,">$stdout";
-+open STDOUT,">$output";
-
- print <<'___';
- .text
-@@ -127,6 +134,34 @@ print <<'___';
- bne $17,.Little
- .Ldone: ret ($26)
- .end OPENSSL_cleanse
-+
-+.globl CRYPTO_memcmp
-+.ent CRYPTO_memcmp
-+CRYPTO_memcmp:
-+ .frame $30,0,$26
-+ .prologue 0
-+ xor $0,$0,$0
-+ beq $18,.Lno_data
-+
-+ xor $1,$1,$1
-+ nop
-+.Loop_cmp:
-+ ldq_u $2,0($16)
-+ subq $18,1,$18
-+ ldq_u $3,0($17)
-+ extbl $2,$16,$2
-+ lda $16,1($16)
-+ extbl $3,$17,$3
-+ lda $17,1($17)
-+ xor $3,$2,$2
-+ or $2,$0,$0
-+ bne $18,.Loop_cmp
-+
-+ subq $31,$0,$0
-+ srl $0,63,$0
-+.Lno_data:
-+ ret ($26)
-+.end CRYPTO_memcmp
- ___
- {
- my ($out,$cnt,$max)=("\$16","\$17","\$18");
---- a/crypto/arm64cpuid.pl
-+++ b/crypto/arm64cpuid.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $flavour = shift;
- $output = shift;
-@@ -62,6 +69,57 @@ open OUT,"| \"$^X\" $xlate $flavour $out
- pmull v0.1q, v0.1d, v0.1d
- ret
- .size _armv8_pmull_probe,.-_armv8_pmull_probe
-+
-+.globl OPENSSL_cleanse
-+.type OPENSSL_cleanse,%function
-+.align 5
-+OPENSSL_cleanse:
-+ cbz x1,.Lret // len==0?
-+ cmp x1,#15
-+ b.hi .Lot // len>15
-+ nop
-+.Little:
-+ strb wzr,[x0],#1 // store byte-by-byte
-+ subs x1,x1,#1
-+ b.ne .Little
-+.Lret: ret
-+
-+.align 4
-+.Lot: tst x0,#7
-+ b.eq .Laligned // inp is aligned
-+ strb wzr,[x0],#1 // store byte-by-byte
-+ sub x1,x1,#1
-+ b .Lot
-+
-+.align 4
-+.Laligned:
-+ str xzr,[x0],#8 // store word-by-word
-+ sub x1,x1,#8
-+ tst x1,#-8
-+ b.ne .Laligned // len>=8
-+ cbnz x1,.Little // len!=0?
-+ ret
-+.size OPENSSL_cleanse,.-OPENSSL_cleanse
-+
-+.globl CRYPTO_memcmp
-+.type CRYPTO_memcmp,%function
-+.align 4
-+CRYPTO_memcmp:
-+ eor w3,w3,w3
-+ cbz x2,.Lno_data // len==0?
-+.Loop_cmp:
-+ ldrb w4,[x0],#1
-+ ldrb w5,[x1],#1
-+ eor w4,w4,w5
-+ orr w3,w3,w4
-+ subs x2,x2,#1
-+ b.ne .Loop_cmp
-+
-+.Lno_data:
-+ neg w0,w3
-+ lsr w0,w0,#31
-+ ret
-+.size CRYPTO_memcmp,.-CRYPTO_memcmp
- ___
-
- print $code;
---- a/crypto/arm_arch.h
-+++ b/crypto/arm_arch.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #ifndef __ARM_ARCH_H__
- # define __ARM_ARCH_H__
-
---- a/crypto/armcap.c
-+++ b/crypto/armcap.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
---- a/crypto/armv4cpuid.pl
-+++ b/crypto/armv4cpuid.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $flavour = shift;
- $output = shift;
-@@ -98,6 +105,36 @@ open OUT,"| \"$^X\" $xlate $flavour $out
- #endif
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
-+.global CRYPTO_memcmp
-+.type CRYPTO_memcmp,%function
-+.align 4
-+CRYPTO_memcmp:
-+ eor ip,ip,ip
-+ cmp r2,#0
-+ beq .Lno_data
-+ stmdb sp!,{r4,r5}
-+
-+.Loop_cmp:
-+ ldrb r4,[r0],#1
-+ ldrb r5,[r1],#1
-+ eor r4,r4,r5
-+ orr ip,ip,r4
-+ subs r2,r2,#1
-+ bne .Loop_cmp
-+
-+ ldmia sp!,{r4,r5}
-+.Lno_data:
-+ neg r0,ip
-+ mov r0,r0,lsr#31
-+#if __ARM_ARCH__>=5
-+ bx lr
-+#else
-+ tst lr,#1
-+ moveq pc,lr
-+ .word 0xe12fff1e @ bx lr
-+#endif
-+.size CRYPTO_memcmp,.-CRYPTO_memcmp
-+
- #if __ARM_MAX_ARCH__>=7
- .arch armv7-a
- .fpu neon
---- a/crypto/asn1/Makefile.in
-+++ /dev/null
-@@ -1,78 +0,0 @@
--#
--# OpenSSL/crypto/asn1/Makefile
--#
--
--DIR= asn1
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
-- a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
-- a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-- x_algor.c x_val.c x_sig.c x_bignum.c \
-- x_long.c x_info.c x_spki.c nsseq.c \
-- d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-- t_pkey.c t_spki.c t_bitst.c \
-- tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
-- tasn_prn.c tasn_scn.c ameth_lib.c \
-- f_int.c f_string.c n_pkey.c \
-- x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \
-- asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \
-- evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \
-- asn_moid.c asn_mstbl.c
--LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
-- a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
-- a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-- x_algor.o x_val.o x_sig.o x_bignum.o \
-- x_long.o x_info.o x_spki.o nsseq.o \
-- d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-- t_pkey.o t_spki.o t_bitst.o \
-- tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
-- tasn_prn.o tasn_scn.o ameth_lib.o \
-- f_int.o f_string.o n_pkey.o \
-- x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \
-- asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_strnid.o \
-- evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p5_scrypt.o p8_pkey.o \
-- asn_moid.o asn_mstbl.o
--
--SRC= $(LIBSRC)
--
--HEADER= asn1_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--test: test.c
-- cc -g -I../../include -c test.c
-- cc -g -I../../include -o test test.o -L../.. -lcrypto
--
--pk: pk.c
-- cc -g -I../../include -c pk.c
-- cc -g -I../../include -o pk pk.o -L../.. -lcrypto
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/asn1/a_bitstr.c
-+++ b/crypto/asn1/a_bitstr.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -114,10 +66,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING
-
- *(p++) = (unsigned char)bits;
- d = a->data;
-- memcpy(p, d, len);
-- p += len;
-- if (len > 0)
-+ if (len > 0) {
-+ memcpy(p, d, len);
-+ p += len;
- p[-1] &= (0xff << bits);
-+ }
- *pp = p;
- return (ret);
- }
---- a/crypto/asn1/a_d2i_fp.c
-+++ b/crypto/asn1/a_d2i_fp.c
-@@ -1,63 +1,16 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <limits.h>
- #include "internal/cryptlib.h"
-+#include "internal/numbers.h"
- #include <openssl/buffer.h>
- #include <openssl/asn1.h>
-
-@@ -138,13 +91,14 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
- #endif
-
- #define HEADER_SIZE 8
-+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
- static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
- {
- BUF_MEM *b;
- unsigned char *p;
- int i;
- size_t want = HEADER_SIZE;
-- int eos = 0;
-+ uint32_t eos = 0;
- size_t off = 0;
- size_t len = 0;
-
-@@ -199,16 +153,16 @@ static int asn1_d2i_read_bio(BIO *in, BU
-
- if (inf & 1) {
- /* no data body so go round again */
-- eos++;
-- if (eos < 0) {
-+ if (eos == UINT32_MAX) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
- goto err;
- }
-+ eos++;
- want = HEADER_SIZE;
- } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
- /* eos value, so go back and read another header */
- eos--;
-- if (eos <= 0)
-+ if (eos == 0)
- break;
- else
- want = HEADER_SIZE;
-@@ -216,29 +170,44 @@ static int asn1_d2i_read_bio(BIO *in, BU
- /* suck in slen bytes of data */
- want = slen;
- if (want > (len - off)) {
-+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
-+
- want -= (len - off);
- if (want > INT_MAX /* BIO_read takes an int length */ ||
- len + want < len) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
- goto err;
- }
-- if (!BUF_MEM_grow_clean(b, len + want)) {
-- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
- while (want > 0) {
-- i = BIO_read(in, &(b->data[len]), want);
-- if (i <= 0) {
-- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-- ASN1_R_NOT_ENOUGH_DATA);
-+ /*
-+ * Read content in chunks of increasing size
-+ * so we can return an error for EOF without
-+ * having to allocate the entire content length
-+ * in one go.
-+ */
-+ size_t chunk = want > chunk_max ? chunk_max : want;
-+
-+ if (!BUF_MEM_grow_clean(b, len + chunk)) {
-+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-+ want -= chunk;
-+ while (chunk > 0) {
-+ i = BIO_read(in, &(b->data[len]), chunk);
-+ if (i <= 0) {
-+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-+ ASN1_R_NOT_ENOUGH_DATA);
-+ goto err;
-+ }
- /*
- * This can't overflow because |len+want| didn't
- * overflow.
- */
-- len += i;
-- want -= i;
-+ len += i;
-+ chunk -= i;
-+ }
-+ if (chunk_max < INT_MAX/2)
-+ chunk_max *= 2;
- }
- }
- if (off + slen < off) {
-@@ -246,7 +215,7 @@ static int asn1_d2i_read_bio(BIO *in, BU
- goto err;
- }
- off += slen;
-- if (eos <= 0) {
-+ if (eos == 0) {
- break;
- } else
- want = HEADER_SIZE;
---- a/crypto/asn1/a_digest.c
-+++ b/crypto/asn1/a_digest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_dup.c
-+++ b/crypto/asn1/a_dup.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_gentm.c
-+++ b/crypto/asn1/a_gentm.c
-@@ -1,62 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-- * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME
-+ * GENERALIZEDTIME implementation. Based on UTCTIME
- */
-
- #include <stdio.h>
-@@ -220,41 +172,48 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTI
- struct tm *ts;
- struct tm data;
- size_t len = 20;
-+ ASN1_GENERALIZEDTIME *tmps = NULL;
-
- if (s == NULL)
-- s = ASN1_GENERALIZEDTIME_new();
-- if (s == NULL)
-- return (NULL);
-+ tmps = ASN1_GENERALIZEDTIME_new();
-+ else
-+ tmps = s;
-+ if (tmps == NULL)
-+ return NULL;
-
- ts = OPENSSL_gmtime(&t, &data);
- if (ts == NULL)
-- return (NULL);
-+ goto err;
-
- if (offset_day || offset_sec) {
- if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-- return NULL;
-+ goto err;
- }
-
-- p = (char *)s->data;
-- if ((p == NULL) || ((size_t)s->length < len)) {
-+ p = (char *)tmps->data;
-+ if ((p == NULL) || ((size_t)tmps->length < len)) {
- p = OPENSSL_malloc(len);
- if (p == NULL) {
- ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
-- return (NULL);
-+ goto err;
- }
-- OPENSSL_free(s->data);
-- s->data = (unsigned char *)p;
-+ OPENSSL_free(tmps->data);
-+ tmps->data = (unsigned char *)p;
- }
-
- BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
- ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
- ts->tm_sec);
-- s->length = strlen(p);
-- s->type = V_ASN1_GENERALIZEDTIME;
-+ tmps->length = strlen(p);
-+ tmps->type = V_ASN1_GENERALIZEDTIME;
- #ifdef CHARSET_EBCDIC_not
-- ebcdic2ascii(s->data, s->data, s->length);
-+ ebcdic2ascii(tmps->data, tmps->data, tmps->length);
- #endif
-- return (s);
-+ return tmps;
-+ err:
-+ if (s == NULL)
-+ ASN1_GENERALIZEDTIME_free(tmps);
-+ return NULL;
- }
-
- const char *_asn1_mon[12] = {
---- a/crypto/asn1/a_i2d_fp.c
-+++ b/crypto/asn1/a_i2d_fp.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_int.c
-+++ b/crypto/asn1/a_int.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -163,21 +115,21 @@ static size_t i2c_ibuf(const unsigned ch
- memcpy(p, b, blen);
- else {
- /* Begin at the end of the encoding */
-- n = b + blen - 1;
-- p += blen - 1;
-+ n = b + blen;
-+ p += blen;
- i = blen;
- /* Copy zeros to destination as long as source is zero */
-- while (!*n && i > 1) {
-- *(p--) = 0;
-+ while (!n[-1] && i > 1) {
-+ *(--p) = 0;
- n--;
- i--;
- }
- /* Complement and increment next octet */
-- *(p--) = ((*(n--)) ^ 0xff) + 1;
-+ *(--p) = ((*(--n)) ^ 0xff) + 1;
- i--;
- /* Complement any octets left */
- for (; i > 0; i--)
-- *(p--) = *(n--) ^ 0xff;
-+ *(--p) = *(--n) ^ 0xff;
- }
-
- *pp += ret;
-@@ -249,18 +201,18 @@ static size_t c2i_ibuf(unsigned char *b,
- /* Must be negative: calculate twos complement */
- if (b) {
- const unsigned char *from = p + plen - 1 + pad;
-- unsigned char *to = b + plen - 1;
-+ unsigned char *to = b + plen;
- i = plen;
- while (*from == 0 && i) {
-- *to-- = 0;
-+ *--to = 0;
- i--;
- from--;
- }
-- *to-- = (*from-- ^ 0xff) + 1;
-+ *--to = (*from-- ^ 0xff) + 1;
- OPENSSL_assert(i != 0);
- i--;
- for (; i > 0; i--)
-- *to-- = *from-- ^ 0xff;
-+ *--to = *from-- ^ 0xff;
- }
- return plen;
- }
---- a/crypto/asn1/a_mbstr.c
-+++ b/crypto/asn1/a_mbstr.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_object.c
-+++ b/crypto/asn1/a_object.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -65,7 +17,7 @@
- #include "internal/asn1_int.h"
- #include "asn1_locl.h"
-
--int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
-+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
- {
- unsigned char *p;
- int objsize;
-@@ -209,12 +161,12 @@ int a2d_ASN1_OBJECT(unsigned char *out,
- return (0);
- }
-
--int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
-+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
- {
- return OBJ_obj2txt(buf, buf_len, a, 0);
- }
-
--int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
-+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
- {
- char buf[80], *p = buf;
- int i;
---- a/crypto/asn1/a_octet.c
-+++ b/crypto/asn1/a_octet.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_print.c
-+++ b/crypto/asn1/a_print.c
-@@ -1,61 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-+#include <ctype.h>
- #include "internal/cryptlib.h"
- #include <openssl/asn1.h>
-
---- a/crypto/asn1/a_sign.c
-+++ b/crypto/asn1/a_sign.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_strex.c
-+++ b/crypto/asn1/a_strex.c
-@@ -1,64 +1,16 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <string.h>
- #include "internal/cryptlib.h"
-+#include "internal/asn1_int.h"
- #include <openssl/crypto.h>
- #include <openssl/x509.h>
- #include <openssl/asn1.h>
-@@ -74,6 +26,7 @@
- #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
-
- #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
-+ ASN1_STRFLGS_ESC_2254 | \
- ASN1_STRFLGS_ESC_QUOTE | \
- ASN1_STRFLGS_ESC_CTRL | \
- ASN1_STRFLGS_ESC_MSB)
-@@ -113,7 +66,8 @@ typedef int char_io (void *arg, const vo
- static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
- char_io *io_ch, void *arg)
- {
-- unsigned char chflgs, chtmp;
-+ unsigned short chflgs;
-+ unsigned char chtmp;
- char tmphex[HEX_SIZE(long) + 3];
-
- if (c > 0xffffffffL)
-@@ -150,7 +104,9 @@ static int do_esc_char(unsigned long c,
- return -1;
- return 2;
- }
-- if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
-+ if (chflgs & (ASN1_STRFLGS_ESC_CTRL
-+ | ASN1_STRFLGS_ESC_MSB
-+ | ASN1_STRFLGS_ESC_2254)) {
- BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
- if (!io_ch(arg, tmphex, 3))
- return -1;
-@@ -180,11 +136,12 @@ static int do_esc_char(unsigned long c,
- */
-
- static int do_buf(unsigned char *buf, int buflen,
-- int type, unsigned char flags, char *quotes, char_io *io_ch,
-+ int type, unsigned short flags, char *quotes, char_io *io_ch,
- void *arg)
- {
- int i, outlen, len;
-- unsigned char orflags, *p, *q;
-+ unsigned short orflags;
-+ unsigned char *p, *q;
- unsigned long c;
- p = buf;
- q = buf + buflen;
-@@ -234,7 +191,7 @@ static int do_buf(unsigned char *buf, in
- * character will never be escaped on first and last.
- */
- len =
-- do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
-+ do_esc_char(utfbuf[i], (unsigned short)(flags | orflags),
- quotes, io_ch, arg);
- if (len < 0)
- return -1;
-@@ -242,7 +199,7 @@ static int do_buf(unsigned char *buf, in
- }
- } else {
- len =
-- do_esc_char(c, (unsigned char)(flags | orflags), quotes,
-+ do_esc_char(c, (unsigned short)(flags | orflags), quotes,
- io_ch, arg);
- if (len < 0)
- return -1;
-@@ -326,7 +283,7 @@ static const signed char tag2nbyte[] = {
- -1, -1, -1, -1, -1, /* 5-9 */
- -1, -1, 0, -1, /* 10-13 */
- -1, -1, -1, -1, /* 15-17 */
-- -1, 1, 1, /* 18-20 */
-+ 1, 1, 1, /* 18-20 */
- -1, 1, 1, 1, /* 21-24 */
- -1, 1, -1, /* 25-27 */
- 4, -1, 2 /* 28-30 */
-@@ -344,10 +301,10 @@ static int do_print_ex(char_io *io_ch, v
- int outlen, len;
- int type;
- char quotes;
-- unsigned char flags;
-+ unsigned short flags;
- quotes = 0;
- /* Keep a copy of escape flags */
-- flags = (unsigned char)(lflags & ESC_FLAGS);
-+ flags = (unsigned short)(lflags & ESC_FLAGS);
-
- type = str->type;
-
-@@ -612,7 +569,7 @@ int ASN1_STRING_print_ex_fp(FILE *fp, AS
- * in output string or a negative error code
- */
-
--int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
-+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
- {
- ASN1_STRING stmp, *str = &stmp;
- int mbflag, type, ret;
-@@ -636,3 +593,53 @@ int ASN1_STRING_to_UTF8(unsigned char **
- *out = stmp.data;
- return stmp.length;
- }
-+
-+/* Return 1 if host is a valid hostname and 0 otherwise */
-+int asn1_valid_host(const ASN1_STRING *host)
-+{
-+ int hostlen = host->length;
-+ const unsigned char *hostptr = host->data;
-+ int type = host->type;
-+ int i;
-+ char width = -1;
-+ unsigned short chflags = 0, prevchflags;
-+
-+ if (type > 0 && type < 31)
-+ width = tag2nbyte[type];
-+ if (width == -1 || hostlen == 0)
-+ return 0;
-+ /* Treat UTF8String as width 1 as any MSB set is invalid */
-+ if (width == 0)
-+ width = 1;
-+ for (i = 0 ; i < hostlen; i+= width) {
-+ prevchflags = chflags;
-+ /* Value must be <= 0x7F: check upper bytes are all zeroes */
-+ if (width == 4) {
-+ if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
-+ return 0;
-+ } else if (width == 2) {
-+ if (*hostptr++ != 0)
-+ return 0;
-+ }
-+ if (*hostptr > 0x7f)
-+ return 0;
-+ chflags = char_type[*hostptr++];
-+ if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
-+ /* Nothing else allowed at start or end of string */
-+ if (i == 0 || i == hostlen - 1)
-+ return 0;
-+ /* Otherwise invalid if not dot or hyphen */
-+ if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
-+ return 0;
-+ /*
-+ * If previous is dot or hyphen then illegal unless both
-+ * are hyphens: as .- -. .. are all illegal
-+ */
-+ if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
-+ && ((prevchflags & CHARTYPE_HOST_DOT)
-+ || (chflags & CHARTYPE_HOST_DOT)))
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
---- a/crypto/asn1/a_strnid.c
-+++ b/crypto/asn1/a_strnid.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -167,6 +118,10 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1
- #define ub_email_address 128
- #define ub_serial_number 64
-
-+/* From RFC4524 */
-+
-+#define ub_rfc822_mailbox 256
-+
- /* This table must be kept in NID order */
-
- static const ASN1_STRING_TABLE tbl_standard[] = {
-@@ -192,6 +147,8 @@ static const ASN1_STRING_TABLE tbl_stand
- {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
- {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
- {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-+ {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
-+ STABLE_NO_MASK},
- {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
- {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
- {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
-@@ -242,7 +199,7 @@ static ASN1_STRING_TABLE *stable_get(int
- tmp = ASN1_STRING_TABLE_get(nid);
- if (tmp && tmp->flags & STABLE_FLAGS_MALLOC)
- return tmp;
-- rv = OPENSSL_malloc(sizeof(*rv));
-+ rv = OPENSSL_zalloc(sizeof(*rv));
- if (rv == NULL)
- return NULL;
- if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
-@@ -258,7 +215,6 @@ static ASN1_STRING_TABLE *stable_get(int
- } else {
- rv->minsize = -1;
- rv->maxsize = -1;
-- rv->mask = 0;
- rv->flags = STABLE_FLAGS_MALLOC;
- }
- return rv;
---- a/crypto/asn1/a_time.c
-+++ b/crypto/asn1/a_time.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*-
-@@ -57,7 +12,6 @@
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
-- * written by Steve Henson.
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_type.c
-+++ b/crypto/asn1/a_type.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -61,7 +13,7 @@
- #include <openssl/objects.h>
- #include "asn1_locl.h"
-
--int ASN1_TYPE_get(ASN1_TYPE *a)
-+int ASN1_TYPE_get(const ASN1_TYPE *a)
- {
- if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
- return (a->type);
-@@ -122,9 +74,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
- result = 0; /* They do not have content. */
- break;
- case V_ASN1_INTEGER:
-- case V_ASN1_NEG_INTEGER:
- case V_ASN1_ENUMERATED:
-- case V_ASN1_NEG_ENUMERATED:
- case V_ASN1_BIT_STRING:
- case V_ASN1_OCTET_STRING:
- case V_ASN1_SEQUENCE:
---- a/crypto/asn1/a_utctm.c
-+++ b/crypto/asn1/a_utctm.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_utf8.c
-+++ b/crypto/asn1/a_utf8.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/a_verify.c
-+++ b/crypto/asn1/a_verify.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/ameth_lib.c
-+++ b/crypto/asn1/ameth_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/asn1_err.c
-+++ b/crypto/asn1/asn1_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,36 +20,29 @@
-
- static ERR_STRING_DATA ASN1_str_functs[] = {
- {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
-- {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
- {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
- {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
- {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"},
- {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
- {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"},
- {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"},
-- {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
- {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"},
- {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"},
- {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
- {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"},
- {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
- {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"},
-+ {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"},
- {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
-- {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
-- {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
- {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"},
- {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"},
- {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"},
-- {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
- {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
- {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"},
- {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
- {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"},
-- {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"},
- {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
- {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
-- {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
-- {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
- {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
- {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
- {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"},
-@@ -114,12 +57,8 @@ static ERR_STRING_DATA ASN1_str_functs[]
- {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
- {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
- {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"},
-- {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
- {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"},
-- {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
- {ERR_FUNC(ASN1_F_ASN1_SCTX_NEW), "ASN1_SCTX_new"},
-- {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
-- {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
- {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
- {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"},
- {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"},
-@@ -132,49 +71,28 @@ static ERR_STRING_DATA ASN1_str_functs[]
- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"},
- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"},
- {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"},
-- {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
- {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
- "ASN1_TYPE_get_int_octetstring"},
- {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
-- {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
- {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"},
-- {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
- {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
- {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"},
- {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"},
- {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
- {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"},
-- {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
-- {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
- {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"},
- {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
- {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
- {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
- {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"},
- {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
- {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
- {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
-- {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
- {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"},
-- {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
-- {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
- {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
- {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
-- {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
-- {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
-- {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
- {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"},
- {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
-- {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
-- {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
- {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
- {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
- {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
-@@ -192,13 +110,11 @@ static ERR_STRING_DATA ASN1_str_functs[]
- {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
- {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
- {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"},
-- {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
- {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
- {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
- {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"},
- {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"},
- {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"},
-- {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
- {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
- {0, NULL}
- };
-@@ -208,10 +124,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
- {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
- {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
-- {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
- {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
-- {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
-- {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
- {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
- "bmpstring is wrong length"},
- {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
-@@ -222,21 +135,16 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"},
- {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
- {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
-- {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"},
- {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
- {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
- "digest and key type not supported"},
- {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
- {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
- {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
-- {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),
-- "error parsing set element"},
- {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
- "error setting cipher params"},
- {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
- {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
-- {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"},
-- {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"},
- {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
- {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
- "explicit tag not constructed"},
-@@ -278,13 +186,10 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
- {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE),
- "invalid string table value"},
-- {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"},
- {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
- "invalid universalstring length"},
- {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
- {ERR_REASON(ASN1_R_INVALID_VALUE), "invalid value"},
-- {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"},
-- {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"},
- {ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
- {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
- {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
-@@ -299,7 +204,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
- {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
- {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
-- {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST), "no default digest"},
- {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
- {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
- "no multipart body failure"},
-@@ -308,8 +212,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
- {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
- {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
-- {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),
-- "private key header missing"},
- {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
- {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
- {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
-@@ -320,7 +222,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
- {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
- {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
-- {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"},
- {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
- "the asn1 object identifier is not known for this md"},
- {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
-@@ -329,9 +230,6 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_TOO_SMALL), "too small"},
- {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
- {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
-- {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
-- {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),
-- "unable to decode rsa private key"},
- {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
- {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
- "universalstring is wrong length"},
-@@ -345,22 +243,18 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
- {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
- "unsupported any defined by type"},
-- {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-- {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),
-- "unsupported encryption algorithm"},
- {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
- "unsupported public key type"},
- {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
- {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"},
- {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
- {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
-- {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"},
- {0, NULL}
- };
-
- #endif
-
--void ERR_load_ASN1_strings(void)
-+int ERR_load_ASN1_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -369,4 +263,5 @@ void ERR_load_ASN1_strings(void)
- ERR_load_strings(0, ASN1_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/asn1/asn1_gen.c
-+++ b/crypto/asn1/asn1_gen.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -111,7 +62,7 @@ typedef struct {
- int exp_count;
- } tag_exp_arg;
-
--static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
-+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
- int *perr);
- static int bitstr_cb(const char *elem, int len, void *bitstr);
- static int asn1_cb(const char *elem, int len, void *bitstr);
-@@ -124,7 +75,7 @@ static ASN1_TYPE *asn1_multi(int utype,
- static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
- static int asn1_str2tag(const char *tagstr, int len);
-
--ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
-+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
- {
- X509V3_CTX cnf;
-
-@@ -135,7 +86,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str
- return ASN1_generate_v3(str, &cnf);
- }
-
--ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
-+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
- {
- int err = 0;
- ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
-@@ -144,7 +95,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X
- return ret;
- }
-
--static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
-+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
- int *perr)
- {
- ASN1_TYPE *ret;
-@@ -670,7 +621,7 @@ static ASN1_TYPE *asn1_str2type(const ch
- goto bad_form;
- }
- if ((atmp->value.integer
-- = s2i_ASN1_INTEGER(NULL, (char *)str)) == NULL) {
-+ = s2i_ASN1_INTEGER(NULL, str)) == NULL) {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
- goto bad_str;
- }
-@@ -743,7 +694,7 @@ static ASN1_TYPE *asn1_str2type(const ch
- }
-
- if (format == ASN1_GEN_FORMAT_HEX) {
-- if ((rdata = OPENSSL_hexstr2buf((char *)str, &rdlen)) == NULL) {
-+ if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
- goto bad_str;
- }
---- a/crypto/asn1/asn1_lib.c
-+++ b/crypto/asn1/asn1_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -402,7 +354,7 @@ void ASN1_STRING_length_set(ASN1_STRING
- x->length = len;
- }
-
--int ASN1_STRING_type(ASN1_STRING *x)
-+int ASN1_STRING_type(const ASN1_STRING *x)
- {
- return x->type;
- }
---- a/crypto/asn1/asn1_locl.h
-+++ b/crypto/asn1/asn1_locl.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Internal ASN1 structures and functions: not for application use */
---- a/crypto/asn1/asn1_par.c
-+++ b/crypto/asn1/asn1_par.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -134,8 +86,7 @@ static int asn1_parse2(BIO *bp, const un
- dump_indent = 6; /* Because we know BIO_dump_indent() */
- p = *pp;
- tot = p + length;
-- op = p - 1;
-- while ((p < tot) && (op < p)) {
-+ while (length > 0) {
- op = p;
- j = ASN1_get_object(&p, &len, &tag, &xclass, length);
- if (j & 0x80) {
-@@ -165,7 +116,7 @@ static int asn1_parse2(BIO *bp, const un
- goto end;
- if (j & V_ASN1_CONSTRUCTED) {
- const unsigned char *sp = p;
--
-+
- ep = p + len;
- if (BIO_write(bp, "\n", 1) <= 0)
- goto end;
---- a/crypto/asn1/asn_mime.c
-+++ b/crypto/asn1/asn_mime.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -89,19 +44,19 @@ static int asn1_output_data(BIO *out, BI
- static char *strip_ends(char *name);
- static char *strip_start(char *name);
- static char *strip_end(char *name);
--static MIME_HEADER *mime_hdr_new(char *name, char *value);
--static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-+static MIME_HEADER *mime_hdr_new(const char *name, const char *value);
-+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value);
- static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
- static int mime_hdr_cmp(const MIME_HEADER *const *a,
- const MIME_HEADER *const *b);
- static int mime_param_cmp(const MIME_PARAM *const *a,
- const MIME_PARAM *const *b);
- static void mime_param_free(MIME_PARAM *param);
--static int mime_bound_check(char *line, int linelen, char *bound, int blen);
--static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-+static int mime_bound_check(char *line, int linelen, const char *bound, int blen);
-+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret);
- static int strip_eol(char *linebuf, int *plen, int flags);
--static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
--static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name);
-+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name);
- static void mime_hdr_free(MIME_HEADER *hdr);
-
- #define MAX_SMLEN 1024
-@@ -187,7 +142,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bi
- if (!val)
- ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
- (void)BIO_flush(bio);
-- bio = BIO_pop(bio);
-+ BIO_pop(bio);
- BIO_free(b64);
- return val;
- }
-@@ -602,7 +557,7 @@ int SMIME_text(BIO *in, BIO *out)
- * canonical parts in a STACK of bios
- */
-
--static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
- {
- char linebuf[MAX_SMLEN];
- int len, blen;
-@@ -670,7 +625,7 @@ static STACK_OF(MIME_HEADER) *mime_parse
- char *p, *q, c;
- char *ntmp;
- char linebuf[MAX_SMLEN];
-- MIME_HEADER *mhdr = NULL;
-+ MIME_HEADER *mhdr = NULL, *new_hdr = NULL;
- STACK_OF(MIME_HEADER) *headers;
- int len, state, save_state = 0;
-
-@@ -707,8 +662,13 @@ static STACK_OF(MIME_HEADER) *mime_parse
- if (c == ';') {
- mime_debug("Found End Value\n");
- *p = 0;
-- mhdr = mime_hdr_new(ntmp, strip_ends(q));
-- sk_MIME_HEADER_push(headers, mhdr);
-+ new_hdr = mime_hdr_new(ntmp, strip_ends(q));
-+ if (new_hdr == NULL)
-+ goto err;
-+ if (!sk_MIME_HEADER_push(headers, new_hdr))
-+ goto err;
-+ mhdr = new_hdr;
-+ new_hdr = NULL;
- ntmp = NULL;
- q = p + 1;
- state = MIME_NAME;
-@@ -759,8 +719,13 @@ static STACK_OF(MIME_HEADER) *mime_parse
- }
-
- if (state == MIME_TYPE) {
-- mhdr = mime_hdr_new(ntmp, strip_ends(q));
-- sk_MIME_HEADER_push(headers, mhdr);
-+ new_hdr = mime_hdr_new(ntmp, strip_ends(q));
-+ if (new_hdr == NULL)
-+ goto err;
-+ if (!sk_MIME_HEADER_push(headers, new_hdr))
-+ goto err;
-+ mhdr = new_hdr;
-+ new_hdr = NULL;
- } else if (state == MIME_VALUE)
- mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
- if (p == linebuf)
-@@ -769,6 +734,10 @@ static STACK_OF(MIME_HEADER) *mime_parse
-
- return headers;
-
-+err:
-+ mime_hdr_free(new_hdr);
-+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-+ return NULL;
- }
-
- static char *strip_ends(char *name)
-@@ -818,7 +787,7 @@ static char *strip_end(char *name)
- return NULL;
- }
-
--static MIME_HEADER *mime_hdr_new(char *name, char *value)
-+static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
- {
- MIME_HEADER *mhdr = NULL;
- char *tmpname = NULL, *tmpval = NULL, *p;
-@@ -862,7 +831,7 @@ static MIME_HEADER *mime_hdr_new(char *n
- return NULL;
- }
-
--static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value)
- {
- char *tmpname = NULL, *tmpval = NULL, *p;
- int c;
-@@ -919,22 +888,28 @@ static int mime_param_cmp(const MIME_PAR
-
- /* Find a header with a given name (if possible) */
-
--static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
- {
- MIME_HEADER htmp;
- int idx;
-- htmp.name = name;
-+
-+ htmp.name = (char *)name;
-+ htmp.value = NULL;
-+ htmp.params = NULL;
-+
- idx = sk_MIME_HEADER_find(hdrs, &htmp);
- if (idx < 0)
- return NULL;
- return sk_MIME_HEADER_value(hdrs, idx);
- }
-
--static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
- {
- MIME_PARAM param;
- int idx;
-- param.param_name = name;
-+
-+ param.param_name = (char *)name;
-+ param.param_value = NULL;
- idx = sk_MIME_PARAM_find(hdr->params, ¶m);
- if (idx < 0)
- return NULL;
-@@ -963,7 +938,7 @@ static void mime_param_free(MIME_PARAM *
- * 1 : part boundary
- * 2 : final boundary
- */
--static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-+static int mime_bound_check(char *line, int linelen, const char *bound, int blen)
- {
- if (linelen == -1)
- linelen = strlen(line);
---- a/crypto/asn1/asn_moid.c
-+++ b/crypto/asn1/asn_moid.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -67,7 +18,7 @@
-
- /* Simple ASN1 OID module: add all objects in a given section */
-
--static int do_create(char *value, char *name);
-+static int do_create(const char *value, const char *name);
-
- static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
- {
-@@ -106,11 +57,12 @@ void ASN1_add_oid_module(void)
- * shortname = some long name, 1.2.3.4
- */
-
--static int do_create(char *value, char *name)
-+static int do_create(const char *value, const char *name)
- {
- int nid;
- ASN1_OBJECT *oid;
-- char *ln, *ostr, *p, *lntmp;
-+ const char *ln, *ostr, *p;
-+ char *lntmp;
- p = strrchr(value, ',');
- if (!p) {
- ln = name;
---- a/crypto/asn1/asn_mstbl.c
-+++ b/crypto/asn1/asn_mstbl.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2012.
-- */
--/* ====================================================================
-- * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -61,7 +16,7 @@
-
- /* Multi string module: add table entries from a given section */
-
--static int do_tcreate(char *value, char *name);
-+static int do_tcreate(const char *value, const char *name);
-
- static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf)
- {
-@@ -100,7 +55,7 @@ void ASN1_add_stable_module(void)
- * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags".
- */
-
--static int do_tcreate(char *value, char *name)
-+static int do_tcreate(const char *value, const char *name)
- {
- char *eptr;
- int nid, i, rv = 0;
---- a/crypto/asn1/asn_pack.c
-+++ b/crypto/asn1/asn_pack.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -66,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, c
- {
- ASN1_STRING *octmp;
-
-- if (oct == NULL|| *oct== NULL) {
-+ if (oct == NULL || *oct == NULL) {
- if ((octmp = ASN1_STRING_new()) == NULL) {
- ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-- if (oct)
-- *oct = octmp;
-- } else
-+ } else {
- octmp = *oct;
-+ }
-
- OPENSSL_free(octmp->data);
- octmp->data = NULL;
-
- if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
- ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
-- return NULL;
-+ goto err;
- }
-- if (!octmp->data) {
-+ if (octmp->data == NULL) {
- ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
-- return NULL;
-+ goto err;
- }
-+
-+ if (oct != NULL && *oct == NULL)
-+ *oct = octmp;
-+
- return octmp;
-+ err:
-+ if (oct == NULL || *oct == NULL)
-+ ASN1_STRING_free(octmp);
-+ return NULL;
- }
-
- /* Extract an ASN1 object from an ASN1_STRING */
---- a/crypto/asn1/bio_asn1.c
-+++ b/crypto/asn1/bio_asn1.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -144,8 +95,8 @@ const BIO_METHOD *BIO_f_asn1(void)
-
- static int asn1_bio_new(BIO *b)
- {
-- BIO_ASN1_BUF_CTX *ctx;
-- ctx = OPENSSL_malloc(sizeof(*ctx));
-+ BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-+
- if (ctx == NULL)
- return 0;
- if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
-@@ -164,14 +115,8 @@ static int asn1_bio_init(BIO_ASN1_BUF_CT
- if (ctx->buf == NULL)
- return 0;
- ctx->bufsize = size;
-- ctx->bufpos = 0;
-- ctx->buflen = 0;
-- ctx->copylen = 0;
- ctx->asn1_class = V_ASN1_UNIVERSAL;
- ctx->asn1_tag = V_ASN1_OCTET_STRING;
-- ctx->ex_buf = 0;
-- ctx->ex_pos = 0;
-- ctx->ex_len = 0;
- ctx->state = ASN1_STATE_START;
- return 1;
- }
---- a/crypto/asn1/bio_ndef.c
-+++ b/crypto/asn1/bio_ndef.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1.h>
-@@ -105,21 +60,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
- ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
- return NULL;
- }
-- ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux));
-+ ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
- asn_bio = BIO_new(BIO_f_asn1());
-+ if (ndef_aux == NULL || asn_bio == NULL)
-+ goto err;
-
- /* ASN1 bio needs to be next to output BIO */
--
- out = BIO_push(asn_bio, out);
--
-- if (ndef_aux == NULL || asn_bio == NULL || !out)
-+ if (out == NULL)
- goto err;
-
- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
-
- /*
-- * Now let callback prepend any digest, cipher etc BIOs ASN1 structure
-+ * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
- * needs.
- */
-
---- a/crypto/asn1/charmap.h
-+++ b/crypto/asn1/charmap.h
-@@ -1,15 +1,34 @@
- /*
-- * Auto generated with chartype.pl script. Mask of various character
-- * properties
-+ * WARNING: do not edit!
-+ * Generated by crypto/asn1/charmap.pl
-+ *
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--static const unsigned char char_type[] = {
-- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-- 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
-- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
-- 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
-- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
-- 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
-- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
-+#define CHARTYPE_HOST_ANY 4096
-+#define CHARTYPE_HOST_DOT 8192
-+#define CHARTYPE_HOST_HYPHEN 16384
-+#define CHARTYPE_HOST_WILD 32768
-+
-+/*
-+ * Mask of various character properties
-+ */
-+
-+static const unsigned short char_type[] = {
-+ 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-+ 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1, 40,
-+ 0, 0, 0, 16, 1040, 1040, 33792, 25, 25, 16400, 8208, 16,
-+ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 16, 9,
-+ 9, 16, 9, 16, 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
-+ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
-+ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 0, 1025, 0, 0, 0,
-+ 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
-+ 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
-+ 4112, 4112, 4112, 0, 0, 0, 0, 2
- };
---- a/crypto/asn1/charmap.pl
-+++ b/crypto/asn1/charmap.pl
-@@ -1,7 +1,10 @@
--#!/usr/local/bin/perl -w
--
--# Written by Dr Stephen N Henson (steve at openssl.org).
--# Licensed under the terms of the OpenSSL license.
-+#! /usr/bin/env perl
-+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
-@@ -18,6 +21,11 @@ my $NOESC_QUOTE = 8; # Not escaped if qu
- my $PSTRING_CHAR = 0x10; # Valid PrintableString character
- my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
- my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
-+my $RFC2254_ESC = 0x400; # Character escaped \XX
-+my $HOST_ANY = 0x1000; # Valid hostname character anywhere in label
-+my $HOST_DOT = 0x2000; # Dot: hostname label separator
-+my $HOST_HYPHEN = 0x4000; # Hyphen: not valid at start or end.
-+my $HOST_WILD = 0x8000; # Wildcard character
-
- for($i = 0; $i < 128; $i++) {
- # Set the RFC2253 escape characters (control)
-@@ -30,7 +38,7 @@ for($i = 0; $i < 128; $i++) {
- if( ( ( $i >= ord("a")) && ( $i <= ord("z")) )
- || ( ( $i >= ord("A")) && ( $i <= ord("Z")) )
- || ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) {
-- $arr[$i] |= $PSTRING_CHAR;
-+ $arr[$i] |= $PSTRING_CHAR | $HOST_ANY;
- }
- }
-
-@@ -49,6 +57,14 @@ for($i = 0; $i < 128; $i++) {
- $arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
- $arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
-
-+# Remaining RFC2254 characters
-+
-+$arr[0] |= $RFC2254_ESC;
-+$arr[ord("(")] |= $RFC2254_ESC;
-+$arr[ord(")")] |= $RFC2254_ESC;
-+$arr[ord("*")] |= $RFC2254_ESC | $HOST_WILD;
-+$arr[ord("\\")] |= $RFC2254_ESC;
-+
- # Remaining PrintableString characters
-
- $arr[ord(" ")] |= $PSTRING_CHAR;
-@@ -57,8 +73,8 @@ for($i = 0; $i < 128; $i++) {
- $arr[ord(")")] |= $PSTRING_CHAR;
- $arr[ord("+")] |= $PSTRING_CHAR;
- $arr[ord(",")] |= $PSTRING_CHAR;
--$arr[ord("-")] |= $PSTRING_CHAR;
--$arr[ord(".")] |= $PSTRING_CHAR;
-+$arr[ord("-")] |= $PSTRING_CHAR | $HOST_HYPHEN;
-+$arr[ord(".")] |= $PSTRING_CHAR | $HOST_DOT;
- $arr[ord("/")] |= $PSTRING_CHAR;
- $arr[ord(":")] |= $PSTRING_CHAR;
- $arr[ord("=")] |= $PSTRING_CHAR;
-@@ -67,17 +83,35 @@ for($i = 0; $i < 128; $i++) {
- # Now generate the C code
-
- print <<EOF;
--/* Auto generated with chartype.pl script.
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/asn1/charmap.pl
-+ *
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#define CHARTYPE_HOST_ANY $HOST_ANY
-+#define CHARTYPE_HOST_DOT $HOST_DOT
-+#define CHARTYPE_HOST_HYPHEN $HOST_HYPHEN
-+#define CHARTYPE_HOST_WILD $HOST_WILD
-+
-+/*
- * Mask of various character properties
- */
-
--static const unsigned char char_type[] = {
-+static const unsigned short char_type[] = {
- EOF
-
-+print " ";
- for($i = 0; $i < 128; $i++) {
-- print("\n") if($i && (($i % 16) == 0));
-- printf("%2d", $arr[$i]);
-+ print("\n ") if($i && (($i % 12) == 0));
-+ printf(" %4d", $arr[$i]);
- print(",") if ($i != 127);
- }
--print("\n};\n\n");
-+print("\n};\n");
-
---- a/crypto/asn1/d2i_pr.c
-+++ b/crypto/asn1/d2i_pr.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -93,15 +45,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_P
- if (!ret->ameth->old_priv_decode ||
- !ret->ameth->old_priv_decode(ret, &p, length)) {
- if (ret->ameth->priv_decode) {
-+ EVP_PKEY *tmp;
- PKCS8_PRIV_KEY_INFO *p8 = NULL;
- p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
- if (!p8)
- goto err;
-- EVP_PKEY_free(ret);
-- ret = EVP_PKCS82PKEY(p8);
-+ tmp = EVP_PKCS82PKEY(p8);
- PKCS8_PRIV_KEY_INFO_free(p8);
-- if (ret == NULL)
-+ if (tmp == NULL)
- goto err;
-+ EVP_PKEY_free(ret);
-+ ret = tmp;
- } else {
- ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
- goto err;
---- a/crypto/asn1/d2i_pu.c
-+++ b/crypto/asn1/d2i_pu.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/evp_asn1.c
-+++ b/crypto/asn1/evp_asn1.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -75,7 +27,7 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE
- }
-
- /* int max_len: for returned value */
--int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
-+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
- {
- int ret, num;
- unsigned char *p;
-@@ -128,7 +80,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_T
- * we return the actual length...
- */
- /* int max_len: for returned value */
--int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
-+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
- unsigned char *data, int max_len)
- {
- asn1_int_oct *atmp = NULL;
---- a/crypto/asn1/f_int.c
-+++ b/crypto/asn1/f_int.c
-@@ -1,61 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-+#include <ctype.h>
- #include "internal/cryptlib.h"
- #include <openssl/buffer.h>
- #include <openssl/asn1.h>
-@@ -174,14 +127,8 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
- }
- for (j = 0; j < i; j++, k += 2) {
- for (n = 0; n < 2; n++) {
-- m = bufp[k + n];
-- if ((m >= '0') && (m <= '9'))
-- m -= '0';
-- else if ((m >= 'a') && (m <= 'f'))
-- m = m - 'a' + 10;
-- else if ((m >= 'A') && (m <= 'F'))
-- m = m - 'A' + 10;
-- else {
-+ m = OPENSSL_hexchar2int(bufp[k + n]);
-+ if (m < 0) {
- ASN1err(ASN1_F_A2I_ASN1_INTEGER,
- ASN1_R_NON_HEX_CHARACTERS);
- goto err;
-@@ -201,6 +148,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
- return 1;
- err:
- ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
-+ OPENSSL_free(s);
- return 0;
- }
-
---- a/crypto/asn1/f_string.c
-+++ b/crypto/asn1/f_string.c
-@@ -1,61 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-+#include <ctype.h>
- #include "internal/cryptlib.h"
- #include <openssl/buffer.h>
- #include <openssl/asn1.h>
-@@ -151,6 +104,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
- i -= again;
- if (i % 2 != 0) {
- ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
-+ OPENSSL_free(s);
- return 0;
- }
- i /= 2;
-@@ -166,16 +120,11 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
- }
- for (j = 0; j < i; j++, k += 2) {
- for (n = 0; n < 2; n++) {
-- m = bufp[k + n];
-- if ((m >= '0') && (m <= '9'))
-- m -= '0';
-- else if ((m >= 'a') && (m <= 'f'))
-- m = m - 'a' + 10;
-- else if ((m >= 'A') && (m <= 'F'))
-- m = m - 'A' + 10;
-- else {
-+ m = OPENSSL_hexchar2int(bufp[k + n]);
-+ if (m < 0) {
- ASN1err(ASN1_F_A2I_ASN1_STRING,
- ASN1_R_NON_HEX_CHARACTERS);
-+ OPENSSL_free(s);
- return 0;
- }
- s[num + j] <<= 4;
-@@ -194,5 +143,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
-
- err:
- ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
-+ OPENSSL_free(s);
- return 0;
- }
---- a/crypto/asn1/i2d_pr.c
-+++ b/crypto/asn1/i2d_pr.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,10 +21,13 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned
- }
- if (a->ameth && a->ameth->priv_encode) {
- PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
-- int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
-- PKCS8_PRIV_KEY_INFO_free(p8);
-+ int ret = 0;
-+ if (p8 != NULL) {
-+ ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
-+ PKCS8_PRIV_KEY_INFO_free(p8);
-+ }
- return ret;
- }
- ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-- return (-1);
-+ return -1;
- }
---- a/crypto/asn1/i2d_pu.c
-+++ b/crypto/asn1/i2d_pu.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/n_pkey.c
-+++ b/crypto/asn1/n_pkey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "openssl/opensslconf.h"
---- a/crypto/asn1/nsseq.c
-+++ b/crypto/asn1/nsseq.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/p5_pbe.c
-+++ b/crypto/asn1/p5_pbe.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/p5_pbev2.c
-+++ b/crypto/asn1/p5_pbev2.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999-2004.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -140,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_
- if ((prf_nid == -1) &&
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
- ERR_clear_error();
-- prf_nid = NID_hmacWithSHA1;
-+ prf_nid = NID_hmacWithSHA256;
- }
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
---- a/crypto/asn1/p5_scrypt.c
-+++ b/crypto/asn1/p5_scrypt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/p8_pkey.c
-+++ b/crypto/asn1/p8_pkey.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/t_bitst.c
-+++ b/crypto/asn1/t_bitst.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -79,7 +30,7 @@ int ASN1_BIT_STRING_name_print(BIO *out,
- return 1;
- }
-
--int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
- BIT_STRING_BITNAME *tbl)
- {
- int bitnum;
-@@ -93,7 +44,7 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STR
- return 1;
- }
-
--int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
-+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
- {
- BIT_STRING_BITNAME *bnam;
- for (bnam = tbl; bnam->lname; bnam++) {
---- a/crypto/asn1/t_pkey.c
-+++ b/crypto/asn1/t_pkey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -66,7 +18,7 @@
- /* Maximum indent */
- #define ASN1_PRINT_MAX_INDENT 128
-
--int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent)
-+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
- {
- size_t i;
-
-@@ -79,7 +31,7 @@ int ASN1_buf_print(BIO *bp, unsigned cha
- }
- /*
- * Use colon separators for each octet for compatibility as
-- * this fuction is used to print out key components.
-+ * this function is used to print out key components.
- */
- if (BIO_printf(bp, "%02x%s", buf[i],
- (i == buflen - 1) ? "" : ":") <= 0)
---- a/crypto/asn1/t_spki.c
-+++ b/crypto/asn1/t_spki.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/tasn_dec.c
-+++ b/crypto/asn1/tasn_dec.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -63,6 +14,7 @@
- #include <openssl/objects.h>
- #include <openssl/buffer.h>
- #include <openssl/err.h>
-+#include "internal/numbers.h"
- #include "asn1_locl.h"
-
- static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
-@@ -348,7 +300,9 @@ static int asn1_item_embed_d2i(ASN1_VALU
- if (tt->flags & ASN1_TFLG_ADB_MASK) {
- const ASN1_TEMPLATE *seqtt;
- ASN1_VALUE **pseqval;
-- seqtt = asn1_do_adb(pval, tt, 1);
-+ seqtt = asn1_do_adb(pval, tt, 0);
-+ if (seqtt == NULL)
-+ continue;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- asn1_template_free(pseqval, seqtt);
- }
-@@ -359,7 +313,7 @@ static int asn1_item_embed_d2i(ASN1_VALU
- const ASN1_TEMPLATE *seqtt;
- ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 1);
-- if (!seqtt)
-+ if (seqtt == NULL)
- goto err;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- /* Have we ran out of data? */
-@@ -424,7 +378,7 @@ static int asn1_item_embed_d2i(ASN1_VALU
- for (; i < it->tcount; tt++, i++) {
- const ASN1_TEMPLATE *seqtt;
- seqtt = asn1_do_adb(pval, tt, 1);
-- if (!seqtt)
-+ if (seqtt == NULL)
- goto err;
- if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
- ASN1_VALUE **pseqval;
-@@ -584,7 +538,7 @@ static int asn1_template_noexp_d2i(ASN1_
- } else if (ret == -1)
- return -1;
- if (!*val)
-- *val = (ASN1_VALUE *)sk_new_null();
-+ *val = (ASN1_VALUE *)OPENSSL_sk_new_null();
- else {
- /*
- * We've got a valid STACK: free up any items present
-@@ -858,9 +812,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval
- break;
-
- case V_ASN1_INTEGER:
-- case V_ASN1_NEG_INTEGER:
- case V_ASN1_ENUMERATED:
-- case V_ASN1_NEG_ENUMERATED:
- tint = (ASN1_INTEGER **)pval;
- if (!c2i_ASN1_INTEGER(tint, &cont, len))
- goto err;
-@@ -946,7 +898,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval
-
- static int asn1_find_end(const unsigned char **in, long len, char inf)
- {
-- int expected_eoc;
-+ uint32_t expected_eoc;
- long plen;
- const unsigned char *p = *in, *q;
- /* If not indefinite length constructed just add length */
-@@ -976,10 +928,15 @@ static int asn1_find_end(const unsigned
- ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
-- if (inf)
-+ if (inf) {
-+ if (expected_eoc == UINT32_MAX) {
-+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
-+ return 0;
-+ }
- expected_eoc++;
-- else
-+ } else {
- p += plen;
-+ }
- len -= p - q;
- }
- if (expected_eoc) {
---- a/crypto/asn1/tasn_enc.c
-+++ b/crypto/asn1/tasn_enc.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -600,9 +551,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval
- cout ? &cout : NULL);
-
- case V_ASN1_INTEGER:
-- case V_ASN1_NEG_INTEGER:
- case V_ASN1_ENUMERATED:
-- case V_ASN1_NEG_ENUMERATED:
- /*
- * These are all have the same content format as ASN1_INTEGER
- */
---- a/crypto/asn1/tasn_fre.c
-+++ b/crypto/asn1/tasn_fre.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -138,7 +89,7 @@ static void asn1_item_embed_free(ASN1_VA
-
- case ASN1_ITYPE_NDEF_SEQUENCE:
- case ASN1_ITYPE_SEQUENCE:
-- if (asn1_do_lock(pval, -1, it) > 0)
-+ if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
- return;
- if (asn1_cb) {
- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
-@@ -151,9 +102,11 @@ static void asn1_item_embed_free(ASN1_VA
- * field and we wont be able to determine the type of the field it
- * defines. So free up in reverse order.
- */
-- tt = it->templates + it->tcount - 1;
-- for (i = 0; i < it->tcount; tt--, i++) {
-+ tt = it->templates + it->tcount;
-+ for (i = 0; i < it->tcount; i++) {
- ASN1_VALUE **pseqval;
-+
-+ tt--;
- seqtt = asn1_do_adb(pval, tt, 0);
- if (!seqtt)
- continue;
---- a/crypto/asn1/tasn_new.c
-+++ b/crypto/asn1/tasn_new.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -172,7 +123,9 @@ int asn1_item_embed_new(ASN1_VALUE **pva
- if (*pval == NULL)
- goto memerr;
- }
-- asn1_do_lock(pval, 0, it);
-+ /* 0 : init. lock */
-+ if (asn1_do_lock(pval, 0, it) < 0)
-+ goto memerr;
- asn1_enc_init(pval, it);
- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
- pseqval = asn1_get_field_ptr(pval, tt);
---- a/crypto/asn1/tasn_prn.c
-+++ b/crypto/asn1/tasn_prn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -200,7 +151,8 @@ static int asn1_item_print_ctx(BIO *out,
- } else
- asn1_cb = 0;
-
-- if (*fld == NULL) {
-+ if (((it->itype != ASN1_ITYPE_PRIMITIVE)
-+ || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
- if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
- if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
- return 0;
-@@ -218,7 +170,7 @@ static int asn1_item_print_ctx(BIO *out,
- return 0;
- break;
- }
-- /* fall thru */
-+ /* fall through */
- case ASN1_ITYPE_MSTRING:
- if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
- return 0;
-@@ -314,6 +266,7 @@ int asn1_template_print_ctx(BIO *out, AS
- {
- int i, flags;
- const char *sname, *fname;
-+ ASN1_VALUE *tfld;
- flags = tt->flags;
- if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
- sname = ASN1_ITEM_ptr(tt->item)->sname;
-@@ -323,6 +276,16 @@ int asn1_template_print_ctx(BIO *out, AS
- fname = NULL;
- else
- fname = tt->field_name;
-+
-+ /*
-+ * If field is embedded then fld needs fixing so it is a pointer to
-+ * a pointer to a field.
-+ */
-+ if (flags & ASN1_TFLG_EMBED) {
-+ tfld = (ASN1_VALUE *)fld;
-+ fld = &tfld;
-+ }
-+
- if (flags & ASN1_TFLG_SK_MASK) {
- char *tname;
- ASN1_VALUE *skitem;
-@@ -431,6 +394,8 @@ static int asn1_print_integer(BIO *out,
- char *s;
- int ret = 1;
- s = i2s_ASN1_INTEGER(NULL, str);
-+ if (s == NULL)
-+ return 0;
- if (BIO_puts(out, s) <= 0)
- ret = 0;
- OPENSSL_free(s);
-@@ -458,7 +423,7 @@ static int asn1_print_obstring(BIO *out,
- } else if (BIO_puts(out, "\n") <= 0)
- return 0;
- if ((str->length > 0)
-- && BIO_dump_indent(out, (char *)str->data, str->length,
-+ && BIO_dump_indent(out, (const char *)str->data, str->length,
- indent + 2) <= 0)
- return 0;
- return 1;
-@@ -479,11 +444,16 @@ static int asn1_primitive_print(BIO *out
- return 0;
- if (pf && pf->prim_print)
- return pf->prim_print(out, fld, it, indent, pctx);
-- str = (ASN1_STRING *)*fld;
-- if (it->itype == ASN1_ITYPE_MSTRING)
-+ if (it->itype == ASN1_ITYPE_MSTRING) {
-+ str = (ASN1_STRING *)*fld;
- utype = str->type & ~V_ASN1_NEG;
-- else
-+ } else {
- utype = it->utype;
-+ if (utype == V_ASN1_BOOLEAN)
-+ str = NULL;
-+ else
-+ str = (ASN1_STRING *)*fld;
-+ }
- if (utype == V_ASN1_ANY) {
- ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
- utype = atype->type;
---- a/crypto/asn1/tasn_scn.c
-+++ b/crypto/asn1/tasn_scn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2010.
-- */
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -73,8 +24,8 @@
-
- ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
- {
-- ASN1_SCTX *ret;
-- ret = OPENSSL_malloc(sizeof(*ret));
-+ ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
-+
- if (ret == NULL) {
- ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
---- a/crypto/asn1/tasn_typ.c
-+++ b/crypto/asn1/tasn_typ.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <openssl/asn1.h>
- #include <openssl/asn1t.h>
---- a/crypto/asn1/tasn_utl.c
-+++ b/crypto/asn1/tasn_utl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -95,12 +46,14 @@ int asn1_set_choice_selector(ASN1_VALUE
- }
-
- /*
-- * Do reference counting. The value 'op' decides what to do. if it is +1
-- * then the count is incremented. If op is 0 count is set to 1. If op is -1
-- * count is decremented and the return value is the current reference count
-- * or 0 if no reference count exists.
-+ * Do atomic reference counting. The value 'op' decides what to do.
-+ * If it is +1 then the count is incremented.
-+ * If |op| is 0, lock is initialised and count is set to 1.
-+ * If |op| is -1, count is decremented and the return value is the current
-+ * reference count or 0 if no reference count is active.
-+ * It returns -1 on initialisation error.
-+ * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects
- */
--
- int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
- {
- const ASN1_AUX *aux;
-@@ -117,17 +70,22 @@ int asn1_do_lock(ASN1_VALUE **pval, int
- if (op == 0) {
- *lck = 1;
- *lock = CRYPTO_THREAD_lock_new();
-- if (*lock == NULL)
-- return 0;
-+ if (*lock == NULL) {
-+ ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE);
-+ return -1;
-+ }
- return 1;
- }
-- CRYPTO_atomic_add(lck, op, &ret, *lock);
-+ if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0)
-+ return -1; /* failed */
- #ifdef REF_PRINT
- fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname);
- #endif
- REF_ASSERT_ISNT(ret < 0);
-- if (ret == 0)
-+ if (ret == 0) {
- CRYPTO_THREAD_lock_free(*lock);
-+ *lock = NULL;
-+ }
- return ret;
- }
-
-@@ -235,7 +193,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VA
- sfld = offset2ptr(*pval, adb->offset);
-
- /* Check if NULL */
-- if (!sfld) {
-+ if (*sfld == NULL) {
- if (!adb->null_tt)
- goto err;
- return adb->null_tt;
---- a/crypto/asn1/x_algor.c
-+++ b/crypto/asn1/x_algor.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
---- a/crypto/asn1/x_bignum.c
-+++ b/crypto/asn1/x_bignum.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -80,6 +31,8 @@ static int bn_c2i(ASN1_VALUE **pval, con
- int utype, char *free_cont, const ASN1_ITEM *it);
- static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
- int utype, char *free_cont, const ASN1_ITEM *it);
-+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
-+ int indent, const ASN1_PCTX *pctx);
-
- static ASN1_PRIMITIVE_FUNCS bignum_pf = {
- NULL, 0,
-@@ -87,7 +40,8 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf =
- bn_free,
- 0,
- bn_c2i,
-- bn_i2c
-+ bn_i2c,
-+ bn_print
- };
-
- static ASN1_PRIMITIVE_FUNCS cbignum_pf = {
-@@ -96,7 +50,8 @@ static ASN1_PRIMITIVE_FUNCS cbignum_pf =
- bn_free,
- 0,
- bn_secure_c2i,
-- bn_i2c
-+ bn_i2c,
-+ bn_print
- };
-
- ASN1_ITEM_start(BIGNUM)
-@@ -179,3 +134,13 @@ static int bn_secure_c2i(ASN1_VALUE **pv
- bn_secure_new(pval, it);
- return bn_c2i(pval, cont, len, utype, free_cont, it);
- }
-+
-+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
-+ int indent, const ASN1_PCTX *pctx)
-+{
-+ if (!BN_print(out, *(BIGNUM **)pval))
-+ return 0;
-+ if (BIO_puts(out, "\n") <= 0)
-+ return 0;
-+ return 1;
-+}
---- a/crypto/asn1/x_info.c
-+++ b/crypto/asn1/x_info.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/x_long.c
-+++ b/crypto/asn1/x_long.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -125,7 +76,7 @@ static int long_i2c(ASN1_VALUE **pval, u
- * set.
- */
- if (ltmp < 0)
-- utmp = -ltmp - 1;
-+ utmp = -(unsigned long)ltmp - 1;
- else
- utmp = ltmp;
- clen = BN_num_bits_word(utmp);
-@@ -177,8 +128,8 @@ static int long_c2i(ASN1_VALUE **pval, c
- }
- ltmp = (long)utmp;
- if (neg) {
-- ltmp++;
- ltmp = -ltmp;
-+ ltmp--;
- }
- if (ltmp == it->size) {
- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
---- a/crypto/asn1/x_pkey.c
-+++ b/crypto/asn1/x_pkey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/x_sig.c
-+++ b/crypto/asn1/x_sig.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/asn1/x_spki.c
-+++ b/crypto/asn1/x_spki.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/asn1/x_val.c
-+++ b/crypto/asn1/x_val.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/async/Makefile.in
-+++ /dev/null
-@@ -1,63 +0,0 @@
--#
--# OpenSSL/crypto/async/Makefile
--#
--
--DIR= async
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--TEST=
--APPS=
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=async.c async_wait.c async_err.c arch/async_posix.c arch/async_win.c arch/async_null.c
--LIBOBJ=async.o async_wait.o async_err.o arch/async_posix.o arch/async_win.o arch/async_null.o
--
--SRC= $(LIBSRC)
--
--HEADER= async_locl.h arch/async_posix.h arch/async_win.h arch/async_null.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--links:
-- @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-- @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-- @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--
--install:
-- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-- @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
-- do \
-- (cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$i; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$i ); \
-- done;
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-- rm -f arch/*.o arch/*.obj arch/lib arch/tags arch/core arch/.pure arch/.nfs* arch/*.old arch/*.bak arch/fluff
--
--# Different flavours of make disagree on where output goes
--.c.o:
-- $(CC) $(CFLAGS) -c $< -o $@
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/async/arch/async_null.c
-+++ b/crypto/async/arch/async_null.c
-@@ -1,62 +1,16 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* This must be the first #include file */
- #include "../async_locl.h"
-
- #ifdef ASYNC_NULL
--# include <openssl/ct.h>
--# include <openssl/x509v3.h>
--
- int ASYNC_is_capable(void)
- {
- return 0;
-@@ -65,6 +19,5 @@ int ASYNC_is_capable(void)
- void async_local_cleanup(void)
- {
- }
--
- #endif
-
---- a/crypto/async/arch/async_null.h
-+++ b/crypto/async/arch/async_null.h
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/async.h>
---- a/crypto/async/arch/async_posix.c
-+++ b/crypto/async/arch/async_posix.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* This must be the first #include file */
---- a/crypto/async/arch/async_posix.h
-+++ b/crypto/async/arch/async_posix.h
-@@ -1,59 +1,19 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
- #define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
- #include <openssl/e_os2.h>
-
--#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC)
-+#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \
-+ && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
-+ && !defined(__ANDROID__) && !defined(__OpenBSD__)
-
- # include <unistd.h>
-
-@@ -74,7 +34,7 @@ typedef struct async_fibre_st {
- int env_init;
- } async_fibre;
-
--static inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
-+static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
- {
- o->env_init = 1;
-
---- a/crypto/async/arch/async_win.c
-+++ b/crypto/async/arch/async_win.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* This must be the first #include file */
-@@ -68,7 +25,7 @@ void async_local_cleanup(void)
- async_ctx *ctx = async_get_ctx();
- if (ctx != NULL) {
- async_fibre *fibre = &ctx->dispatcher;
-- if(fibre != NULL && fibre->fibre != NULL && fibre->converted) {
-+ if (fibre != NULL && fibre->fibre != NULL && fibre->converted) {
- ConvertFiberToThread();
- fibre->fibre = NULL;
- }
---- a/crypto/async/arch/async_win.h
-+++ b/crypto/async/arch/async_win.h
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/async/async.c
-+++ b/crypto/async/async.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -61,7 +18,6 @@
- /* This must be the first #include file */
- #include "async_locl.h"
-
--#include <internal/threads.h>
- #include <openssl/err.h>
- #include <internal/cryptlib_int.h>
- #include <string.h>
-@@ -440,7 +396,7 @@ ASYNC_JOB *ASYNC_get_current_job(void)
- async_ctx *ctx;
-
- ctx = async_get_ctx();
-- if(ctx == NULL)
-+ if (ctx == NULL)
- return NULL;
-
- return ctx->currjob;
-@@ -472,6 +428,6 @@ void ASYNC_unblock_pause(void)
- */
- return;
- }
-- if(ctx->blocked > 0)
-+ if (ctx->blocked > 0)
- ctx->blocked--;
- }
---- a/crypto/async/async_err.c
-+++ b/crypto/async/async_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -79,18 +29,16 @@ static ERR_STRING_DATA ASYNC_str_functs[
- };
-
- static ERR_STRING_DATA ASYNC_str_reasons[] = {
-- {ERR_REASON(ASYNC_R_CANNOT_CREATE_WAIT_PIPE), "cannot create wait pipe"},
- {ERR_REASON(ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"},
- {ERR_REASON(ASYNC_R_FAILED_TO_SWAP_CONTEXT), "failed to swap context"},
- {ERR_REASON(ASYNC_R_INIT_FAILED), "init failed"},
- {ERR_REASON(ASYNC_R_INVALID_POOL_SIZE), "invalid pool size"},
-- {ERR_REASON(ASYNC_R_POOL_ALREADY_INITED), "pool already inited"},
- {0, NULL}
- };
-
- #endif
-
--void ERR_load_ASYNC_strings(void)
-+int ERR_load_ASYNC_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -99,4 +47,5 @@ void ERR_load_ASYNC_strings(void)
- ERR_load_strings(0, ASYNC_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/async/async_locl.h
-+++ b/crypto/async/async_locl.h
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -59,6 +16,10 @@
- # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
- #endif
-
-+#if defined(_WIN32)
-+# include <windows.h>
-+#endif
-+
- #include <internal/async.h>
- #include <openssl/crypto.h>
-
---- a/crypto/async/async_wait.c
-+++ b/crypto/async/async_wait.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* This must be the first #include file */
---- a/crypto/bf/COPYRIGHT
-+++ /dev/null
-@@ -1,46 +0,0 @@
--Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
--All rights reserved.
--
--This package is an Blowfish implementation written
--by Eric Young (eay at cryptsoft.com).
--
--This library is free for commercial and non-commercial use as long as
--the following conditions are aheared to. The following conditions
--apply to all code found in this distribution.
--
--Copyright remains Eric Young's, and as such any Copyright notices in
--the code are not to be removed.
--
--Redistribution and use in source and binary forms, with or without
--modification, are permitted provided that the following conditions
--are met:
--1. Redistributions of source code must retain the copyright
-- notice, this list of conditions and the following disclaimer.
--2. Redistributions in binary form must reproduce the above copyright
-- notice, this list of conditions and the following disclaimer in the
-- documentation and/or other materials provided with the distribution.
--3. All advertising materials mentioning features or use of this software
-- must display the following acknowledgement:
-- This product includes software developed by Eric Young (eay at cryptsoft.com)
--
--THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
--ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
--ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
--FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
--DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
--OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
--LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
--OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
--SUCH DAMAGE.
--
--The license and distribution terms for any publically available version or
--derivative of this code cannot be changed. i.e. this code cannot simply be
--copied and put under another distrubution license
--[including the GNU Public License.]
--
--The reason behind this being stated in this direct manner is past
--experience in code simply being copied and the attribution removed
--from it and then being distributed as part of other packages. This
--implementation was a non-trivial and unpaid effort.
---- a/crypto/bf/INSTALL
-+++ /dev/null
-@@ -1,14 +0,0 @@
--This Eric Young's blowfish implementation, taken from his SSLeay library
--and made available as a separate library.
--
--The version number (0.7.2m) is the SSLeay version that this library was
--taken from.
--
--To build, just unpack and type make.
--If you are not using gcc, edit the Makefile.
--If you are compiling for an x86 box, try the assembler (it needs improving).
--There are also some compile time options that can improve performance,
--these are documented in the Makefile.
--
--eric 15-Apr-1997
--
---- a/crypto/bf/Makefile.in
-+++ /dev/null
-@@ -1,51 +0,0 @@
--#
--# OpenSSL/crypto/blowfish/Makefile
--#
--
--DIR= bf
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--BF_ENC= bf_enc.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
--LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
--
--SRC= $(LIBSRC)
--
--HEADER= bf_pi.h bf_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--bf-586.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-- $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/bf/VERSION
-+++ /dev/null
-@@ -1,6 +0,0 @@
--The version numbers will follow my SSL implementation
--
--0.7.2r - Some reasonable default compiler options from
-- Peter Gutman <pgut001 at cs.auckland.ac.nz>
--
--0.7.2m - the first release
---- a/crypto/bf/asm/bf-586.pl
-+++ b/crypto/bf/asm/bf-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
---- a/crypto/bf/bf_cbc.c
-+++ b/crypto/bf/bf_cbc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/blowfish.h>
---- a/crypto/bf/bf_cfb64.c
-+++ b/crypto/bf/bf_cfb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/blowfish.h>
---- a/crypto/bf/bf_ecb.c
-+++ b/crypto/bf/bf_ecb.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/blowfish.h>
---- a/crypto/bf/bf_enc.c
-+++ b/crypto/bf/bf_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/blowfish.h>
---- a/crypto/bf/bf_locl.h
-+++ b/crypto/bf/bf_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BF_LOCL_H
---- a/crypto/bf/bf_ofb64.c
-+++ b/crypto/bf/bf_ofb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/blowfish.h>
---- a/crypto/bf/bf_pi.h
-+++ b/crypto/bf/bf_pi.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- static const BF_KEY bf_init = {
---- a/crypto/bf/bf_skey.c
-+++ b/crypto/bf/bf_skey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bf/bfs.cpp
-+++ /dev/null
-@@ -1,67 +0,0 @@
--//
--// gettsc.inl
--//
--// gives access to the Pentium's (secret) cycle counter
--//
--// This software was written by Leonard Janke (janke at unixg.ubc.ca)
--// in 1996-7 and is entered, by him, into the public domain.
--
--#if defined(__WATCOMC__)
--void GetTSC(unsigned long&);
--#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
--#elif defined(__GNUC__)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- asm volatile(".byte 15, 49\n\t"
-- : "=eax" (tsc)
-- :
-- : "%edx", "%eax");
--}
--#elif defined(_MSC_VER)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- unsigned long a;
-- __asm _emit 0fh
-- __asm _emit 31h
-- __asm mov a, eax;
-- tsc=a;
--}
--#endif
--
--#include <stdio.h>
--#include <stdlib.h>
--#include <openssl/blowfish.h>
--
--void main(int argc,char *argv[])
-- {
-- BF_KEY key;
-- unsigned long s1,s2,e1,e2;
-- unsigned long data[2];
-- int i,j;
--
-- for (j=0; j<6; j++)
-- {
-- for (i=0; i<1000; i++) /**/
-- {
-- BF_encrypt(&data[0],&key);
-- GetTSC(s1);
-- BF_encrypt(&data[0],&key);
-- BF_encrypt(&data[0],&key);
-- BF_encrypt(&data[0],&key);
-- GetTSC(e1);
-- GetTSC(s2);
-- BF_encrypt(&data[0],&key);
-- BF_encrypt(&data[0],&key);
-- BF_encrypt(&data[0],&key);
-- BF_encrypt(&data[0],&key);
-- GetTSC(e2);
-- BF_encrypt(&data[0],&key);
-- }
--
-- printf("blowfish %d %d (%d)\n",
-- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
-- }
-- }
--
---- a/crypto/bf/build.info
-+++ b/crypto/bf/build.info
-@@ -1,5 +1,6 @@
- LIBS=../../libcrypto
--SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-+SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c \
-+ {- $target{bf_asm_src} -}
-
- GENERATE[bf-586.s]=asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
- DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
---- a/crypto/bio/Makefile.in
-+++ /dev/null
-@@ -1,55 +0,0 @@
--#
--# OpenSSL/crypto/bio/Makefile
--#
--
--DIR= bio
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= bio_lib.c bio_cb.c bio_err.c \
-- bss_mem.c bss_null.c bss_fd.c \
-- bss_file.c bss_sock.c bss_conn.c \
-- bf_null.c bf_buff.c b_print.c b_dump.c b_addr.c \
-- b_sock.c b_sock2.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \
-- bss_dgram.c bio_meth.c
--# bf_lbuf.c
--LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
-- bss_mem.o bss_null.o bss_fd.o \
-- bss_file.o bss_sock.o bss_conn.o \
-- bf_null.o bf_buff.o b_print.o b_dump.o b_addr.o \
-- b_sock.o b_sock2.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o \
-- bss_dgram.o bio_meth.o
--# bf_lbuf.o
--
--SRC= $(LIBSRC)
--
--HEADER= bio_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/bio/b_addr.c
-+++ b/crypto/bio/b_addr.c
-@@ -1,65 +1,21 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-
- #include "bio_lcl.h"
--#include "internal/threads.h"
-+#include <openssl/crypto.h>
-
- #ifndef OPENSSL_NO_SOCK
- #include <openssl/err.h>
- #include <openssl/buffer.h>
-+#include <internal/thread_once.h>
- #include <ctype.h>
-
- CRYPTO_RWLOCK *bio_lookup_lock;
-@@ -83,6 +39,11 @@ BIO_ADDR *BIO_ADDR_new(void)
- {
- BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
-
-+ if (ret == NULL) {
-+ BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
- ret->sa.sa_family = AF_UNSPEC;
- return ret;
- }
-@@ -268,21 +229,35 @@ static int addr_strings(const BIO_ADDR *
- ntohs(BIO_ADDR_rawport(ap)));
- }
-
-- if (hostname)
-+ if (hostname != NULL)
- *hostname = OPENSSL_strdup(host);
-- if (service)
-+ if (service != NULL)
- *service = OPENSSL_strdup(serv);
- } else {
- #endif
-- if (hostname)
-+ if (hostname != NULL)
- *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr));
-- if (service) {
-+ if (service != NULL) {
- char serv[6]; /* port is 16 bits => max 5 decimal digits */
- BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port));
- *service = OPENSSL_strdup(serv);
- }
- }
-
-+ if ((hostname != NULL && *hostname == NULL)
-+ || (service != NULL && *service == NULL)) {
-+ if (hostname != NULL) {
-+ OPENSSL_free(*hostname);
-+ *hostname = NULL;
-+ }
-+ if (service != NULL) {
-+ OPENSSL_free(*service);
-+ *service = NULL;
-+ }
-+ BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
- return 1;
- }
-
-@@ -583,7 +558,7 @@ int BIO_parse_hostserv(const char *hosts
- * family, such as AF_UNIX
- *
- * the return value is 1 on success, or 0 on failure, which
-- * only happens if a memory allocation error occured.
-+ * only happens if a memory allocation error occurred.
- */
- static int addrinfo_wrap(int family, int socktype,
- const void *where, size_t wherelen,
-@@ -627,9 +602,10 @@ static int addrinfo_wrap(int family, int
- return 1;
- }
-
--static void do_bio_lookup_init(void)
-+DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
- {
- bio_lookup_lock = CRYPTO_THREAD_lock_new();
-+ return (bio_lookup_lock != NULL);
- }
-
- /*-
-@@ -692,9 +668,6 @@ int BIO_lookup(const char *host, const c
- struct addrinfo hints;
- memset(&hints, 0, sizeof hints);
-
--# ifdef AI_ADDRCONFIG
-- hints.ai_flags = AI_ADDRCONFIG;
--# endif
- hints.ai_family = family;
- hints.ai_socktype = socktype;
-
-@@ -734,12 +707,12 @@ int BIO_lookup(const char *host, const c
- /* Windows doesn't seem to have in_addr_t */
- #ifdef OPENSSL_SYS_WINDOWS
- static uint32_t he_fallback_address;
-- static const uint32_t *he_fallback_addresses[] =
-- { &he_fallback_address, NULL };
-+ static const char *he_fallback_addresses[] =
-+ { (char *)&he_fallback_address, NULL };
- #else
- static in_addr_t he_fallback_address;
-- static const in_addr_t *he_fallback_addresses[] =
-- { &he_fallback_address, NULL };
-+ static const char *he_fallback_addresses[] =
-+ { (char *)&he_fallback_address, NULL };
- #endif
- static const struct hostent he_fallback =
- { NULL, NULL, AF_INET, sizeof(he_fallback_address),
-@@ -749,14 +722,18 @@ int BIO_lookup(const char *host, const c
- #endif
-
- struct servent *se;
-- /* Apprently, on WIN64, s_proto and s_port have traded places... */
-+ /* Apparently, on WIN64, s_proto and s_port have traded places... */
- #ifdef _WIN64
- struct servent se_fallback = { NULL, NULL, NULL, 0 };
- #else
- struct servent se_fallback = { NULL, NULL, 0, NULL };
- #endif
-
-- CRYPTO_THREAD_run_once(&bio_lookup_init, do_bio_lookup_init);
-+ if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
-+ BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE);
-+ ret = 0;
-+ goto err;
-+ }
-
- CRYPTO_THREAD_write_lock(bio_lookup_lock);
- he_fallback_address = INADDR_ANY;
---- a/crypto/bio/b_dump.c
-+++ b/crypto/bio/b_dump.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/bio/b_print.c
-+++ b/crypto/bio/b_print.c
-@@ -1,69 +1,16 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
- /*
-- * Stolen from tjh's ssl/ssl_trc.c stuff.
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
--#include <assert.h>
--#include <limits.h>
-+#include "internal/numbers.h"
- #include "internal/cryptlib.h"
- #ifndef NO_SYS_TYPES_H
- # include <sys/types.h>
-@@ -77,8 +24,6 @@
- # endif
- #endif
-
--/***************************************************************************/
--
- /*
- * Copyright Patrick Powell 1995
- * This code is based on code written by Patrick Powell <papowell at astart.com>
-@@ -86,21 +31,6 @@
- * on all source code distributions.
- */
-
--/*-
-- * This code contains numerious changes and enhancements which were
-- * made by lots of contributors over the last years to Patrick Powell's
-- * original code:
-- *
-- * o Patrick Powell <papowell at astart.com> (1995)
-- * o Brandon Long <blong at fiction.net> (1996, for Mutt)
-- * o Thomas Roessler <roessler at guug.de> (1998, for Mutt)
-- * o Michael Elkins <me at cs.hmc.edu> (1998, for Mutt)
-- * o Andrew Tridgell <tridge at samba.org> (1998, for Samba)
-- * o Luke Mewburn <lukem at netbsd.org> (1999, for LukemFTP)
-- * o Ralf S. Engelschall <rse at engelschall.com> (1999, for Pth)
-- * o ... (for OpenSSL)
-- */
--
- #ifdef HAVE_LONG_DOUBLE
- # define LDOUBLE long double
- #else
-@@ -122,7 +52,7 @@ static int fmtstr(char **, char **, size
- static int fmtint(char **, char **, size_t *, size_t *,
- LLONG, int, int, int, int);
- static int fmtfp(char **, char **, size_t *, size_t *,
-- LDOUBLE, int, int, int);
-+ LDOUBLE, int, int, int, int);
- static int doapr_outch(char **, char **, size_t *, size_t *, int);
- static int _dopr(char **sbuffer, char **buffer,
- size_t *maxlen, size_t *retlen, int *truncated,
-@@ -139,12 +69,19 @@ static int _dopr(char **sbuffer, char **
- #define DP_S_DONE 7
-
- /* format flags - Bits */
-+/* left-aligned padding */
- #define DP_F_MINUS (1 << 0)
-+/* print an explicit '+' for a value with positive sign */
- #define DP_F_PLUS (1 << 1)
-+/* print an explicit ' ' for a value with positive sign */
- #define DP_F_SPACE (1 << 2)
-+/* print 0/0x prefix for octal/hex and decimal point for floating point */
- #define DP_F_NUM (1 << 3)
-+/* print leading zeroes */
- #define DP_F_ZERO (1 << 4)
-+/* print HEX in UPPPERcase */
- #define DP_F_UP (1 << 5)
-+/* treat value as unsigned */
- #define DP_F_UNSIGNED (1 << 6)
-
- /* conversion flags */
-@@ -153,6 +90,11 @@ static int _dopr(char **sbuffer, char **
- #define DP_C_LDOUBLE 3
- #define DP_C_LLONG 4
-
-+/* Floating point formats */
-+#define F_FORMAT 0
-+#define E_FORMAT 1
-+#define G_FORMAT 2
-+
- /* some handy macros */
- #define char_to_int(p) (p - '0')
- #define OSSL_MAX(p,q) ((p >= q) ? p : q)
-@@ -331,7 +273,7 @@ static int
- else
- fvalue = va_arg(args, double);
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
-- flags))
-+ flags, F_FORMAT))
- return 0;
- break;
- case 'E':
-@@ -341,6 +283,9 @@ static int
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
-+ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
-+ flags, E_FORMAT))
-+ return 0;
- break;
- case 'G':
- flags |= DP_F_UP;
-@@ -349,6 +294,9 @@ static int
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
-+ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
-+ flags, G_FORMAT))
-+ return 0;
- break;
- case 'c':
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-@@ -415,9 +363,15 @@ static int
- break;
- }
- }
-- *truncated = (currlen > *maxlen - 1);
-- if (*truncated)
-- currlen = *maxlen - 1;
-+ /*
-+ * We have to truncate if there is no dynamic buffer and we have filled the
-+ * static buffer.
-+ */
-+ if (buffer == NULL) {
-+ *truncated = (currlen > *maxlen - 1);
-+ if (*truncated)
-+ currlen = *maxlen - 1;
-+ }
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
- return 0;
- *retlen = currlen - 1;
-@@ -437,28 +391,37 @@ fmtstr(char **sbuffer,
- if (value == 0)
- value = "<NULL>";
-
-- strln = strlen(value);
-- if (strln > INT_MAX)
-- strln = INT_MAX;
-+ strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
-
- padlen = min - strln;
- if (min < 0 || padlen < 0)
- padlen = 0;
-+ if (max >= 0) {
-+ /*
-+ * Calculate the maximum output including padding.
-+ * Make sure max doesn't overflow into negativity
-+ */
-+ if (max < INT_MAX - padlen)
-+ max += padlen;
-+ else
-+ max = INT_MAX;
-+ }
- if (flags & DP_F_MINUS)
- padlen = -padlen;
-
-- while ((padlen > 0) && (cnt < max)) {
-+ while ((padlen > 0) && (max < 0 || cnt < max)) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- --padlen;
- ++cnt;
- }
-- while (*value && (cnt < max)) {
-+ while (strln > 0 && (max < 0 || cnt < max)) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
- return 0;
-+ --strln;
- ++cnt;
- }
-- while ((padlen < 0) && (cnt < max)) {
-+ while ((padlen < 0) && (max < 0 || cnt < max)) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- ++padlen;
-@@ -488,7 +451,7 @@ fmtint(char **sbuffer,
- if (!(flags & DP_F_UNSIGNED)) {
- if (value < 0) {
- signvalue = '-';
-- uvalue = -value;
-+ uvalue = -(unsigned LLONG)value;
- } else if (flags & DP_F_PLUS)
- signvalue = '+';
- else if (flags & DP_F_SPACE)
-@@ -599,23 +562,28 @@ static int
- fmtfp(char **sbuffer,
- char **buffer,
- size_t *currlen,
-- size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags)
-+ size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
- {
- int signvalue = 0;
- LDOUBLE ufvalue;
-+ LDOUBLE tmpvalue;
- char iconvert[20];
- char fconvert[20];
-+ char econvert[20];
- int iplace = 0;
- int fplace = 0;
-+ int eplace = 0;
- int padlen = 0;
- int zpadlen = 0;
-- long intpart;
-- long fracpart;
-- long max10;
-+ long exp = 0;
-+ unsigned long intpart;
-+ unsigned long fracpart;
-+ unsigned long max10;
-+ int realstyle;
-
- if (max < 0)
- max = 6;
-- ufvalue = abs_val(fvalue);
-+
- if (fvalue < 0)
- signvalue = '-';
- else if (flags & DP_F_PLUS)
-@@ -623,7 +591,73 @@ fmtfp(char **sbuffer,
- else if (flags & DP_F_SPACE)
- signvalue = ' ';
-
-- intpart = (long)ufvalue;
-+ /*
-+ * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
-+ * depending on the number to be printed. Work out which one it is and use
-+ * that from here on.
-+ */
-+ if (style == G_FORMAT) {
-+ if (fvalue == 0.0) {
-+ realstyle = F_FORMAT;
-+ } else if (fvalue < 0.0001) {
-+ realstyle = E_FORMAT;
-+ } else if ((max == 0 && fvalue >= 10)
-+ || (max > 0 && fvalue >= pow_10(max))) {
-+ realstyle = E_FORMAT;
-+ } else {
-+ realstyle = F_FORMAT;
-+ }
-+ } else {
-+ realstyle = style;
-+ }
-+
-+ if (style != F_FORMAT) {
-+ tmpvalue = fvalue;
-+ /* Calculate the exponent */
-+ if (fvalue != 0.0) {
-+ while (tmpvalue < 1) {
-+ tmpvalue *= 10;
-+ exp--;
-+ }
-+ while (tmpvalue > 10) {
-+ tmpvalue /= 10;
-+ exp++;
-+ }
-+ }
-+ if (style == G_FORMAT) {
-+ /*
-+ * In G_FORMAT the "precision" represents significant digits. We
-+ * always have at least 1 significant digit.
-+ */
-+ if (max == 0)
-+ max = 1;
-+ /* Now convert significant digits to decimal places */
-+ if (realstyle == F_FORMAT) {
-+ max -= (exp + 1);
-+ if (max < 0) {
-+ /*
-+ * Should not happen. If we're in F_FORMAT then exp < max?
-+ */
-+ return 0;
-+ }
-+ } else {
-+ /*
-+ * In E_FORMAT there is always one significant digit in front
-+ * of the decimal point, so:
-+ * significant digits == 1 + decimal places
-+ */
-+ max--;
-+ }
-+ }
-+ if (realstyle == E_FORMAT)
-+ fvalue = tmpvalue;
-+ }
-+ ufvalue = abs_val(fvalue);
-+ if (ufvalue > ULONG_MAX) {
-+ /* Number too big */
-+ return 0;
-+ }
-+ intpart = (unsigned long)ufvalue;
-
- /*
- * sorry, we only support 9 digits past the decimal because of our
-@@ -654,16 +688,51 @@ fmtfp(char **sbuffer,
- iconvert[iplace] = 0;
-
- /* convert fractional part */
-- do {
-+ while (fplace < max) {
-+ if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
-+ /* We strip trailing zeros in G_FORMAT */
-+ max--;
-+ fracpart = fracpart / 10;
-+ if (fplace < max)
-+ continue;
-+ break;
-+ }
- fconvert[fplace++] = "0123456789"[fracpart % 10];
- fracpart = (fracpart / 10);
-- } while (fplace < max);
-+ }
-+
- if (fplace == sizeof fconvert)
- fplace--;
- fconvert[fplace] = 0;
-
-- /* -1 for decimal point, another -1 if we are printing a sign */
-- padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
-+ /* convert exponent part */
-+ if (realstyle == E_FORMAT) {
-+ int tmpexp;
-+ if (exp < 0)
-+ tmpexp = -exp;
-+ else
-+ tmpexp = exp;
-+
-+ do {
-+ econvert[eplace++] = "0123456789"[tmpexp % 10];
-+ tmpexp = (tmpexp / 10);
-+ } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
-+ /* Exponent is huge!! Too big to print */
-+ if (tmpexp > 0)
-+ return 0;
-+ /* Add a leading 0 for single digit exponents */
-+ if (eplace == 1)
-+ econvert[eplace++] = '0';
-+ }
-+
-+ /*
-+ * -1 for decimal point (if we have one, i.e. max > 0),
-+ * another -1 if we are printing a sign
-+ */
-+ padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
-+ /* Take some off for exponent prefix "+e" and exponent */
-+ if (realstyle == E_FORMAT)
-+ padlen -= 2 + eplace;
- zpadlen = max - fplace;
- if (zpadlen < 0)
- zpadlen = 0;
-@@ -717,6 +786,28 @@ fmtfp(char **sbuffer,
- return 0;
- --zpadlen;
- }
-+ if (realstyle == E_FORMAT) {
-+ char ech;
-+
-+ if ((flags & DP_F_UP) == 0)
-+ ech = 'e';
-+ else
-+ ech = 'E';
-+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
-+ return 0;
-+ if (exp < 0) {
-+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
-+ return 0;
-+ } else {
-+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
-+ return 0;
-+ }
-+ while (eplace > 0) {
-+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
-+ econvert[--eplace]))
-+ return 0;
-+ }
-+ }
-
- while (padlen < 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
-@@ -733,10 +824,10 @@ doapr_outch(char **sbuffer,
- char **buffer, size_t *currlen, size_t *maxlen, int c)
- {
- /* If we haven't at least one buffer, someone has doe a big booboo */
-- assert(*sbuffer != NULL || buffer != NULL);
-+ OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
-
- /* |currlen| must always be <= |*maxlen| */
-- assert(*currlen <= *maxlen);
-+ OPENSSL_assert(*currlen <= *maxlen);
-
- if (buffer && *currlen == *maxlen) {
- if (*maxlen > INT_MAX - BUFFER_INC)
-@@ -748,7 +839,7 @@ doapr_outch(char **sbuffer,
- if (*buffer == NULL)
- return 0;
- if (*currlen > 0) {
-- assert(*sbuffer != NULL);
-+ OPENSSL_assert(*sbuffer != NULL);
- memcpy(*buffer, *sbuffer, *currlen);
- }
- *sbuffer = NULL;
---- a/crypto/bio/b_sock.c
-+++ b/crypto/bio/b_sock.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -141,7 +93,7 @@ int BIO_get_port(const char *str, unsign
- int BIO_sock_error(int sock)
- {
- int j = 0, i;
-- socklen_t size = 0;
-+ socklen_t size = sizeof(j);
-
- /*
- * Note: under Windows the third parameter is of type (char *) whereas
-@@ -151,7 +103,7 @@ int BIO_sock_error(int sock)
- */
- i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size);
- if (i < 0)
-- return (1);
-+ return (get_last_socket_error());
- else
- return (j);
- }
-@@ -311,10 +263,20 @@ int BIO_accept(int sock, char **ip_port)
- if (ip_port != NULL) {
- char *host = BIO_ADDR_hostname_string(&res, 1);
- char *port = BIO_ADDR_service_string(&res, 1);
-- *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
-- strcpy(*ip_port, host);
-- strcat(*ip_port, ":");
-- strcat(*ip_port, port);
-+ if (host != NULL && port != NULL)
-+ *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
-+ else
-+ *ip_port = NULL;
-+
-+ if (*ip_port == NULL) {
-+ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
-+ BIO_closesocket(ret);
-+ ret = (int)INVALID_SOCKET;
-+ } else {
-+ strcpy(*ip_port, host);
-+ strcat(*ip_port, ":");
-+ strcat(*ip_port, port);
-+ }
- OPENSSL_free(host);
- OPENSSL_free(port);
- }
---- a/crypto/bio/b_sock2.c
-+++ b/crypto/bio/b_sock2.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -294,8 +249,10 @@ int BIO_accept_ex(int accept_sock, BIO_A
- return INVALID_SOCKET;
- }
-
-- if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0))
-+ if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) {
-+ closesocket(accepted_sock);
- return INVALID_SOCKET;
-+ }
-
- return accepted_sock;
- }
---- a/crypto/bio/bf_buff.c
-+++ b/crypto/bio/bf_buff.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bio/bf_lbuf.c
-+++ b/crypto/bio/bf_lbuf.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bio/bf_nbio.c
-+++ b/crypto/bio/bf_nbio.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bio/bf_null.c
-+++ b/crypto/bio/bf_null.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bio/bio_cb.c
-+++ b/crypto/bio/bio_cb.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -75,7 +27,7 @@ long BIO_debug_callback(BIO *bio, int cm
- if (BIO_CB_RETURN & cmd)
- r = ret;
-
-- len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
-+ len = BIO_snprintf(buf, sizeof buf, "BIO[%p]: ", (void *)bio);
-
- /* Ignore errors and continue printing the other information. */
- if (len < 0)
---- a/crypto/bio/bio_err.c
-+++ b/crypto/bio/bio_err.c
-@@ -1,62 +1,11 @@
--/* crypto/bio/bio_err.c */
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -74,13 +23,11 @@ static ERR_STRING_DATA BIO_str_functs[]
- {ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"},
- {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
- {ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"},
-- {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
-+ {ERR_FUNC(BIO_F_BIO_ADDR_NEW), "BIO_ADDR_new"},
- {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
- {ERR_FUNC(BIO_F_BIO_CONNECT), "BIO_connect"},
- {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
-- {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
- {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
-- {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
- {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
- {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
- {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"},
-@@ -109,10 +56,8 @@ static ERR_STRING_DATA BIO_str_functs[]
- {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"},
- {ERR_FUNC(BIO_F_FILE_READ), "file_read"},
- {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"},
-- {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
- {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"},
- {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
-- {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
- {0, NULL}
- };
-
-@@ -120,17 +65,11 @@ static ERR_STRING_DATA BIO_str_reasons[]
- {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
- {ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
- "addrinfo addr is not af inet"},
-- {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE), "ambiguous host or service"},
-+ {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
-+ "ambiguous host or service"},
- {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
-- {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"},
- {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"},
- {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"},
-- {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"},
-- {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"},
-- {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),
-- "error setting nbio on accepted socket"},
-- {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),
-- "error setting nbio on accept socket"},
- {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
- "gethostbyname addr is not af inet"},
- {ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
-@@ -138,25 +77,20 @@ static ERR_STRING_DATA BIO_str_reasons[]
- "getsockname truncated address"},
- {ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"},
- {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
-- {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"},
- {ERR_REASON(BIO_R_INVALID_SOCKET), "invalid socket"},
- {ERR_REASON(BIO_R_IN_USE), "in use"},
-- {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"},
- {ERR_REASON(BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
- {ERR_REASON(BIO_R_LOOKUP_RETURNED_NOTHING), "lookup returned nothing"},
-- {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE), "malformed host or service"},
-+ {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE),
-+ "malformed host or service"},
- {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
- {ERR_REASON(BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
- "no accept addr or service specified"},
-- {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"},
- {ERR_REASON(BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
- "no hostname or service specified"},
-- {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"},
- {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"},
-- {ERR_REASON(BIO_R_NO_SERVICE_SPECIFIED), "no service specified"},
- {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"},
- {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"},
-- {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"},
- {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
- {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
- {ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"},
-@@ -177,7 +111,7 @@ static ERR_STRING_DATA BIO_str_reasons[]
-
- #endif
-
--void ERR_load_BIO_strings(void)
-+int ERR_load_BIO_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -186,4 +120,5 @@ void ERR_load_BIO_strings(void)
- ERR_load_strings(0, BIO_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/bio/bio_lcl.h
-+++ b/crypto/bio/bio_lcl.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #define USE_SOCKETS
- #include "e_os.h"
-
---- a/crypto/bio/bio_lib.c
-+++ b/crypto/bio/bio_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -60,56 +12,42 @@
- #include <openssl/crypto.h>
- #include "bio_lcl.h"
- #include "internal/cryptlib.h"
--#include <openssl/stack.h>
-
- BIO *BIO_new(const BIO_METHOD *method)
- {
-- BIO *ret = OPENSSL_malloc(sizeof(*ret));
-+ BIO *bio = OPENSSL_zalloc(sizeof(*bio));
-
-- if (ret == NULL) {
-+ if (bio == NULL) {
- BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
- return (NULL);
- }
-- if (!BIO_set(ret, method)) {
-- OPENSSL_free(ret);
-- ret = NULL;
-- }
-- return (ret);
--}
-
--int BIO_set(BIO *bio, const BIO_METHOD *method)
--{
- bio->method = method;
-- bio->callback = NULL;
-- bio->cb_arg = NULL;
-- bio->init = 0;
- bio->shutdown = 1;
-- bio->flags = 0;
-- bio->retry_reason = 0;
-- bio->num = 0;
-- bio->ptr = NULL;
-- bio->prev_bio = NULL;
-- bio->next_bio = NULL;
- bio->references = 1;
-- bio->num_read = 0L;
-- bio->num_write = 0L;
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-+
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
-+ goto err;
-
- bio->lock = CRYPTO_THREAD_lock_new();
- if (bio->lock == NULL) {
-+ BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-- return 0;
-+ goto err;
- }
-
-- if (method->create != NULL) {
-- if (!method->create(bio)) {
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-- CRYPTO_THREAD_lock_free(bio->lock);
-- return 0;
-- }
-+ if (method->create != NULL && !method->create(bio)) {
-+ BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL);
-+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-+ CRYPTO_THREAD_lock_free(bio->lock);
-+ goto err;
- }
-
-- return 1;
-+ return bio;
-+
-+err:
-+ OPENSSL_free(bio);
-+ return NULL;
- }
-
- int BIO_free(BIO *a)
-@@ -130,13 +68,13 @@ int BIO_free(BIO *a)
- ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
- return i;
-
-+ if ((a->method != NULL) && (a->method->destroy != NULL))
-+ a->method->destroy(a);
-+
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
-
- CRYPTO_THREAD_lock_free(a->lock);
-
-- if ((a->method != NULL) && (a->method->destroy != NULL))
-- a->method->destroy(a);
--
- OPENSSL_free(a);
-
- return 1;
---- a/crypto/bio/bio_meth.c
-+++ b/crypto/bio/bio_meth.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "bio_lcl.h"
---- a/crypto/bio/bss_acpt.c
-+++ b/crypto/bio/bss_acpt.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -474,16 +426,17 @@ static long acpt_ctrl(BIO *b, int cmd, l
- data->param_serv = BUF_strdup(ptr);
- b->init = 1;
- } else if (num == 2) {
-- if (ptr != NULL)
-- data->bind_mode |= BIO_SOCK_NONBLOCK;
-- else
-- data->bind_mode &= ~BIO_SOCK_NONBLOCK;
-+ data->bind_mode |= BIO_SOCK_NONBLOCK;
- } else if (num == 3) {
- BIO_free(data->bio_chain);
- data->bio_chain = (BIO *)ptr;
- } else if (num == 4) {
- data->accept_family = *(int *)ptr;
- }
-+ } else {
-+ if (num == 2) {
-+ data->bind_mode &= ~BIO_SOCK_NONBLOCK;
-+ }
- }
- break;
- case BIO_C_SET_NBIO:
---- a/crypto/bio/bss_bio.c
-+++ b/crypto/bio/bss_bio.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -119,16 +74,13 @@ struct bio_bio_st {
-
- static int bio_new(BIO *bio)
- {
-- struct bio_bio_st *b;
-+ struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
-
-- b = OPENSSL_malloc(sizeof(*b));
- if (b == NULL)
- return 0;
-
-- b->peer = NULL;
- /* enough for one TLS record (just a default) */
- b->size = 17 * 1024;
-- b->buf = NULL;
-
- bio->ptr = b;
- return 1;
-@@ -627,16 +579,15 @@ static long bio_ctrl(BIO *bio, int cmd,
- break;
-
- case BIO_CTRL_EOF:
-- {
-- BIO *other_bio = ptr;
--
-- if (other_bio) {
-- struct bio_bio_st *other_b = other_bio->ptr;
-+ if (b->peer != NULL) {
-+ struct bio_bio_st *peer_b = b->peer->ptr;
-
-- assert(other_b != NULL);
-- ret = other_b->len == 0 && other_b->closed;
-- } else
-+ if (peer_b->len == 0 && peer_b->closed)
- ret = 1;
-+ else
-+ ret = 0;
-+ } else {
-+ ret = 1;
- }
- break;
-
---- a/crypto/bio/bss_conn.c
-+++ b/crypto/bio/bss_conn.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -198,7 +150,7 @@ static int conn_state(BIO *b, BIO_CONNEC
- ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
- BIO_SOCK_KEEPALIVE | c->connect_mode);
- b->retry_reason = 0;
-- if (ret < 0) {
-+ if (ret == 0) {
- if (BIO_sock_should_retry(ret)) {
- BIO_set_retry_special(b);
- c->state = BIO_CONN_S_BLOCKED_CONNECT;
---- a/crypto/bio/bss_dgram.c
-+++ b/crypto/bio/bss_dgram.c
-@@ -1,59 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -94,12 +45,6 @@
- ((a)->s6_addr32[2] == htonl(0x0000ffff)))
- # endif
-
--# ifdef WATT32
--# define sock_write SockWrite /* Watt-32 uses same names */
--# define sock_read SockRead
--# define sock_puts SockPuts
--# endif
--
- static int dgram_write(BIO *h, const char *buf, int num);
- static int dgram_read(BIO *h, char *buf, int size);
- static int dgram_puts(BIO *h, const char *str);
---- a/crypto/bio/bss_fd.c
-+++ b/crypto/bio/bss_fd.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bio/bss_file.c
-+++ b/crypto/bio/bss_file.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*-
-@@ -109,61 +61,10 @@ static const BIO_METHOD methods_filep =
- NULL,
- };
-
--static FILE *file_fopen(const char *filename, const char *mode)
--{
-- FILE *file = NULL;
--
--# if defined(_WIN32) && defined(CP_UTF8)
-- int sz, len_0 = (int)strlen(filename) + 1;
-- DWORD flags;
--
-- /*
-- * Basically there are three cases to cover: a) filename is
-- * pure ASCII string; b) actual UTF-8 encoded string and
-- * c) locale-ized string, i.e. one containing 8-bit
-- * characters that are meaningful in current system locale.
-- * If filename is pure ASCII or real UTF-8 encoded string,
-- * MultiByteToWideChar succeeds and _wfopen works. If
-- * filename is locale-ized string, chances are that
-- * MultiByteToWideChar fails reporting
-- * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
-- * back to fopen...
-- */
-- if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
-- filename, len_0, NULL, 0)) > 0 ||
-- (GetLastError() == ERROR_INVALID_FLAGS &&
-- (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
-- filename, len_0, NULL, 0)) > 0)
-- ) {
-- WCHAR wmode[8];
-- WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
--
-- if (MultiByteToWideChar(CP_UTF8, flags,
-- filename, len_0, wfilename, sz) &&
-- MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
-- wmode, OSSL_NELEM(wmode)) &&
-- (file = _wfopen(wfilename, wmode)) == NULL &&
-- (errno == ENOENT || errno == EBADF)
-- ) {
-- /*
-- * UTF-8 decode succeeded, but no file, filename
-- * could still have been locale-ized...
-- */
-- file = fopen(filename, mode);
-- }
-- } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
-- file = fopen(filename, mode);
-- }
--# else
-- file = fopen(filename, mode);
--# endif
-- return (file);
--}
--
- BIO *BIO_new_file(const char *filename, const char *mode)
- {
- BIO *ret;
-- FILE *file = file_fopen(filename, mode);
-+ FILE *file = openssl_fopen(filename, mode);
- int fp_flags = BIO_CLOSE;
-
- if (strchr(mode, 'b') == NULL)
-@@ -381,7 +282,7 @@ static long file_ctrl(BIO *b, int cmd, l
- else
- strcat(p, "t");
- # endif
-- fp = file_fopen(ptr, p);
-+ fp = openssl_fopen(ptr, p);
- if (fp == NULL) {
- SYSerr(SYS_F_FOPEN, get_last_sys_error());
- ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
---- a/crypto/bio/bss_log.c
-+++ b/crypto/bio/bss_log.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/bio/bss_mem.c
-+++ b/crypto/bio/bss_mem.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -150,17 +102,22 @@ static int mem_init(BIO *bi, unsigned lo
- BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb));
-
- if (bb == NULL)
-- return(0);
-- if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL)
-- return(0);
-- if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL)
-- return(0);
-+ return 0;
-+ if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) {
-+ OPENSSL_free(bb);
-+ return 0;
-+ }
-+ if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) {
-+ BUF_MEM_free(bb->buf);
-+ OPENSSL_free(bb);
-+ return 0;
-+ }
- *bb->readp = *bb->buf;
- bi->shutdown = 1;
- bi->init = 1;
- bi->num = -1;
- bi->ptr = (char *)bb;
-- return(1);
-+ return 1;
- }
-
- static int mem_new(BIO *bi)
-@@ -187,12 +144,12 @@ static int mem_buf_free(BIO *a, int free
- BUF_MEM *b;
- BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
-
-- if(bb != NULL) {
-+ if (bb != NULL) {
- b = bb->buf;
- if (a->flags & BIO_FLAGS_MEM_RDONLY)
- b->data = NULL;
- BUF_MEM_free(b);
-- if(free_all) {
-+ if (free_all) {
- OPENSSL_free(bb->readp);
- OPENSSL_free(bb);
- }
-@@ -208,10 +165,10 @@ static int mem_buf_free(BIO *a, int free
- */
- static int mem_buf_sync(BIO *b)
- {
-- if((b != NULL) && (b->init) && (b->ptr != NULL)) {
-+ if (b != NULL && b->init != 0 && b->ptr != NULL) {
- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
-
-- if(bbm->readp->data != bbm->buf->data) {
-+ if (bbm->readp->data != bbm->buf->data) {
- memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length);
- bbm->buf->length = bbm->readp->length;
- bbm->readp->data = bbm->buf->data;
---- a/crypto/bio/bss_null.c
-+++ b/crypto/bio/bss_null.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bio/bss_sock.c
-+++ b/crypto/bio/bss_sock.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -66,7 +18,11 @@
- # include <openssl/bio.h>
-
- # ifdef WATT32
--# define sock_write SockWrite /* Watt-32 uses same names */
-+/* Watt-32 uses same names */
-+# undef sock_write
-+# undef sock_read
-+# undef sock_puts
-+# define sock_write SockWrite
- # define sock_read SockRead
- # define sock_puts SockPuts
- # endif
---- a/crypto/blake2/Makefile.in
-+++ /dev/null
-@@ -1,41 +0,0 @@
--DIR= blake2
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=blake2b.c blake2s.c m_blake2b.c m_blake2s.c
--LIBOBJ=blake2b.o blake2s.o m_blake2b.o m_blake2s.o
--
--SRC= $(LIBSRC)
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--update: depend
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/blake2/blake2_impl.h
-+++ b/crypto/blake2/blake2_impl.h
-@@ -1,16 +1,15 @@
- /*
-- * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
-+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
---- a/crypto/blake2/blake2_locl.h
-+++ b/crypto/blake2/blake2_locl.h
-@@ -1,16 +1,15 @@
- /*
-- * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
-+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
---- a/crypto/blake2/blake2b.c
-+++ b/crypto/blake2/blake2b.c
-@@ -1,16 +1,15 @@
- /*
-- * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
-+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-@@ -229,8 +228,8 @@ int BLAKE2b_Update(BLAKE2B_CTX *c, const
- if (datalen > BLAKE2B_BLOCKBYTES) {
- size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
- /*
-- * If |datalen| is a multiple of the blocksize, stash
-- * last complete block, it can be final one...
-+ * If |datalen| is a multiple of the blocksize, stash
-+ * last complete block, it can be final one...
- */
- stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
- datalen -= stashlen;
---- a/crypto/blake2/blake2s.c
-+++ b/crypto/blake2/blake2s.c
-@@ -1,16 +1,15 @@
- /*
-- * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
-+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-@@ -223,8 +222,8 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const
- if (datalen > BLAKE2S_BLOCKBYTES) {
- size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
- /*
-- * If |datalen| is a multiple of the blocksize, stash
-- * last complete block, it can be final one...
-+ * If |datalen| is a multiple of the blocksize, stash
-+ * last complete block, it can be final one...
- */
- stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
- datalen -= stashlen;
---- a/crypto/blake2/m_blake2b.c
-+++ b/crypto/blake2/m_blake2b.c
-@@ -1,16 +1,15 @@
- /*
-- * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
-+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-@@ -49,7 +48,7 @@ static const EVP_MD blake2b_md = {
- final,
- NULL,
- NULL,
-- 0,
-+ BLAKE2B_BLOCKBYTES,
- sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
- };
-
---- a/crypto/blake2/m_blake2s.c
-+++ b/crypto/blake2/m_blake2s.c
-@@ -1,16 +1,15 @@
- /*
-- * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>.
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
- * Derived from the BLAKE2 reference implementation written by Samuel Neves.
-+ * Copyright 2012, Samuel Neves <sneves at dei.uc.pt>
- * More information about the BLAKE2 hash function and its implementations
- * can be found at https://blake2.net.
- */
-@@ -49,7 +48,7 @@ static const EVP_MD blake2s_md = {
- final,
- NULL,
- NULL,
-- 0,
-+ BLAKE2S_BLOCKBYTES,
- sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
- };
-
---- a/crypto/bn/Makefile.in
-+++ /dev/null
-@@ -1,149 +0,0 @@
--#
--# OpenSSL/crypto/bn/Makefile
--#
--
--DIR= bn
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES= -I.. -I$(TOP) -I../include -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--BN_ASM= bn_asm.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
-- bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
-- bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
-- bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-- bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
--
--LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
-- bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
-- bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
-- bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-- bn_depr.o bn_const.o bn_x931p.o bn_intern.o bn_dh.o bn_srp.o
--
--SRC= $(LIBSRC)
--
--HEADER= bn_lcl.h bn_prime.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--bn_prime.h: bn_prime.pl
-- $(PERL) bn_prime.pl >bn_prime.h
--
--divtest: divtest.c ../../libcrypto.a
-- cc -I../../include divtest.c -o divtest ../../libcrypto.a
--
--bnbug: bnbug.c ../../libcrypto.a top
-- cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--bn-586.s: asm/bn-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--co-586.s: asm/co-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--x86-mont.s: asm/x86-mont.pl ../perlasm/x86asm.pl
-- $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--x86-gf2m.s: asm/x86-gf2m.pl ../perlasm/x86asm.pl
-- $(PERL) asm/x86-gf2m.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--sparcv8.o: asm/sparcv8.S
-- $(CC) $(CFLAGS) -c asm/sparcv8.S
--bn-sparcv9.o: asm/sparcv8plus.S
-- $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S
--sparcv9a-mont.S: asm/sparcv9a-mont.pl
-- $(PERL) asm/sparcv9a-mont.pl $(PERLASM_SCHEME) $@
--sparcv9-mont.S: asm/sparcv9-mont.pl
-- $(PERL) asm/sparcv9-mont.pl $(PERLASM_SCHEME) $@
--vis3-mont.S: asm/vis3-mont.pl
-- $(PERL) asm/vis3-mont.pl $(PERLASM_SCHEME) $@
--sparct4-mont.S: asm/sparct4-mont.pl
-- $(PERL) asm/sparct4-mont.pl $(PERLASM_SCHEME) $@
--sparcv9-gf2m.S: asm/sparcv9-gf2m.pl
-- $(PERL) asm/sparcv9-gf2m.pl $(PERLASM_SCHEME) $@
--
--bn-mips.s: asm/mips.pl
-- $(PERL) asm/mips.pl $(PERLASM_SCHEME) $@
--mips-mont.s: asm/mips-mont.pl
-- $(PERL) asm/mips-mont.pl $(PERLASM_SCHEME) $@
--
--bn-s390x.o: asm/s390x.S
-- $(CC) $(CFLAGS) -c -o $@ asm/s390x.S
--s390x-gf2m.s: asm/s390x-gf2m.pl
-- $(PERL) asm/s390x-gf2m.pl $(PERLASM_SCHEME) $@
--
--x86_64-gcc.o: asm/x86_64-gcc.c
-- $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
--x86_64-mont.s: asm/x86_64-mont.pl
-- $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) $@
--x86_64-mont5.s: asm/x86_64-mont5.pl
-- $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) $@
--x86_64-gf2m.s: asm/x86_64-gf2m.pl
-- $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) $@
--rsaz-x86_64.s: asm/rsaz-x86_64.pl
-- $(PERL) asm/rsaz-x86_64.pl $(PERLASM_SCHEME) $@
--rsaz-avx2.s: asm/rsaz-avx2.pl
-- $(PERL) asm/rsaz-avx2.pl $(PERLASM_SCHEME) $@
--
--bn-ia64.s: asm/ia64.S
-- $(CC) $(CFLAGS) -E asm/ia64.S > $@
--ia64-mont.s: asm/ia64-mont.pl
-- $(PERL) asm/ia64-mont.pl $(CFLAGS) $@
--
--parisc-mont.s: asm/parisc-mont.pl
-- $(PERL) asm/parisc-mont.pl $(PERLASM_SCHEME) $@
--
--# ppc - AIX, Linux, MacOS X...
--bn-ppc.s: asm/ppc.pl; $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
--ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
--ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
--
--alpha-mont.s: asm/alpha-mont.pl
-- (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \
-- $(PERL) asm/alpha-mont.pl $$preproc && \
-- $(CC) -E -P $$preproc > $@ && rm $$preproc)
--
--# GNU make "catch all"
--%-mont.S: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--%-gf2m.S: asm/%-gf2m.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--
--armv4-mont.o: armv4-mont.S
--armv4-gf2m.o: armv4-gf2m.S
--armv8-mont.o: armv8-mont.S
--
--div:
-- rm -f a.out
-- gcc -I.. -g div.c ../../libcrypto.a
--
--generate: bn_prime.h
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# Different flavours of make disagree on where output goes
--.c.o:
-- $(CC) $(CFLAGS) -c $< -o $@
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- /dev/null
-+++ b/crypto/bn/README.pod
-@@ -0,0 +1,247 @@
-+=pod
-+
-+=head1 NAME
-+
-+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
-+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
-+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
-+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
-+bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
-+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
-+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
-+library internal functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/bn.h>
-+
-+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
-+ BN_ULONG w);
-+ void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
-+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
-+ int num);
-+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
-+ int num);
-+
-+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
-+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
-+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
-+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
-+
-+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
-+
-+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
-+ int nb);
-+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
-+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-+ int dna, int dnb, BN_ULONG *tmp);
-+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
-+ int n, int tna, int tnb, BN_ULONG *tmp);
-+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
-+ int n2, BN_ULONG *tmp);
-+ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
-+ int n2, BN_ULONG *tmp);
-+
-+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
-+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
-+
-+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
-+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
-+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
-+
-+ BIGNUM *bn_expand(BIGNUM *a, int bits);
-+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
-+ BIGNUM *bn_expand2(BIGNUM *a, int n);
-+ void bn_fix_top(BIGNUM *a);
-+
-+ void bn_check_top(BIGNUM *a);
-+ void bn_print(BIGNUM *a);
-+ void bn_dump(BN_ULONG *d, int n);
-+ void bn_set_max(BIGNUM *a);
-+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
-+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
-+
-+=head1 DESCRIPTION
-+
-+This page documents the internal functions used by the OpenSSL
-+B<BIGNUM> implementation. They are described here to facilitate
-+debugging and extending the library. They are I<not> to be used by
-+applications.
-+
-+=head2 The BIGNUM structure
-+
-+ typedef struct bignum_st BIGNUM;
-+
-+ struct bignum_st
-+ {
-+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
-+ int top; /* Index of last used d +1. */
-+ /* The next are internal book keeping for bn_expand. */
-+ int dmax; /* Size of the d array. */
-+ int neg; /* one if the number is negative */
-+ int flags;
-+ };
-+
-+
-+The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
-+least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
-+in size, depending on the 'number of bits' (B<BITS2>) specified in
-+C<openssl/bn.h>.
-+
-+B<dmax> is the size of the B<d> array that has been allocated. B<top>
-+is the number of words being used, so for a value of 4, bn.d[0]=4 and
-+bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
-+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
-+
-+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
-+flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
-+BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
-+structure B<b>.
-+
-+Various routines in this library require the use of temporary
-+B<BIGNUM> variables during their execution. Since dynamic memory
-+allocation to create B<BIGNUM>s is rather expensive when used in
-+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
-+used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
-+L<BN_CTX_start(3)>.
-+
-+=head2 Low-level arithmetic operations
-+
-+These functions are implemented in C and for several platforms in
-+assembly language:
-+
-+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
-+arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
-+in B<rp>, and returns the high word (carry).
-+
-+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
-+word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
-+the result in B<rp>, and returns the high word (carry).
-+
-+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
-+B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
-+word-wise, and places the low and high bytes of the result in B<rp>.
-+
-+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
-+by B<d> and returns the result.
-+
-+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
-+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
-+result in B<rp>, and returns the high word (carry).
-+
-+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
-+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
-+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
-+otherwise).
-+
-+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
-+B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
-+result in B<r>.
-+
-+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
-+B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
-+result in B<r>.
-+
-+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
-+B<b> and the 8 word array B<r>.
-+
-+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
-+B<b> and the 16 word array B<r>.
-+
-+The following functions are implemented in C:
-+
-+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
-+and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
-+less than B<b>.
-+
-+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
-+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
-+array B<r>. It computes B<a>*B<b> and places the result in B<r>.
-+
-+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
-+arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
-+B<a>*B<b> and places the result in B<r>.
-+
-+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
-+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
-+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
-+word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
-+B<a>*B<b> and places the result in B<r>.
-+
-+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
-+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
-+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
-+
-+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
-+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
-+and B<b>.
-+
-+bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
-+B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
-+array B<tmp>.
-+
-+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
-+factors have the same size: bn_mul_comba8() is used if they are 8
-+words long, bn_mul_recursive() if they are larger than
-+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
-+size, and bn_mul_part_recursive() for others that are larger than
-+B<BN_MULL_SIZE_NORMAL>.
-+
-+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
-+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
-+
-+The implementations use the following macros which, depending on the
-+architecture, may use "long long" C operations or inline assembler.
-+They are defined in C<bn_lcl.h>.
-+
-+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
-+low word of the result in B<r> and the high word in B<c>.
-+
-+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
-+places the low word of the result in B<r> and the high word in B<c>.
-+
-+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
-+of the result in B<r0> and the high word in B<r1>.
-+
-+=head2 Size changes
-+
-+bn_expand() ensures that B<b> has enough space for a B<bits> bit
-+number. bn_wexpand() ensures that B<b> has enough space for an
-+B<n> word number. If the number has to be expanded, both macros
-+call bn_expand2(), which allocates a new B<d> array and copies the
-+data. They return B<NULL> on error, B<b> otherwise.
-+
-+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
-+significant non-zero word plus one when B<a> has shrunk.
-+
-+=head2 Debugging
-+
-+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
-+E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort.
-+
-+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
-+(in reverse order, i.e. most significant word first) to stderr.
-+
-+bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
-+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
-+B<BIGNUM> that contains the B<n> low or high words of B<a>.
-+
-+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
-+and bn_set_max() are defined as empty macros.
-+
-+=head1 SEE ALSO
-+
-+L<bn(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/crypto/bn/asm/alpha-mont.pl
-+++ b/crypto/bn/asm/alpha-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/armv4-gf2m.pl
-+++ b/crypto/bn/asm/armv4-gf2m.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/armv4-mont.pl
-+++ b/crypto/bn/asm/armv4-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/armv8-mont.pl
-+++ b/crypto/bn/asm/armv8-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/bn-586.pl
-+++ b/crypto/bn/asm/bn-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
---- a/crypto/bn/asm/bn-c64xplus.asm
-+++ b/crypto/bn/asm/bn-c64xplus.asm
-@@ -1,3 +1,10 @@
-+;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+;;
-+;; Licensed under the OpenSSL license (the "License"). You may not use
-+;; this file except in compliance with the License. You can obtain a copy
-+;; in the file LICENSE in the source distribution or at
-+;; https://www.openssl.org/source/license.html
-+;;
- ;;====================================================================
- ;; Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
- ;; project.
---- a/crypto/bn/asm/c64xplus-gf2m.pl
-+++ b/crypto/bn/asm/c64xplus-gf2m.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/co-586.pl
-+++ b/crypto/bn/asm/co-586.pl
-@@ -1,4 +1,10 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
---- a/crypto/bn/asm/ia64-mont.pl
-+++ b/crypto/bn/asm/ia64-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/ia64.S
-+++ b/crypto/bn/asm/ia64.S
-@@ -3,6 +3,13 @@
- .ident "ia64.S, Version 2.1"
- .ident "IA-64 ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
-
-+// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+//
-+// Licensed under the OpenSSL license (the "License"). You may not use
-+// this file except in compliance with the License. You can obtain a copy
-+// in the file LICENSE in the source distribution or at
-+// https://www.openssl.org/source/license.html
-+
- //
- // ====================================================================
- // Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/mips-mont.pl
-+++ b/crypto/bn/asm/mips-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/mips.pl
-+++ b/crypto/bn/asm/mips.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/pa-risc2.s
-+++ b/crypto/bn/asm/pa-risc2.s
-@@ -1,3 +1,9 @@
-+; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+;
-+; Licensed under the OpenSSL license (the "License"). You may not use
-+; this file except in compliance with the License. You can obtain a copy
-+; in the file LICENSE in the source distribution or at
-+; https://www.openssl.org/source/license.html
- ;
- ; PA-RISC 2.0 implementation of bn_asm code, based on the
- ; 64-bit version of the code. This code is effectively the
---- a/crypto/bn/asm/pa-risc2W.s
-+++ b/crypto/bn/asm/pa-risc2W.s
-@@ -1,3 +1,10 @@
-+; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+;
-+; Licensed under the OpenSSL license (the "License"). You may not use
-+; this file except in compliance with the License. You can obtain a copy
-+; in the file LICENSE in the source distribution or at
-+; https://www.openssl.org/source/license.html
-+
- ;
- ; PA-RISC 64-bit implementation of bn_asm code
- ;
---- a/crypto/bn/asm/parisc-mont.pl
-+++ b/crypto/bn/asm/parisc-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/ppc-mont.pl
-+++ b/crypto/bn/asm/ppc-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/ppc.pl
-+++ b/crypto/bn/asm/ppc.pl
-@@ -1,5 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # Implemented as a Perl wrapper as we want to support several different
- # architectures with single file. We pick up the target based on the
- # file name we are asked to generate.
---- a/crypto/bn/asm/ppc64-mont.pl
-+++ b/crypto/bn/asm/ppc64-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/rsaz-avx2.pl
-+++ b/crypto/bn/asm/rsaz-avx2.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ##############################################################################
- # #
-@@ -103,7 +110,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^cl
- $addx = ($ver>=3.03);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT = *OUT;
-
- if ($avx>1) {{{
---- a/crypto/bn/asm/rsaz-x86_64.pl
-+++ b/crypto/bn/asm/rsaz-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ##############################################################################
- # #
-@@ -95,7 +102,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
---- a/crypto/bn/asm/s390x-gf2m.pl
-+++ b/crypto/bn/asm/s390x-gf2m.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/s390x-mont.pl
-+++ b/crypto/bn/asm/s390x-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/s390x.S
-+++ b/crypto/bn/asm/s390x.S
-@@ -1,11 +1,11 @@
- .ident "s390x.S, version 1.1"
- // ====================================================================
--// Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
--// project.
-+// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- //
--// Rights for redistribution and usage in source and binary forms are
--// granted according to the OpenSSL license. Warranty of any kind is
--// disclaimed.
-+// Licensed under the OpenSSL license (the "License"). You may not use
-+// this file except in compliance with the License. You can obtain a copy
-+// in the file LICENSE in the source distribution or at
-+// https://www.openssl.org/source/license.html
- // ====================================================================
-
- .text
---- a/crypto/bn/asm/sparct4-mont.pl
-+++ b/crypto/bn/asm/sparct4-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
---- a/crypto/bn/asm/sparcv8.S
-+++ b/crypto/bn/asm/sparcv8.S
-@@ -3,12 +3,12 @@
-
- /*
- * ====================================================================
-- * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-- * project.
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Rights for redistribution and usage in source and binary forms are
-- * granted according to the OpenSSL license. Warranty of any kind is
-- * disclaimed.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- * ====================================================================
- */
-
---- a/crypto/bn/asm/sparcv8plus.S
-+++ b/crypto/bn/asm/sparcv8plus.S
-@@ -3,12 +3,12 @@
-
- /*
- * ====================================================================
-- * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-- * project.
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Rights for redistribution and usage in source and binary forms are
-- * granted according to the OpenSSL license. Warranty of any kind is
-- * disclaimed.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- * ====================================================================
- */
-
---- a/crypto/bn/asm/sparcv9-gf2m.pl
-+++ b/crypto/bn/asm/sparcv9-gf2m.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/sparcv9-mont.pl
-+++ b/crypto/bn/asm/sparcv9-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/sparcv9a-mont.pl
-+++ b/crypto/bn/asm/sparcv9a-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/via-mont.pl
-+++ b/crypto/bn/asm/via-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/vis3-mont.pl
-+++ b/crypto/bn/asm/vis3-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/vms.mar
-+++ /dev/null
-@@ -1,6440 +0,0 @@
-- .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64
--;
--; w.j.m. 15-jan-1999
--;
--; it's magic ...
--;
--; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
--; ULONG c = 0;
--; int i;
--; for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
--; return c;
--; }
--
--r=4 ;(AP)
--a=8 ;(AP)
--n=12 ;(AP) n by value (input)
--w=16 ;(AP) w by value (input)
--
--
-- .psect code,nowrt
--
--.entry bn_mul_add_words,^m<r2,r3,r4,r5,r6>
--
-- moval @r(ap),r2
-- moval @a(ap),r3
-- movl n(ap),r4 ; assumed >0 by C code
-- movl w(ap),r5
-- clrl r6 ; c
--
--0$:
-- emul r5,(r3),(r2),r0 ; w, a[], r[] considered signed
--
-- ; fixup for "negative" r[]
-- tstl (r2)
-- bgeq 10$
-- incl r1
--10$:
--
-- ; add in c
-- addl2 r6,r0
-- adwc #0,r1
--
-- ; combined fixup for "negative" w, a[]
-- tstl r5
-- bgeq 20$
-- addl2 (r3),r1
--20$:
-- tstl (r3)
-- bgeq 30$
-- addl2 r5,r1
--30$:
--
-- movl r0,(r2)+ ; store lo result in r[] & advance
-- addl #4,r3 ; advance a[]
-- movl r1,r6 ; store hi result => c
--
-- sobgtr r4,0$
--
-- movl r6,r0 ; return c
-- ret
--
-- .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64
--;
--; w.j.m. 15-jan-1999
--;
--; it's magic ...
--;
--; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
--; ULONG c = 0;
--; int i;
--; for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
--; return(c);
--; }
--
--r=4 ;(AP)
--a=8 ;(AP)
--n=12 ;(AP) n by value (input)
--w=16 ;(AP) w by value (input)
--
--
-- .psect code,nowrt
--
--.entry bn_mul_words,^m<r2,r3,r4,r5,r6>
--
-- moval @r(ap),r2 ; r2 -> r[]
-- moval @a(ap),r3 ; r3 -> a[]
-- movl n(ap),r4 ; r4 = loop count (assumed >0 by C code)
-- movl w(ap),r5 ; r5 = w
-- clrl r6 ; r6 = c
--
--0$:
-- ; <r1,r0> := w * a[] + c
-- emul r5,(r3),r6,r0 ; w, a[], c considered signed
--
-- ; fixup for "negative" c
-- tstl r6 ; c
-- bgeq 10$
-- incl r1
--10$:
--
-- ; combined fixup for "negative" w, a[]
-- tstl r5 ; w
-- bgeq 20$
-- addl2 (r3),r1 ; a[]
--20$:
-- tstl (r3) ; a[]
-- bgeq 30$
-- addl2 r5,r1 ; w
--30$:
--
-- movl r0,(r2)+ ; store lo result in r[] & advance
-- addl #4,r3 ; advance a[]
-- movl r1,r6 ; store hi result => c
--
-- sobgtr r4,0$
--
-- movl r6,r0 ; return c
-- ret
--
-- .title vax_bn_sqr_words unsigned square, 32*32=>64
--;
--; w.j.m. 15-jan-1999
--;
--; it's magic ...
--;
--; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
--; int i;
--; for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
--; }
--
--r=4 ;(AP)
--a=8 ;(AP)
--n=12 ;(AP) n by value (input)
--
--
-- .psect code,nowrt
--
--.entry bn_sqr_words,^m<r2,r3,r4,r5>
--
-- moval @r(ap),r2 ; r2 -> r[]
-- moval @a(ap),r3 ; r3 -> a[]
-- movl n(ap),r4 ; r4 = n (assumed >0 by C code)
--
--0$:
-- movl (r3)+,r5 ; r5 = a[] & advance
--
-- ; <r1,r0> := a[] * a[]
-- emul r5,r5,#0,r0 ; a[] considered signed
--
-- ; fixup for "negative" a[]
-- tstl r5 ; a[]
-- bgeq 30$
-- addl2 r5,r1 ; a[]
-- addl2 r5,r1 ; a[]
--30$:
--
-- movl r0,(r2)+ ; store lo result in r[] & advance
-- movl r1,(r2)+ ; store hi result in r[] & advance
--
-- sobgtr r4,0$
--
-- movl #1,r0 ; return SS$_NORMAL
-- ret
--
-- .title vax_bn_div_words unsigned divide
--;
--; Richard Levitte 20-Nov-2000
--;
--; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
--; {
--; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
--; }
--;
--; Using EDIV would be very easy, if it didn't do signed calculations.
--; Any time any of the input numbers are signed, there are problems,
--; usually with integer overflow, at which point it returns useless
--; data (the quotient gets the value of l, and the remainder becomes 0).
--;
--; If it was just for the dividend, it would be very easy, just divide
--; it by 2 (unsigned), do the division, multiply the resulting quotient
--; and remainder by 2, add the bit that was dropped when dividing by 2
--; to the remainder, and do some adjustment so the remainder doesn't
--; end up larger than the divisor. For some cases when the divisor is
--; negative (from EDIV's point of view, i.e. when the highest bit is set),
--; dividing the dividend by 2 isn't enough, and since some operations
--; might generate integer overflows even when the dividend is divided by
--; 4 (when the high part of the shifted down dividend ends up being exactly
--; half of the divisor, the result is the quotient 0x80000000, which is
--; negative...) it needs to be divided by 8. Furthermore, the divisor needs
--; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
--; In this case, a little extra fiddling with the remainder is required.
--;
--; So, the simplest way to handle this is always to divide the dividend
--; by 8, and to divide the divisor by 2 if it's highest bit is set.
--; After EDIV has been used, the quotient gets multiplied by 8 if the
--; original divisor was positive, otherwise 4. The remainder, oddly
--; enough, is *always* multiplied by 8.
--; NOTE: in the case mentioned above, where the high part of the shifted
--; down dividend ends up being exactly half the shifted down divisor, we
--; end up with a 33 bit quotient. That's no problem however, it usually
--; means we have ended up with a too large remainder as well, and the
--; problem is fixed by the last part of the algorithm (next paragraph).
--;
--; The routine ends with comparing the resulting remainder with the
--; original divisor and if the remainder is larger, subtract the
--; original divisor from it, and increase the quotient by 1. This is
--; done until the remainder is smaller than the divisor.
--;
--; The complete algorithm looks like this:
--;
--; d' = d
--; l' = l & 7
--; [h,l] = [h,l] >> 3
--; [q,r] = floor([h,l] / d) # This is the EDIV operation
--; if (q < 0) q = -q # I doubt this is necessary any more
--;
--; r' = r >> 29
--; if (d' >= 0)
--; q' = q >> 29
--; q = q << 3
--; else
--; q' = q >> 30
--; q = q << 2
--; r = (r << 3) + l'
--;
--; if (d' < 0)
--; {
--; [r',r] = [r',r] - q
--; while ([r',r] < 0)
--; {
--; [r',r] = [r',r] + d
--; [q',q] = [q',q] - 1
--; }
--; }
--;
--; while ([r',r] >= d')
--; {
--; [r',r] = [r',r] - d'
--; [q',q] = [q',q] + 1
--; }
--;
--; return q
--
--h=4 ;(AP) h by value (input)
--l=8 ;(AP) l by value (input)
--d=12 ;(AP) d by value (input)
--
--;r2 = l, q
--;r3 = h, r
--;r4 = d
--;r5 = l'
--;r6 = r'
--;r7 = d'
--;r8 = q'
--
-- .psect code,nowrt
--
--.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>
-- movl l(ap),r2
-- movl h(ap),r3
-- movl d(ap),r4
--
-- bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7
-- bicl3 #^X00000007,r2,r2
--
-- bicl3 #^XFFFFFFF8,r3,r6
-- bicl3 #^X00000007,r3,r3
--
-- addl r6,r2
--
-- rotl #-3,r2,r2 ; l = l >> 3
-- rotl #-3,r3,r3 ; h = h >> 3
--
-- movl r4,r7 ; d' = d
--
-- movl #0,r6 ; r' = 0
-- movl #0,r8 ; q' = 0
--
-- tstl r4
-- beql 666$ ; Uh-oh, the divisor is 0...
-- bgtr 1$
-- rotl #-1,r4,r4 ; If d is negative, shift it right.
-- bicl2 #^X80000000,r4 ; Since d is then a large number, the
-- ; lowest bit is insignificant
-- ; (contradict that, and I'll fix the problem!)
--1$:
-- ediv r4,r2,r2,r3 ; Do the actual division
--
-- tstl r2
-- bgeq 3$
-- mnegl r2,r2 ; if q < 0, negate it
--3$:
-- tstl r7
-- blss 4$
-- rotl #3,r2,r2 ; q = q << 3
-- bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q
-- bicl3 #^X00000007,r2,r2
-- bsb 41$
--4$: ; else
-- rotl #2,r2,r2 ; q = q << 2
-- bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q
-- bicl3 #^X00000003,r2,r2
--41$:
-- rotl #3,r3,r3 ; r = r << 3
-- bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r
-- bicl3 #^X00000007,r3,r3
-- addl r5,r3 ; r = r + l'
--
-- tstl r7
-- bgeq 5$
-- bitl #1,r7
-- beql 5$ ; if d' < 0 && d' & 1
-- subl r2,r3 ; [r',r] = [r',r] - [q',q]
-- sbwc r8,r6
--45$:
-- bgeq 5$ ; while r < 0
-- decl r2 ; [q',q] = [q',q] - 1
-- sbwc #0,r8
-- addl r7,r3 ; [r',r] = [r',r] + d'
-- adwc #0,r6
-- brb 45$
--
--; The return points are placed in the middle to keep a short distance from
--; all the branch points
--42$:
--; movl r3,r1
-- movl r2,r0
-- ret
--666$:
-- movl #^XFFFFFFFF,r0
-- ret
--
--5$:
-- tstl r6
-- bneq 6$
-- cmpl r3,r7
-- blssu 42$ ; while [r',r] >= d'
--6$:
-- subl r7,r3 ; [r',r] = [r',r] - d'
-- sbwc #0,r6
-- incl r2 ; [q',q] = [q',q] + 1
-- adwc #0,r8
-- brb 5$
--
-- .title vax_bn_add_words unsigned add of two arrays
--;
--; Richard Levitte 20-Nov-2000
--;
--; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
--; ULONG c = 0;
--; int i;
--; for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
--; return(c);
--; }
--
--r=4 ;(AP) r by reference (output)
--a=8 ;(AP) a by reference (input)
--b=12 ;(AP) b by reference (input)
--n=16 ;(AP) n by value (input)
--
--
-- .psect code,nowrt
--
--.entry bn_add_words,^m<r2,r3,r4,r5,r6>
--
-- moval @r(ap),r2
-- moval @a(ap),r3
-- moval @b(ap),r4
-- movl n(ap),r5 ; assumed >0 by C code
-- clrl r0 ; c
--
-- tstl r5 ; carry = 0
-- bleq 666$
--
--0$:
-- movl (r3)+,r6 ; carry untouched
-- adwc (r4)+,r6 ; carry used and touched
-- movl r6,(r2)+ ; carry untouched
-- sobgtr r5,0$ ; carry untouched
--
-- adwc #0,r0
--666$:
-- ret
--
-- .title vax_bn_sub_words unsigned add of two arrays
--;
--; Richard Levitte 20-Nov-2000
--;
--; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
--; ULONG c = 0;
--; int i;
--; for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
--; return(c);
--; }
--
--r=4 ;(AP) r by reference (output)
--a=8 ;(AP) a by reference (input)
--b=12 ;(AP) b by reference (input)
--n=16 ;(AP) n by value (input)
--
--
-- .psect code,nowrt
--
--.entry bn_sub_words,^m<r2,r3,r4,r5,r6>
--
-- moval @r(ap),r2
-- moval @a(ap),r3
-- moval @b(ap),r4
-- movl n(ap),r5 ; assumed >0 by C code
-- clrl r0 ; c
--
-- tstl r5 ; carry = 0
-- bleq 666$
--
--0$:
-- movl (r3)+,r6 ; carry untouched
-- sbwc (r4)+,r6 ; carry used and touched
-- movl r6,(r2)+ ; carry untouched
-- sobgtr r5,0$ ; carry untouched
--
-- adwc #0,r0
--666$:
-- ret
--
--
--;r=4 ;(AP)
--;a=8 ;(AP)
--;b=12 ;(AP)
--;n=16 ;(AP) n by value (input)
--
-- .psect code,nowrt
--
--.entry BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
-- movab -924(sp),sp
-- clrq r8
--
-- clrl r10
--
-- movl 8(ap),r6
-- movzwl 2(r6),r3
-- movl 12(ap),r7
-- bicl3 #-65536,(r7),r2
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-12(fp)
-- bicl3 #-65536,r3,-16(fp)
-- mull3 r0,-12(fp),-4(fp)
-- mull2 r2,-12(fp)
-- mull3 r2,-16(fp),-8(fp)
-- mull2 r0,-16(fp)
-- addl3 -4(fp),-8(fp),r0
-- bicl3 #0,r0,-4(fp)
-- cmpl -4(fp),-8(fp)
-- bgequ noname.45
-- addl2 #65536,-16(fp)
--noname.45:
-- movzwl -2(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-16(fp)
-- bicl3 #-65536,-4(fp),r0
-- ashl #16,r0,-8(fp)
-- addl3 -8(fp),-12(fp),r0
-- bicl3 #0,r0,-12(fp)
-- cmpl -12(fp),-8(fp)
-- bgequ noname.46
-- incl -16(fp)
--noname.46:
-- movl -12(fp),r1
-- movl -16(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.47
-- incl r2
--noname.47:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.48
-- incl r10
--noname.48:
--
-- movl 4(ap),r11
-- movl r9,(r11)
--
-- clrl r9
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-28(fp)
-- bicl3 #-65536,r2,-32(fp)
-- mull3 r0,-28(fp),-20(fp)
-- mull2 r3,-28(fp)
-- mull3 r3,-32(fp),-24(fp)
-- mull2 r0,-32(fp)
-- addl3 -20(fp),-24(fp),r0
-- bicl3 #0,r0,-20(fp)
-- cmpl -20(fp),-24(fp)
-- bgequ noname.49
-- addl2 #65536,-32(fp)
--noname.49:
-- movzwl -18(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-32(fp)
-- bicl3 #-65536,-20(fp),r0
-- ashl #16,r0,-24(fp)
-- addl3 -24(fp),-28(fp),r0
-- bicl3 #0,r0,-28(fp)
-- cmpl -28(fp),-24(fp)
-- bgequ noname.50
-- incl -32(fp)
--noname.50:
-- movl -28(fp),r1
-- movl -32(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.51
-- incl r2
--noname.51:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.52
-- incl r9
--noname.52:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-44(fp)
-- bicl3 #-65536,r2,-48(fp)
-- mull3 r0,-44(fp),-36(fp)
-- mull2 r3,-44(fp)
-- mull3 r3,-48(fp),-40(fp)
-- mull2 r0,-48(fp)
-- addl3 -36(fp),-40(fp),r0
-- bicl3 #0,r0,-36(fp)
-- cmpl -36(fp),-40(fp)
-- bgequ noname.53
-- addl2 #65536,-48(fp)
--noname.53:
-- movzwl -34(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-48(fp)
-- bicl3 #-65536,-36(fp),r0
-- ashl #16,r0,-40(fp)
-- addl3 -40(fp),-44(fp),r0
-- bicl3 #0,r0,-44(fp)
-- cmpl -44(fp),-40(fp)
-- bgequ noname.54
-- incl -48(fp)
--noname.54:
-- movl -44(fp),r1
-- movl -48(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.55
-- incl r2
--noname.55:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.56
-- incl r9
--noname.56:
--
-- movl r8,4(r11)
--
-- clrl r8
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-60(fp)
-- bicl3 #-65536,r2,-64(fp)
-- mull3 r0,-60(fp),-52(fp)
-- mull2 r3,-60(fp)
-- mull3 r3,-64(fp),-56(fp)
-- mull2 r0,-64(fp)
-- addl3 -52(fp),-56(fp),r0
-- bicl3 #0,r0,-52(fp)
-- cmpl -52(fp),-56(fp)
-- bgequ noname.57
-- addl2 #65536,-64(fp)
--noname.57:
-- movzwl -50(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-64(fp)
-- bicl3 #-65536,-52(fp),r0
-- ashl #16,r0,-56(fp)
-- addl3 -56(fp),-60(fp),r0
-- bicl3 #0,r0,-60(fp)
-- cmpl -60(fp),-56(fp)
-- bgequ noname.58
-- incl -64(fp)
--noname.58:
-- movl -60(fp),r1
-- movl -64(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.59
-- incl r2
--noname.59:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.60
-- incl r8
--noname.60:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-76(fp)
-- bicl3 #-65536,r2,-80(fp)
-- mull3 r0,-76(fp),-68(fp)
-- mull2 r3,-76(fp)
-- mull3 r3,-80(fp),-72(fp)
-- mull2 r0,-80(fp)
-- addl3 -68(fp),-72(fp),r0
-- bicl3 #0,r0,-68(fp)
-- cmpl -68(fp),-72(fp)
-- bgequ noname.61
-- addl2 #65536,-80(fp)
--noname.61:
-- movzwl -66(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-80(fp)
-- bicl3 #-65536,-68(fp),r0
-- ashl #16,r0,-72(fp)
-- addl3 -72(fp),-76(fp),r0
-- bicl3 #0,r0,-76(fp)
-- cmpl -76(fp),-72(fp)
-- bgequ noname.62
-- incl -80(fp)
--noname.62:
-- movl -76(fp),r1
-- movl -80(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.63
-- incl r2
--noname.63:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.64
-- incl r8
--noname.64:
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-92(fp)
-- bicl3 #-65536,r2,-96(fp)
-- mull3 r0,-92(fp),-84(fp)
-- mull2 r3,-92(fp)
-- mull3 r3,-96(fp),-88(fp)
-- mull2 r0,-96(fp)
-- addl3 -84(fp),-88(fp),r0
-- bicl3 #0,r0,-84(fp)
-- cmpl -84(fp),-88(fp)
-- bgequ noname.65
-- addl2 #65536,-96(fp)
--noname.65:
-- movzwl -82(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-96(fp)
-- bicl3 #-65536,-84(fp),r0
-- ashl #16,r0,-88(fp)
-- addl3 -88(fp),-92(fp),r0
-- bicl3 #0,r0,-92(fp)
-- cmpl -92(fp),-88(fp)
-- bgequ noname.66
-- incl -96(fp)
--noname.66:
-- movl -92(fp),r1
-- movl -96(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.67
-- incl r2
--noname.67:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.68
-- incl r8
--noname.68:
--
-- movl r10,8(r11)
--
-- clrl r10
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-108(fp)
-- bicl3 #-65536,r2,-112(fp)
-- mull3 r0,-108(fp),-100(fp)
-- mull2 r3,-108(fp)
-- mull3 r3,-112(fp),-104(fp)
-- mull2 r0,-112(fp)
-- addl3 -100(fp),-104(fp),r0
-- bicl3 #0,r0,-100(fp)
-- cmpl -100(fp),-104(fp)
-- bgequ noname.69
-- addl2 #65536,-112(fp)
--noname.69:
-- movzwl -98(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-112(fp)
-- bicl3 #-65536,-100(fp),r0
-- ashl #16,r0,-104(fp)
-- addl3 -104(fp),-108(fp),r0
-- bicl3 #0,r0,-108(fp)
-- cmpl -108(fp),-104(fp)
-- bgequ noname.70
-- incl -112(fp)
--noname.70:
-- movl -108(fp),r1
-- movl -112(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.71
-- incl r2
--noname.71:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.72
-- incl r10
--noname.72:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-124(fp)
-- bicl3 #-65536,r2,-128(fp)
-- mull3 r0,-124(fp),-116(fp)
-- mull2 r3,-124(fp)
-- mull3 r3,-128(fp),-120(fp)
-- mull2 r0,-128(fp)
-- addl3 -116(fp),-120(fp),r0
-- bicl3 #0,r0,-116(fp)
-- cmpl -116(fp),-120(fp)
-- bgequ noname.73
-- addl2 #65536,-128(fp)
--noname.73:
-- movzwl -114(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-128(fp)
-- bicl3 #-65536,-116(fp),r0
-- ashl #16,r0,-120(fp)
-- addl3 -120(fp),-124(fp),r0
-- bicl3 #0,r0,-124(fp)
-- cmpl -124(fp),-120(fp)
-- bgequ noname.74
-- incl -128(fp)
--noname.74:
-- movl -124(fp),r1
-- movl -128(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.75
-- incl r2
--noname.75:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.76
-- incl r10
--noname.76:
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-140(fp)
-- bicl3 #-65536,r2,-144(fp)
-- mull3 r0,-140(fp),-132(fp)
-- mull2 r3,-140(fp)
-- mull3 r3,-144(fp),-136(fp)
-- mull2 r0,-144(fp)
-- addl3 -132(fp),-136(fp),r0
-- bicl3 #0,r0,-132(fp)
-- cmpl -132(fp),-136(fp)
-- bgequ noname.77
-- addl2 #65536,-144(fp)
--noname.77:
-- movzwl -130(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-144(fp)
-- bicl3 #-65536,-132(fp),r0
-- ashl #16,r0,-136(fp)
-- addl3 -136(fp),-140(fp),r0
-- bicl3 #0,r0,-140(fp)
-- cmpl -140(fp),-136(fp)
-- bgequ noname.78
-- incl -144(fp)
--noname.78:
-- movl -140(fp),r1
-- movl -144(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.79
-- incl r2
--noname.79:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.80
-- incl r10
--noname.80:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-156(fp)
-- bicl3 #-65536,r2,-160(fp)
-- mull3 r0,-156(fp),-148(fp)
-- mull2 r3,-156(fp)
-- mull3 r3,-160(fp),-152(fp)
-- mull2 r0,-160(fp)
-- addl3 -148(fp),-152(fp),r0
-- bicl3 #0,r0,-148(fp)
-- cmpl -148(fp),-152(fp)
-- bgequ noname.81
-- addl2 #65536,-160(fp)
--noname.81:
-- movzwl -146(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-160(fp)
-- bicl3 #-65536,-148(fp),r0
-- ashl #16,r0,-152(fp)
-- addl3 -152(fp),-156(fp),r0
-- bicl3 #0,r0,-156(fp)
-- cmpl -156(fp),-152(fp)
-- bgequ noname.82
-- incl -160(fp)
--noname.82:
-- movl -156(fp),r1
-- movl -160(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.83
-- incl r2
--noname.83:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.84
-- incl r10
--noname.84:
--
-- movl r9,12(r11)
--
-- clrl r9
--
-- movzwl 18(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r6),-172(fp)
-- bicl3 #-65536,r2,-176(fp)
-- mull3 r0,-172(fp),-164(fp)
-- mull2 r3,-172(fp)
-- mull3 r3,-176(fp),-168(fp)
-- mull2 r0,-176(fp)
-- addl3 -164(fp),-168(fp),r0
-- bicl3 #0,r0,-164(fp)
-- cmpl -164(fp),-168(fp)
-- bgequ noname.85
-- addl2 #65536,-176(fp)
--noname.85:
-- movzwl -162(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-176(fp)
-- bicl3 #-65536,-164(fp),r0
-- ashl #16,r0,-168(fp)
-- addl3 -168(fp),-172(fp),r0
-- bicl3 #0,r0,-172(fp)
-- cmpl -172(fp),-168(fp)
-- bgequ noname.86
-- incl -176(fp)
--noname.86:
-- movl -172(fp),r1
-- movl -176(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.87
-- incl r2
--noname.87:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.88
-- incl r9
--noname.88:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-188(fp)
-- bicl3 #-65536,r2,-192(fp)
-- mull3 r0,-188(fp),-180(fp)
-- mull2 r3,-188(fp)
-- mull3 r3,-192(fp),-184(fp)
-- mull2 r0,-192(fp)
-- addl3 -180(fp),-184(fp),r0
-- bicl3 #0,r0,-180(fp)
-- cmpl -180(fp),-184(fp)
-- bgequ noname.89
-- addl2 #65536,-192(fp)
--noname.89:
-- movzwl -178(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-192(fp)
-- bicl3 #-65536,-180(fp),r0
-- ashl #16,r0,-184(fp)
-- addl3 -184(fp),-188(fp),r0
-- bicl3 #0,r0,-188(fp)
-- cmpl -188(fp),-184(fp)
-- bgequ noname.90
-- incl -192(fp)
--noname.90:
-- movl -188(fp),r1
-- movl -192(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.91
-- incl r2
--noname.91:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.92
-- incl r9
--noname.92:
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-204(fp)
-- bicl3 #-65536,r2,-208(fp)
-- mull3 r0,-204(fp),-196(fp)
-- mull2 r3,-204(fp)
-- mull3 r3,-208(fp),-200(fp)
-- mull2 r0,-208(fp)
-- addl3 -196(fp),-200(fp),r0
-- bicl3 #0,r0,-196(fp)
-- cmpl -196(fp),-200(fp)
-- bgequ noname.93
-- addl2 #65536,-208(fp)
--noname.93:
-- movzwl -194(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-208(fp)
-- bicl3 #-65536,-196(fp),r0
-- ashl #16,r0,-200(fp)
-- addl3 -200(fp),-204(fp),r0
-- bicl3 #0,r0,-204(fp)
-- cmpl -204(fp),-200(fp)
-- bgequ noname.94
-- incl -208(fp)
--noname.94:
-- movl -204(fp),r1
-- movl -208(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.95
-- incl r2
--noname.95:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.96
-- incl r9
--noname.96:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-220(fp)
-- bicl3 #-65536,r2,-224(fp)
-- mull3 r0,-220(fp),-212(fp)
-- mull2 r3,-220(fp)
-- mull3 r3,-224(fp),-216(fp)
-- mull2 r0,-224(fp)
-- addl3 -212(fp),-216(fp),r0
-- bicl3 #0,r0,-212(fp)
-- cmpl -212(fp),-216(fp)
-- bgequ noname.97
-- addl2 #65536,-224(fp)
--noname.97:
-- movzwl -210(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-224(fp)
-- bicl3 #-65536,-212(fp),r0
-- ashl #16,r0,-216(fp)
-- addl3 -216(fp),-220(fp),r0
-- bicl3 #0,r0,-220(fp)
-- cmpl -220(fp),-216(fp)
-- bgequ noname.98
-- incl -224(fp)
--noname.98:
-- movl -220(fp),r1
-- movl -224(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.99
-- incl r2
--noname.99:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.100
-- incl r9
--noname.100:
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,16(r7),r3
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-236(fp)
-- bicl3 #-65536,r2,-240(fp)
-- mull3 r0,-236(fp),-228(fp)
-- mull2 r3,-236(fp)
-- mull3 r3,-240(fp),-232(fp)
-- mull2 r0,-240(fp)
-- addl3 -228(fp),-232(fp),r0
-- bicl3 #0,r0,-228(fp)
-- cmpl -228(fp),-232(fp)
-- bgequ noname.101
-- addl2 #65536,-240(fp)
--noname.101:
-- movzwl -226(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-240(fp)
-- bicl3 #-65536,-228(fp),r0
-- ashl #16,r0,-232(fp)
-- addl3 -232(fp),-236(fp),r0
-- bicl3 #0,r0,-236(fp)
-- cmpl -236(fp),-232(fp)
-- bgequ noname.102
-- incl -240(fp)
--noname.102:
-- movl -236(fp),r1
-- movl -240(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.103
-- incl r2
--noname.103:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.104
-- incl r9
--noname.104:
--
-- movl r8,16(r11)
--
-- clrl r8
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,20(r7),r3
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-252(fp)
-- bicl3 #-65536,r2,-256(fp)
-- mull3 r0,-252(fp),-244(fp)
-- mull2 r3,-252(fp)
-- mull3 r3,-256(fp),-248(fp)
-- mull2 r0,-256(fp)
-- addl3 -244(fp),-248(fp),r0
-- bicl3 #0,r0,-244(fp)
-- cmpl -244(fp),-248(fp)
-- bgequ noname.105
-- addl2 #65536,-256(fp)
--noname.105:
-- movzwl -242(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-256(fp)
-- bicl3 #-65536,-244(fp),r0
-- ashl #16,r0,-248(fp)
-- addl3 -248(fp),-252(fp),r0
-- bicl3 #0,r0,-252(fp)
-- cmpl -252(fp),-248(fp)
-- bgequ noname.106
-- incl -256(fp)
--noname.106:
-- movl -252(fp),r1
-- movl -256(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.107
-- incl r2
--noname.107:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.108
-- incl r8
--noname.108:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,16(r7),r3
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-268(fp)
-- bicl3 #-65536,r2,-272(fp)
-- mull3 r0,-268(fp),-260(fp)
-- mull2 r3,-268(fp)
-- mull3 r3,-272(fp),-264(fp)
-- mull2 r0,-272(fp)
-- addl3 -260(fp),-264(fp),r0
-- bicl3 #0,r0,-260(fp)
-- cmpl -260(fp),-264(fp)
-- bgequ noname.109
-- addl2 #65536,-272(fp)
--noname.109:
-- movzwl -258(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-272(fp)
-- bicl3 #-65536,-260(fp),r0
-- ashl #16,r0,-264(fp)
-- addl3 -264(fp),-268(fp),r0
-- bicl3 #0,r0,-268(fp)
-- cmpl -268(fp),-264(fp)
-- bgequ noname.110
-- incl -272(fp)
--noname.110:
-- movl -268(fp),r1
-- movl -272(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.111
-- incl r2
--noname.111:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.112
-- incl r8
--noname.112:
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-284(fp)
-- bicl3 #-65536,r2,-288(fp)
-- mull3 r0,-284(fp),-276(fp)
-- mull2 r3,-284(fp)
-- mull3 r3,-288(fp),-280(fp)
-- mull2 r0,-288(fp)
-- addl3 -276(fp),-280(fp),r0
-- bicl3 #0,r0,-276(fp)
-- cmpl -276(fp),-280(fp)
-- bgequ noname.113
-- addl2 #65536,-288(fp)
--noname.113:
-- movzwl -274(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-288(fp)
-- bicl3 #-65536,-276(fp),r0
-- ashl #16,r0,-280(fp)
-- addl3 -280(fp),-284(fp),r0
-- bicl3 #0,r0,-284(fp)
-- cmpl -284(fp),-280(fp)
-- bgequ noname.114
-- incl -288(fp)
--noname.114:
-- movl -284(fp),r1
-- movl -288(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.115
-- incl r2
--noname.115:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.116
-- incl r8
--noname.116:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-300(fp)
-- bicl3 #-65536,r2,-304(fp)
-- mull3 r0,-300(fp),-292(fp)
-- mull2 r3,-300(fp)
-- mull3 r3,-304(fp),-296(fp)
-- mull2 r0,-304(fp)
-- addl3 -292(fp),-296(fp),r0
-- bicl3 #0,r0,-292(fp)
-- cmpl -292(fp),-296(fp)
-- bgequ noname.117
-- addl2 #65536,-304(fp)
--noname.117:
-- movzwl -290(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-304(fp)
-- bicl3 #-65536,-292(fp),r0
-- ashl #16,r0,-296(fp)
-- addl3 -296(fp),-300(fp),r0
-- bicl3 #0,r0,-300(fp)
-- cmpl -300(fp),-296(fp)
-- bgequ noname.118
-- incl -304(fp)
--noname.118:
-- movl -300(fp),r1
-- movl -304(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.119
-- incl r2
--noname.119:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.120
-- incl r8
--noname.120:
--
-- movzwl 18(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r6),-316(fp)
-- bicl3 #-65536,r2,-320(fp)
-- mull3 r0,-316(fp),-308(fp)
-- mull2 r3,-316(fp)
-- mull3 r3,-320(fp),-312(fp)
-- mull2 r0,-320(fp)
-- addl3 -308(fp),-312(fp),r0
-- bicl3 #0,r0,-308(fp)
-- cmpl -308(fp),-312(fp)
-- bgequ noname.121
-- addl2 #65536,-320(fp)
--noname.121:
-- movzwl -306(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-320(fp)
-- bicl3 #-65536,-308(fp),r0
-- ashl #16,r0,-312(fp)
-- addl3 -312(fp),-316(fp),r0
-- bicl3 #0,r0,-316(fp)
-- cmpl -316(fp),-312(fp)
-- bgequ noname.122
-- incl -320(fp)
--noname.122:
-- movl -316(fp),r1
-- movl -320(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.123
-- incl r2
--
--noname.123:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.124
-- incl r8
--noname.124:
--
-- movzwl 22(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,20(r6),-332(fp)
-- bicl3 #-65536,r2,-336(fp)
-- mull3 r0,-332(fp),-324(fp)
-- mull2 r3,-332(fp)
-- mull3 r3,-336(fp),-328(fp)
-- mull2 r0,-336(fp)
-- addl3 -324(fp),-328(fp),r0
-- bicl3 #0,r0,-324(fp)
-- cmpl -324(fp),-328(fp)
-- bgequ noname.125
-- addl2 #65536,-336(fp)
--noname.125:
-- movzwl -322(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-336(fp)
-- bicl3 #-65536,-324(fp),r0
-- ashl #16,r0,-328(fp)
-- addl3 -328(fp),-332(fp),r0
-- bicl3 #0,r0,-332(fp)
-- cmpl -332(fp),-328(fp)
-- bgequ noname.126
-- incl -336(fp)
--noname.126:
-- movl -332(fp),r1
-- movl -336(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.127
-- incl r2
--noname.127:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.128
-- incl r8
--noname.128:
--
-- movl r10,20(r11)
--
-- clrl r10
--
-- movzwl 26(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,24(r6),-348(fp)
-- bicl3 #-65536,r2,-352(fp)
-- mull3 r0,-348(fp),-340(fp)
-- mull2 r3,-348(fp)
-- mull3 r3,-352(fp),-344(fp)
-- mull2 r0,-352(fp)
-- addl3 -340(fp),-344(fp),r0
-- bicl3 #0,r0,-340(fp)
-- cmpl -340(fp),-344(fp)
-- bgequ noname.129
-- addl2 #65536,-352(fp)
--noname.129:
-- movzwl -338(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-352(fp)
-- bicl3 #-65536,-340(fp),r0
-- ashl #16,r0,-344(fp)
-- addl3 -344(fp),-348(fp),r0
-- bicl3 #0,r0,-348(fp)
-- cmpl -348(fp),-344(fp)
-- bgequ noname.130
-- incl -352(fp)
--noname.130:
-- movl -348(fp),r1
-- movl -352(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.131
-- incl r2
--noname.131:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.132
-- incl r10
--noname.132:
--
-- movzwl 22(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,20(r6),-364(fp)
-- bicl3 #-65536,r2,-368(fp)
-- mull3 r0,-364(fp),-356(fp)
-- mull2 r3,-364(fp)
-- mull3 r3,-368(fp),-360(fp)
-- mull2 r0,-368(fp)
-- addl3 -356(fp),-360(fp),r0
-- bicl3 #0,r0,-356(fp)
-- cmpl -356(fp),-360(fp)
-- bgequ noname.133
-- addl2 #65536,-368(fp)
--noname.133:
-- movzwl -354(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-368(fp)
-- bicl3 #-65536,-356(fp),r0
-- ashl #16,r0,-360(fp)
-- addl3 -360(fp),-364(fp),r0
-- bicl3 #0,r0,-364(fp)
-- cmpl -364(fp),-360(fp)
-- bgequ noname.134
-- incl -368(fp)
--noname.134:
-- movl -364(fp),r1
-- movl -368(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.135
-- incl r2
--noname.135:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.136
-- incl r10
--noname.136:
--
-- movzwl 18(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r6),-380(fp)
-- bicl3 #-65536,r2,-384(fp)
-- mull3 r0,-380(fp),-372(fp)
-- mull2 r3,-380(fp)
-- mull3 r3,-384(fp),-376(fp)
-- mull2 r0,-384(fp)
-- addl3 -372(fp),-376(fp),r0
-- bicl3 #0,r0,-372(fp)
-- cmpl -372(fp),-376(fp)
-- bgequ noname.137
-- addl2 #65536,-384(fp)
--noname.137:
-- movzwl -370(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-384(fp)
-- bicl3 #-65536,-372(fp),r0
-- ashl #16,r0,-376(fp)
-- addl3 -376(fp),-380(fp),r0
-- bicl3 #0,r0,-380(fp)
-- cmpl -380(fp),-376(fp)
-- bgequ noname.138
-- incl -384(fp)
--noname.138:
-- movl -380(fp),r1
-- movl -384(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.139
-- incl r2
--noname.139:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.140
-- incl r10
--noname.140:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-396(fp)
-- bicl3 #-65536,r2,-400(fp)
-- mull3 r0,-396(fp),-388(fp)
-- mull2 r3,-396(fp)
-- mull3 r3,-400(fp),-392(fp)
-- mull2 r0,-400(fp)
-- addl3 -388(fp),-392(fp),r0
-- bicl3 #0,r0,-388(fp)
-- cmpl -388(fp),-392(fp)
-- bgequ noname.141
-- addl2 #65536,-400(fp)
--noname.141:
-- movzwl -386(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-400(fp)
-- bicl3 #-65536,-388(fp),r0
-- ashl #16,r0,-392(fp)
-- addl3 -392(fp),-396(fp),r0
-- bicl3 #0,r0,-396(fp)
-- cmpl -396(fp),-392(fp)
-- bgequ noname.142
-- incl -400(fp)
--noname.142:
-- movl -396(fp),r1
-- movl -400(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.143
-- incl r2
--noname.143:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.144
-- incl r10
--noname.144:
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,16(r7),r3
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-412(fp)
-- bicl3 #-65536,r2,-416(fp)
-- mull3 r0,-412(fp),-404(fp)
-- mull2 r3,-412(fp)
-- mull3 r3,-416(fp),-408(fp)
-- mull2 r0,-416(fp)
-- addl3 -404(fp),-408(fp),r0
-- bicl3 #0,r0,-404(fp)
-- cmpl -404(fp),-408(fp)
-- bgequ noname.145
-- addl2 #65536,-416(fp)
--noname.145:
-- movzwl -402(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-416(fp)
-- bicl3 #-65536,-404(fp),r0
-- ashl #16,r0,-408(fp)
-- addl3 -408(fp),-412(fp),r0
-- bicl3 #0,r0,-412(fp)
-- cmpl -412(fp),-408(fp)
-- bgequ noname.146
-- incl -416(fp)
--noname.146:
-- movl -412(fp),r1
-- movl -416(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.147
-- incl r2
--noname.147:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.148
-- incl r10
--noname.148:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,20(r7),r3
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-428(fp)
-- bicl3 #-65536,r2,-432(fp)
-- mull3 r0,-428(fp),-420(fp)
-- mull2 r3,-428(fp)
-- mull3 r3,-432(fp),-424(fp)
-- mull2 r0,-432(fp)
-- addl3 -420(fp),-424(fp),r0
-- bicl3 #0,r0,-420(fp)
-- cmpl -420(fp),-424(fp)
-- bgequ noname.149
-- addl2 #65536,-432(fp)
--noname.149:
-- movzwl -418(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-432(fp)
-- bicl3 #-65536,-420(fp),r0
-- ashl #16,r0,-424(fp)
-- addl3 -424(fp),-428(fp),r0
-- bicl3 #0,r0,-428(fp)
-- cmpl -428(fp),-424(fp)
-- bgequ noname.150
-- incl -432(fp)
--noname.150:
-- movl -428(fp),r1
-- movl -432(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.151
-- incl r2
--noname.151:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.152
-- incl r10
--noname.152:
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,24(r7),r3
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-444(fp)
-- bicl3 #-65536,r2,-448(fp)
-- mull3 r0,-444(fp),-436(fp)
-- mull2 r3,-444(fp)
-- mull3 r3,-448(fp),-440(fp)
-- mull2 r0,-448(fp)
-- addl3 -436(fp),-440(fp),r0
-- bicl3 #0,r0,-436(fp)
-- cmpl -436(fp),-440(fp)
-- bgequ noname.153
-- addl2 #65536,-448(fp)
--noname.153:
-- movzwl -434(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-448(fp)
-- bicl3 #-65536,-436(fp),r0
-- ashl #16,r0,-440(fp)
-- addl3 -440(fp),-444(fp),r0
-- bicl3 #0,r0,-444(fp)
-- cmpl -444(fp),-440(fp)
-- bgequ noname.154
-- incl -448(fp)
--noname.154:
-- movl -444(fp),r1
-- movl -448(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.155
-- incl r2
--noname.155:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.156
-- incl r10
--noname.156:
--
-- movl r9,24(r11)
--
-- clrl r9
--
-- movzwl 2(r6),r2
-- bicl3 #-65536,28(r7),r3
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,(r6),-460(fp)
-- bicl3 #-65536,r2,-464(fp)
-- mull3 r0,-460(fp),-452(fp)
-- mull2 r3,-460(fp)
-- mull3 r3,-464(fp),-456(fp)
-- mull2 r0,-464(fp)
-- addl3 -452(fp),-456(fp),r0
-- bicl3 #0,r0,-452(fp)
-- cmpl -452(fp),-456(fp)
-- bgequ noname.157
-- addl2 #65536,-464(fp)
--noname.157:
-- movzwl -450(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-464(fp)
-- bicl3 #-65536,-452(fp),r0
-- ashl #16,r0,-456(fp)
-- addl3 -456(fp),-460(fp),r0
-- bicl3 #0,r0,-460(fp)
-- cmpl -460(fp),-456(fp)
-- bgequ noname.158
-- incl -464(fp)
--noname.158:
-- movl -460(fp),r1
-- movl -464(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.159
-- incl r2
--noname.159:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.160
-- incl r9
--noname.160:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,24(r7),r3
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-476(fp)
-- bicl3 #-65536,r2,-480(fp)
-- mull3 r0,-476(fp),-468(fp)
-- mull2 r3,-476(fp)
-- mull3 r3,-480(fp),-472(fp)
-- mull2 r0,-480(fp)
-- addl3 -468(fp),-472(fp),r0
-- bicl3 #0,r0,-468(fp)
-- cmpl -468(fp),-472(fp)
-- bgequ noname.161
-- addl2 #65536,-480(fp)
--noname.161:
-- movzwl -466(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-480(fp)
-- bicl3 #-65536,-468(fp),r0
-- ashl #16,r0,-472(fp)
-- addl3 -472(fp),-476(fp),r0
-- bicl3 #0,r0,-476(fp)
-- cmpl -476(fp),-472(fp)
-- bgequ noname.162
-- incl -480(fp)
--noname.162:
-- movl -476(fp),r1
-- movl -480(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.163
-- incl r2
--noname.163:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.164
-- incl r9
--noname.164:
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,20(r7),r3
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-492(fp)
-- bicl3 #-65536,r2,-496(fp)
-- mull3 r0,-492(fp),-484(fp)
-- mull2 r3,-492(fp)
-- mull3 r3,-496(fp),-488(fp)
-- mull2 r0,-496(fp)
-- addl3 -484(fp),-488(fp),r0
-- bicl3 #0,r0,-484(fp)
-- cmpl -484(fp),-488(fp)
-- bgequ noname.165
-- addl2 #65536,-496(fp)
--noname.165:
-- movzwl -482(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-496(fp)
-- bicl3 #-65536,-484(fp),r0
-- ashl #16,r0,-488(fp)
-- addl3 -488(fp),-492(fp),r0
-- bicl3 #0,r0,-492(fp)
-- cmpl -492(fp),-488(fp)
-- bgequ noname.166
-- incl -496(fp)
--noname.166:
-- movl -492(fp),r1
-- movl -496(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.167
-- incl r2
--noname.167:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.168
-- incl r9
--noname.168:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,16(r7),r3
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-508(fp)
-- bicl3 #-65536,r2,-512(fp)
-- mull3 r0,-508(fp),-500(fp)
-- mull2 r3,-508(fp)
-- mull3 r3,-512(fp),-504(fp)
-- mull2 r0,-512(fp)
-- addl3 -500(fp),-504(fp),r0
-- bicl3 #0,r0,-500(fp)
-- cmpl -500(fp),-504(fp)
-- bgequ noname.169
-- addl2 #65536,-512(fp)
--noname.169:
-- movzwl -498(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-512(fp)
-- bicl3 #-65536,-500(fp),r0
-- ashl #16,r0,-504(fp)
-- addl3 -504(fp),-508(fp),r0
-- bicl3 #0,r0,-508(fp)
-- cmpl -508(fp),-504(fp)
-- bgequ noname.170
-- incl -512(fp)
--noname.170:
-- movl -508(fp),r1
-- movl -512(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.171
-- incl r2
--noname.171:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.172
-- incl r9
--noname.172:
--
-- movzwl 18(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r6),-524(fp)
-- bicl3 #-65536,r2,-528(fp)
-- mull3 r0,-524(fp),-516(fp)
-- mull2 r3,-524(fp)
-- mull3 r3,-528(fp),-520(fp)
-- mull2 r0,-528(fp)
-- addl3 -516(fp),-520(fp),r0
-- bicl3 #0,r0,-516(fp)
-- cmpl -516(fp),-520(fp)
-- bgequ noname.173
-- addl2 #65536,-528(fp)
--noname.173:
-- movzwl -514(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-528(fp)
-- bicl3 #-65536,-516(fp),r0
-- ashl #16,r0,-520(fp)
-- addl3 -520(fp),-524(fp),r0
-- bicl3 #0,r0,-524(fp)
-- cmpl -524(fp),-520(fp)
-- bgequ noname.174
-- incl -528(fp)
--noname.174:
-- movl -524(fp),r1
-- movl -528(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.175
-- incl r2
--noname.175:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.176
-- incl r9
--noname.176:
--
-- movzwl 22(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,20(r6),-540(fp)
-- bicl3 #-65536,r2,-544(fp)
-- mull3 r0,-540(fp),-532(fp)
-- mull2 r3,-540(fp)
-- mull3 r3,-544(fp),-536(fp)
-- mull2 r0,-544(fp)
-- addl3 -532(fp),-536(fp),r0
-- bicl3 #0,r0,-532(fp)
-- cmpl -532(fp),-536(fp)
-- bgequ noname.177
-- addl2 #65536,-544(fp)
--noname.177:
-- movzwl -530(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-544(fp)
-- bicl3 #-65536,-532(fp),r0
-- ashl #16,r0,-536(fp)
-- addl3 -536(fp),-540(fp),r0
-- bicl3 #0,r0,-540(fp)
-- cmpl -540(fp),-536(fp)
-- bgequ noname.178
-- incl -544(fp)
--noname.178:
-- movl -540(fp),r1
-- movl -544(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.179
-- incl r2
--noname.179:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.180
-- incl r9
--noname.180:
--
-- movzwl 26(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,24(r6),-556(fp)
-- bicl3 #-65536,r2,-560(fp)
-- mull3 r0,-556(fp),-548(fp)
-- mull2 r3,-556(fp)
-- mull3 r3,-560(fp),-552(fp)
-- mull2 r0,-560(fp)
-- addl3 -548(fp),-552(fp),r0
-- bicl3 #0,r0,-548(fp)
-- cmpl -548(fp),-552(fp)
-- bgequ noname.181
-- addl2 #65536,-560(fp)
--noname.181:
-- movzwl -546(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-560(fp)
-- bicl3 #-65536,-548(fp),r0
-- ashl #16,r0,-552(fp)
-- addl3 -552(fp),-556(fp),r0
-- bicl3 #0,r0,-556(fp)
-- cmpl -556(fp),-552(fp)
-- bgequ noname.182
-- incl -560(fp)
--noname.182:
-- movl -556(fp),r1
-- movl -560(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.183
-- incl r2
--noname.183:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.184
-- incl r9
--noname.184:
--
-- movzwl 30(r6),r2
-- bicl3 #-65536,(r7),r3
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,28(r6),-572(fp)
-- bicl3 #-65536,r2,-576(fp)
-- mull3 r0,-572(fp),-564(fp)
-- mull2 r3,-572(fp)
-- mull3 r3,-576(fp),-568(fp)
-- mull2 r0,-576(fp)
-- addl3 -564(fp),-568(fp),r0
-- bicl3 #0,r0,-564(fp)
-- cmpl -564(fp),-568(fp)
-- bgequ noname.185
-- addl2 #65536,-576(fp)
--noname.185:
-- movzwl -562(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-576(fp)
-- bicl3 #-65536,-564(fp),r0
-- ashl #16,r0,-568(fp)
-- addl3 -568(fp),-572(fp),r0
-- bicl3 #0,r0,-572(fp)
-- cmpl -572(fp),-568(fp)
-- bgequ noname.186
-- incl -576(fp)
--noname.186:
-- movl -572(fp),r1
-- movl -576(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.187
-- incl r2
--noname.187:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.188
-- incl r9
--noname.188:
--
-- movl r8,28(r11)
--
-- clrl r8
--
-- movzwl 30(r6),r2
-- bicl3 #-65536,4(r7),r3
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,28(r6),-588(fp)
-- bicl3 #-65536,r2,-592(fp)
-- mull3 r0,-588(fp),-580(fp)
-- mull2 r3,-588(fp)
-- mull3 r3,-592(fp),-584(fp)
-- mull2 r0,-592(fp)
-- addl3 -580(fp),-584(fp),r0
-- bicl3 #0,r0,-580(fp)
-- cmpl -580(fp),-584(fp)
-- bgequ noname.189
-- addl2 #65536,-592(fp)
--noname.189:
-- movzwl -578(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-592(fp)
-- bicl3 #-65536,-580(fp),r0
-- ashl #16,r0,-584(fp)
-- addl3 -584(fp),-588(fp),r0
-- bicl3 #0,r0,-588(fp)
-- cmpl -588(fp),-584(fp)
-- bgequ noname.190
-- incl -592(fp)
--noname.190:
-- movl -588(fp),r1
-- movl -592(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.191
-- incl r2
--noname.191:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.192
-- incl r8
--noname.192:
--
-- movzwl 26(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,24(r6),-604(fp)
-- bicl3 #-65536,r2,-608(fp)
-- mull3 r0,-604(fp),-596(fp)
-- mull2 r3,-604(fp)
-- mull3 r3,-608(fp),-600(fp)
-- mull2 r0,-608(fp)
-- addl3 -596(fp),-600(fp),r0
-- bicl3 #0,r0,-596(fp)
-- cmpl -596(fp),-600(fp)
-- bgequ noname.193
-- addl2 #65536,-608(fp)
--noname.193:
-- movzwl -594(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-608(fp)
-- bicl3 #-65536,-596(fp),r0
-- ashl #16,r0,-600(fp)
-- addl3 -600(fp),-604(fp),r0
-- bicl3 #0,r0,-604(fp)
-- cmpl -604(fp),-600(fp)
-- bgequ noname.194
-- incl -608(fp)
--noname.194:
-- movl -604(fp),r1
-- movl -608(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.195
-- incl r2
--noname.195:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.196
-- incl r8
--noname.196:
--
-- movzwl 22(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,20(r6),-620(fp)
-- bicl3 #-65536,r2,-624(fp)
-- mull3 r0,-620(fp),-612(fp)
-- mull2 r3,-620(fp)
-- mull3 r3,-624(fp),-616(fp)
-- mull2 r0,-624(fp)
-- addl3 -612(fp),-616(fp),r0
-- bicl3 #0,r0,-612(fp)
-- cmpl -612(fp),-616(fp)
-- bgequ noname.197
-- addl2 #65536,-624(fp)
--noname.197:
-- movzwl -610(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-624(fp)
-- bicl3 #-65536,-612(fp),r0
-- ashl #16,r0,-616(fp)
-- addl3 -616(fp),-620(fp),r0
-- bicl3 #0,r0,-620(fp)
-- cmpl -620(fp),-616(fp)
-- bgequ noname.198
-- incl -624(fp)
--noname.198:
-- movl -620(fp),r1
-- movl -624(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.199
-- incl r2
--noname.199:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.200
-- incl r8
--noname.200:
--
-- movzwl 18(r6),r2
-- bicl3 #-65536,16(r7),r3
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r6),-636(fp)
-- bicl3 #-65536,r2,-640(fp)
-- mull3 r0,-636(fp),-628(fp)
-- mull2 r3,-636(fp)
-- mull3 r3,-640(fp),-632(fp)
-- mull2 r0,-640(fp)
-- addl3 -628(fp),-632(fp),r0
-- bicl3 #0,r0,-628(fp)
-- cmpl -628(fp),-632(fp)
-- bgequ noname.201
-- addl2 #65536,-640(fp)
--noname.201:
-- movzwl -626(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-640(fp)
-- bicl3 #-65536,-628(fp),r0
-- ashl #16,r0,-632(fp)
-- addl3 -632(fp),-636(fp),r0
-- bicl3 #0,r0,-636(fp)
-- cmpl -636(fp),-632(fp)
-- bgequ noname.202
-- incl -640(fp)
--noname.202:
-- movl -636(fp),r1
-- movl -640(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.203
-- incl r2
--noname.203:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.204
-- incl r8
--noname.204:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,20(r7),r3
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-652(fp)
-- bicl3 #-65536,r2,-656(fp)
-- mull3 r0,-652(fp),-644(fp)
-- mull2 r3,-652(fp)
-- mull3 r3,-656(fp),-648(fp)
-- mull2 r0,-656(fp)
-- addl3 -644(fp),-648(fp),r0
-- bicl3 #0,r0,-644(fp)
-- cmpl -644(fp),-648(fp)
-- bgequ noname.205
-- addl2 #65536,-656(fp)
--noname.205:
-- movzwl -642(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-656(fp)
-- bicl3 #-65536,-644(fp),r0
-- ashl #16,r0,-648(fp)
-- addl3 -648(fp),-652(fp),r0
-- bicl3 #0,r0,-652(fp)
-- cmpl -652(fp),-648(fp)
-- bgequ noname.206
-- incl -656(fp)
--noname.206:
-- movl -652(fp),r1
-- movl -656(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.207
-- incl r2
--noname.207:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.208
-- incl r8
--noname.208:
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,24(r7),r3
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-668(fp)
-- bicl3 #-65536,r2,-672(fp)
-- mull3 r0,-668(fp),-660(fp)
-- mull2 r3,-668(fp)
-- mull3 r3,-672(fp),-664(fp)
-- mull2 r0,-672(fp)
-- addl3 -660(fp),-664(fp),r0
-- bicl3 #0,r0,-660(fp)
-- cmpl -660(fp),-664(fp)
-- bgequ noname.209
-- addl2 #65536,-672(fp)
--noname.209:
-- movzwl -658(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-672(fp)
-- bicl3 #-65536,-660(fp),r0
-- ashl #16,r0,-664(fp)
-- addl3 -664(fp),-668(fp),r0
-- bicl3 #0,r0,-668(fp)
-- cmpl -668(fp),-664(fp)
-- bgequ noname.210
-- incl -672(fp)
--noname.210:
-- movl -668(fp),r1
-- movl -672(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.211
-- incl r2
--noname.211:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.212
-- incl r8
--noname.212:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,28(r7),r3
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-684(fp)
-- bicl3 #-65536,r2,-688(fp)
-- mull3 r0,-684(fp),-676(fp)
-- mull2 r3,-684(fp)
-- mull3 r3,-688(fp),-680(fp)
-- mull2 r0,-688(fp)
-- addl3 -676(fp),-680(fp),r0
-- bicl3 #0,r0,-676(fp)
-- cmpl -676(fp),-680(fp)
-- bgequ noname.213
-- addl2 #65536,-688(fp)
--noname.213:
-- movzwl -674(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-688(fp)
-- bicl3 #-65536,-676(fp),r0
-- ashl #16,r0,-680(fp)
-- addl3 -680(fp),-684(fp),r0
-- bicl3 #0,r0,-684(fp)
-- cmpl -684(fp),-680(fp)
-- bgequ noname.214
-- incl -688(fp)
--noname.214:
-- movl -684(fp),r1
-- movl -688(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.215
-- incl r2
--noname.215:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.216
-- incl r8
--noname.216:
--
-- movl r10,32(r11)
--
-- clrl r10
--
-- movzwl 10(r6),r2
-- bicl3 #-65536,28(r7),r3
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r6),-700(fp)
-- bicl3 #-65536,r2,-704(fp)
-- mull3 r0,-700(fp),-692(fp)
-- mull2 r3,-700(fp)
-- mull3 r3,-704(fp),-696(fp)
-- mull2 r0,-704(fp)
-- addl3 -692(fp),-696(fp),r0
-- bicl3 #0,r0,-692(fp)
-- cmpl -692(fp),-696(fp)
-- bgequ noname.217
-- addl2 #65536,-704(fp)
--noname.217:
-- movzwl -690(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-704(fp)
-- bicl3 #-65536,-692(fp),r0
-- ashl #16,r0,-696(fp)
-- addl3 -696(fp),-700(fp),r0
-- bicl3 #0,r0,-700(fp)
-- cmpl -700(fp),-696(fp)
-- bgequ noname.218
-- incl -704(fp)
--noname.218:
-- movl -700(fp),r1
-- movl -704(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.219
-- incl r2
--noname.219:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.220
-- incl r10
--noname.220:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,24(r7),r3
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-716(fp)
-- bicl3 #-65536,r2,-720(fp)
-- mull3 r0,-716(fp),-708(fp)
-- mull2 r3,-716(fp)
-- mull3 r3,-720(fp),-712(fp)
-- mull2 r0,-720(fp)
-- addl3 -708(fp),-712(fp),r0
-- bicl3 #0,r0,-708(fp)
-- cmpl -708(fp),-712(fp)
-- bgequ noname.221
-- addl2 #65536,-720(fp)
--noname.221:
-- movzwl -706(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-720(fp)
-- bicl3 #-65536,-708(fp),r0
-- ashl #16,r0,-712(fp)
-- addl3 -712(fp),-716(fp),r0
-- bicl3 #0,r0,-716(fp)
-- cmpl -716(fp),-712(fp)
-- bgequ noname.222
-- incl -720(fp)
--noname.222:
-- movl -716(fp),r1
-- movl -720(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.223
-- incl r2
--noname.223:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.224
-- incl r10
--noname.224:
--
-- movzwl 18(r6),r2
-- bicl3 #-65536,20(r7),r3
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r6),-732(fp)
-- bicl3 #-65536,r2,-736(fp)
-- mull3 r0,-732(fp),-724(fp)
-- mull2 r3,-732(fp)
-- mull3 r3,-736(fp),-728(fp)
-- mull2 r0,-736(fp)
-- addl3 -724(fp),-728(fp),r0
-- bicl3 #0,r0,-724(fp)
-- cmpl -724(fp),-728(fp)
-- bgequ noname.225
-- addl2 #65536,-736(fp)
--noname.225:
-- movzwl -722(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-736(fp)
-- bicl3 #-65536,-724(fp),r0
-- ashl #16,r0,-728(fp)
-- addl3 -728(fp),-732(fp),r0
-- bicl3 #0,r0,-732(fp)
-- cmpl -732(fp),-728(fp)
-- bgequ noname.226
-- incl -736(fp)
--noname.226:
-- movl -732(fp),r1
-- movl -736(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.227
-- incl r2
--noname.227:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.228
-- incl r10
--noname.228:
--
-- movzwl 22(r6),r2
-- bicl3 #-65536,16(r7),r3
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,20(r6),-748(fp)
-- bicl3 #-65536,r2,-752(fp)
-- mull3 r0,-748(fp),-740(fp)
-- mull2 r3,-748(fp)
-- mull3 r3,-752(fp),-744(fp)
-- mull2 r0,-752(fp)
-- addl3 -740(fp),-744(fp),r0
-- bicl3 #0,r0,-740(fp)
-- cmpl -740(fp),-744(fp)
-- bgequ noname.229
-- addl2 #65536,-752(fp)
--noname.229:
-- movzwl -738(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-752(fp)
-- bicl3 #-65536,-740(fp),r0
-- ashl #16,r0,-744(fp)
-- addl3 -744(fp),-748(fp),r0
-- bicl3 #0,r0,-748(fp)
-- cmpl -748(fp),-744(fp)
-- bgequ noname.230
-- incl -752(fp)
--noname.230:
-- movl -748(fp),r1
-- movl -752(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.231
-- incl r2
--noname.231:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.232
-- incl r10
--noname.232:
--
-- movzwl 26(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,24(r6),-764(fp)
-- bicl3 #-65536,r2,-768(fp)
-- mull3 r0,-764(fp),-756(fp)
-- mull2 r3,-764(fp)
-- mull3 r3,-768(fp),-760(fp)
-- mull2 r0,-768(fp)
-- addl3 -756(fp),-760(fp),r0
-- bicl3 #0,r0,-756(fp)
-- cmpl -756(fp),-760(fp)
-- bgequ noname.233
-- addl2 #65536,-768(fp)
--noname.233:
-- movzwl -754(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-768(fp)
-- bicl3 #-65536,-756(fp),r0
-- ashl #16,r0,-760(fp)
-- addl3 -760(fp),-764(fp),r0
-- bicl3 #0,r0,-764(fp)
-- cmpl -764(fp),-760(fp)
-- bgequ noname.234
-- incl -768(fp)
--noname.234:
-- movl -764(fp),r1
-- movl -768(fp),r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.235
-- incl r2
--noname.235:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.236
-- incl r10
--noname.236:
--
-- bicl3 #-65536,28(r6),r3
-- movzwl 30(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,8(r7),r2
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-772(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-776(fp)
-- mull2 r0,r4
-- addl3 -772(fp),-776(fp),r0
-- bicl3 #0,r0,-772(fp)
-- cmpl -772(fp),-776(fp)
-- bgequ noname.237
-- addl2 #65536,r4
--noname.237:
-- movzwl -770(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-772(fp),r0
-- ashl #16,r0,-776(fp)
-- addl2 -776(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-776(fp)
-- bgequ noname.238
-- incl r4
--noname.238:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.239
-- incl r2
--noname.239:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.240
-- incl r10
--noname.240:
--
-- movl r9,36(r11)
--
-- clrl r9
--
-- bicl3 #-65536,28(r6),r3
-- movzwl 30(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r7),r2
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-780(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-784(fp)
-- mull2 r0,r4
-- addl3 -780(fp),-784(fp),r0
-- bicl3 #0,r0,-780(fp)
-- cmpl -780(fp),-784(fp)
-- bgequ noname.241
-- addl2 #65536,r4
--noname.241:
-- movzwl -778(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-780(fp),r0
-- ashl #16,r0,-784(fp)
-- addl2 -784(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-784(fp)
-- bgequ noname.242
-- incl r4
--noname.242:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.243
-- incl r2
--noname.243:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.244
-- incl r9
--noname.244:
--
-- bicl3 #-65536,24(r6),r3
-- movzwl 26(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r7),r2
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-788(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-792(fp)
-- mull2 r0,r4
-- addl3 -788(fp),-792(fp),r0
-- bicl3 #0,r0,-788(fp)
-- cmpl -788(fp),-792(fp)
-- bgequ noname.245
-- addl2 #65536,r4
--noname.245:
-- movzwl -786(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-788(fp),r0
-- ashl #16,r0,-792(fp)
-- addl2 -792(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-792(fp)
-- bgequ noname.246
-- incl r4
--noname.246:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.247
-- incl r2
--noname.247:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.248
-- incl r9
--noname.248:
--
-- bicl3 #-65536,20(r6),r3
-- movzwl 22(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r7),r2
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-796(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-800(fp)
-- mull2 r0,r4
-- addl3 -796(fp),-800(fp),r0
-- bicl3 #0,r0,-796(fp)
-- cmpl -796(fp),-800(fp)
-- bgequ noname.249
-- addl2 #65536,r4
--noname.249:
-- movzwl -794(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-796(fp),r0
-- ashl #16,r0,-800(fp)
-- addl2 -800(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-800(fp)
-- bgequ noname.250
-- incl r4
--noname.250:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.251
-- incl r2
--noname.251:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.252
-- incl r9
--noname.252:
--
-- bicl3 #-65536,16(r6),r3
-- movzwl 18(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,24(r7),r2
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-804(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-808(fp)
-- mull2 r0,r4
-- addl3 -804(fp),-808(fp),r0
-- bicl3 #0,r0,-804(fp)
-- cmpl -804(fp),-808(fp)
-- bgequ noname.253
-- addl2 #65536,r4
--noname.253:
-- movzwl -802(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-804(fp),r0
-- ashl #16,r0,-808(fp)
-- addl2 -808(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-808(fp)
-- bgequ noname.254
-- incl r4
--noname.254:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.255
-- incl r2
--noname.255:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.256
-- incl r9
--noname.256:
--
-- bicl3 #-65536,12(r6),r3
-- movzwl 14(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,28(r7),r2
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-812(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-816(fp)
-- mull2 r0,r4
-- addl3 -812(fp),-816(fp),r0
-- bicl3 #0,r0,-812(fp)
-- cmpl -812(fp),-816(fp)
-- bgequ noname.257
-- addl2 #65536,r4
--noname.257:
-- movzwl -810(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-812(fp),r0
-- ashl #16,r0,-816(fp)
-- addl2 -816(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-816(fp)
-- bgequ noname.258
-- incl r4
--noname.258:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.259
-- incl r2
--noname.259:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.260
-- incl r9
--noname.260:
--
-- movl r8,40(r11)
--
-- clrl r8
--
-- bicl3 #-65536,16(r6),r3
-- movzwl 18(r6),r2
-- bicl3 #-65536,28(r7),r1
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r4
-- bicl3 #-65536,r2,-828(fp)
-- mull3 r0,r4,-820(fp)
-- mull2 r1,r4
-- mull3 r1,-828(fp),-824(fp)
-- mull2 r0,-828(fp)
-- addl3 -820(fp),-824(fp),r0
-- bicl3 #0,r0,-820(fp)
-- cmpl -820(fp),-824(fp)
-- bgequ noname.261
-- addl2 #65536,-828(fp)
--noname.261:
-- movzwl -818(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-828(fp)
-- bicl3 #-65536,-820(fp),r0
-- ashl #16,r0,-824(fp)
-- addl2 -824(fp),r4
-- bicl2 #0,r4
-- cmpl r4,-824(fp)
-- bgequ noname.262
-- incl -828(fp)
--noname.262:
-- movl r4,r1
-- movl -828(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.263
-- incl r2
--noname.263:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.264
-- incl r8
--noname.264:
--
-- movzwl 22(r6),r2
-- bicl3 #-65536,24(r7),r3
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,20(r6),-840(fp)
-- bicl3 #-65536,r2,-844(fp)
-- mull3 r0,-840(fp),-832(fp)
-- mull2 r3,-840(fp)
-- mull3 r3,-844(fp),-836(fp)
-- mull2 r0,-844(fp)
-- addl3 -832(fp),-836(fp),r0
-- bicl3 #0,r0,-832(fp)
-- cmpl -832(fp),-836(fp)
-- bgequ noname.265
-- addl2 #65536,-844(fp)
--noname.265:
-- movzwl -830(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-844(fp)
-- bicl3 #-65536,-832(fp),r0
-- ashl #16,r0,-836(fp)
-- addl3 -836(fp),-840(fp),r0
-- bicl3 #0,r0,-840(fp)
-- cmpl -840(fp),-836(fp)
-- bgequ noname.266
-- incl -844(fp)
--noname.266:
-- movl -840(fp),r1
-- movl -844(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.267
-- incl r2
--noname.267:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.268
-- incl r8
--noname.268:
--
-- bicl3 #-65536,24(r6),r3
-- movzwl 26(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r7),r2
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-848(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-852(fp)
-- mull2 r0,r4
-- addl3 -848(fp),-852(fp),r0
-- bicl3 #0,r0,-848(fp)
-- cmpl -848(fp),-852(fp)
-- bgequ noname.269
-- addl2 #65536,r4
--noname.269:
-- movzwl -846(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-848(fp),r0
-- ashl #16,r0,-852(fp)
-- addl2 -852(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-852(fp)
-- bgequ noname.270
-- incl r4
--noname.270:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.271
-- incl r2
--noname.271:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.272
-- incl r8
--noname.272:
--
-- bicl3 #-65536,28(r6),r3
-- movzwl 30(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r7),r2
-- movzwl 18(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-856(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-860(fp)
-- mull2 r0,r4
-- addl3 -856(fp),-860(fp),r0
-- bicl3 #0,r0,-856(fp)
-- cmpl -856(fp),-860(fp)
-- bgequ noname.273
-- addl2 #65536,r4
--noname.273:
-- movzwl -854(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-856(fp),r0
-- ashl #16,r0,-860(fp)
-- addl2 -860(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-860(fp)
-- bgequ noname.274
-- incl r4
--noname.274:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.275
-- incl r2
--noname.275:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.276
-- incl r8
--noname.276:
--
-- movl r10,44(r11)
--
-- clrl r10
--
-- bicl3 #-65536,28(r6),r3
-- movzwl 30(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r7),r2
-- movzwl 22(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-864(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-868(fp)
-- mull2 r0,r4
-- addl3 -864(fp),-868(fp),r0
-- bicl3 #0,r0,-864(fp)
-- cmpl -864(fp),-868(fp)
-- bgequ noname.277
-- addl2 #65536,r4
--noname.277:
-- movzwl -862(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-864(fp),r0
-- ashl #16,r0,-868(fp)
-- addl2 -868(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-868(fp)
-- bgequ noname.278
-- incl r4
--noname.278:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.279
-- incl r2
--noname.279:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.280
-- incl r10
--noname.280:
--
-- bicl3 #-65536,24(r6),r3
-- movzwl 26(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,24(r7),r2
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-872(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-876(fp)
-- mull2 r0,r4
-- addl3 -872(fp),-876(fp),r0
-- bicl3 #0,r0,-872(fp)
-- cmpl -872(fp),-876(fp)
-- bgequ noname.281
-- addl2 #65536,r4
--noname.281:
-- movzwl -870(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-872(fp),r0
-- ashl #16,r0,-876(fp)
-- addl2 -876(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-876(fp)
-- bgequ noname.282
-- incl r4
--noname.282:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.283
-- incl r2
--noname.283:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.284
-- incl r10
--noname.284:
--
-- bicl3 #-65536,20(r6),r3
-- movzwl 22(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,28(r7),r2
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-880(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-884(fp)
-- mull2 r0,r4
-- addl3 -880(fp),-884(fp),r0
-- bicl3 #0,r0,-880(fp)
-- cmpl -880(fp),-884(fp)
-- bgequ noname.285
-- addl2 #65536,r4
--noname.285:
-- movzwl -878(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-880(fp),r0
-- ashl #16,r0,-884(fp)
-- addl2 -884(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-884(fp)
-- bgequ noname.286
-- incl r4
--noname.286:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.287
-- incl r2
--noname.287:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.288
-- incl r10
--noname.288:
--
-- movl r9,48(r11)
--
-- clrl r9
--
-- bicl3 #-65536,24(r6),r3
-- movzwl 26(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,28(r7),r2
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-888(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-892(fp)
-- mull2 r0,r4
-- addl3 -888(fp),-892(fp),r0
-- bicl3 #0,r0,-888(fp)
-- cmpl -888(fp),-892(fp)
-- bgequ noname.289
-- addl2 #65536,r4
--noname.289:
-- movzwl -886(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-888(fp),r0
-- ashl #16,r0,-892(fp)
-- addl2 -892(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-892(fp)
-- bgequ noname.290
-- incl r4
--noname.290:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.291
-- incl r2
--noname.291:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.292
-- incl r9
--noname.292:
--
-- movzwl 30(r6),r2
-- bicl3 #-65536,24(r7),r3
-- movzwl 26(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,28(r6),-904(fp)
-- bicl3 #-65536,r2,-908(fp)
-- mull3 r0,-904(fp),-896(fp)
-- mull2 r3,-904(fp)
-- mull3 r3,-908(fp),-900(fp)
-- mull2 r0,-908(fp)
-- addl3 -896(fp),-900(fp),r0
-- bicl3 #0,r0,-896(fp)
-- cmpl -896(fp),-900(fp)
-- bgequ noname.293
-- addl2 #65536,-908(fp)
--noname.293:
-- movzwl -894(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-908(fp)
-- bicl3 #-65536,-896(fp),r0
-- ashl #16,r0,-900(fp)
-- addl3 -900(fp),-904(fp),r0
-- bicl3 #0,r0,-904(fp)
-- cmpl -904(fp),-900(fp)
-- bgequ noname.294
-- incl -908(fp)
--noname.294:
-- movl -904(fp),r1
-- movl -908(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.295
-- incl r2
--noname.295:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.296
-- incl r9
--noname.296:
--
-- movl r8,52(r11)
--
-- clrl r8
--
-- movzwl 30(r6),r2
-- bicl3 #-65536,28(r7),r3
-- movzwl 30(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,28(r6),-920(fp)
-- bicl3 #-65536,r2,-924(fp)
-- mull3 r0,-920(fp),-912(fp)
-- mull2 r3,-920(fp)
-- mull3 r3,-924(fp),-916(fp)
-- mull2 r0,-924(fp)
-- addl3 -912(fp),-916(fp),r0
-- bicl3 #0,r0,-912(fp)
-- cmpl -912(fp),-916(fp)
-- bgequ noname.297
-- addl2 #65536,-924(fp)
--noname.297:
-- movzwl -910(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-924(fp)
-- bicl3 #-65536,-912(fp),r0
-- ashl #16,r0,-916(fp)
-- addl3 -916(fp),-920(fp),r0
-- bicl3 #0,r0,-920(fp)
-- cmpl -920(fp),-916(fp)
-- bgequ noname.298
-- incl -924(fp)
--noname.298:
-- movl -920(fp),r1
-- movl -924(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.299
-- incl r2
--noname.299:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.300
-- incl r8
--noname.300:
--
-- movl r10,56(r11)
--
-- movl r9,60(r11)
--
-- ret
--
--
--
--;r=4 ;(AP)
--;a=8 ;(AP)
--;b=12 ;(AP)
--;n=16 ;(AP) n by value (input)
--
-- .psect code,nowrt
--
--.entry BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
-- movab -156(sp),sp
--
-- clrq r9
--
-- clrl r8
--
-- movl 8(ap),r6
-- bicl3 #-65536,(r6),r3
-- movzwl 2(r6),r2
-- bicl2 #-65536,r2
-- movl 12(ap),r7
-- bicl3 #-65536,(r7),r1
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r2,r4
-- mull3 r0,r5,-4(fp)
-- mull2 r1,r5
-- mull3 r1,r4,-8(fp)
-- mull2 r0,r4
-- addl3 -4(fp),-8(fp),r0
-- bicl3 #0,r0,-4(fp)
-- cmpl -4(fp),-8(fp)
-- bgequ noname.303
-- addl2 #65536,r4
--noname.303:
-- movzwl -2(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-4(fp),r0
-- ashl #16,r0,-8(fp)
-- addl2 -8(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-8(fp)
-- bgequ noname.304
-- incl r4
--noname.304:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.305
-- incl r2
--noname.305:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.306
-- incl r8
--noname.306:
--
-- movl 4(ap),r11
-- movl r10,(r11)
--
-- clrl r10
--
-- bicl3 #-65536,(r6),r3
-- movzwl 2(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r7),r2
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-12(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-16(fp)
-- mull2 r0,r4
-- addl3 -12(fp),-16(fp),r0
-- bicl3 #0,r0,-12(fp)
-- cmpl -12(fp),-16(fp)
-- bgequ noname.307
-- addl2 #65536,r4
--noname.307:
-- movzwl -10(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-12(fp),r0
-- ashl #16,r0,-16(fp)
-- addl2 -16(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-16(fp)
-- bgequ noname.308
-- incl r4
--noname.308:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.309
-- incl r2
--noname.309:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.310
-- incl r10
--noname.310:
--
-- bicl3 #-65536,4(r6),r3
-- movzwl 6(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,(r7),r2
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-20(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-24(fp)
-- mull2 r0,r4
-- addl3 -20(fp),-24(fp),r0
-- bicl3 #0,r0,-20(fp)
-- cmpl -20(fp),-24(fp)
-- bgequ noname.311
-- addl2 #65536,r4
--noname.311:
-- movzwl -18(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-20(fp),r0
-- ashl #16,r0,-24(fp)
-- addl2 -24(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-24(fp)
-- bgequ noname.312
-- incl r4
--noname.312:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.313
-- incl r2
--noname.313:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.314
-- incl r10
--noname.314:
--
-- movl r9,4(r11)
--
-- clrl r9
--
-- bicl3 #-65536,8(r6),r3
-- movzwl 10(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,(r7),r2
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-28(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-32(fp)
-- mull2 r0,r4
-- addl3 -28(fp),-32(fp),r0
-- bicl3 #0,r0,-28(fp)
-- cmpl -28(fp),-32(fp)
-- bgequ noname.315
-- addl2 #65536,r4
--noname.315:
-- movzwl -26(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-28(fp),r0
-- ashl #16,r0,-32(fp)
-- addl2 -32(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-32(fp)
-- bgequ noname.316
-- incl r4
--noname.316:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.317
-- incl r2
--noname.317:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.318
-- incl r9
--noname.318:
--
-- bicl3 #-65536,4(r6),r3
-- movzwl 6(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r7),r2
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-36(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-40(fp)
-- mull2 r0,r4
-- addl3 -36(fp),-40(fp),r0
-- bicl3 #0,r0,-36(fp)
-- cmpl -36(fp),-40(fp)
-- bgequ noname.319
-- addl2 #65536,r4
--noname.319:
-- movzwl -34(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-36(fp),r0
-- ashl #16,r0,-40(fp)
-- addl2 -40(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-40(fp)
-- bgequ noname.320
-- incl r4
--noname.320:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.321
-- incl r2
--noname.321:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.322
-- incl r9
--noname.322:
--
-- bicl3 #-65536,(r6),r3
-- movzwl 2(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,8(r7),r2
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-44(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-48(fp)
-- mull2 r0,r4
-- addl3 -44(fp),-48(fp),r0
-- bicl3 #0,r0,-44(fp)
-- cmpl -44(fp),-48(fp)
-- bgequ noname.323
-- addl2 #65536,r4
--noname.323:
-- movzwl -42(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-44(fp),r0
-- ashl #16,r0,-48(fp)
-- addl2 -48(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-48(fp)
-- bgequ noname.324
-- incl r4
--noname.324:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.325
-- incl r2
--noname.325:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.326
-- incl r9
--noname.326:
--
-- movl r8,8(r11)
--
-- clrl r8
--
-- bicl3 #-65536,(r6),r3
-- movzwl 2(r6),r2
-- bicl3 #-65536,12(r7),r1
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r4
-- bicl3 #-65536,r2,-60(fp)
-- mull3 r0,r4,-52(fp)
-- mull2 r1,r4
-- mull3 r1,-60(fp),-56(fp)
-- mull2 r0,-60(fp)
-- addl3 -52(fp),-56(fp),r0
-- bicl3 #0,r0,-52(fp)
-- cmpl -52(fp),-56(fp)
-- bgequ noname.327
-- addl2 #65536,-60(fp)
--noname.327:
-- movzwl -50(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-60(fp)
-- bicl3 #-65536,-52(fp),r0
-- ashl #16,r0,-56(fp)
-- addl2 -56(fp),r4
-- bicl2 #0,r4
-- cmpl r4,-56(fp)
-- bgequ noname.328
-- incl -60(fp)
--noname.328:
-- movl r4,r1
-- movl -60(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.329
-- incl r2
--noname.329:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.330
-- incl r8
--noname.330:
--
-- movzwl 6(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r6),-72(fp)
-- bicl3 #-65536,r2,-76(fp)
-- mull3 r0,-72(fp),-64(fp)
-- mull2 r3,-72(fp)
-- mull3 r3,-76(fp),-68(fp)
-- mull2 r0,-76(fp)
-- addl3 -64(fp),-68(fp),r0
-- bicl3 #0,r0,-64(fp)
-- cmpl -64(fp),-68(fp)
-- bgequ noname.331
-- addl2 #65536,-76(fp)
--noname.331:
-- movzwl -62(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-76(fp)
-- bicl3 #-65536,-64(fp),r0
-- ashl #16,r0,-68(fp)
-- addl3 -68(fp),-72(fp),r0
-- bicl3 #0,r0,-72(fp)
-- cmpl -72(fp),-68(fp)
-- bgequ noname.332
-- incl -76(fp)
--noname.332:
-- movl -72(fp),r1
-- movl -76(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.333
-- incl r2
--noname.333:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.334
-- incl r8
--noname.334:
--
-- bicl3 #-65536,8(r6),r3
-- movzwl 10(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r7),r2
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-80(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-84(fp)
-- mull2 r0,r4
-- addl3 -80(fp),-84(fp),r0
-- bicl3 #0,r0,-80(fp)
-- cmpl -80(fp),-84(fp)
-- bgequ noname.335
-- addl2 #65536,r4
--noname.335:
-- movzwl -78(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-80(fp),r0
-- ashl #16,r0,-84(fp)
-- addl2 -84(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-84(fp)
-- bgequ noname.336
-- incl r4
--noname.336:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.337
-- incl r2
--noname.337:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.338
-- incl r8
--noname.338:
--
-- bicl3 #-65536,12(r6),r3
-- movzwl 14(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,(r7),r2
-- movzwl 2(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-88(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-92(fp)
-- mull2 r0,r4
-- addl3 -88(fp),-92(fp),r0
-- bicl3 #0,r0,-88(fp)
-- cmpl -88(fp),-92(fp)
-- bgequ noname.339
-- addl2 #65536,r4
--noname.339:
-- movzwl -86(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-88(fp),r0
-- ashl #16,r0,-92(fp)
-- addl2 -92(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-92(fp)
-- bgequ noname.340
-- incl r4
--noname.340:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.341
-- incl r2
--noname.341:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.342
-- incl r8
--noname.342:
--
-- movl r10,12(r11)
--
-- clrl r10
--
-- bicl3 #-65536,12(r6),r3
-- movzwl 14(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r7),r2
-- movzwl 6(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-96(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-100(fp)
-- mull2 r0,r4
-- addl3 -96(fp),-100(fp),r0
-- bicl3 #0,r0,-96(fp)
-- cmpl -96(fp),-100(fp)
-- bgequ noname.343
-- addl2 #65536,r4
--noname.343:
-- movzwl -94(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-96(fp),r0
-- ashl #16,r0,-100(fp)
-- addl2 -100(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-100(fp)
-- bgequ noname.344
-- incl r4
--noname.344:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.345
-- incl r2
--noname.345:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.346
-- incl r10
--noname.346:
--
-- bicl3 #-65536,8(r6),r3
-- movzwl 10(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,8(r7),r2
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-104(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-108(fp)
-- mull2 r0,r4
-- addl3 -104(fp),-108(fp),r0
-- bicl3 #0,r0,-104(fp)
-- cmpl -104(fp),-108(fp)
-- bgequ noname.347
-- addl2 #65536,r4
--noname.347:
-- movzwl -102(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-104(fp),r0
-- ashl #16,r0,-108(fp)
-- addl2 -108(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-108(fp)
-- bgequ noname.348
-- incl r4
--noname.348:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.349
-- incl r2
--noname.349:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.350
-- incl r10
--noname.350:
--
-- bicl3 #-65536,4(r6),r3
-- movzwl 6(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r7),r2
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-112(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-116(fp)
-- mull2 r0,r4
-- addl3 -112(fp),-116(fp),r0
-- bicl3 #0,r0,-112(fp)
-- cmpl -112(fp),-116(fp)
-- bgequ noname.351
-- addl2 #65536,r4
--noname.351:
-- movzwl -110(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-112(fp),r0
-- ashl #16,r0,-116(fp)
-- addl2 -116(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-116(fp)
-- bgequ noname.352
-- incl r4
--noname.352:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.353
-- incl r2
--noname.353:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.354
-- incl r10
--noname.354:
--
-- movl r9,16(r11)
--
-- clrl r9
--
-- bicl3 #-65536,8(r6),r3
-- movzwl 10(r6),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r7),r2
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-120(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-124(fp)
-- mull2 r0,r4
-- addl3 -120(fp),-124(fp),r0
-- bicl3 #0,r0,-120(fp)
-- cmpl -120(fp),-124(fp)
-- bgequ noname.355
-- addl2 #65536,r4
--noname.355:
-- movzwl -118(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-120(fp),r0
-- ashl #16,r0,-124(fp)
-- addl2 -124(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-124(fp)
-- bgequ noname.356
-- incl r4
--noname.356:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.357
-- incl r2
--noname.357:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.358
-- incl r9
--noname.358:
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,8(r7),r3
-- movzwl 10(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-136(fp)
-- bicl3 #-65536,r2,-140(fp)
-- mull3 r0,-136(fp),-128(fp)
-- mull2 r3,-136(fp)
-- mull3 r3,-140(fp),-132(fp)
-- mull2 r0,-140(fp)
-- addl3 -128(fp),-132(fp),r0
-- bicl3 #0,r0,-128(fp)
-- cmpl -128(fp),-132(fp)
-- bgequ noname.359
-- addl2 #65536,-140(fp)
--noname.359:
-- movzwl -126(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-140(fp)
-- bicl3 #-65536,-128(fp),r0
-- ashl #16,r0,-132(fp)
-- addl3 -132(fp),-136(fp),r0
-- bicl3 #0,r0,-136(fp)
-- cmpl -136(fp),-132(fp)
-- bgequ noname.360
-- incl -140(fp)
--noname.360:
-- movl -136(fp),r1
-- movl -140(fp),r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.361
-- incl r2
--noname.361:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.362
-- incl r9
--noname.362:
--
-- movl r8,20(r11)
--
-- clrl r8
--
-- movzwl 14(r6),r2
-- bicl3 #-65536,12(r7),r3
-- movzwl 14(r7),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r6),-152(fp)
-- bicl3 #-65536,r2,-156(fp)
-- mull3 r0,-152(fp),-144(fp)
-- mull2 r3,-152(fp)
-- mull3 r3,-156(fp),-148(fp)
-- mull2 r0,-156(fp)
-- addl3 -144(fp),-148(fp),r0
-- bicl3 #0,r0,-144(fp)
-- cmpl -144(fp),-148(fp)
-- bgequ noname.363
-- addl2 #65536,-156(fp)
--noname.363:
-- movzwl -142(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-156(fp)
-- bicl3 #-65536,-144(fp),r0
-- ashl #16,r0,-148(fp)
-- addl3 -148(fp),-152(fp),r0
-- bicl3 #0,r0,-152(fp)
-- cmpl -152(fp),-148(fp)
-- bgequ noname.364
-- incl -156(fp)
--noname.364:
-- movl -152(fp),r1
-- movl -156(fp),r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.365
-- incl r2
--noname.365:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.366
-- incl r8
--noname.366:
--
-- movl r10,24(r11)
--
-- movl r9,28(r11)
--
-- ret
--
--
--
--;r=4 ;(AP)
--;a=8 ;(AP)
--;b=12 ;(AP)
--;n=16 ;(AP) n by value (input)
--
-- .psect code,nowrt
--
--.entry BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
-- movab -444(sp),sp
--
-- clrq r8
--
-- clrl r7
--
-- movl 8(ap),r4
-- movl (r4),r3
-- bicl3 #-65536,r3,-4(fp)
-- extzv #16,#16,r3,r0
-- bicl3 #-65536,r0,r3
-- movl -4(fp),r0
-- mull3 r0,r3,-8(fp)
-- mull3 r0,r0,-4(fp)
-- mull2 r3,r3
-- bicl3 #32767,-8(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r3
-- bicl3 #-65536,-8(fp),r0
-- ashl #17,r0,-8(fp)
-- addl3 -4(fp),-8(fp),r0
-- bicl3 #0,r0,-4(fp)
-- cmpl -4(fp),-8(fp)
-- bgequ noname.369
-- incl r3
--noname.369:
-- movl -4(fp),r1
-- movl r3,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.370
-- incl r2
--noname.370:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.371
-- incl r7
--noname.371:
--
-- movl r9, at 4(ap)
--
-- clrl r9
--
-- movzwl 6(r4),r2
-- bicl3 #-65536,(r4),r3
-- movzwl 2(r4),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,4(r4),-20(fp)
-- bicl3 #-65536,r2,-24(fp)
-- mull3 r0,-20(fp),-12(fp)
-- mull2 r3,-20(fp)
-- mull3 r3,-24(fp),-16(fp)
-- mull2 r0,-24(fp)
-- addl3 -12(fp),-16(fp),r0
-- bicl3 #0,r0,-12(fp)
-- cmpl -12(fp),-16(fp)
-- bgequ noname.372
-- addl2 #65536,-24(fp)
--noname.372:
-- movzwl -10(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-24(fp)
-- bicl3 #-65536,-12(fp),r0
-- ashl #16,r0,-16(fp)
-- addl3 -16(fp),-20(fp),r0
-- bicl3 #0,r0,-20(fp)
-- cmpl -20(fp),-16(fp)
-- bgequ noname.373
-- incl -24(fp)
--noname.373:
-- movl -20(fp),r3
-- movl -24(fp),r2
-- bbc #31,r2,noname.374
-- incl r9
--noname.374:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.375
-- incl r2
--noname.375:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.376
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.376
-- incl r9
--noname.376:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.377
-- incl r9
--noname.377:
--
-- movl 4(ap),r0
-- movl r8,4(r0)
--
-- clrl r8
--
-- movl 8(ap),r4
-- movl 4(r4),r3
-- bicl3 #-65536,r3,-28(fp)
-- extzv #16,#16,r3,r0
-- bicl3 #-65536,r0,r3
-- movl -28(fp),r0
-- mull3 r0,r3,-32(fp)
-- mull3 r0,r0,-28(fp)
-- mull2 r3,r3
-- bicl3 #32767,-32(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r3
-- bicl3 #-65536,-32(fp),r0
-- ashl #17,r0,-32(fp)
-- addl3 -28(fp),-32(fp),r0
-- bicl3 #0,r0,-28(fp)
-- cmpl -28(fp),-32(fp)
-- bgequ noname.378
-- incl r3
--noname.378:
-- movl -28(fp),r1
-- movl r3,r2
-- addl2 r1,r7
-- bicl2 #0,r7
-- cmpl r7,r1
-- bgequ noname.379
-- incl r2
--noname.379:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.380
-- incl r8
--noname.380:
--
-- movzwl 10(r4),r2
-- bicl3 #-65536,(r4),r3
-- movzwl 2(r4),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,8(r4),-44(fp)
-- bicl3 #-65536,r2,-48(fp)
-- mull3 r0,-44(fp),-36(fp)
-- mull2 r3,-44(fp)
-- mull3 r3,-48(fp),-40(fp)
-- mull2 r0,-48(fp)
-- addl3 -36(fp),-40(fp),r0
-- bicl3 #0,r0,-36(fp)
-- cmpl -36(fp),-40(fp)
-- bgequ noname.381
-- addl2 #65536,-48(fp)
--noname.381:
-- movzwl -34(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-48(fp)
-- bicl3 #-65536,-36(fp),r0
-- ashl #16,r0,-40(fp)
-- addl3 -40(fp),-44(fp),r0
-- bicl3 #0,r0,-44(fp)
-- cmpl -44(fp),-40(fp)
-- bgequ noname.382
-- incl -48(fp)
--noname.382:
-- movl -44(fp),r3
-- movl -48(fp),r2
-- bbc #31,r2,noname.383
-- incl r8
--noname.383:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.384
-- incl r2
--noname.384:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.385
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.385
-- incl r8
--noname.385:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.386
-- incl r8
--noname.386:
--
-- movl 4(ap),r0
-- movl r7,8(r0)
--
-- clrl r7
--
-- movl 8(ap),r0
-- movzwl 14(r0),r2
-- bicl3 #-65536,(r0),r3
-- movzwl 2(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r0),-60(fp)
-- bicl3 #-65536,r2,-64(fp)
-- mull3 r1,-60(fp),-52(fp)
-- mull2 r3,-60(fp)
-- mull3 r3,-64(fp),-56(fp)
-- mull2 r1,-64(fp)
-- addl3 -52(fp),-56(fp),r0
-- bicl3 #0,r0,-52(fp)
-- cmpl -52(fp),-56(fp)
-- bgequ noname.387
-- addl2 #65536,-64(fp)
--noname.387:
-- movzwl -50(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-64(fp)
-- bicl3 #-65536,-52(fp),r0
-- ashl #16,r0,-56(fp)
-- addl3 -56(fp),-60(fp),r0
-- bicl3 #0,r0,-60(fp)
-- cmpl -60(fp),-56(fp)
-- bgequ noname.388
-- incl -64(fp)
--noname.388:
-- movl -60(fp),r3
-- movl -64(fp),r2
-- bbc #31,r2,noname.389
-- incl r7
--noname.389:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.390
-- incl r2
--noname.390:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.391
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.391
-- incl r7
--noname.391:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.392
-- incl r7
--noname.392:
--
-- movl 8(ap),r0
-- movzwl 10(r0),r2
-- bicl3 #-65536,4(r0),r3
-- movzwl 6(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,8(r0),-76(fp)
-- bicl3 #-65536,r2,-80(fp)
-- mull3 r1,-76(fp),-68(fp)
-- mull2 r3,-76(fp)
-- mull3 r3,-80(fp),-72(fp)
-- mull2 r1,-80(fp)
-- addl3 -68(fp),-72(fp),r0
-- bicl3 #0,r0,-68(fp)
-- cmpl -68(fp),-72(fp)
-- bgequ noname.393
-- addl2 #65536,-80(fp)
--noname.393:
-- movzwl -66(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-80(fp)
-- bicl3 #-65536,-68(fp),r0
-- ashl #16,r0,-72(fp)
-- addl3 -72(fp),-76(fp),r0
-- bicl3 #0,r0,-76(fp)
-- cmpl -76(fp),-72(fp)
-- bgequ noname.394
-- incl -80(fp)
--noname.394:
-- movl -76(fp),r3
-- movl -80(fp),r2
-- bbc #31,r2,noname.395
-- incl r7
--noname.395:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.396
-- incl r2
--noname.396:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.397
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.397
-- incl r7
--noname.397:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.398
-- incl r7
--noname.398:
--
-- movl 4(ap),r0
-- movl r9,12(r0)
--
-- clrl r9
--
-- movl 8(ap),r2
-- movl 8(r2),r4
-- bicl3 #-65536,r4,-84(fp)
-- extzv #16,#16,r4,r0
-- bicl3 #-65536,r0,r4
-- movl -84(fp),r0
-- mull3 r0,r4,-88(fp)
-- mull3 r0,r0,-84(fp)
-- mull2 r4,r4
-- bicl3 #32767,-88(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r4
-- bicl3 #-65536,-88(fp),r0
-- ashl #17,r0,-88(fp)
-- addl3 -84(fp),-88(fp),r0
-- bicl3 #0,r0,-84(fp)
-- cmpl -84(fp),-88(fp)
-- bgequ noname.399
-- incl r4
--noname.399:
-- movl -84(fp),r1
-- movl r4,r3
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.400
-- incl r3
--noname.400:
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.401
-- incl r9
--noname.401:
--
-- movzwl 14(r2),r3
-- bicl3 #-65536,4(r2),r1
-- movzwl 6(r2),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,12(r2),-100(fp)
-- bicl3 #-65536,r3,-104(fp)
-- mull3 r0,-100(fp),-92(fp)
-- mull2 r1,-100(fp)
-- mull3 r1,-104(fp),-96(fp)
-- mull2 r0,-104(fp)
-- addl3 -92(fp),-96(fp),r0
-- bicl3 #0,r0,-92(fp)
-- cmpl -92(fp),-96(fp)
-- bgequ noname.402
-- addl2 #65536,-104(fp)
--noname.402:
-- movzwl -90(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-104(fp)
-- bicl3 #-65536,-92(fp),r0
-- ashl #16,r0,-96(fp)
-- addl3 -96(fp),-100(fp),r0
-- bicl3 #0,r0,-100(fp)
-- cmpl -100(fp),-96(fp)
-- bgequ noname.403
-- incl -104(fp)
--noname.403:
-- movl -100(fp),r3
-- movl -104(fp),r2
-- bbc #31,r2,noname.404
-- incl r9
--noname.404:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.405
-- incl r2
--noname.405:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.406
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.406
-- incl r9
--noname.406:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.407
-- incl r9
--noname.407:
--
-- movl 8(ap),r0
-- movzwl 18(r0),r2
-- bicl3 #-65536,(r0),r3
-- movzwl 2(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r0),-116(fp)
-- bicl3 #-65536,r2,-120(fp)
-- mull3 r1,-116(fp),-108(fp)
-- mull2 r3,-116(fp)
-- mull3 r3,-120(fp),-112(fp)
-- mull2 r1,-120(fp)
-- addl3 -108(fp),-112(fp),r0
-- bicl3 #0,r0,-108(fp)
-- cmpl -108(fp),-112(fp)
-- bgequ noname.408
-- addl2 #65536,-120(fp)
--noname.408:
-- movzwl -106(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-120(fp)
-- bicl3 #-65536,-108(fp),r0
-- ashl #16,r0,-112(fp)
-- addl3 -112(fp),-116(fp),r0
-- bicl3 #0,r0,-116(fp)
-- cmpl -116(fp),-112(fp)
-- bgequ noname.409
-- incl -120(fp)
--noname.409:
-- movl -116(fp),r3
-- movl -120(fp),r2
-- bbc #31,r2,noname.410
-- incl r9
--noname.410:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.411
-- incl r2
--noname.411:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.412
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.412
-- incl r9
--noname.412:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.413
-- incl r9
--noname.413:
--
-- movl 4(ap),r0
-- movl r8,16(r0)
--
-- clrl r8
--
-- movl 8(ap),r0
-- movzwl 22(r0),r2
-- bicl3 #-65536,(r0),r3
-- movzwl 2(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r0),-132(fp)
-- bicl3 #-65536,r2,-136(fp)
-- mull3 r1,-132(fp),-124(fp)
-- mull2 r3,-132(fp)
-- mull3 r3,-136(fp),-128(fp)
-- mull2 r1,-136(fp)
-- addl3 -124(fp),-128(fp),r0
-- bicl3 #0,r0,-124(fp)
-- cmpl -124(fp),-128(fp)
-- bgequ noname.414
-- addl2 #65536,-136(fp)
--noname.414:
-- movzwl -122(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-136(fp)
-- bicl3 #-65536,-124(fp),r0
-- ashl #16,r0,-128(fp)
-- addl3 -128(fp),-132(fp),r0
-- bicl3 #0,r0,-132(fp)
-- cmpl -132(fp),-128(fp)
-- bgequ noname.415
-- incl -136(fp)
--noname.415:
-- movl -132(fp),r3
-- movl -136(fp),r2
-- bbc #31,r2,noname.416
-- incl r8
--noname.416:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.417
-- incl r2
--noname.417:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.418
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.418
-- incl r8
--noname.418:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.419
-- incl r8
--noname.419:
--
-- movl 8(ap),r0
-- movzwl 18(r0),r2
-- bicl3 #-65536,4(r0),r3
-- movzwl 6(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r0),-148(fp)
-- bicl3 #-65536,r2,-152(fp)
-- mull3 r1,-148(fp),-140(fp)
-- mull2 r3,-148(fp)
-- mull3 r3,-152(fp),-144(fp)
-- mull2 r1,-152(fp)
-- addl3 -140(fp),-144(fp),r0
-- bicl3 #0,r0,-140(fp)
-- cmpl -140(fp),-144(fp)
-- bgequ noname.420
-- addl2 #65536,-152(fp)
--noname.420:
-- movzwl -138(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-152(fp)
-- bicl3 #-65536,-140(fp),r0
-- ashl #16,r0,-144(fp)
-- addl3 -144(fp),-148(fp),r0
-- bicl3 #0,r0,-148(fp)
-- cmpl -148(fp),-144(fp)
-- bgequ noname.421
-- incl -152(fp)
--noname.421:
-- movl -148(fp),r3
-- movl -152(fp),r2
-- bbc #31,r2,noname.422
-- incl r8
--noname.422:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.423
-- incl r2
--noname.423:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.424
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.424
-- incl r8
--noname.424:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.425
-- incl r8
--noname.425:
--
-- movl 8(ap),r0
-- movzwl 14(r0),r2
-- bicl3 #-65536,8(r0),r3
-- movzwl 10(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r0),-164(fp)
-- bicl3 #-65536,r2,-168(fp)
-- mull3 r1,-164(fp),-156(fp)
-- mull2 r3,-164(fp)
-- mull3 r3,-168(fp),-160(fp)
-- mull2 r1,-168(fp)
-- addl3 -156(fp),-160(fp),r0
-- bicl3 #0,r0,-156(fp)
-- cmpl -156(fp),-160(fp)
-- bgequ noname.426
-- addl2 #65536,-168(fp)
--noname.426:
-- movzwl -154(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-168(fp)
-- bicl3 #-65536,-156(fp),r0
-- ashl #16,r0,-160(fp)
-- addl3 -160(fp),-164(fp),r0
-- bicl3 #0,r0,-164(fp)
-- cmpl -164(fp),-160(fp)
-- bgequ noname.427
-- incl -168(fp)
--noname.427:
-- movl -164(fp),r3
-- movl -168(fp),r2
-- bbc #31,r2,noname.428
-- incl r8
--noname.428:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.429
-- incl r2
--noname.429:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.430
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.430
-- incl r8
--noname.430:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.431
-- incl r8
--noname.431:
--
-- movl 4(ap),r0
-- movl r7,20(r0)
--
-- clrl r7
--
-- movl 8(ap),r2
-- movl 12(r2),r4
-- bicl3 #-65536,r4,-172(fp)
-- extzv #16,#16,r4,r0
-- bicl3 #-65536,r0,r4
-- movl -172(fp),r0
-- mull3 r0,r4,-176(fp)
-- mull3 r0,r0,-172(fp)
-- mull2 r4,r4
-- bicl3 #32767,-176(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r4
-- bicl3 #-65536,-176(fp),r0
-- ashl #17,r0,-176(fp)
-- addl3 -172(fp),-176(fp),r0
-- bicl3 #0,r0,-172(fp)
-- cmpl -172(fp),-176(fp)
-- bgequ noname.432
-- incl r4
--noname.432:
-- movl -172(fp),r1
-- movl r4,r3
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.433
-- incl r3
--noname.433:
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.434
-- incl r7
--noname.434:
--
-- movzwl 18(r2),r3
-- bicl3 #-65536,8(r2),r1
-- movzwl 10(r2),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,16(r2),-188(fp)
-- bicl3 #-65536,r3,-192(fp)
-- mull3 r0,-188(fp),-180(fp)
-- mull2 r1,-188(fp)
-- mull3 r1,-192(fp),-184(fp)
-- mull2 r0,-192(fp)
-- addl3 -180(fp),-184(fp),r0
-- bicl3 #0,r0,-180(fp)
-- cmpl -180(fp),-184(fp)
-- bgequ noname.435
-- addl2 #65536,-192(fp)
--noname.435:
-- movzwl -178(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-192(fp)
-- bicl3 #-65536,-180(fp),r0
-- ashl #16,r0,-184(fp)
-- addl3 -184(fp),-188(fp),r0
-- bicl3 #0,r0,-188(fp)
-- cmpl -188(fp),-184(fp)
-- bgequ noname.436
-- incl -192(fp)
--noname.436:
-- movl -188(fp),r3
-- movl -192(fp),r2
-- bbc #31,r2,noname.437
-- incl r7
--noname.437:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.438
-- incl r2
--noname.438:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.439
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.439
-- incl r7
--noname.439:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.440
-- incl r7
--noname.440:
--
-- movl 8(ap),r0
-- movzwl 22(r0),r2
-- bicl3 #-65536,4(r0),r3
-- movzwl 6(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r0),-204(fp)
-- bicl3 #-65536,r2,-208(fp)
-- mull3 r1,-204(fp),-196(fp)
-- mull2 r3,-204(fp)
-- mull3 r3,-208(fp),-200(fp)
-- mull2 r1,-208(fp)
-- addl3 -196(fp),-200(fp),r0
-- bicl3 #0,r0,-196(fp)
-- cmpl -196(fp),-200(fp)
-- bgequ noname.441
-- addl2 #65536,-208(fp)
--noname.441:
-- movzwl -194(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-208(fp)
-- bicl3 #-65536,-196(fp),r0
-- ashl #16,r0,-200(fp)
-- addl3 -200(fp),-204(fp),r0
-- bicl3 #0,r0,-204(fp)
-- cmpl -204(fp),-200(fp)
-- bgequ noname.442
-- incl -208(fp)
--noname.442:
-- movl -204(fp),r3
-- movl -208(fp),r2
-- bbc #31,r2,noname.443
-- incl r7
--noname.443:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.444
-- incl r2
--noname.444:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.445
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.445
-- incl r7
--noname.445:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.446
-- incl r7
--noname.446:
--
-- movl 8(ap),r0
-- movzwl 26(r0),r2
-- bicl3 #-65536,(r0),r3
-- movzwl 2(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,24(r0),-220(fp)
-- bicl3 #-65536,r2,-224(fp)
-- mull3 r1,-220(fp),-212(fp)
-- mull2 r3,-220(fp)
-- mull3 r3,-224(fp),-216(fp)
-- mull2 r1,-224(fp)
-- addl3 -212(fp),-216(fp),r0
-- bicl3 #0,r0,-212(fp)
-- cmpl -212(fp),-216(fp)
-- bgequ noname.447
-- addl2 #65536,-224(fp)
--noname.447:
-- movzwl -210(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-224(fp)
-- bicl3 #-65536,-212(fp),r0
-- ashl #16,r0,-216(fp)
-- addl3 -216(fp),-220(fp),r0
-- bicl3 #0,r0,-220(fp)
-- cmpl -220(fp),-216(fp)
-- bgequ noname.448
-- incl -224(fp)
--noname.448:
-- movl -220(fp),r3
-- movl -224(fp),r2
-- bbc #31,r2,noname.449
-- incl r7
--noname.449:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.450
-- incl r2
--noname.450:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.451
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.451
-- incl r7
--noname.451:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.452
-- incl r7
--noname.452:
--
-- movl 4(ap),r0
-- movl r9,24(r0)
--
-- clrl r9
--
-- movl 8(ap),r0
-- movzwl 30(r0),r2
-- bicl3 #-65536,(r0),r3
-- movzwl 2(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,28(r0),-236(fp)
-- bicl3 #-65536,r2,-240(fp)
-- mull3 r1,-236(fp),-228(fp)
-- mull2 r3,-236(fp)
-- mull3 r3,-240(fp),-232(fp)
-- mull2 r1,-240(fp)
-- addl3 -228(fp),-232(fp),r0
-- bicl3 #0,r0,-228(fp)
-- cmpl -228(fp),-232(fp)
-- bgequ noname.453
-- addl2 #65536,-240(fp)
--noname.453:
-- movzwl -226(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-240(fp)
-- bicl3 #-65536,-228(fp),r0
-- ashl #16,r0,-232(fp)
-- addl3 -232(fp),-236(fp),r0
-- bicl3 #0,r0,-236(fp)
-- cmpl -236(fp),-232(fp)
-- bgequ noname.454
-- incl -240(fp)
--noname.454:
-- movl -236(fp),r3
-- movl -240(fp),r2
-- bbc #31,r2,noname.455
-- incl r9
--noname.455:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.456
-- incl r2
--noname.456:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.457
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.457
-- incl r9
--noname.457:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.458
-- incl r9
--noname.458:
--
-- movl 8(ap),r0
-- movzwl 26(r0),r2
-- bicl3 #-65536,4(r0),r3
-- movzwl 6(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,24(r0),-252(fp)
-- bicl3 #-65536,r2,-256(fp)
-- mull3 r1,-252(fp),-244(fp)
-- mull2 r3,-252(fp)
-- mull3 r3,-256(fp),-248(fp)
-- mull2 r1,-256(fp)
-- addl3 -244(fp),-248(fp),r0
-- bicl3 #0,r0,-244(fp)
-- cmpl -244(fp),-248(fp)
-- bgequ noname.459
-- addl2 #65536,-256(fp)
--noname.459:
-- movzwl -242(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-256(fp)
-- bicl3 #-65536,-244(fp),r0
-- ashl #16,r0,-248(fp)
-- addl3 -248(fp),-252(fp),r0
-- bicl3 #0,r0,-252(fp)
-- cmpl -252(fp),-248(fp)
-- bgequ noname.460
-- incl -256(fp)
--noname.460:
-- movl -252(fp),r3
-- movl -256(fp),r2
-- bbc #31,r2,noname.461
-- incl r9
--noname.461:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.462
-- incl r2
--noname.462:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.463
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.463
-- incl r9
--noname.463:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.464
-- incl r9
--noname.464:
--
-- movl 8(ap),r0
-- movzwl 22(r0),r2
-- bicl3 #-65536,8(r0),r3
-- movzwl 10(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r0),-268(fp)
-- bicl3 #-65536,r2,-272(fp)
-- mull3 r1,-268(fp),-260(fp)
-- mull2 r3,-268(fp)
-- mull3 r3,-272(fp),-264(fp)
-- mull2 r1,-272(fp)
-- addl3 -260(fp),-264(fp),r0
-- bicl3 #0,r0,-260(fp)
-- cmpl -260(fp),-264(fp)
-- bgequ noname.465
-- addl2 #65536,-272(fp)
--noname.465:
-- movzwl -258(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-272(fp)
-- bicl3 #-65536,-260(fp),r0
-- ashl #16,r0,-264(fp)
-- addl3 -264(fp),-268(fp),r0
-- bicl3 #0,r0,-268(fp)
-- cmpl -268(fp),-264(fp)
-- bgequ noname.466
-- incl -272(fp)
--noname.466:
-- movl -268(fp),r3
-- movl -272(fp),r2
-- bbc #31,r2,noname.467
-- incl r9
--noname.467:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.468
-- incl r2
--noname.468:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.469
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.469
-- incl r9
--noname.469:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.470
-- incl r9
--noname.470:
--
-- movl 8(ap),r0
-- movzwl 18(r0),r2
-- bicl3 #-65536,12(r0),r3
-- movzwl 14(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r0),-284(fp)
-- bicl3 #-65536,r2,-288(fp)
-- mull3 r1,-284(fp),-276(fp)
-- mull2 r3,-284(fp)
-- mull3 r3,-288(fp),-280(fp)
-- mull2 r1,-288(fp)
-- addl3 -276(fp),-280(fp),r0
-- bicl3 #0,r0,-276(fp)
-- cmpl -276(fp),-280(fp)
-- bgequ noname.471
-- addl2 #65536,-288(fp)
--noname.471:
-- movzwl -274(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-288(fp)
-- bicl3 #-65536,-276(fp),r0
-- ashl #16,r0,-280(fp)
-- addl3 -280(fp),-284(fp),r0
-- bicl3 #0,r0,-284(fp)
-- cmpl -284(fp),-280(fp)
-- bgequ noname.472
-- incl -288(fp)
--noname.472:
-- movl -284(fp),r3
-- movl -288(fp),r2
-- bbc #31,r2,noname.473
-- incl r9
--noname.473:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.474
-- incl r2
--noname.474:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.475
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.475
-- incl r9
--noname.475:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.476
-- incl r9
--noname.476:
--
-- movl 4(ap),r0
-- movl r8,28(r0)
--
-- clrl r8
--
-- movl 8(ap),r3
-- movl 16(r3),r4
-- bicl3 #-65536,r4,r5
-- extzv #16,#16,r4,r0
-- bicl3 #-65536,r0,r4
-- mull3 r5,r4,-292(fp)
-- mull2 r5,r5
-- mull2 r4,r4
-- bicl3 #32767,-292(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r4
-- bicl3 #-65536,-292(fp),r0
-- ashl #17,r0,-292(fp)
-- addl2 -292(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-292(fp)
-- bgequ noname.477
-- incl r4
--noname.477:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r7
-- bicl2 #0,r7
-- cmpl r7,r1
-- bgequ noname.478
-- incl r2
--noname.478:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.479
-- incl r8
--noname.479:
--
-- bicl3 #-65536,20(r3),r4
-- movzwl 22(r3),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r3),r2
-- movzwl 14(r3),r0
-- bicl2 #-65536,r0
-- movl r4,r6
-- movl r1,r5
-- mull3 r0,r6,-296(fp)
-- mull2 r2,r6
-- mull3 r2,r5,-300(fp)
-- mull2 r0,r5
-- addl3 -296(fp),-300(fp),r0
-- bicl3 #0,r0,-296(fp)
-- cmpl -296(fp),-300(fp)
-- bgequ noname.480
-- addl2 #65536,r5
--noname.480:
-- movzwl -294(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r5
-- bicl3 #-65536,-296(fp),r0
-- ashl #16,r0,-300(fp)
-- addl2 -300(fp),r6
-- bicl2 #0,r6
-- cmpl r6,-300(fp)
-- bgequ noname.481
-- incl r5
--noname.481:
-- movl r6,r3
-- movl r5,r2
-- bbc #31,r2,noname.482
-- incl r8
--noname.482:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.483
-- incl r2
--noname.483:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.484
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.484
-- incl r8
--noname.484:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.485
-- incl r8
--noname.485:
--
-- movl 8(ap),r0
-- bicl3 #-65536,24(r0),r3
-- movzwl 26(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,8(r0),r2
-- movzwl 10(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-304(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-308(fp)
-- mull2 r0,r4
-- addl3 -304(fp),-308(fp),r0
-- bicl3 #0,r0,-304(fp)
-- cmpl -304(fp),-308(fp)
-- bgequ noname.486
-- addl2 #65536,r4
--noname.486:
-- movzwl -302(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-304(fp),r0
-- ashl #16,r0,-308(fp)
-- addl2 -308(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-308(fp)
-- bgequ noname.487
-- incl r4
--noname.487:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.488
-- incl r8
--noname.488:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.489
-- incl r2
--noname.489:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.490
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.490
-- incl r8
--noname.490:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.491
-- incl r8
--noname.491:
--
-- movl 8(ap),r0
-- bicl3 #-65536,28(r0),r3
-- movzwl 30(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r0),r2
-- movzwl 6(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-312(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-316(fp)
-- mull2 r0,r4
-- addl3 -312(fp),-316(fp),r0
-- bicl3 #0,r0,-312(fp)
-- cmpl -312(fp),-316(fp)
-- bgequ noname.492
-- addl2 #65536,r4
--noname.492:
-- movzwl -310(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-312(fp),r0
-- ashl #16,r0,-316(fp)
-- addl2 -316(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-316(fp)
-- bgequ noname.493
-- incl r4
--noname.493:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.494
-- incl r8
--noname.494:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.495
-- incl r2
--noname.495:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.496
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.496
-- incl r8
--noname.496:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.497
-- incl r8
--noname.497:
--
-- movl 4(ap),r0
-- movl r7,32(r0)
--
-- clrl r7
--
-- movl 8(ap),r0
-- bicl3 #-65536,28(r0),r3
-- movzwl 30(r0),r2
-- bicl3 #-65536,8(r0),r1
-- movzwl 10(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r4
-- bicl3 #-65536,r2,-328(fp)
-- mull3 r0,r4,-320(fp)
-- mull2 r1,r4
-- mull3 r1,-328(fp),-324(fp)
-- mull2 r0,-328(fp)
-- addl3 -320(fp),-324(fp),r0
-- bicl3 #0,r0,-320(fp)
-- cmpl -320(fp),-324(fp)
-- bgequ noname.498
-- addl2 #65536,-328(fp)
--noname.498:
-- movzwl -318(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-328(fp)
-- bicl3 #-65536,-320(fp),r0
-- ashl #16,r0,-324(fp)
-- addl2 -324(fp),r4
-- bicl2 #0,r4
-- cmpl r4,-324(fp)
-- bgequ noname.499
-- incl -328(fp)
--noname.499:
-- movl r4,r3
-- movl -328(fp),r2
-- bbc #31,r2,noname.500
-- incl r7
--noname.500:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.501
-- incl r2
--noname.501:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.502
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.502
-- incl r7
--noname.502:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.503
-- incl r7
--noname.503:
--
-- movl 8(ap),r0
-- movzwl 26(r0),r2
-- bicl3 #-65536,12(r0),r3
-- movzwl 14(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,24(r0),-340(fp)
-- bicl3 #-65536,r2,-344(fp)
-- mull3 r1,-340(fp),-332(fp)
-- mull2 r3,-340(fp)
-- mull3 r3,-344(fp),-336(fp)
-- mull2 r1,-344(fp)
-- addl3 -332(fp),-336(fp),r0
-- bicl3 #0,r0,-332(fp)
-- cmpl -332(fp),-336(fp)
-- bgequ noname.504
-- addl2 #65536,-344(fp)
--noname.504:
-- movzwl -330(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-344(fp)
-- bicl3 #-65536,-332(fp),r0
-- ashl #16,r0,-336(fp)
-- addl3 -336(fp),-340(fp),r0
-- bicl3 #0,r0,-340(fp)
-- cmpl -340(fp),-336(fp)
-- bgequ noname.505
-- incl -344(fp)
--noname.505:
-- movl -340(fp),r3
-- movl -344(fp),r2
-- bbc #31,r2,noname.506
-- incl r7
--noname.506:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.507
-- incl r2
--noname.507:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.508
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.508
-- incl r7
--noname.508:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.509
-- incl r7
--noname.509:
--
-- movl 8(ap),r0
-- movzwl 22(r0),r2
-- bicl3 #-65536,16(r0),r3
-- movzwl 18(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r0),-356(fp)
-- bicl3 #-65536,r2,-360(fp)
-- mull3 r1,-356(fp),-348(fp)
-- mull2 r3,-356(fp)
-- mull3 r3,-360(fp),-352(fp)
-- mull2 r1,-360(fp)
-- addl3 -348(fp),-352(fp),r0
-- bicl3 #0,r0,-348(fp)
-- cmpl -348(fp),-352(fp)
-- bgequ noname.510
-- addl2 #65536,-360(fp)
--noname.510:
-- movzwl -346(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-360(fp)
-- bicl3 #-65536,-348(fp),r0
-- ashl #16,r0,-352(fp)
-- addl3 -352(fp),-356(fp),r0
-- bicl3 #0,r0,-356(fp)
-- cmpl -356(fp),-352(fp)
-- bgequ noname.511
-- incl -360(fp)
--noname.511:
-- movl -356(fp),r3
-- movl -360(fp),r2
-- bbc #31,r2,noname.512
-- incl r7
--noname.512:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.513
-- incl r2
--noname.513:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.514
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.514
-- incl r7
--noname.514:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.515
-- incl r7
--noname.515:
--
-- movl 4(ap),r0
-- movl r9,36(r0)
--
-- clrl r9
--
-- movl 8(ap),r3
-- movl 20(r3),r4
-- bicl3 #-65536,r4,-364(fp)
-- extzv #16,#16,r4,r0
-- bicl3 #-65536,r0,r4
-- movl -364(fp),r0
-- mull3 r0,r4,-368(fp)
-- mull3 r0,r0,-364(fp)
-- mull2 r4,r4
-- bicl3 #32767,-368(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r4
-- bicl3 #-65536,-368(fp),r0
-- ashl #17,r0,-368(fp)
-- addl3 -364(fp),-368(fp),r0
-- bicl3 #0,r0,-364(fp)
-- cmpl -364(fp),-368(fp)
-- bgequ noname.516
-- incl r4
--noname.516:
-- movl -364(fp),r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.517
-- incl r2
--noname.517:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.518
-- incl r9
--noname.518:
--
-- bicl3 #-65536,24(r3),r4
-- movzwl 26(r3),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r3),r2
-- movzwl 18(r3),r0
-- bicl2 #-65536,r0
-- movl r4,r6
-- movl r1,r5
-- mull3 r0,r6,-372(fp)
-- mull2 r2,r6
-- mull3 r2,r5,-376(fp)
-- mull2 r0,r5
-- addl3 -372(fp),-376(fp),r0
-- bicl3 #0,r0,-372(fp)
-- cmpl -372(fp),-376(fp)
-- bgequ noname.519
-- addl2 #65536,r5
--noname.519:
-- movzwl -370(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r5
-- bicl3 #-65536,-372(fp),r0
-- ashl #16,r0,-376(fp)
-- addl2 -376(fp),r6
-- bicl2 #0,r6
-- cmpl r6,-376(fp)
-- bgequ noname.520
-- incl r5
--noname.520:
-- movl r6,r3
-- movl r5,r2
-- bbc #31,r2,noname.521
-- incl r9
--noname.521:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.522
-- incl r2
--noname.522:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.523
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.523
-- incl r9
--noname.523:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.524
-- incl r9
--noname.524:
--
-- movl 8(ap),r0
-- bicl3 #-65536,28(r0),r3
-- movzwl 30(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,12(r0),r2
-- movzwl 14(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-380(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-384(fp)
-- mull2 r0,r4
-- addl3 -380(fp),-384(fp),r0
-- bicl3 #0,r0,-380(fp)
-- cmpl -380(fp),-384(fp)
-- bgequ noname.525
-- addl2 #65536,r4
--noname.525:
-- movzwl -378(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-380(fp),r0
-- ashl #16,r0,-384(fp)
-- addl2 -384(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-384(fp)
-- bgequ noname.526
-- incl r4
--noname.526:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.527
-- incl r9
--noname.527:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.528
-- incl r2
--noname.528:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.529
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.529
-- incl r9
--noname.529:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.530
-- incl r9
--noname.530:
-- movl 4(ap),r0
-- movl r8,40(r0)
--
-- clrl r8
--
-- movl 8(ap),r0
-- bicl3 #-65536,28(r0),r3
-- movzwl 30(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,16(r0),r2
-- movzwl 18(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-388(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-392(fp)
-- mull2 r0,r4
-- addl3 -388(fp),-392(fp),r0
-- bicl3 #0,r0,-388(fp)
-- cmpl -388(fp),-392(fp)
-- bgequ noname.531
-- addl2 #65536,r4
--noname.531:
-- movzwl -386(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-388(fp),r0
-- ashl #16,r0,-392(fp)
-- addl2 -392(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-392(fp)
-- bgequ noname.532
-- incl r4
--noname.532:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.533
-- incl r8
--noname.533:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.534
-- incl r2
--noname.534:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.535
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.535
-- incl r8
--noname.535:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.536
-- incl r8
--noname.536:
--
-- movl 8(ap),r0
-- bicl3 #-65536,24(r0),r3
-- movzwl 26(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,20(r0),r2
-- movzwl 22(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-396(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-400(fp)
-- mull2 r0,r4
-- addl3 -396(fp),-400(fp),r0
-- bicl3 #0,r0,-396(fp)
-- cmpl -396(fp),-400(fp)
-- bgequ noname.537
-- addl2 #65536,r4
--noname.537:
-- movzwl -394(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-396(fp),r0
-- ashl #16,r0,-400(fp)
-- addl2 -400(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-400(fp)
-- bgequ noname.538
-- incl r4
--noname.538:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.539
-- incl r8
--noname.539:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.540
-- incl r2
--noname.540:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r7
-- bicl2 #0,r7
-- cmpl r7,r3
-- bgequ noname.541
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.541
-- incl r8
--noname.541:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.542
-- incl r8
--noname.542:
--
-- movl 4(ap),r0
-- movl r7,44(r0)
--
-- clrl r7
--
-- movl 8(ap),r3
-- movl 24(r3),r4
-- bicl3 #-65536,r4,r5
-- extzv #16,#16,r4,r0
-- bicl3 #-65536,r0,r4
-- mull3 r5,r4,-404(fp)
-- mull2 r5,r5
-- mull2 r4,r4
-- bicl3 #32767,-404(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r4
-- bicl3 #-65536,-404(fp),r0
-- ashl #17,r0,-404(fp)
-- addl2 -404(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-404(fp)
-- bgequ noname.543
-- incl r4
--noname.543:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.544
-- incl r2
--noname.544:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.545
-- incl r7
--noname.545:
--
-- movzwl 30(r3),r2
-- bicl3 #-65536,20(r3),r1
-- movzwl 22(r3),r0
-- bicl2 #-65536,r0
-- bicl3 #-65536,28(r3),-416(fp)
-- bicl3 #-65536,r2,-420(fp)
-- mull3 r0,-416(fp),-408(fp)
-- mull2 r1,-416(fp)
-- mull3 r1,-420(fp),-412(fp)
-- mull2 r0,-420(fp)
-- addl3 -408(fp),-412(fp),r0
-- bicl3 #0,r0,-408(fp)
-- cmpl -408(fp),-412(fp)
-- bgequ noname.546
-- addl2 #65536,-420(fp)
--noname.546:
-- movzwl -406(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-420(fp)
-- bicl3 #-65536,-408(fp),r0
-- ashl #16,r0,-412(fp)
-- addl3 -412(fp),-416(fp),r0
-- bicl3 #0,r0,-416(fp)
-- cmpl -416(fp),-412(fp)
-- bgequ noname.547
-- incl -420(fp)
--noname.547:
-- movl -416(fp),r3
-- movl -420(fp),r2
-- bbc #31,r2,noname.548
-- incl r7
--noname.548:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.549
-- incl r2
--noname.549:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.550
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.550
-- incl r7
--noname.550:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.551
-- incl r7
--noname.551:
--
-- movl 4(ap),r0
-- movl r9,48(r0)
--
-- clrl r9
--
-- movl 8(ap),r0
-- movzwl 30(r0),r2
-- bicl3 #-65536,24(r0),r3
-- movzwl 26(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,28(r0),-432(fp)
-- bicl3 #-65536,r2,-436(fp)
-- mull3 r1,-432(fp),-424(fp)
-- mull2 r3,-432(fp)
-- mull3 r3,-436(fp),-428(fp)
-- mull2 r1,-436(fp)
-- addl3 -424(fp),-428(fp),r0
-- bicl3 #0,r0,-424(fp)
-- cmpl -424(fp),-428(fp)
-- bgequ noname.552
-- addl2 #65536,-436(fp)
--noname.552:
-- movzwl -422(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,-436(fp)
-- bicl3 #-65536,-424(fp),r0
-- ashl #16,r0,-428(fp)
-- addl3 -428(fp),-432(fp),r0
-- bicl3 #0,r0,-432(fp)
-- cmpl -432(fp),-428(fp)
-- bgequ noname.553
-- incl -436(fp)
--noname.553:
-- movl -432(fp),r3
-- movl -436(fp),r2
-- bbc #31,r2,noname.554
-- incl r9
--noname.554:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.555
-- incl r2
--noname.555:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.556
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.556
-- incl r9
--noname.556:
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.557
-- incl r9
--noname.557:
--
-- movl 4(ap),r4
-- movl r8,52(r4)
--
-- clrl r8
--
-- movl 8(ap),r0
-- movl 28(r0),r3
-- bicl3 #-65536,r3,-440(fp)
-- extzv #16,#16,r3,r0
-- bicl3 #-65536,r0,r3
-- movl -440(fp),r0
-- mull3 r0,r3,-444(fp)
-- mull3 r0,r0,-440(fp)
-- mull2 r3,r3
-- bicl3 #32767,-444(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r3
-- bicl3 #-65536,-444(fp),r0
-- ashl #17,r0,-444(fp)
-- addl3 -440(fp),-444(fp),r0
-- bicl3 #0,r0,-440(fp)
-- cmpl -440(fp),-444(fp)
-- bgequ noname.558
-- incl r3
--noname.558:
-- movl -440(fp),r1
-- movl r3,r2
-- addl2 r1,r7
-- bicl2 #0,r7
-- cmpl r7,r1
-- bgequ noname.559
-- incl r2
--noname.559:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.560
-- incl r8
--noname.560:
--
-- movl r7,56(r4)
--
-- movl r9,60(r4)
--
-- ret
--
--
--
--;r=4 ;(AP)
--;a=8 ;(AP)
--;b=12 ;(AP)
--;n=16 ;(AP) n by value (input)
--
-- .psect code,nowrt
--
--.entry BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
-- subl2 #44,sp
--
-- clrq r8
--
-- clrl r10
--
-- movl 8(ap),r5
-- movl (r5),r3
-- bicl3 #-65536,r3,r4
-- extzv #16,#16,r3,r0
-- bicl3 #-65536,r0,r3
-- mull3 r4,r3,-4(fp)
-- mull2 r4,r4
-- mull2 r3,r3
-- bicl3 #32767,-4(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r3
-- bicl3 #-65536,-4(fp),r0
-- ashl #17,r0,-4(fp)
-- addl2 -4(fp),r4
-- bicl2 #0,r4
-- cmpl r4,-4(fp)
-- bgequ noname.563
-- incl r3
--noname.563:
-- movl r4,r1
-- movl r3,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.564
-- incl r2
--noname.564:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.565
-- incl r10
--noname.565:
--
-- movl r9, at 4(ap)
--
-- clrl r9
--
-- bicl3 #-65536,4(r5),r3
-- movzwl 6(r5),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,(r5),r2
-- movzwl 2(r5),r0
-- bicl2 #-65536,r0
-- movl r3,r6
-- movl r1,r4
-- mull3 r0,r6,-8(fp)
-- mull2 r2,r6
-- mull2 r4,r2
-- mull2 r0,r4
-- addl3 -8(fp),r2,r0
-- bicl3 #0,r0,-8(fp)
-- cmpl -8(fp),r2
-- bgequ noname.566
-- addl2 #65536,r4
--noname.566:
-- movzwl -6(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-8(fp),r0
-- ashl #16,r0,r1
-- addl2 r1,r6
-- bicl2 #0,r6
-- cmpl r6,r1
-- bgequ noname.567
-- incl r4
--noname.567:
-- movl r6,r3
-- movl r4,r2
-- bbc #31,r2,noname.568
-- incl r9
--noname.568:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.569
-- incl r2
--noname.569:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.570
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.570
-- incl r9
--noname.570:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.571
-- incl r9
--noname.571:
--
-- movl 4(ap),r0
-- movl r8,4(r0)
--
-- clrl r8
--
-- movl 8(ap),r4
-- movl 4(r4),r3
-- bicl3 #-65536,r3,r5
-- extzv #16,#16,r3,r0
-- bicl3 #-65536,r0,r3
-- mull3 r5,r3,r1
-- mull2 r5,r5
-- mull2 r3,r3
-- bicl3 #32767,r1,r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r3
-- bicl2 #-65536,r1
-- ashl #17,r1,r1
-- addl2 r1,r5
-- bicl2 #0,r5
-- cmpl r5,r1
-- bgequ noname.572
-- incl r3
--noname.572:
-- movl r5,r1
-- movl r3,r2
-- addl2 r1,r10
-- bicl2 #0,r10
-- cmpl r10,r1
-- bgequ noname.573
-- incl r2
--noname.573:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.574
-- incl r8
--noname.574:
--
-- bicl3 #-65536,8(r4),r3
-- movzwl 10(r4),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,(r4),r2
-- movzwl 2(r4),r0
-- bicl2 #-65536,r0
-- movl r3,r6
-- movl r1,r5
-- mull3 r0,r6,r7
-- mull2 r2,r6
-- mull2 r5,r2
-- mull2 r0,r5
-- addl2 r2,r7
-- bicl2 #0,r7
-- cmpl r7,r2
-- bgequ noname.575
-- addl2 #65536,r5
--noname.575:
-- extzv #16,#16,r7,r0
-- bicl2 #-65536,r0
-- addl2 r0,r5
-- bicl3 #-65536,r7,r0
-- ashl #16,r0,r1
-- addl2 r1,r6
-- bicl2 #0,r6
-- cmpl r6,r1
-- bgequ noname.576
-- incl r5
--noname.576:
-- movl r6,r3
-- movl r5,r2
-- bbc #31,r2,noname.577
-- incl r8
--noname.577:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.578
-- incl r2
--noname.578:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r10
-- bicl2 #0,r10
-- cmpl r10,r3
-- bgequ noname.579
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.579
-- incl r8
--noname.579:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.580
-- incl r8
--noname.580:
--
-- movl 4(ap),r0
-- movl r10,8(r0)
--
-- clrl r10
--
-- movl 8(ap),r0
-- bicl3 #-65536,12(r0),r3
-- movzwl 14(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,(r0),r2
-- movzwl 2(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,r6
-- mull2 r2,r5
-- mull3 r2,r4,-12(fp)
-- mull2 r0,r4
-- addl2 -12(fp),r6
-- bicl2 #0,r6
-- cmpl r6,-12(fp)
-- bgequ noname.581
-- addl2 #65536,r4
--noname.581:
-- extzv #16,#16,r6,r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,r6,r0
-- ashl #16,r0,-12(fp)
-- addl2 -12(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-12(fp)
-- bgequ noname.582
-- incl r4
--noname.582:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.583
-- incl r10
--noname.583:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.584
-- incl r2
--noname.584:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.585
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.585
-- incl r10
--noname.585:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.586
-- incl r10
--noname.586:
--
-- movl 8(ap),r0
-- bicl3 #-65536,8(r0),r3
-- movzwl 10(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r0),r2
-- movzwl 6(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-16(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-20(fp)
-- mull2 r0,r4
-- addl3 -16(fp),-20(fp),r0
-- bicl3 #0,r0,-16(fp)
-- cmpl -16(fp),-20(fp)
-- bgequ noname.587
-- addl2 #65536,r4
--noname.587:
-- movzwl -14(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-16(fp),r0
-- ashl #16,r0,-20(fp)
-- addl2 -20(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-20(fp)
-- bgequ noname.588
-- incl r4
--noname.588:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.589
-- incl r10
--noname.589:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.590
-- incl r2
--noname.590:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r9
-- bicl2 #0,r9
-- cmpl r9,r3
-- bgequ noname.591
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.591
-- incl r10
--noname.591:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.592
-- incl r10
--noname.592:
-- movl 4(ap),r0
-- movl r9,12(r0)
--
-- clrl r9
--
-- movl 8(ap),r3
-- movl 8(r3),r4
-- bicl3 #-65536,r4,r5
-- extzv #16,#16,r4,r0
-- bicl3 #-65536,r0,r4
-- mull3 r5,r4,-24(fp)
-- mull2 r5,r5
-- mull2 r4,r4
-- bicl3 #32767,-24(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r4
-- bicl3 #-65536,-24(fp),r0
-- ashl #17,r0,-24(fp)
-- addl2 -24(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-24(fp)
-- bgequ noname.593
-- incl r4
--noname.593:
-- movl r5,r1
-- movl r4,r2
-- addl2 r1,r8
-- bicl2 #0,r8
-- cmpl r8,r1
-- bgequ noname.594
-- incl r2
--noname.594:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.595
-- incl r9
--noname.595:
--
-- bicl3 #-65536,12(r3),r4
-- movzwl 14(r3),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,4(r3),r2
-- movzwl 6(r3),r0
-- bicl2 #-65536,r0
-- movl r4,r6
-- movl r1,r5
-- mull3 r0,r6,-28(fp)
-- mull2 r2,r6
-- mull3 r2,r5,-32(fp)
-- mull2 r0,r5
-- addl3 -28(fp),-32(fp),r0
-- bicl3 #0,r0,-28(fp)
-- cmpl -28(fp),-32(fp)
-- bgequ noname.596
-- addl2 #65536,r5
--noname.596:
-- movzwl -26(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r5
-- bicl3 #-65536,-28(fp),r0
-- ashl #16,r0,-32(fp)
-- addl2 -32(fp),r6
-- bicl2 #0,r6
-- cmpl r6,-32(fp)
-- bgequ noname.597
-- incl r5
--noname.597:
-- movl r6,r3
-- movl r5,r2
-- bbc #31,r2,noname.598
-- incl r9
--noname.598:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.599
-- incl r2
--noname.599:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r8
-- bicl2 #0,r8
-- cmpl r8,r3
-- bgequ noname.600
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.600
-- incl r9
--noname.600:
-- addl2 r2,r10
-- bicl2 #0,r10
-- cmpl r10,r2
-- bgequ noname.601
-- incl r9
--noname.601:
--
-- movl 4(ap),r0
-- movl r8,16(r0)
--
-- clrl r8
--
-- movl 8(ap),r0
-- bicl3 #-65536,12(r0),r3
-- movzwl 14(r0),r1
-- bicl2 #-65536,r1
-- bicl3 #-65536,8(r0),r2
-- movzwl 10(r0),r0
-- bicl2 #-65536,r0
-- movl r3,r5
-- movl r1,r4
-- mull3 r0,r5,-36(fp)
-- mull2 r2,r5
-- mull3 r2,r4,-40(fp)
-- mull2 r0,r4
-- addl3 -36(fp),-40(fp),r0
-- bicl3 #0,r0,-36(fp)
-- cmpl -36(fp),-40(fp)
-- bgequ noname.602
-- addl2 #65536,r4
--noname.602:
-- movzwl -34(fp),r0
-- bicl2 #-65536,r0
-- addl2 r0,r4
-- bicl3 #-65536,-36(fp),r0
-- ashl #16,r0,-40(fp)
-- addl2 -40(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-40(fp)
-- bgequ noname.603
-- incl r4
--noname.603:
-- movl r5,r3
-- movl r4,r2
-- bbc #31,r2,noname.604
-- incl r8
--noname.604:
-- addl2 r2,r2
-- bicl2 #0,r2
-- bbc #31,r3,noname.605
-- incl r2
--noname.605:
-- addl2 r3,r3
-- bicl2 #0,r3
-- addl2 r3,r10
-- bicl2 #0,r10
-- cmpl r10,r3
-- bgequ noname.606
-- incl r2
-- bicl3 #0,r2,r0
-- bneq noname.606
-- incl r8
--noname.606:
-- addl2 r2,r9
-- bicl2 #0,r9
-- cmpl r9,r2
-- bgequ noname.607
-- incl r8
--noname.607:
--
-- movl 4(ap),r4
-- movl r10,20(r4)
--
-- clrl r10
--
-- movl 8(ap),r0
-- movl 12(r0),r3
-- bicl3 #-65536,r3,r5
-- extzv #16,#16,r3,r0
-- bicl3 #-65536,r0,r3
-- mull3 r5,r3,-44(fp)
-- mull2 r5,r5
-- mull2 r3,r3
-- bicl3 #32767,-44(fp),r0
-- extzv #15,#17,r0,r0
-- addl2 r0,r3
-- bicl3 #-65536,-44(fp),r0
-- ashl #17,r0,-44(fp)
-- addl2 -44(fp),r5
-- bicl2 #0,r5
-- cmpl r5,-44(fp)
-- bgequ noname.608
-- incl r3
--noname.608:
-- movl r5,r1
-- movl r3,r2
-- addl2 r1,r9
-- bicl2 #0,r9
-- cmpl r9,r1
-- bgequ noname.609
-- incl r2
--noname.609:
-- addl2 r2,r8
-- bicl2 #0,r8
-- cmpl r8,r2
-- bgequ noname.610
-- incl r10
--noname.610:
--
-- movl r9,24(r4)
--
-- movl r8,28(r4)
--
-- ret
--
--; For now, the code below doesn't work, so I end this prematurely.
--.end
---- a/crypto/bn/asm/x86-gf2m.pl
-+++ b/crypto/bn/asm/x86-gf2m.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/bn/asm/x86-mont.pl
-+++ b/crypto/bn/asm/x86-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/bn/asm/x86.pl
-+++ b/crypto/bn/asm/x86.pl
-@@ -1,4 +1,10 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- push(@INC,"perlasm","../../perlasm");
- require "x86asm.pl";
---- a/crypto/bn/asm/x86_64-gcc.c
-+++ b/crypto/bn/asm/x86_64-gcc.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include "../bn_lcl.h"
- #if !(defined(__GNUC__) && __GNUC__>=2)
- # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
---- a/crypto/bn/asm/x86_64-gf2m.pl
-+++ b/crypto/bn/asm/x86_64-gf2m.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -31,7 +38,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- ($lo,$hi)=("%rax","%rdx"); $a=$lo;
---- a/crypto/bn/asm/x86_64-mont.pl
-+++ b/crypto/bn/asm/x86_64-mont.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -50,7 +57,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
---- a/crypto/bn/asm/x86_64-mont5.pl
-+++ b/crypto/bn/asm/x86_64-mont5.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -35,7 +42,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
---- a/crypto/bn/bn_add.c
-+++ b/crypto/bn/bn_add.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -61,7 +13,6 @@
- /* r can == a or b */
- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
-- const BIGNUM *tmp;
- int a_neg = a->neg, ret;
-
- bn_check_top(a);
-@@ -76,6 +27,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, c
- if (a_neg ^ b->neg) {
- /* only one is negative */
- if (a_neg) {
-+ const BIGNUM *tmp;
-+
- tmp = a;
- a = b;
- b = tmp;
-@@ -85,14 +38,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, c
-
- if (BN_ucmp(a, b) < 0) {
- if (!BN_usub(r, b, a))
-- return (0);
-+ return 0;
- r->neg = 1;
- } else {
- if (!BN_usub(r, a, b))
-- return (0);
-+ return 0;
- r->neg = 0;
- }
-- return (1);
-+ return 1;
- }
-
- ret = BN_uadd(r, a, b);
-@@ -107,12 +60,13 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a,
- int max, min, dif;
- const BN_ULONG *ap, *bp;
- BN_ULONG *rp, carry, t1, t2;
-- const BIGNUM *tmp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->top < b->top) {
-+ const BIGNUM *tmp;
-+
- tmp = a;
- a = b;
- b = tmp;
-@@ -133,29 +87,17 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a,
- carry = bn_add_words(rp, ap, bp, min);
- rp += min;
- ap += min;
-- bp += min;
-
-- if (carry) {
-- while (dif) {
-- dif--;
-- t1 = *(ap++);
-- t2 = (t1 + 1) & BN_MASK2;
-- *(rp++) = t2;
-- if (t2) {
-- carry = 0;
-- break;
-- }
-- }
-- if (carry) {
-- /* carry != 0 => dif == 0 */
-- *rp = 1;
-- r->top++;
-- }
-+ while (dif) {
-+ dif--;
-+ t1 = *(ap++);
-+ t2 = (t1 + carry) & BN_MASK2;
-+ *(rp++) = t2;
-+ carry &= (t2 == 0);
- }
-- if (dif && rp != ap)
-- while (dif--)
-- /* copy remaining words if ap != rp */
-- *(rp++) = *(ap++);
-+ *rp = carry;
-+ r->top += carry;
-+
- r->neg = 0;
- bn_check_top(r);
- return 1;
-@@ -165,9 +107,8 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a,
- int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max, min, dif;
-- register BN_ULONG t1, t2, *rp;
-- register const BN_ULONG *ap, *bp;
-- int i, carry;
-+ BN_ULONG t1, t2, borrow, *rp;
-+ const BN_ULONG *ap, *bp;
-
- bn_check_top(a);
- bn_check_top(b);
-@@ -178,63 +119,38 @@ int BN_usub(BIGNUM *r, const BIGNUM *a,
-
- if (dif < 0) { /* hmm... should not be happening */
- BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
-- return (0);
-+ return 0;
- }
-
- if (bn_wexpand(r, max) == NULL)
-- return (0);
-+ return 0;
-
- ap = a->d;
- bp = b->d;
- rp = r->d;
-
--#if 1
-- carry = 0;
-- for (i = min; i != 0; i--) {
-- t1 = *(ap++);
-- t2 = *(bp++);
-- if (carry) {
-- carry = (t1 <= t2);
-- t1 = (t1 - t2 - 1) & BN_MASK2;
-- } else {
-- carry = (t1 < t2);
-- t1 = (t1 - t2) & BN_MASK2;
-- }
-- *(rp++) = t1 & BN_MASK2;
-- }
--#else
-- carry = bn_sub_words(rp, ap, bp, min);
-+ borrow = bn_sub_words(rp, ap, bp, min);
- ap += min;
-- bp += min;
- rp += min;
--#endif
-- if (carry) { /* subtracted */
-- if (!dif)
-- /* error: a < b */
-- return 0;
-- while (dif) {
-- dif--;
-- t1 = *(ap++);
-- t2 = (t1 - 1) & BN_MASK2;
-- *(rp++) = t2;
-- if (t1)
-- break;
-- }
-+
-+ while (dif) {
-+ dif--;
-+ t1 = *(ap++);
-+ t2 = (t1 - borrow) & BN_MASK2;
-+ *(rp++) = t2;
-+ borrow &= (t1 == 0);
- }
-- if (dif && ap != rp)
-- memcpy(rp, ap, sizeof(*rp) * dif);
-
- r->top = max;
- r->neg = 0;
- bn_correct_top(r);
-- return (1);
-+ return 1;
- }
-
- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max;
- int add = 0, neg = 0;
-- const BIGNUM *tmp;
-
- bn_check_top(a);
- bn_check_top(b);
-@@ -247,6 +163,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, c
- */
- if (a->neg) {
- if (b->neg) {
-+ const BIGNUM *tmp;
-+
- tmp = a;
- a = b;
- b = tmp;
-@@ -263,25 +181,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, c
-
- if (add) {
- if (!BN_uadd(r, a, b))
-- return (0);
-+ return 0;
- r->neg = neg;
-- return (1);
-+ return 1;
- }
-
- /* We are actually doing a - b :-) */
-
- max = (a->top > b->top) ? a->top : b->top;
- if (bn_wexpand(r, max) == NULL)
-- return (0);
-+ return 0;
- if (BN_ucmp(a, b) < 0) {
- if (!BN_usub(r, b, a))
-- return (0);
-+ return 0;
- r->neg = 1;
- } else {
- if (!BN_usub(r, a, b))
-- return (0);
-+ return 0;
- r->neg = 0;
- }
- bn_check_top(r);
-- return (1);
-+ return 1;
- }
---- a/crypto/bn/bn_asm.c
-+++ b/crypto/bn/bn_asm.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <assert.h>
---- a/crypto/bn/bn_blind.c
-+++ b/crypto/bn/bn_blind.c
-@@ -1,116 +1,14 @@
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
- #include "internal/cryptlib.h"
--#include "internal/threads.h"
- #include "bn_lcl.h"
-
- #define BN_BLINDING_COUNTER 32
---- a/crypto/bn/bn_const.c
-+++ b/crypto/bn/bn_const.c
-@@ -1,4 +1,11 @@
--/* Insert boilerplate */
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #include <openssl/bn.h>
-
---- a/crypto/bn/bn_ctx.c
-+++ b/crypto/bn/bn_ctx.c
-@@ -1,56 +1,10 @@
--/* Written by Ulf Moeller for the OpenSSL project. */
--/* ====================================================================
-- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_depr.c
-+++ b/crypto/bn/bn_depr.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -66,7 +21,6 @@ NON_EMPTY_TRANSLATION_UNIT
- # include <time.h>
- # include "internal/cryptlib.h"
- # include "bn_lcl.h"
--# include <openssl/rand.h>
-
- BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
---- a/crypto/bn/bn_dh.c
-+++ b/crypto/bn/bn_dh.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2011.
-- */
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "bn_lcl.h"
---- a/crypto/bn/bn_div.c
-+++ b/crypto/bn/bn_div.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/bn.h>
-@@ -178,7 +130,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, cons
- # endif /* OPENSSL_NO_ASM */
-
- /*-
-- * BN_div computes dv := num / divisor, rounding towards
-+ * BN_div computes dv := num / divisor, rounding towards
- * zero, and sets up rm such that dv*divisor + rm = num holds.
- * Thus:
- * dv->neg == num->neg ^ divisor->neg (unless the result is zero)
-@@ -326,6 +278,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
- res->top--;
- }
-
-+ /* Increase the resp pointer so that we never create an invalid pointer. */
-+ resp++;
-+
- /*
- * if res->top == 0 then clear the neg value otherwise decrease the resp
- * pointer
-@@ -335,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
- else
- resp--;
-
-- for (i = 0; i < loop - 1; i++, wnump--, resp--) {
-+ for (i = 0; i < loop - 1; i++, wnump--) {
- BN_ULONG q, l0;
- /*
- * the first part of the loop uses the top two words of snum and sdiv
-@@ -441,6 +396,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
- (*wnump)++;
- }
- /* store part of the result */
-+ resp--;
- *resp = q;
- }
- bn_correct_top(snum);
---- a/crypto/bn/bn_err.c
-+++ b/crypto/bn/bn_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -82,10 +32,8 @@ static ERR_STRING_DATA BN_str_functs[] =
- {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
- {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
- {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-- {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
- {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
- {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-- {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
- {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"},
- {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"},
- {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"},
-@@ -107,7 +55,6 @@ static ERR_STRING_DATA BN_str_functs[] =
- {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
- {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
- {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
-- {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
- {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
- {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
- {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-@@ -147,7 +94,7 @@ static ERR_STRING_DATA BN_str_reasons[]
-
- #endif
-
--void ERR_load_BN_strings(void)
-+int ERR_load_BN_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -156,4 +103,5 @@ void ERR_load_BN_strings(void)
- ERR_load_strings(0, BN_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/bn/bn_exp.c
-+++ b/crypto/bn/bn_exp.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -198,7 +97,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *
- bn_check_top(m);
-
- /*-
-- * For even modulus m = 2^k*m_odd, it might make sense to compute
-+ * For even modulus m = 2^k*m_odd, it might make sense to compute
- * a^p mod m_odd and a^p mod 2^k separately (with Montgomery
- * exponentiation for the odd part), using appropriate exponent
- * reductions, and combine the results using the CRT.
-@@ -628,6 +527,14 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- {
- int i, j;
- int width = 1 << window;
-+ /*
-+ * We declare table 'volatile' in order to discourage compiler
-+ * from reordering loads from the table. Concern is that if
-+ * reordered in specific manner loads might give away the
-+ * information we are trying to conceal. Some would argue that
-+ * compiler can reorder them anyway, but it can as well be
-+ * argued that doing so would be violation of standard...
-+ */
- volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
-
- if (bn_wexpand(b, top) == NULL)
---- a/crypto/bn/bn_exp2.c
-+++ b/crypto/bn/bn_exp2.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/bn/bn_gcd.c
-+++ b/crypto/bn/bn_gcd.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -471,7 +370,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
-- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
-+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
-@@ -666,7 +565,7 @@ static BIGNUM *BN_mod_inverse_no_branch(
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
-- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
-+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
---- a/crypto/bn/bn_gf2m.c
-+++ b/crypto/bn/bn_gf2m.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -7,85 +16,6 @@
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
-- *
-- * In addition, Sun covenants to all licensees who provide a reciprocal
-- * covenant with respect to their own patents if any, not to sue under
-- * current and future patent claims necessarily infringed by the making,
-- * using, practicing, selling, offering for sale and/or otherwise
-- * disposing of the ECC Code as delivered hereunder (or portions thereof),
-- * provided that such covenant shall not apply:
-- * 1) for code that a licensee deletes from the ECC Code;
-- * 2) separates from the ECC Code; or
-- * 3) for infringements caused by:
-- * i) the modification of the ECC Code or
-- * ii) the combination of the ECC Code with other software or
-- * devices where such combination causes the infringement.
-- *
-- * The software is originally written by Sheueling Chang Shantz and
-- * Douglas Stebila of Sun Microsystems Laboratories.
-- *
-- */
--
--/*
-- * NOTE: This file is licensed pursuant to the OpenSSL license below and may
-- * be modified; but after modifications, the above covenant may no longer
-- * apply! In such cases, the corresponding paragraph ["In addition, Sun
-- * covenants ... causes the infringement."] and this note can be edited out;
-- * but please keep the Sun copyright notice and attribution.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
- */
-
- #include <assert.h>
---- a/crypto/bn/bn_intern.c
-+++ b/crypto/bn/bn_intern.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_kron.c
-+++ b/crypto/bn/bn_kron.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_lcl.h
-+++ b/crypto/bn/bn_lcl.h
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BN_LCL_H
-@@ -258,18 +157,18 @@ int RAND_pseudo_bytes(unsigned char *buf
- # endif
- # define bn_pollute(a) \
- do { \
-- const BIGNUM *_bnum1 = (a); \
-- if(_bnum1->top < _bnum1->dmax) { \
-- unsigned char _tmp_char; \
-- /* We cast away const without the compiler knowing, any \
-- * *genuinely* constant variables that aren't mutable \
-- * wouldn't be constructed with top!=dmax. */ \
-- BN_ULONG *_not_const; \
-- memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
-- RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
-- memset(_not_const + _bnum1->top, _tmp_char, \
-- sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
-- } \
-+ const BIGNUM *_bnum1 = (a); \
-+ if (_bnum1->top < _bnum1->dmax) { \
-+ unsigned char _tmp_char; \
-+ /* We cast away const without the compiler knowing, any \
-+ * *genuinely* constant variables that aren't mutable \
-+ * wouldn't be constructed with top!=dmax. */ \
-+ BN_ULONG *_not_const; \
-+ memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
-+ RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
-+ memset(_not_const + _bnum1->top, _tmp_char, \
-+ sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
-+ } \
- } while(0)
- # ifdef BN_DEBUG_TRIX
- # undef RAND_pseudo_bytes
-@@ -358,9 +257,9 @@ struct bn_gencb_st {
- unsigned int ver; /* To handle binary (in)compatibility */
- void *arg; /* callback-specific data */
- union {
-- /* if(ver==1) - handles old style callbacks */
-+ /* if (ver==1) - handles old style callbacks */
- void (*cb_1) (int, int, void *);
-- /* if(ver==2) - new callback style */
-+ /* if (ver==2) - new callback style */
- int (*cb_2) (int, int, BN_GENCB *);
- } cb;
- };
-@@ -779,7 +678,7 @@ static ossl_inline BIGNUM *bn_expand(BIG
- if (bits > (INT_MAX - BN_BITS2 + 1))
- return NULL;
-
-- if(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
-+ if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
- return a;
-
- return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
---- a/crypto/bn/bn_lib.c
-+++ b/crypto/bn/bn_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <assert.h>
-@@ -218,7 +170,7 @@ int BN_num_bits(const BIGNUM *a)
-
- static void bn_free_d(BIGNUM *a)
- {
-- if (BN_get_flags(a,BN_FLG_SECURE))
-+ if (BN_get_flags(a, BN_FLG_SECURE))
- OPENSSL_secure_free(a->d);
- else
- OPENSSL_free(a->d);
-@@ -307,7 +259,7 @@ static BN_ULONG *bn_expand_internal(cons
- BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
- return (NULL);
- }
-- if (BN_get_flags(b,BN_FLG_SECURE))
-+ if (BN_get_flags(b, BN_FLG_SECURE))
- a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
- else
- a = A = OPENSSL_zalloc(words * sizeof(*a));
-@@ -493,7 +445,7 @@ void BN_clear(BIGNUM *a)
- {
- bn_check_top(a);
- if (a->d != NULL)
-- memset(a->d, 0, sizeof(*a->d) * a->dmax);
-+ OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
- a->top = 0;
- a->neg = 0;
- }
-@@ -613,9 +565,9 @@ BIGNUM *BN_lebin2bn(const unsigned char
- if (ret == NULL)
- return (NULL);
- bn_check_top(ret);
-- s += len - 1;
-+ s += len;
- /* Skip trailing zeroes. */
-- for ( ; len > 0 && *s == 0; s--, len--)
-+ for ( ; len > 0 && s[-1] == 0; s--, len--)
- continue;
- n = len;
- if (n == 0) {
-@@ -632,7 +584,8 @@ BIGNUM *BN_lebin2bn(const unsigned char
- ret->neg = 0;
- l = 0;
- while (n--) {
-- l = (l << 8L) | *(s--);
-+ s--;
-+ l = (l << 8L) | *s;
- if (m-- == 0) {
- ret->d[--i] = l;
- l = 0;
-@@ -658,10 +611,11 @@ int BN_bn2lebinpad(const BIGNUM *a, unsi
- /* Add trailing zeroes if necessary */
- if (tolen > i)
- memset(to + i, 0, tolen - i);
-- to += i - 1;
-+ to += i;
- while (i--) {
- l = a->d[i / BN_BYTES];
-- *(to--) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
-+ to--;
-+ *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
- }
- return tolen;
- }
-@@ -839,9 +793,9 @@ int bn_cmp_words(const BN_ULONG *a, cons
-
- /*
- * Here follows a specialised variants of bn_cmp_words(). It has the
-- * property of performing the operation on arrays of different sizes. The
-+ * capability of performing the operation on arrays of different sizes. The
- * sizes of those arrays is expressed through cl, which is the common length
-- * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
-+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
- * two lengths, calculated as len(a)-len(b). All lengths are the number of
- * BN_ULONGs...
- */
-@@ -1070,9 +1024,11 @@ void bn_correct_top(BIGNUM *a)
- int tmp_top = a->top;
-
- if (tmp_top > 0) {
-- for (ftl = &(a->d[tmp_top - 1]); tmp_top > 0; tmp_top--)
-- if (*(ftl--))
-+ for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
-+ ftl--;
-+ if (*ftl != 0)
- break;
-+ }
- a->top = tmp_top;
- }
- bn_pollute(a);
---- a/crypto/bn/bn_mod.c
-+++ b/crypto/bn/bn_mod.c
-@@ -1,115 +1,10 @@
- /*
-- * Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
-- * for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_mont.c
-+++ b/crypto/bn/bn_mont.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/bn/bn_mpi.c
-+++ b/crypto/bn/bn_mpi.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -87,41 +39,48 @@ int BN_bn2mpi(const BIGNUM *a, unsigned
- return (num + 4 + ext);
- }
-
--BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
-+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
- {
- long len;
- int neg = 0;
-+ BIGNUM *a = NULL;
-
- if (n < 4) {
- BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
-- return (NULL);
-+ return NULL;
- }
- len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
- d[3];
- if ((len + 4) != n) {
- BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
-- return (NULL);
-+ return NULL;
- }
-
-- if (a == NULL)
-+ if (ain == NULL)
- a = BN_new();
-+ else
-+ a = ain;
-+
- if (a == NULL)
-- return (NULL);
-+ return NULL;
-
- if (len == 0) {
- a->neg = 0;
- a->top = 0;
-- return (a);
-+ return a;
- }
- d += 4;
- if ((*d) & 0x80)
- neg = 1;
-- if (BN_bin2bn(d, (int)len, a) == NULL)
-- return (NULL);
-+ if (BN_bin2bn(d, (int)len, a) == NULL) {
-+ if (ain == NULL)
-+ BN_free(a);
-+ return NULL;
-+ }
- a->neg = neg;
- if (neg) {
- BN_clear_bit(a, BN_num_bits(a) - 1);
- }
- bn_check_top(a);
-- return (a);
-+ return a;
- }
---- a/crypto/bn/bn_mul.c
-+++ b/crypto/bn/bn_mul.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <assert.h>
---- a/crypto/bn/bn_nist.c
-+++ b/crypto/bn/bn_nist.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "bn_lcl.h"
---- a/crypto/bn/bn_prime.c
-+++ b/crypto/bn/bn_prime.c
-@@ -1,118 +1,18 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/bn/bn_prime.pl
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <time.h>
- #include "internal/cryptlib.h"
- #include "bn_lcl.h"
--#include <openssl/rand.h>
-
- /*
- * The quick sieve algorithm approach to weeding out primes is Philip
-@@ -208,9 +108,6 @@ int BN_generate_prime_ex(BIGNUM *ret, in
- prime_t *mods = NULL;
- int checks = BN_prime_checks_for_size(bits);
-
-- mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
-- if (mods == NULL)
-- goto err;
- if (bits < 2) {
- /* There are no prime numbers this small. */
- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
-@@ -221,6 +118,10 @@ int BN_generate_prime_ex(BIGNUM *ret, in
- return 0;
- }
-
-+ mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
-+ if (mods == NULL)
-+ goto err;
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
-@@ -242,7 +143,7 @@ int BN_generate_prime_ex(BIGNUM *ret, in
- goto err;
- }
- }
-- /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
-+
- if (!BN_GENCB_call(cb, 0, c1++))
- /* aborted */
- goto err;
-@@ -317,9 +218,13 @@ int BN_is_prime_fasttest_ex(const BIGNUM
- /* a is even => a is prime if and only if a == 2 */
- return BN_is_word(a, 2);
- if (do_trial_division) {
-- for (i = 1; i < NUMPRIMES; i++)
-- if (BN_mod_word(a, primes[i]) == 0)
-+ for (i = 1; i < NUMPRIMES; i++) {
-+ BN_ULONG mod = BN_mod_word(a, primes[i]);
-+ if (mod == (BN_ULONG)-1)
-+ goto err;
-+ if (mod == 0)
- return 0;
-+ }
- if (!BN_GENCB_call(cb, 1, -1))
- goto err;
- }
-@@ -412,7 +317,10 @@ int bn_probable_prime_dh_retry(BIGNUM *r
-
- for (i = 1; i < NUMPRIMES; i++) {
- /* check that rnd is a prime */
-- if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
-+ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
-+ if (mod == (BN_ULONG)-1)
-+ goto err;
-+ if (mod <= 1) {
- goto loop;
- }
- }
-@@ -438,7 +346,8 @@ int bn_probable_prime_dh_coprime(BIGNUM
- if ((offset_count = BN_CTX_get(ctx)) == NULL)
- goto err;
-
-- BN_add_word(offset_count, prime_offset_count);
-+ if (!BN_add_word(offset_count, prime_offset_count))
-+ goto err;
-
- loop:
- if (!BN_rand(rnd, bits - prime_multiplier_bits, 0, 1))
-@@ -448,17 +357,20 @@ int bn_probable_prime_dh_coprime(BIGNUM
- if (!BN_rand_range(offset_index, offset_count))
- goto err;
-
-- BN_mul_word(rnd, prime_multiplier);
-- BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]);
-+ if (!BN_mul_word(rnd, prime_multiplier)
-+ || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]))
-+ goto err;
-
- /* we now have a random number 'rand' to test. */
-
- /* skip coprimes */
- for (i = first_prime_index; i < NUMPRIMES; i++) {
- /* check that rnd is a prime */
-- if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
-+ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
-+ if (mod == (BN_ULONG)-1)
-+ goto err;
-+ if (mod <= 1)
- goto loop;
-- }
- }
- ret = 1;
-
-@@ -506,15 +418,19 @@ static int probable_prime(BIGNUM *rnd, i
- if (!BN_rand(rnd, bits, 1, 1))
- return (0);
- /* we now have a random number 'rnd' to test. */
-- for (i = 1; i < NUMPRIMES; i++)
-- mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]);
-+ for (i = 1; i < NUMPRIMES; i++) {
-+ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
-+ if (mod == (BN_ULONG)-1)
-+ return 0;
-+ mods[i] = (prime_t) mod;
-+ }
- /*
- * If bits is so small that it fits into a single word then we
- * additionally don't want to exceed that many bits.
- */
- if (is_single_word) {
- BN_ULONG size_limit;
--
-+
- if (bits == BN_BITS2) {
- /*
- * Shifting by this much has undefined behaviour so we do it a
-@@ -605,7 +521,10 @@ int bn_probable_prime_dh(BIGNUM *rnd, in
- loop:
- for (i = 1; i < NUMPRIMES; i++) {
- /* check that rnd is a prime */
-- if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
-+ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
-+ if (mod == (BN_ULONG)-1)
-+ goto err;
-+ if (mod <= 1) {
- if (!BN_add(rnd, rnd, add))
- goto err;
- goto loop;
-@@ -666,8 +585,11 @@ static int probable_prime_dh_safe(BIGNUM
- /*
- * check that for p and q gcd(p-1,primes) == 1 (except for 2)
- */
-- if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
-- (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
-+ BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
-+ BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
-+ if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
-+ goto err;
-+ if (pmod == 0 || qmod == 0) {
- if (!BN_add(p, p, padd))
- goto err;
- if (!BN_add(q, q, qadd))
---- a/crypto/bn/bn_prime.h
-+++ b/crypto/bn/bn_prime.h
-@@ -1,59 +1,13 @@
--/* Auto generated by bn_prime.pl */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/bn/bn_prime.pl
-+ *
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- typedef unsigned short prime_t;
---- a/crypto/bn/bn_prime.pl
-+++ b/crypto/bn/bn_prime.pl
-@@ -1,62 +1,22 @@
- #! /usr/bin/env perl
-+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
--print <<\EOF;
--/* Auto generated by bn_prime.pl */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+print <<"EOF";
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/bn/bn_prime.pl
-+ *
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- EOF
---- a/crypto/bn/bn_print.c
-+++ b/crypto/bn/bn_print.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -187,7 +139,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a
- for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
- continue;
-
-- if (i > INT_MAX/4)
-+ if (i == 0 || i > INT_MAX/4)
- goto err;
-
- num = i + neg;
-@@ -215,13 +167,8 @@ int BN_hex2bn(BIGNUM **bn, const char *a
- l = 0;
- for (;;) {
- c = a[j - m];
-- if ((c >= '0') && (c <= '9'))
-- k = c - '0';
-- else if ((c >= 'a') && (c <= 'f'))
-- k = c - 'a' + 10;
-- else if ((c >= 'A') && (c <= 'F'))
-- k = c - 'A' + 10;
-- else
-+ k = OPENSSL_hexchar2int(c);
-+ if (k < 0)
- k = 0; /* paranoia */
- l = (l << 4) | k;
-
-@@ -262,7 +209,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a
- for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
- continue;
-
-- if (i > INT_MAX/4)
-+ if (i == 0 || i > INT_MAX/4)
- goto err;
-
- num = i + neg;
-@@ -294,8 +241,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a
- l += *a - '0';
- a++;
- if (++j == BN_DEC_NUM) {
-- BN_mul_word(ret, BN_DEC_CONV);
-- BN_add_word(ret, l);
-+ if (!BN_mul_word(ret, BN_DEC_CONV)
-+ || !BN_add_word(ret, l))
-+ goto err;
- l = 0;
- j = 0;
- }
---- a/crypto/bn/bn_rand.c
-+++ b/crypto/bn/bn_rand.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -145,13 +44,8 @@ static int bnrand(int pseudorand, BIGNUM
- time(&tim);
- RAND_add(&tim, sizeof(tim), 0.0);
-
-- if (pseudorand) {
-- if (RAND_bytes(buf, bytes) <= 0)
-- goto err;
-- } else {
-- if (RAND_bytes(buf, bytes) <= 0)
-- goto err;
-- }
-+ if (RAND_bytes(buf, bytes) <= 0)
-+ goto err;
-
- if (pseudorand == 2) {
- /*
---- a/crypto/bn/bn_recp.c
-+++ b/crypto/bn/bn_recp.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_shift.c
-+++ b/crypto/bn/bn_shift.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_sqr.c
-+++ b/crypto/bn/bn_sqr.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_sqrt.c
-+++ b/crypto/bn/bn_sqrt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Lenka Fibikova <fibikova at exp-math.uni-essen.de> and Bodo
-- * Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/bn/bn_srp.c
-+++ b/crypto/bn/bn_srp.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include "bn_lcl.h"
- #include "e_os.h"
-
---- a/crypto/bn/bn_word.c
-+++ b/crypto/bn/bn_word.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -70,10 +22,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN
- if (w == 0)
- return (BN_ULONG)-1;
-
-+#ifndef BN_LLONG
-+ /*
-+ * If |w| is too long and we don't have BN_ULLONG then we need to fall
-+ * back to using BN_div_word
-+ */
-+ if (w > ((BN_ULONG)1 << BN_BITS4)) {
-+ BIGNUM *tmp = BN_dup(a);
-+ if (tmp == NULL)
-+ return (BN_ULONG)-1;
-+
-+ ret = BN_div_word(tmp, w);
-+ BN_free(tmp);
-+
-+ return ret;
-+ }
-+#endif
-+
- bn_check_top(a);
- w &= BN_MASK2;
- for (i = a->top - 1; i >= 0; i--) {
- #ifndef BN_LLONG
-+ /*
-+ * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
-+ * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
-+ * safe and will not overflow
-+ */
- ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
- ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
- #else
---- a/crypto/bn/bn_x931p.c
-+++ b/crypto/bn/bn_x931p.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,7 +21,7 @@
- static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
- BN_GENCB *cb)
- {
-- int i = 0;
-+ int i = 0, is_prime;
- if (!BN_copy(pi, Xpi))
- return 0;
- if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
-@@ -79,7 +30,10 @@ static int bn_x931_derive_pi(BIGNUM *pi,
- i++;
- BN_GENCB_call(cb, 0, i);
- /* NB 27 MR is specified in X9.31 */
-- if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
-+ is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
-+ if (is_prime < 0)
-+ return 0;
-+ if (is_prime)
- break;
- if (!BN_add_word(pi, 2))
- return 0;
-@@ -168,14 +122,18 @@ int BN_X931_derive_prime_ex(BIGNUM *p, B
- goto err;
- if (!BN_gcd(t, pm1, e, ctx))
- goto err;
-- if (BN_is_one(t)
-+ if (BN_is_one(t)) {
- /*
- * X9.31 specifies 8 MR and 1 Lucas test or any prime test
- * offering similar or better guarantees 50 MR is considerably
- * better.
- */
-- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
-- break;
-+ int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
-+ if (r < 0)
-+ goto err;
-+ if (r)
-+ break;
-+ }
- if (!BN_add(p, p, p1p2))
- goto err;
- }
---- a/crypto/bn/build.info
-+++ b/crypto/bn/build.info
-@@ -1,4 +1,3 @@
--{- use File::Spec::Functions qw/catdir rel2abs/; -}
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
- bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
-@@ -7,7 +6,7 @@ SOURCE[../../libcrypto]=\
- {- $target{bn_asm_src} -} \
- bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
- bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
--INCLUDE[../../libcrypto]={- rel2abs(catdir($builddir,"..","..","crypto","include")) -}
-+INCLUDE[../../libcrypto]=../../crypto/include
-
- INCLUDE[bn_exp.o]=..
-
-@@ -57,7 +56,7 @@ GENERATE[bn-ppc.s]=asm/ppc.pl $(PERLASM_
- GENERATE[ppc-mont.s]=asm/ppc-mont.pl $(PERLASM_SCHEME)
- GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl $(PERLASM_SCHEME)
-
--GENERATE[alpha-mont.s]=asm/alpha-mont.pl
-+GENERATE[alpha-mont.S]=asm/alpha-mont.pl $(PERLASM_SCHEME)
-
- GENERATE[armv4-mont.S]=asm/armv4-mont.pl $(PERLASM_SCHEME)
- INCLUDE[armv4-mont.o]=..
---- a/crypto/bn/rsaz_exp.c
-+++ b/crypto/bn/rsaz_exp.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*****************************************************************************
- * *
- * Copyright (c) 2012, Intel Corporation *
-@@ -244,7 +253,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG res
-
- rsaz_1024_sqr_avx2(result, result, m, k0, 5);
-
-- wvalue = *((unsigned short *)&p_str[index / 8]);
-+ wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
- wvalue = (wvalue >> (index % 8)) & 31;
- index -= 5;
-
---- a/crypto/bn/rsaz_exp.h
-+++ b/crypto/bn/rsaz_exp.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*****************************************************************************
- * *
- * Copyright (c) 2012, Intel Corporation *
---- a/crypto/bn/vms-helper.c
-+++ /dev/null
-@@ -1,67 +0,0 @@
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
--#include <stdio.h>
--#include "internal/cryptlib.h"
--#include "bn_lcl.h"
--
--bn_div_words_abort(int i)
--{
--#ifdef BN_DEBUG
--# if !defined(OPENSSL_NO_STDIO)
-- fprintf(stderr, "Division would overflow (%d)\n", i);
--# endif
-- abort();
--#endif
--}
---- a/crypto/buffer/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/buffer/Makefile
--#
--
--DIR= buffer
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= buffer.c buf_err.c
--LIBOBJ= buffer.o buf_err.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/buffer/buf_err.c
-+++ b/crypto/buffer/buf_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -81,7 +31,7 @@ static ERR_STRING_DATA BUF_str_reasons[]
-
- #endif
-
--void ERR_load_BUF_strings(void)
-+int ERR_load_BUF_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -90,4 +40,5 @@ void ERR_load_BUF_strings(void)
- ERR_load_strings(0, BUF_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/buffer/buffer.c
-+++ b/crypto/buffer/buffer.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -94,7 +46,6 @@ void BUF_MEM_free(BUF_MEM *a)
- return;
-
- if (a->data != NULL) {
-- memset(a->data, 0, (unsigned int)a->max);
- if (a->flags & BUF_MEM_FLAG_SECURE)
- OPENSSL_secure_free(a->data);
- else
-@@ -128,7 +79,8 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t
- return (len);
- }
- if (str->max >= len) {
-- memset(&str->data[str->length], 0, len - str->length);
-+ if (str->data != NULL)
-+ memset(&str->data[str->length], 0, len - str->length);
- str->length = len;
- return (len);
- }
-@@ -160,7 +112,8 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str,
- size_t n;
-
- if (str->length >= len) {
-- memset(&str->data[len], 0, str->length - len);
-+ if (str->data != NULL)
-+ memset(&str->data[len], 0, str->length - len);
- str->length = len;
- return (len);
- }
---- a/crypto/build.info
-+++ b/crypto/build.info
-@@ -2,7 +2,7 @@
- LIBS=../libcrypto
- SOURCE[../libcrypto]=\
- cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-- ebcdic.c uid.c o_time.c o_str.c o_dir.c \
-+ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \
- threads_pthread.c threads_win.c threads_none.c \
- o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
- {- $target{uplink_aux_src} -}
---- a/crypto/c64xpluscpuid.pl
-+++ b/crypto/c64xpluscpuid.pl
-@@ -1,5 +1,10 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
- open STDOUT,">$output";
-@@ -13,6 +18,7 @@ open STDOUT,">$output";
- .if __TI_EABI__
- .asg OPENSSL_rdtsc,_OPENSSL_rdtsc
- .asg OPENSSL_cleanse,_OPENSSL_cleanse
-+ .asg CRYPTO_memcmp,_CRYPTO_memcmp
- .asg OPENSSL_atomic_add,_OPENSSL_atomic_add
- .asg OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu
- .asg OPENSSL_instrument_bus,_OPENSSL_instrument_bus
-@@ -82,6 +88,29 @@ open STDOUT,">$output";
- [A1] STB A2,*A4++[2]
- .endasmfunc
-
-+ .global _CRYPTO_memcmp
-+_CRYPTO_memcmp:
-+ .asmfunc
-+ MV A6,B0
-+ [!B0] BNOP RA
-+||[!B0] ZERO A4
-+ [B0] MVC B0,ILC
-+|| [B0] ZERO A0
-+ NOP 4
-+
-+ SPLOOP 1
-+ LDBU *A4++,A1
-+|| LDBU *B4++,B1
-+ NOP 4
-+ XOR.L B1,A1,A2
-+ SPKERNEL 1,0
-+|| OR.S A2,A0,A0
-+
-+ BNOP RA,3
-+ ZERO.L A4
-+ [A0] MVK 1,A4
-+ .endasmfunc
-+
- .global _OPENSSL_atomic_add
- _OPENSSL_atomic_add:
- .asmfunc
---- a/crypto/camellia/Makefile.in
-+++ /dev/null
-@@ -1,57 +0,0 @@
--#
--# crypto/camellia/Makefile
--#
--
--DIR= camellia
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
-- cmll_cfb.c cmll_ctr.c
--
--LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o $(CMLL_ENC)
--
--SRC= $(LIBSRC)
--
--HEADER= cmll_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl
-- $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--cmll-x86_64.s: asm/cmll-x86_64.pl
-- $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) $@
--cmllt4-sparcv9.S: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl
-- $(PERL) asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/camellia/asm/cmll-x86.pl
-+++ b/crypto/camellia/asm/cmll-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Copyright (c) 2008 Andy Polyakov <appro at openssl.org>
---- a/crypto/camellia/asm/cmll-x86_64.pl
-+++ b/crypto/camellia/asm/cmll-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Copyright (c) 2008 Andy Polyakov <appro at openssl.org>
-@@ -40,7 +47,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
---- a/crypto/camellia/asm/cmllt4-sparcv9.pl
-+++ b/crypto/camellia/asm/cmllt4-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
---- a/crypto/camellia/build.info
-+++ b/crypto/camellia/build.info
-@@ -8,4 +8,4 @@ DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
- GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME)
- GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME)
- INCLUDE[cmllt4-sparcv9.o]=..
--DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9-modes.pl
-+DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl
---- a/crypto/camellia/camellia.c
-+++ b/crypto/camellia/camellia.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
- * ALL RIGHTS RESERVED.
-@@ -11,57 +20,6 @@
- * The Camellia Code included herein is developed by
- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
- * to the OpenSSL project.
-- *
-- * The Camellia Code is licensed pursuant to the OpenSSL open source
-- * license provided below.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
- */
-
- /*
---- a/crypto/camellia/cmll_cbc.c
-+++ b/crypto/camellia/cmll_cbc.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/camellia.h>
---- a/crypto/camellia/cmll_cfb.c
-+++ b/crypto/camellia/cmll_cfb.c
-@@ -1,107 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/camellia.h>
---- a/crypto/camellia/cmll_ctr.c
-+++ b/crypto/camellia/cmll_ctr.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/camellia.h>
---- a/crypto/camellia/cmll_ecb.c
-+++ b/crypto/camellia/cmll_ecb.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/camellia.h>
---- a/crypto/camellia/cmll_locl.h
-+++ b/crypto/camellia/cmll_locl.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
- * ALL RIGHTS RESERVED.
-@@ -11,57 +20,6 @@
- * The Camellia Code included herein is developed by
- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
- * to the OpenSSL project.
-- *
-- * The Camellia Code is licensed pursuant to the OpenSSL open source
-- * license provided below.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
- */
-
- #ifndef HEADER_CAMELLIA_LOCL_H
---- a/crypto/camellia/cmll_misc.c
-+++ b/crypto/camellia/cmll_misc.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslv.h>
---- a/crypto/camellia/cmll_ofb.c
-+++ b/crypto/camellia/cmll_ofb.c
-@@ -1,107 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/camellia.h>
---- a/crypto/cast/Makefile.in
-+++ /dev/null
-@@ -1,51 +0,0 @@
--#
--# OpenSSL/crypto/cast/Makefile
--#
--
--DIR= cast
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CAST_ENC=c_enc.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
--LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
--
--SRC= $(LIBSRC)
--
--HEADER= cast_s.h cast_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--cast-586.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-- $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/cast/asm/cast-586.pl
-+++ b/crypto/cast/asm/cast-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # This flag makes the inner loop one cycle longer, but generates
- # code that runs %30 faster on the pentium pro/II, 44% faster
---- a/crypto/cast/c_cfb64.c
-+++ b/crypto/cast/c_cfb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/cast.h>
---- a/crypto/cast/c_ecb.c
-+++ b/crypto/cast/c_ecb.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/cast.h>
---- a/crypto/cast/c_enc.c
-+++ b/crypto/cast/c_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/cast.h>
---- a/crypto/cast/c_ofb64.c
-+++ b/crypto/cast/c_ofb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/cast.h>
---- a/crypto/cast/c_skey.c
-+++ b/crypto/cast/c_skey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/cast.h>
---- a/crypto/cast/cast_lcl.h
-+++ b/crypto/cast/cast_lcl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "e_os.h"
---- a/crypto/cast/cast_s.h
-+++ b/crypto/cast/cast_s.h
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
- 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
- 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
---- a/crypto/cast/casts.cpp
-+++ /dev/null
-@@ -1,70 +0,0 @@
--//
--// gettsc.inl
--//
--// gives access to the Pentium's (secret) cycle counter
--//
--// This software was written by Leonard Janke (janke at unixg.ubc.ca)
--// in 1996-7 and is entered, by him, into the public domain.
--
--#if defined(__WATCOMC__)
--void GetTSC(unsigned long&);
--#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
--#elif defined(__GNUC__)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- asm volatile(".byte 15, 49\n\t"
-- : "=eax" (tsc)
-- :
-- : "%edx", "%eax");
--}
--#elif defined(_MSC_VER)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- unsigned long a;
-- __asm _emit 0fh
-- __asm _emit 31h
-- __asm mov a, eax;
-- tsc=a;
--}
--#endif
--
--#include <stdio.h>
--#include <stdlib.h>
--#include <openssl/cast.h>
--
--void main(int argc,char *argv[])
-- {
-- CAST_KEY key;
-- unsigned long s1,s2,e1,e2;
-- unsigned long data[2];
-- int i,j;
-- static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
--
-- CAST_set_key(&key, 16,d);
--
-- for (j=0; j<6; j++)
-- {
-- for (i=0; i<1000; i++) /**/
-- {
-- CAST_encrypt(&data[0],&key);
-- GetTSC(s1);
-- CAST_encrypt(&data[0],&key);
-- CAST_encrypt(&data[0],&key);
-- CAST_encrypt(&data[0],&key);
-- GetTSC(e1);
-- GetTSC(s2);
-- CAST_encrypt(&data[0],&key);
-- CAST_encrypt(&data[0],&key);
-- CAST_encrypt(&data[0],&key);
-- CAST_encrypt(&data[0],&key);
-- GetTSC(e2);
-- CAST_encrypt(&data[0],&key);
-- }
--
-- printf("cast %d %d (%d)\n",
-- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
-- }
-- }
--
---- a/crypto/chacha/Makefile.in
-+++ /dev/null
-@@ -1,57 +0,0 @@
--#
--# OpenSSL/crypto/chacha/Makefile
--#
--
--DIR= chacha
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--AR= ar r
--
--CHACHA_ENC=chacha_enc.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=chacha_enc.c
--LIBOBJ=$(CHACHA_ENC)
--
--SRC= $(LIBSRC)
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--chacha-x86.s: asm/chacha-x86.pl
-- $(PERL) asm/chacha-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--chacha-x86_64.s: asm/chacha-x86_64.pl
-- $(PERL) asm/chacha-x86_64.pl $(PERLASM_SCHEME) $@
--chacha-ppc.s: asm/chacha-ppc.pl
-- $(PERL) asm/chacha-ppc.pl $(PERLASM_SCHEME) $@
--
--chacha-%.S: asm/chacha-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--
--chacha-armv4.o: chacha-armv4.S
--chacha-armv8.o: chacha-armv8.S
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/chacha/asm/chacha-armv4.pl
-+++ b/crypto/chacha/asm/chacha-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/chacha/asm/chacha-armv8.pl
-+++ b/crypto/chacha/asm/chacha-armv8.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/chacha/asm/chacha-c64xplus.pl
-+++ b/crypto/chacha/asm/chacha-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/chacha/asm/chacha-ppc.pl
-+++ b/crypto/chacha/asm/chacha-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -527,9 +534,11 @@ my ($a,$b,$c,$d,$t)=@_;
- ?lvsl $outperm,0,$out # prepare for unaligned store
- ?vperm $outmask,$outmask,$T0,$outperm
-
-+ be?lvsl $T0,0, at x[0] # 0x00..0f
- be?vspltisb $T1,3 # 0x03..03
-- be?vxor $inpperm,$inpperm,$T1 # swap bytes within words
-+ be?vxor $T0,$T0,$T1 # swap bytes within words
- be?vxor $outperm,$outperm,$T1
-+ be?vperm $inpperm,$inpperm,$inpperm,$T0
-
- b Loop_outer_vmx
-
---- a/crypto/chacha/asm/chacha-s390x.pl
-+++ b/crypto/chacha/asm/chacha-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -140,7 +147,8 @@ my @x=map("\"$_\"", at x);
- .type ChaCha20_ctr32,\@function
- .align 32
- ChaCha20_ctr32:
-- cl${g}ije $len,0,.Lno_data # $len==0?
-+ lt${g}r $len,$len # $len==0?
-+ bzr %r14
- a${g}hi $len,-64
- l${g}hi %r1,-$frame
- stm${g} %r6,%r15,`6*$SIZE_T`($sp)
-@@ -272,7 +280,6 @@ my @x=map("\"$_\"", at x);
- stmg %r0,%r3,$stdframe+4*12($sp)
-
- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
--.Lno_data:
- br %r14
-
- .align 16
---- a/crypto/chacha/asm/chacha-x86.pl
-+++ b/crypto/chacha/asm/chacha-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -437,8 +444,10 @@ my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)
-
- &function_begin("ChaCha20_ssse3");
- &set_label("ssse3_shortcut");
-+if ($ymm) {
- &test (&DWP(4,"ebp"),1<<11); # test XOP bit
- &jnz (&label("xop_shortcut"));
-+}
-
- &mov ($out,&wparam(0));
- &mov ($inp,&wparam(1));
-@@ -770,7 +779,7 @@ sub SSSE3ROUND { # critical path is 20 "
- }
- &asciz ("ChaCha20 for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
--if ($xmm) {
-+if ($ymm) {
- my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
- my ($out,$inp,$len)=("edi","esi","ecx");
-
---- a/crypto/chacha/asm/chacha-x86_64.pl
-+++ b/crypto/chacha/asm/chacha-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -67,7 +74,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- # input parameter block
---- a/crypto/chacha/chacha_enc.c
-+++ b/crypto/chacha/chacha_enc.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Adapted from the public domain code by D. Bernstein from SUPERCOP. */
-@@ -150,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out,
- inp += todo;
- len -= todo;
-
-- /* advance counter */
-- if (++input[12] == 0)
-- input[13]++;
-+ /*
-+ * Advance 32-bit counter. Note that as subroutine is so to
-+ * say nonce-agnostic, this limited counter width doesn't
-+ * prevent caller from implementing wider counter. It would
-+ * simply take two calls split on counter overflow...
-+ */
-+ input[12]++;
- }
- }
---- a/crypto/cmac/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/cmac/Makefile
--#
--
--DIR= cmac
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=cmac.c cm_ameth.c cm_pmeth.c
--LIBOBJ=cmac.o cm_ameth.o cm_pmeth.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/cmac/cm_ameth.c
-+++ b/crypto/cmac/cm_ameth.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2010.
-- */
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/cmac/cm_pmeth.c
-+++ b/crypto/cmac/cm_pmeth.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2010.
-- */
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/cmac/cmac.c
-+++ b/crypto/cmac/cmac.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/cms/Makefile.in
-+++ /dev/null
-@@ -1,49 +0,0 @@
--#
--# OpenSSL/crypto/cms/Makefile
--#
--
--DIR= cms
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
-- cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
-- cms_pwri.c cms_kari.c
--LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
-- cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
-- cms_pwri.o cms_kari.o
--
--SRC= $(LIBSRC)
--
--HEADER= cms_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--test:
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/cms/cms_asn1.c
-+++ b/crypto/cms/cms_asn1.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1t.h>
---- a/crypto/cms/cms_att.c
-+++ b/crypto/cms/cms_att.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1t.h>
---- a/crypto/cms/cms_cd.c
-+++ b/crypto/cms/cms_cd.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/cms/cms_dd.c
-+++ b/crypto/cms/cms_dd.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/cms/cms_enc.c
-+++ b/crypto/cms/cms_enc.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -175,8 +131,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
- CMS_R_CIPHER_INITIALISATION_ERROR);
- goto err;
- }
--
-- if (piv) {
-+ if (enc) {
- calg->parameter = ASN1_TYPE_new();
- if (calg->parameter == NULL) {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
-@@ -187,6 +142,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
- CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
-+ /* If parameter type not set omit parameter */
-+ if (calg->parameter->type == V_ASN1_UNDEF) {
-+ ASN1_TYPE_free(calg->parameter);
-+ calg->parameter = NULL;
-+ }
- }
- ok = 1;
-
---- a/crypto/cms/cms_env.c
-+++ b/crypto/cms/cms_env.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -57,7 +13,6 @@
- #include <openssl/x509v3.h>
- #include <openssl/err.h>
- #include <openssl/cms.h>
--#include <openssl/rand.h>
- #include <openssl/aes.h>
- #include "cms_lcl.h"
- #include "internal/asn1_int.h"
-@@ -877,10 +832,10 @@ static void cms_env_set_version(CMS_Enve
- env->version = 2;
- }
- }
-- if (env->version == 2)
-- return;
- if (env->originatorInfo || env->unprotectedAttrs)
- env->version = 2;
-+ if (env->version == 2)
-+ return;
- env->version = 0;
- }
-
---- a/crypto/cms/cms_err.c
-+++ b/crypto/cms/cms_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -209,7 +159,6 @@ static ERR_STRING_DATA CMS_str_reasons[]
- {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
- {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
- {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
-- {ERR_REASON(CMS_R_DIGEST_ERROR), "digest error"},
- {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
- {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
- "error reading messagedigest attribute"},
-@@ -296,7 +245,7 @@ static ERR_STRING_DATA CMS_str_reasons[]
-
- #endif
-
--void ERR_load_CMS_strings(void)
-+int ERR_load_CMS_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -305,4 +254,5 @@ void ERR_load_CMS_strings(void)
- ERR_load_strings(0, CMS_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/cms/cms_ess.c
-+++ b/crypto/cms/cms_ess.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/cms/cms_io.c
-+++ b/crypto/cms/cms_io.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1t.h>
---- a/crypto/cms/cms_kari.c
-+++ b/crypto/cms/cms_kari.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -57,7 +13,6 @@
- #include <openssl/x509v3.h>
- #include <openssl/err.h>
- #include <openssl/cms.h>
--#include <openssl/rand.h>
- #include <openssl/aes.h>
- #include "cms_lcl.h"
- #include "internal/asn1_int.h"
---- a/crypto/cms/cms_lcl.h
-+++ b/crypto/cms/cms_lcl.h
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CMS_LCL_H
---- a/crypto/cms/cms_lib.c
-+++ b/crypto/cms/cms_lib.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1t.h>
-@@ -63,7 +19,7 @@
- IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
- IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
-
--const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
-+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
- {
- return cms->contentType;
- }
-@@ -389,6 +345,8 @@ static STACK_OF(CMS_CertificateChoices)
- return &cms->d.signedData->certificates;
-
- case NID_pkcs7_enveloped:
-+ if (cms->d.envelopedData->originatorInfo == NULL)
-+ return NULL;
- return &cms->d.envelopedData->originatorInfo->certificates;
-
- default:
-@@ -464,6 +422,8 @@ static STACK_OF(CMS_RevocationInfoChoice
- return &cms->d.signedData->crls;
-
- case NID_pkcs7_enveloped:
-+ if (cms->d.envelopedData->originatorInfo == NULL)
-+ return NULL;
- return &cms->d.envelopedData->originatorInfo->crls;
-
- default:
---- a/crypto/cms/cms_pwri.c
-+++ b/crypto/cms/cms_pwri.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2009 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-+ * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -323,7 +279,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_Con
- CMS_PasswordRecipientInfo *pwri;
- int r = 0;
- X509_ALGOR *algtmp, *kekalg = NULL;
-- EVP_CIPHER_CTX *kekctx;
-+ EVP_CIPHER_CTX *kekctx = NULL;
- const EVP_CIPHER *kekcipher;
- unsigned char *key = NULL;
- size_t keylen;
-@@ -331,7 +287,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_Con
- ec = cms->d.envelopedData->encryptedContentInfo;
-
- pwri = ri->d.pwri;
-- kekctx = EVP_CIPHER_CTX_new();
-
- if (!pwri->pass) {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
-@@ -358,9 +313,14 @@ int cms_RecipientInfo_pwri_crypt(CMS_Con
-
- if (!kekcipher) {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
-- goto err;
-+ return 0;
- }
-
-+ kekctx = EVP_CIPHER_CTX_new();
-+ if (kekctx == NULL) {
-+ CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
- /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
- if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
- goto err;
---- a/crypto/cms/cms_sd.c
-+++ b/crypto/cms/cms_sd.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -588,7 +544,7 @@ static int cms_SignerInfo_content_sign(C
-
- if (!si->pkey) {
- CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
-- return 0;
-+ goto err;
- }
-
- if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
---- a/crypto/cms/cms_smime.c
-+++ b/crypto/cms/cms_smime.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -716,7 +672,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
-
- int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
- unsigned char *key, size_t keylen,
-- unsigned char *id, size_t idlen)
-+ const unsigned char *id, size_t idlen)
- {
- STACK_OF(CMS_RecipientInfo) *ris;
- CMS_RecipientInfo *ri;
---- a/crypto/comp/Makefile.in
-+++ /dev/null
-@@ -1,46 +0,0 @@
--#
--# OpenSSL/crypto/comp/Makefile
--#
--
--DIR= comp
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= comp_lib.c comp_err.c \
-- c_zlib.c
--
--LIBOBJ= comp_lib.o comp_err.o \
-- c_zlib.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/comp/c_zlib.c
-+++ b/crypto/comp/c_zlib.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/comp/comp_err.c
-+++ b/crypto/comp/comp_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -85,7 +35,7 @@ static ERR_STRING_DATA COMP_str_reasons[
-
- #endif
-
--void ERR_load_COMP_strings(void)
-+int ERR_load_COMP_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -94,4 +44,5 @@ void ERR_load_COMP_strings(void)
- ERR_load_strings(0, COMP_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/comp/comp_lcl.h
-+++ b/crypto/comp/comp_lcl.h
-@@ -1,57 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2017 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--
- struct comp_method_st {
- int type; /* NID for compression library */
- const char *name; /* A text string to identify the library */
---- a/crypto/comp/comp_lib.c
-+++ b/crypto/comp/comp_lib.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/conf/Makefile.in
-+++ /dev/null
-@@ -1,46 +0,0 @@
--#
--# OpenSSL/crypto/conf/Makefile
--#
--
--DIR= conf
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
-- conf_mall.c conf_sap.c
--
--LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
-- conf_mall.o conf_sap.o
--
--SRC= $(LIBSRC)
--
--HEADER= conf_def.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/conf/conf_api.c
-+++ b/crypto/conf/conf_api.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Part of the code in here was originally in conf.c, which is now removed */
-@@ -148,7 +100,7 @@ char *_CONF_get_string(const CONF *conf,
-
- static unsigned long conf_value_hash(const CONF_VALUE *v)
- {
-- return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name);
-+ return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name);
- }
-
- static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
---- a/crypto/conf/conf_def.c
-+++ b/crypto/conf/conf_def.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Part of the code in here was originally in conf.c, which is now removed */
---- a/crypto/conf/conf_def.h
-+++ b/crypto/conf/conf_def.h
-@@ -1,63 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
- /*
-- * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to
-- * regenerate it.
-+ * WARNING: do not edit!
-+ * Generated by crypto/conf/keysets.pl
-+ *
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define CONF_NUMBER 1
-@@ -95,18 +44,18 @@
-
- #else /* CHARSET_EBCDIC */
-
--# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
--# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
--# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
--# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
--# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
--# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
--# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-+# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT)
-+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT)
-+# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF)
-+# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC)
-+# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER)
-+# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS)
-+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC)
- # define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-- (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
--# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
--# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
--# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-+ (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT)
-+# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE)
-+# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE)
-+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT)
- #endif /* CHARSET_EBCDIC */
-
- static const unsigned short CONF_type_default[256] = {
---- a/crypto/conf/conf_err.c
-+++ b/crypto/conf/conf_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -71,9 +21,7 @@
- static ERR_STRING_DATA CONF_str_functs[] = {
- {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
- {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
-- {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
- {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
-- {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
- {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"},
- {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"},
- {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"},
-@@ -82,7 +30,6 @@ static ERR_STRING_DATA CONF_str_functs[]
- {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"},
- {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
- {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
-- {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
- {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
- {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
- {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
-@@ -100,7 +47,6 @@ static ERR_STRING_DATA CONF_str_reasons[
- {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
- "missing close square bracket"},
- {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
-- {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"},
- {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
- {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
- "module initialization error"},
-@@ -120,7 +66,7 @@ static ERR_STRING_DATA CONF_str_reasons[
-
- #endif
-
--void ERR_load_CONF_strings(void)
-+int ERR_load_CONF_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -129,4 +75,5 @@ void ERR_load_CONF_strings(void)
- ERR_load_strings(0, CONF_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/conf/conf_lib.c
-+++ b/crypto/conf/conf_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -64,6 +15,7 @@
- #include <openssl/conf.h>
- #include <openssl/conf_api.h>
- #include <openssl/lhash.h>
-+#include "e_os.h"
-
- static CONF_METHOD *default_CONF_method = NULL;
-
-@@ -388,16 +340,26 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
-
-
- #ifndef OPENSSL_NO_STDIO
--void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
-- const char *config_file)
-+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
-+ const char *appname)
- {
-- free(settings->config_name);
-- settings->config_name = config_file == NULL ? NULL : strdup(config_file);
-+ char *newappname = NULL;
-+
-+ if (appname != NULL) {
-+ newappname = strdup(appname);
-+ if (newappname == NULL)
-+ return 0;
-+ }
-+
-+ free(settings->appname);
-+ settings->appname = newappname;
-+
-+ return 1;
- }
- #endif
-
- void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
- {
-- free(settings->config_name);
-+ free(settings->appname);
- free(settings);
- }
---- a/crypto/conf/conf_mall.c
-+++ b/crypto/conf/conf_mall.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/conf/conf_mod.c
-+++ b/crypto/conf/conf_mod.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -105,15 +56,16 @@ static STACK_OF(CONF_IMODULE) *initializ
-
- static void module_free(CONF_MODULE *md);
- static void module_finish(CONF_IMODULE *imod);
--static int module_run(const CONF *cnf, char *name, char *value,
-+static int module_run(const CONF *cnf, const char *name, const char *value,
- unsigned long flags);
- static CONF_MODULE *module_add(DSO *dso, const char *name,
- conf_init_func *ifunc,
- conf_finish_func *ffunc);
--static CONF_MODULE *module_find(char *name);
--static int module_init(CONF_MODULE *pmod, char *name, char *value,
-+static CONF_MODULE *module_find(const char *name);
-+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
- const CONF *cnf);
--static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value);
-+static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
-+ const char *value);
-
- /* Main function: load modules from a CONF structure */
-
-@@ -193,7 +145,7 @@ int CONF_modules_load_file(const char *f
- return ret;
- }
-
--static int module_run(const CONF *cnf, char *name, char *value,
-+static int module_run(const CONF *cnf, const char *name, const char *value,
- unsigned long flags)
- {
- CONF_MODULE *md;
-@@ -229,12 +181,13 @@ static int module_run(const CONF *cnf, c
- }
-
- /* Load a module from a DSO */
--static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value)
-+static CONF_MODULE *module_load_dso(const CONF *cnf,
-+ const char *name, const char *value)
- {
- DSO *dso = NULL;
- conf_init_func *ifunc;
- conf_finish_func *ffunc;
-- char *path = NULL;
-+ const char *path = NULL;
- int errcode = 0;
- CONF_MODULE *md;
- /* Look for alternative path in module section */
-@@ -286,8 +239,13 @@ static CONF_MODULE *module_add(DSO *dso,
- tmod->name = OPENSSL_strdup(name);
- tmod->init = ifunc;
- tmod->finish = ffunc;
-+ if (tmod->name == NULL) {
-+ OPENSSL_free(tmod);
-+ return NULL;
-+ }
-
- if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
-+ OPENSSL_free(tmod->name);
- OPENSSL_free(tmod);
- return NULL;
- }
-@@ -301,7 +259,7 @@ static CONF_MODULE *module_add(DSO *dso,
- * initialized more than once.
- */
-
--static CONF_MODULE *module_find(char *name)
-+static CONF_MODULE *module_find(const char *name)
- {
- CONF_MODULE *tmod;
- int i, nchar;
-@@ -324,7 +282,7 @@ static CONF_MODULE *module_find(char *na
- }
-
- /* initialize a module */
--static int module_init(CONF_MODULE *pmod, char *name, char *value,
-+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
- const CONF *cnf)
- {
- int ret = 1;
---- a/crypto/conf/conf_sap.c
-+++ b/crypto/conf/conf_sap.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -73,18 +24,18 @@
- static int openssl_configured = 0;
-
- #if OPENSSL_API_COMPAT < 0x10100000L
--void OPENSSL_config(const char *config_name)
-+void OPENSSL_config(const char *appname)
- {
- OPENSSL_INIT_SETTINGS settings;
-
- memset(&settings, 0, sizeof(settings));
-- if (config_name != NULL)
-- settings.config_name = strdup(config_name);
-+ if (appname != NULL)
-+ settings.appname = strdup(appname);
- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
- }
- #endif
-
--void openssl_config_int(const char *config_name)
-+void openssl_config_int(const char *appname)
- {
- if (openssl_configured)
- return;
-@@ -96,7 +47,7 @@ void openssl_config_int(const char *conf
- #endif
- ERR_clear_error();
- #ifndef OPENSSL_SYS_UEFI
-- CONF_modules_load_file(NULL, config_name,
-+ CONF_modules_load_file(NULL, appname,
- CONF_MFLAGS_DEFAULT_SECTION |
- CONF_MFLAGS_IGNORE_MISSING_FILE);
- #endif
---- a/crypto/conf/keysets.pl
-+++ b/crypto/conf/keysets.pl
-@@ -1,4 +1,10 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- $NUMBER=0x01;
- $UPPER=0x02;
-@@ -52,66 +58,15 @@ foreach (0 .. 255)
- }
-
- print <<"EOF";
--/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay\@cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh\@cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay\@cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
- /*
-- * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to
-- * regenerate it.
-+ * WARNING: do not edit!
-+ * Generated by crypto/conf/keysets.pl
-+ *
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define CONF_NUMBER $NUMBER
-@@ -149,18 +104,18 @@ print <<"EOF";
-
- #else /* CHARSET_EBCDIC */
-
--# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
--# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
--# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
--# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
--# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
--# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
--# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-+# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT)
-+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT)
-+# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF)
-+# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC)
-+# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER)
-+# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS)
-+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC)
- # define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-- (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
--# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
--# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
--# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-+ (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT)
-+# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE)
-+# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE)
-+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT)
- #endif /* CHARSET_EBCDIC */
-
- EOF
---- a/crypto/cpt_err.c
-+++ b/crypto/cpt_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -72,22 +22,14 @@ static ERR_STRING_DATA CRYPTO_str_functs
- {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"},
- {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"},
- {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
-- {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
-- {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
- {ERR_FUNC(CRYPTO_F_CRYPTO_MEMDUP), "CRYPTO_memdup"},
- {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"},
- {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
-- {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
-- {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
- {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"},
- {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"},
-- {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
-- {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
-- {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
- {ERR_FUNC(CRYPTO_F_OPENSSL_BUF2HEXSTR), "OPENSSL_buf2hexstr"},
-- {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"},
-- {ERR_FUNC(CRYPTO_F_OPENSSL_MEMDUP), "OPENSSL_MEMDUP"},
- {ERR_FUNC(CRYPTO_F_OPENSSL_HEXSTR2BUF), "OPENSSL_hexstr2buf"},
-+ {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"},
- {0, NULL}
- };
-
-@@ -100,7 +42,7 @@ static ERR_STRING_DATA CRYPTO_str_reason
-
- #endif
-
--void ERR_load_CRYPTO_strings(void)
-+int ERR_load_CRYPTO_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -109,4 +51,5 @@ void ERR_load_CRYPTO_strings(void)
- ERR_load_strings(0, CRYPTO_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/cryptlib.c
-+++ b/crypto/cryptlib.c
-@@ -1,112 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -117,15 +17,10 @@
- #include <openssl/safestack.h>
-
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
-- defined(__INTEL__) || \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64)
-
- extern unsigned int OPENSSL_ia32cap_P[4];
--unsigned int *OPENSSL_ia32cap_loc(void)
--{
-- return OPENSSL_ia32cap_P;
--}
-
- # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
- #include <stdio.h>
-@@ -181,12 +76,6 @@ void OPENSSL_cpuid_setup(void)
- # else
- unsigned int OPENSSL_ia32cap_P[4];
- # endif
--
--#else
--unsigned int *OPENSSL_ia32cap_loc(void)
--{
-- return NULL;
--}
- #endif
- int OPENSSL_NONPIC_relocated = 0;
- #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
-@@ -417,6 +306,7 @@ void OPENSSL_die(const char *message, co
- #endif
- }
-
-+#if !defined(OPENSSL_CPUID_OBJ)
- /* volatile unsigned char* pointers are there because
- * 1. Accessing a variable declared volatile via a pointer
- * that lacks a volatile qualifier causes undefined behavior.
-@@ -448,3 +338,4 @@ int CRYPTO_memcmp(const volatile void *
-
- return x;
- }
-+#endif
---- a/crypto/ct/Makefile.in
-+++ /dev/null
-@@ -1,45 +0,0 @@
--#
--# OpenSSL/crypto/ct/Makefile
--#
--
--DIR= ct
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= ct_b64.c ct_err.c ct_log.c ct_oct.c ct_policy.c ct_prn.c ct_sct.c \
-- ct_sct_ctx.c ct_vfy.c ct_x509v3.c
--LIBOBJ= ct_b64.o ct_err.o ct_log.o ct_oct.o ct_policy.o ct_prn.o ct_sct.o \
-- ct_sct_ctx.o ct_vfy.o ct_x509v3.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/ct/ct_b64.c
-+++ b/crypto/ct/ct_b64.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) and Stephen Henson
-- * (steve at openssl.org) for the OpenSSL project 2014.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <limits.h>
-@@ -164,17 +115,27 @@ SCT *SCT_new_from_base64(unsigned char v
- return NULL;
- }
-
--CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name)
-+/*
-+ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
-+ * It returns 1 on success,
-+ * 0 on decoding failure, or invalid parameter if any
-+ * -1 on internal (malloc) failure
-+ */
-+int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
- {
- unsigned char *pkey_der = NULL;
- int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
- const unsigned char *p;
- EVP_PKEY *pkey = NULL;
-- CTLOG *log = NULL;
-+
-+ if (ct_log == NULL) {
-+ CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
-+ return 0;
-+ }
-
- if (pkey_der_len <= 0) {
- CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
-- return NULL;
-+ return 0;
- }
-
- p = pkey_der;
-@@ -182,14 +143,14 @@ CTLOG *CTLOG_new_from_base64(const char
- OPENSSL_free(pkey_der);
- if (pkey == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
-- return NULL;
-+ return 0;
- }
-
-- log = CTLOG_new(pkey, name);
-- if (log == NULL) {
-+ *ct_log = CTLOG_new(pkey, name);
-+ if (*ct_log == NULL) {
- EVP_PKEY_free(pkey);
-- return NULL;
-+ return -1;
- }
-
-- return log;
-+ return 1;
- }
---- a/crypto/ct/ct_err.c
-+++ b/crypto/ct/ct_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -73,26 +23,13 @@ static ERR_STRING_DATA CT_str_functs[] =
- {ERR_FUNC(CT_F_CTLOG_NEW_FROM_BASE64), "CTLOG_new_from_base64"},
- {ERR_FUNC(CT_F_CTLOG_NEW_FROM_CONF), "ctlog_new_from_conf"},
- {ERR_FUNC(CT_F_CTLOG_NEW_NULL), "CTLOG_new_null"},
-- {ERR_FUNC(CT_F_CTLOG_STORE_GET0_LOG_BY_ID), "CTLOG_STORE_get0_log_by_id"},
- {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_CTX_NEW), "ctlog_store_load_ctx_new"},
- {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_FILE), "CTLOG_STORE_load_file"},
-+ {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_LOG), "ctlog_store_load_log"},
-+ {ERR_FUNC(CT_F_CTLOG_STORE_NEW), "CTLOG_STORE_new"},
- {ERR_FUNC(CT_F_CT_BASE64_DECODE), "ct_base64_decode"},
-- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_GET0_CERT),
-- "CT_POLICY_EVAL_CTX_get0_cert"},
-- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_GET0_ISSUER),
-- "CT_POLICY_EVAL_CTX_get0_issuer"},
-- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_GET0_LOG_STORE),
-- "CT_POLICY_EVAL_CTX_get0_log_store"},
- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_NEW), "CT_POLICY_EVAL_CTX_new"},
-- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_SET0_CERT),
-- "CT_POLICY_EVAL_CTX_set0_cert"},
-- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_SET0_ISSUER),
-- "CT_POLICY_EVAL_CTX_set0_issuer"},
-- {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE),
-- "CT_POLICY_EVAL_CTX_set0_log_store"},
- {ERR_FUNC(CT_F_CT_V1_LOG_ID_FROM_PKEY), "ct_v1_log_id_from_pkey"},
-- {ERR_FUNC(CT_F_D2I_SCT_LIST), "d2i_SCT_LIST"},
-- {ERR_FUNC(CT_F_I2D_SCT_LIST), "i2d_SCT_LIST"},
- {ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"},
- {ERR_FUNC(CT_F_I2O_SCT_LIST), "i2o_SCT_LIST"},
- {ERR_FUNC(CT_F_I2O_SCT_SIGNATURE), "i2o_SCT_signature"},
-@@ -100,7 +37,6 @@ static ERR_STRING_DATA CT_str_functs[] =
- {ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"},
- {ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"},
- {ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"},
-- {ERR_FUNC(CT_F_SCT_LIST_VALIDATE), "SCT_LIST_validate"},
- {ERR_FUNC(CT_F_SCT_NEW), "SCT_new"},
- {ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"},
- {ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"},
-@@ -110,8 +46,6 @@ static ERR_STRING_DATA CT_str_functs[] =
- {ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"},
- {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"},
- {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"},
-- {ERR_FUNC(CT_F_SCT_SIGNATURE_IS_VALID), "SCT_SIGNATURE_IS_VALID"},
-- {ERR_FUNC(CT_F_SCT_VALIDATE), "SCT_validate"},
- {ERR_FUNC(CT_F_SCT_VERIFY), "SCT_verify"},
- {ERR_FUNC(CT_F_SCT_VERIFY_V1), "SCT_verify_v1"},
- {0, NULL}
-@@ -126,15 +60,12 @@ static ERR_STRING_DATA CT_str_reasons[]
- "log conf missing description"},
- {ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"},
- {ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"},
-- {ERR_REASON(CT_R_NOT_ENOUGH_SCTS), "not enough scts"},
- {ERR_REASON(CT_R_SCT_INVALID), "sct invalid"},
- {ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"},
- {ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"},
- {ERR_REASON(CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
- {ERR_REASON(CT_R_SCT_NOT_SET), "sct not set"},
- {ERR_REASON(CT_R_SCT_UNSUPPORTED_VERSION), "sct unsupported version"},
-- {ERR_REASON(CT_R_SCT_VALIDATION_STATUS_NOT_SET),
-- "sct validation status not set"},
- {ERR_REASON(CT_R_UNRECOGNIZED_SIGNATURE_NID),
- "unrecognized signature nid"},
- {ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"},
-@@ -144,7 +75,7 @@ static ERR_STRING_DATA CT_str_reasons[]
-
- #endif
-
--void ERR_load_CT_strings(void)
-+int ERR_load_CT_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -153,4 +84,5 @@ void ERR_load_CT_strings(void)
- ERR_load_strings(0, CT_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/ct/ct_locl.h
-+++ b/crypto/ct/ct_locl.h
-@@ -1,53 +1,10 @@
- /*
-- * Written by Rob Percival (robpercival at google.com) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
-@@ -211,4 +168,4 @@ void SCT_CTX_free(SCT_CTX *sctx);
- /*
- * Handlers for Certificate Transparency X509v3/OCSP extensions
- */
--extern const X509V3_EXT_METHOD v3_ct_scts[];
-+extern const X509V3_EXT_METHOD v3_ct_scts[3];
---- a/crypto/ct/ct_log.c
-+++ b/crypto/ct/ct_log.c
-@@ -1,56 +1,10 @@
--/* Author: Adam Eijdenberg <adam.eijdenberg at gmail.com>. */
--/* ====================================================================
-- * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
-@@ -104,15 +58,10 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store
- {
- CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
-- if (ctx == NULL) {
-+ if (ctx == NULL)
- CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-
- return ctx;
--err:
-- ctlog_store_load_ctx_free(ctx);
-- return NULL;
- }
-
- static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
-@@ -144,8 +93,10 @@ CTLOG_STORE *CTLOG_STORE_new(void)
- {
- CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
-
-- if (ret == NULL)
-- goto err;
-+ if (ret == NULL) {
-+ CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-
- ret->logs = sk_CTLOG_new_null();
- if (ret->logs == NULL)
-@@ -153,7 +104,7 @@ CTLOG_STORE *CTLOG_STORE_new(void)
-
- return ret;
- err:
-- CTLOG_STORE_free(ret);
-+ OPENSSL_free(ret);
- return NULL;
- }
-
-@@ -165,31 +116,23 @@ void CTLOG_STORE_free(CTLOG_STORE *store
- }
- }
-
--static CTLOG *ctlog_new_from_conf(const CONF *conf, const char *section)
-+static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
- {
-- CTLOG *ret = NULL;
-- char *description = NCONF_get_string(conf, section, "description");
-+ const char *description = NCONF_get_string(conf, section, "description");
- char *pkey_base64;
-
- if (description == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
-- goto end;
-+ return 0;
- }
-
- pkey_base64 = NCONF_get_string(conf, section, "key");
- if (pkey_base64 == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
-- goto end;
-+ return 0;
- }
-
-- ret = CTLOG_new_from_base64(pkey_base64, description);
-- if (ret == NULL) {
-- CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_INVALID);
-- goto end;
-- }
--
--end:
-- return ret;
-+ return CTLOG_new_from_base64(ct_log, pkey_base64, description);
- }
-
- int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
-@@ -203,33 +146,50 @@ int CTLOG_STORE_load_default_file(CTLOG_
- }
-
- /*
-- * Called by CONF_parse_list, which stops if this returns <= 0, so don't unless
-- * something very bad happens. Otherwise, one bad log entry would stop loading
-- * of any of the following log entries.
-+ * Called by CONF_parse_list, which stops if this returns <= 0,
-+ * Otherwise, one bad log entry would stop loading of any of
-+ * the following log entries.
-+ * It may stop parsing and returns -1 on any internal (malloc) error.
- */
- static int ctlog_store_load_log(const char *log_name, int log_name_len,
- void *arg)
- {
- CTLOG_STORE_LOAD_CTX *load_ctx = arg;
-- CTLOG *ct_log;
-+ CTLOG *ct_log = NULL;
- /* log_name may not be null-terminated, so fix that before using it */
- char *tmp;
-+ int ret = 0;
-
- /* log_name will be NULL for empty list entries */
- if (log_name == NULL)
- return 1;
-
- tmp = OPENSSL_strndup(log_name, log_name_len);
-- ct_log = ctlog_new_from_conf(load_ctx->conf, tmp);
-+ if (tmp == NULL)
-+ goto mem_err;
-+
-+ ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
- OPENSSL_free(tmp);
-- if (ct_log == NULL) {
-+
-+ if (ret < 0) {
-+ /* Propagate any internal error */
-+ return ret;
-+ }
-+ if (ret == 0) {
- /* If we can't load this log, record that fact and skip it */
- ++load_ctx->invalid_log_entries;
- return 1;
- }
-
-- sk_CTLOG_push(load_ctx->log_store->logs, ct_log);
-+ if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
-+ goto mem_err;
-+ }
- return 1;
-+
-+mem_err:
-+ CTLOG_free(ct_log);
-+ CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
-+ return -1;
- }
-
- int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
-@@ -277,11 +237,13 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, c
- CTLOG *ret = CTLOG_new_null();
-
- if (ret == NULL)
-- goto err;
-+ return NULL;
-
- ret->name = OPENSSL_strdup(name);
-- if (ret->name == NULL)
-+ if (ret->name == NULL) {
-+ CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
- goto err;
-+ }
-
- ret->public_key = public_key;
- if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
---- a/crypto/ct/ct_oct.c
-+++ b/crypto/ct/ct_oct.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) and Stephen Henson
-- * (steve at openssl.org) for the OpenSSL project 2014.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef OPENSSL_NO_CT
-@@ -414,9 +365,9 @@ int i2o_SCT_LIST(const STACK_OF(SCT) *a,
- if (pp != NULL) {
- p = *pp;
- s2n(len2 - 2, p);
-+ if (!is_pp_new)
-+ *pp += len2;
- }
-- if (!is_pp_new)
-- *pp += len2;
- return len2;
-
- err:
---- a/crypto/ct/ct_policy.c
-+++ b/crypto/ct/ct_policy.c
-@@ -1,55 +1,11 @@
- /*
--* Implementations of Certificate Transparency SCT policies.
--* Written by Rob Percival (robpercival at google.com) for the OpenSSL project.
--*/
--/* ====================================================================
--* Copyright (c) 2016 The OpenSSL Project. All rights reserved.
--*
--* Redistribution and use in source and binary forms, with or without
--* modification, are permitted provided that the following conditions
--* are met:
--*
--* 1. Redistributions of source code must retain the above copyright
--* notice, this list of conditions and the following disclaimer.
--*
--* 2. Redistributions in binary form must reproduce the above copyright
--* notice, this list of conditions and the following disclaimer in
--* the documentation and/or other materials provided with the
--* distribution.
--*
--* 3. All advertising materials mentioning features or use of this
--* software must display the following acknowledgment:
--* "This product includes software developed by the OpenSSL Project
--* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
--*
--* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--* endorse or promote products derived from this software without
--* prior written permission. For written permission, please contact
--* licensing at OpenSSL.org.
--*
--* 5. Products derived from this software may not be called "OpenSSL"
--* nor may "OpenSSL" appear in their names without prior written
--* permission of the OpenSSL Project.
--*
--* 6. Redistributions of any form whatsoever must retain the following
--* acknowledgment:
--* "This product includes software developed by the OpenSSL Project
--* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
--*
--* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--* OF THE POSSIBILITY OF SUCH DAMAGE.
--* ====================================================================
--*/
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #ifdef OPENSSL_NO_CT
- # error "CT is disabled"
---- a/crypto/ct/ct_prn.c
-+++ b/crypto/ct/ct_prn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) and Stephen Henson
-- * (steve at openssl.org) for the OpenSSL project 2014.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef OPENSSL_NO_CT
---- a/crypto/ct/ct_sct.c
-+++ b/crypto/ct/ct_sct.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com), Stephen Henson (steve at openssl.org)
-- * and Adam Eijdenberg (adam.eijdenberg at gmail.com) for the OpenSSL project 2016.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef OPENSSL_NO_CT
-@@ -166,7 +117,7 @@ void SCT_set_timestamp(SCT *sct, uint64_
-
- int SCT_set_signature_nid(SCT *sct, int nid)
- {
-- switch (nid) {
-+ switch (nid) {
- case NID_sha256WithRSAEncryption:
- sct->hash_alg = TLSEXT_hash_sha256;
- sct->sig_alg = TLSEXT_signature_rsa;
---- a/crypto/ct/ct_sct_ctx.c
-+++ b/crypto/ct/ct_sct_ctx.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) and Stephen Henson
-- * (steve at openssl.org) for the OpenSSL project 2014.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef OPENSSL_NO_CT
---- a/crypto/ct/ct_vfy.c
-+++ b/crypto/ct/ct_vfy.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) and Stephen Henson
-- * (steve at openssl.org) for the OpenSSL project 2014.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
---- a/crypto/ct/ct_x509v3.c
-+++ b/crypto/ct/ct_x509v3.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) and Stephen Henson
-- * (steve at openssl.org) for the OpenSSL project 2014.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef OPENSSL_NO_CT
-@@ -80,7 +31,7 @@ static int i2r_SCT_LIST(X509V3_EXT_METHO
- }
-
- /* Handlers for X509v3/OCSP Certificate Transparency extensions */
--const X509V3_EXT_METHOD v3_ct_scts[] = {
-+const X509V3_EXT_METHOD v3_ct_scts[3] = {
- /* X509v3 extension in certificates that contains SCTs */
- { NID_ct_precert_scts, 0, NULL,
- NULL, (X509V3_EXT_FREE)SCT_LIST_free,
---- a/crypto/cversion.c
-+++ b/crypto/cversion.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/des/COPYRIGHT
-+++ /dev/null
-@@ -1,50 +0,0 @@
--Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
--All rights reserved.
--
--This package is an DES implementation written by Eric Young (eay at cryptsoft.com).
--The implementation was written so as to conform with MIT's libdes.
--
--This library is free for commercial and non-commercial use as long as
--the following conditions are aheared to. The following conditions
--apply to all code found in this distribution.
--
--Copyright remains Eric Young's, and as such any Copyright notices in
--the code are not to be removed.
--If this package is used in a product, Eric Young should be given attribution
--as the author of that the SSL library. This can be in the form of a textual
--message at program startup or in documentation (online or textual) provided
--with the package.
--
--Redistribution and use in source and binary forms, with or without
--modification, are permitted provided that the following conditions
--are met:
--1. Redistributions of source code must retain the copyright
-- notice, this list of conditions and the following disclaimer.
--2. Redistributions in binary form must reproduce the above copyright
-- notice, this list of conditions and the following disclaimer in the
-- documentation and/or other materials provided with the distribution.
--3. All advertising materials mentioning features or use of this software
-- must display the following acknowledgement:
-- This product includes software developed by Eric Young (eay at cryptsoft.com)
--
--THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
--ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
--ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
--FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
--DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
--OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
--LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
--OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
--SUCH DAMAGE.
--
--The license and distribution terms for any publically available version or
--derivative of this code cannot be changed. i.e. this code cannot simply be
--copied and put under another distrubution license
--[including the GNU Public License.]
--
--The reason behind this being stated in this direct manner is past
--experience in code simply being copied and the attribution removed
--from it and then being distributed as part of other packages. This
--implementation was a non-trivial and unpaid effort.
---- a/crypto/des/Makefile.in
-+++ /dev/null
-@@ -1,72 +0,0 @@
--#
--# OpenSSL/crypto/des/Makefile
--#
--
--DIR= des
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=-I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--RANLIB= ranlib
--DES_ENC= des_enc.o fcrypt_b.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \
-- ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \
-- fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \
-- qud_cksm.c rand_key.c rpc_enc.c set_key.c \
-- des_enc.c fcrypt_b.c \
-- xcbc_enc.c \
-- str2key.c cfb64ede.c ofb64ede.c \
-- read2pwd.c
--
--LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \
-- ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \
-- enc_read.o enc_writ.o ofb64enc.o \
-- ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \
-- ${DES_ENC} \
-- fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \
-- read2pwd.o
--
--SRC= $(LIBSRC)
--
--HEADER= des_locl.h rpc_des.h spr.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--des_enc-sparc.S: asm/des_enc.m4
-- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
--dest4-sparcv9.S: asm/dest4-sparcv9.pl
-- $(PERL) asm/dest4-sparcv9.pl $(PERLASM_SCHEME) $@
--
--des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-- $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) $@
--crypt586.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-- $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/des/asm/crypt586.pl
-+++ b/crypto/des/asm/crypt586.pl
-@@ -1,10 +1,13 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # The inner loop instruction sequence and the IP/FP modifications are from
- # Svend Olaf Mikkelsen <svolaf at inet.uni-c.dk>
--# I've added the stuff needed for crypt() but I've not worried about making
--# things perfect.
--#
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
---- a/crypto/des/asm/des-586.pl
-+++ b/crypto/des/asm/des-586.pl
-@@ -1,8 +1,13 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # The inner loop instruction sequence and the IP/FP modifications are from
- # Svend Olaf Mikkelsen <svolaf at inet.uni-c.dk>
--#
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
---- a/crypto/des/asm/des_enc.m4
-+++ b/crypto/des/asm/des_enc.m4
-@@ -1,26 +1,9 @@
--! des_enc.m4
--! des_enc.S (generated from des_enc.m4)
-+! Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- !
--! UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file.
--!
--! Version 1.0. 32-bit version.
--!
--! June 8, 2000.
--!
--! Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation
--! by Andy Polyakov.
--!
--! January 1, 2003.
--!
--! Assembler version: Copyright Svend Olaf Mikkelsen.
--!
--! Original C code: Copyright Eric A. Young.
--!
--! This code can be freely used by LibDES/SSLeay/OpenSSL users.
--!
--! The LibDES/SSLeay/OpenSSL copyright notices must be respected.
--!
--! This version can be redistributed.
-+! Licensed under the OpenSSL license (the "License"). You may not use
-+! this file except in compliance with the License. You can obtain a copy
-+! in the file LICENSE in the source distribution or at
-+! https://www.openssl.org/source/license.html
- !
- ! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
- !
---- a/crypto/des/asm/desboth.pl
-+++ b/crypto/des/asm/desboth.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $L="edi";
- $R="esi";
---- a/crypto/des/asm/dest4-sparcv9.pl
-+++ b/crypto/des/asm/dest4-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by David S. Miller <davem at devemloft.net> and Andy Polyakov
-@@ -99,7 +106,7 @@ open STDOUT,">$output";
- des_t4_cbc_encrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f0 ! load ivec
- ld [$ivec + 4], %f1
-
-@@ -200,7 +207,7 @@ open STDOUT,">$output";
- des_t4_cbc_decrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f2 ! load ivec
- ld [$ivec + 4], %f3
-
-@@ -308,7 +315,7 @@ open STDOUT,">$output";
- des_t4_ede3_cbc_encrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f0 ! load ivec
- ld [$ivec + 4], %f1
-
-@@ -460,7 +467,7 @@ open STDOUT,">$output";
- des_t4_ede3_cbc_decrypt:
- cmp $len, 0
- be,pn $::size_t_cc, .Lcbc_abort
-- nop
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- ld [$ivec + 0], %f2 ! load ivec
- ld [$ivec + 4], %f3
-
---- a/crypto/des/asm/readme
-+++ /dev/null
-@@ -1,131 +0,0 @@
--First up, let me say I don't like writing in assembler. It is not portable,
--dependant on the particular CPU architecture release and is generally a pig
--to debug and get right. Having said that, the x86 architecture is probably
--the most important for speed due to number of boxes and since
--it appears to be the worst architecture to to get
--good C compilers for. So due to this, I have lowered myself to do
--assembler for the inner DES routines in libdes :-).
--
--The file to implement in assembler is des_enc.c. Replace the following
--4 functions
--des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
--des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
--des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
--des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
--
--They encrypt/decrypt the 64 bits held in 'data' using
--the 'ks' key schedules. The only difference between the 4 functions is that
--des_encrypt2() does not perform IP() or FP() on the data (this is an
--optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
--perform triple des. The triple DES routines are in here because it does
--make a big difference to have them located near the des_encrypt2 function
--at link time..
--
--Now as we all know, there are lots of different operating systems running on
--x86 boxes, and unfortunately they normally try to make sure their assembler
--formating is not the same as the other peoples.
--The 4 main formats I know of are
--Microsoft Windows 95/Windows NT
--Elf Includes Linux and FreeBSD(?).
--a.out The older Linux.
--Solaris Same as Elf but different comments :-(.
--
--Now I was not overly keen to write 4 different copies of the same code,
--so I wrote a few perl routines to output the correct assembler, given
--a target assembler type. This code is ugly and is just a hack.
--The libraries are x86unix.pl and x86ms.pl.
--des586.pl, des686.pl and des-som[23].pl are the programs to actually
--generate the assembler.
--
--So to generate elf assembler
--perl des-som3.pl elf >dx86-elf.s
--For Windows 95/NT
--perl des-som2.pl win32 >win32.asm
--
--[ update 4 Jan 1996 ]
--I have added another way to do things.
--perl des-som3.pl cpp >dx86-cpp.s
--generates a file that will be included by dx86unix.cpp when it is compiled.
--To build for elf, a.out, solaris, bsdi etc,
--cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
--cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
--cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
--cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
--This was done to cut down the number of files in the distribution.
--
--Now the ugly part. I acquired my copy of Intels
--"Optimization's For Intel's 32-Bit Processors" and found a few interesting
--things. First, the aim of the exersize is to 'extract' one byte at a time
--from a word and do an array lookup. This involves getting the byte from
--the 4 locations in the word and moving it to a new word and doing the lookup.
--The most obvious way to do this is
--xor eax, eax # clear word
--movb al, cl # get low byte
--xor edi DWORD PTR 0x100+des_SP[eax] # xor in word
--movb al, ch # get next byte
--xor edi DWORD PTR 0x300+des_SP[eax] # xor in word
--shr ecx 16
--which seems ok. For the pentium, this system appears to be the best.
--One has to do instruction interleaving to keep both functional units
--operating, but it is basically very efficient.
--
--Now the crunch. When a full register is used after a partial write, eg.
--mov al, cl
--xor edi, DWORD PTR 0x100+des_SP[eax]
--386 - 1 cycle stall
--486 - 1 cycle stall
--586 - 0 cycle stall
--686 - at least 7 cycle stall (page 22 of the above mentioned document).
--
--So the technique that produces the best results on a pentium, according to
--the documentation, will produce hideous results on a pentium pro.
--
--To get around this, des686.pl will generate code that is not as fast on
--a pentium, should be very good on a pentium pro.
--mov eax, ecx # copy word
--shr ecx, 8 # line up next byte
--and eax, 0fch # mask byte
--xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup
--mov eax, ecx # get word
--shr ecx 8 # line up next byte
--and eax, 0fch # mask byte
--xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup
--
--Due to the execution units in the pentium, this actually works quite well.
--For a pentium pro it should be very good. This is the type of output
--Visual C++ generates.
--
--There is a third option. instead of using
--mov al, ch
--which is bad on the pentium pro, one may be able to use
--movzx eax, ch
--which may not incur the partial write penalty. On the pentium,
--this instruction takes 4 cycles so is not worth using but on the
--pentium pro it appears it may be worth while. I need access to one to
--experiment :-).
--
--eric (20 Oct 1996)
--
--22 Nov 1996 - I have asked people to run the 2 different version on pentium
--pros and it appears that the intel documentation is wrong. The
--mov al,bh is still faster on a pentium pro, so just use the des586.pl
--install des686.pl
--
--3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
--functions into des_enc.c because it does make a massive performance
--difference on some boxes to have the functions code located close to
--the des_encrypt2() function.
--
--9 Jan 1997 - des-som2.pl is now the correct perl script to use for
--pentiums. It contains an inner loop from
--Svend Olaf Mikkelsen <svolaf at inet.uni-c.dk> which does raw ecb DES calls at
--273,000 per second. He had a previous version at 250,000 and the best
--I was able to get was 203,000. The content has not changed, this is all
--due to instruction sequencing (and actual instructions choice) which is able
--to keep both functional units of the pentium going.
--We may have lost the ugly register usage restrictions when x86 went 32 bit
--but for the pentium it has been replaced by evil instruction ordering tricks.
--
--13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
--raw DES at 281,000 per second on a pentium 100.
--
---- a/crypto/des/build.info
-+++ b/crypto/des/build.info
-@@ -1,12 +1,11 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
- set_key.c ecb_enc.c cbc_enc.c \
-- ecb3_enc.c cfb64enc.c cfb64ede.c cfb_enc.c ofb64ede.c \
-- enc_read.c enc_writ.c ofb64enc.c \
-- ofb_enc.c str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
-+ ecb3_enc.c cfb64enc.c cfb64ede.c cfb_enc.c \
-+ ofb64ede.c ofb64enc.c ofb_enc.c \
-+ str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
- {- $target{des_asm_src} -} \
-- fcrypt.c xcbc_enc.c rpc_enc.c cbc_cksm.c \
-- read2pwd.c
-+ fcrypt.c xcbc_enc.c rpc_enc.c cbc_cksm.c
-
- GENERATE[des_enc-sparc.S]=asm/des_enc.m4
- GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME)
---- a/crypto/des/cbc_cksm.c
-+++ b/crypto/des/cbc_cksm.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/cbc_enc.c
-+++ b/crypto/des/cbc_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define CBC_ENC_C__DONT_UPDATE_IV
---- a/crypto/des/cfb64ede.c
-+++ b/crypto/des/cfb64ede.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/cfb64enc.c
-+++ b/crypto/des/cfb64enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/cfb_enc.c
-+++ b/crypto/des/cfb_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "e_os.h"
---- a/crypto/des/des_enc.c
-+++ b/crypto/des/des_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/des/des_locl.h
-+++ b/crypto/des/des_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_DES_LOCL_H
-@@ -60,38 +12,12 @@
-
- # include <openssl/e_os2.h>
-
--# if defined(OPENSSL_SYS_WIN32)
--# ifndef OPENSSL_SYS_MSDOS
--# define OPENSSL_SYS_MSDOS
--# endif
--# endif
--
- # include <stdio.h>
- # include <stdlib.h>
-+# include <string.h>
-
--# ifndef OPENSSL_SYS_MSDOS
--# if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
--# ifdef OPENSSL_UNISTD
--# include OPENSSL_UNISTD
--# else
--# include <unistd.h>
--# endif
--# include <math.h>
--# endif
--# endif
- # include <openssl/des.h>
-
--# ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */
--# include <stdlib.h>
--# include <errno.h>
--# include <time.h>
--# include <io.h>
--# endif
--
--# if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
--# include <string.h>
--# endif
--
- # ifdef OPENSSL_BUILD_SHLIBCRYPTO
- # undef OPENSSL_EXTERN
- # define OPENSSL_EXTERN OPENSSL_EXPORT
---- a/crypto/des/ecb3_enc.c
-+++ b/crypto/des/ecb3_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/ecb_enc.c
-+++ b/crypto/des/ecb_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/enc_read.c
-+++ /dev/null
-@@ -1,234 +0,0 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
--#include <stdio.h>
--#include <errno.h>
--#include "internal/cryptlib.h"
--#include "des_locl.h"
--
--/* This has some uglies in it but it works - even over sockets. */
--/*
-- * extern int errno;
-- */
--OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode, DES_PCBC_MODE)
--
--/*-
-- * WARNINGS:
-- *
-- * - The data format used by DES_enc_write() and DES_enc_read()
-- * has a cryptographic weakness: When asked to write more
-- * than MAXWRITE bytes, DES_enc_write will split the data
-- * into several chunks that are all encrypted
-- * using the same IV. So don't use these functions unless you
-- * are sure you know what you do (in which case you might
-- * not want to use them anyway).
-- *
-- * - This code cannot handle non-blocking sockets.
-- *
-- * - This function uses an internal state and thus cannot be
-- * used on multiple files.
-- */
--int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-- DES_cblock *iv)
--{
--#if defined(OPENSSL_NO_POSIX_IO)
-- return (0);
--#else
-- /* data to be unencrypted */
-- int net_num = 0;
-- static unsigned char *net = NULL;
-- /*
-- * extra unencrypted data for when a block of 100 comes in but is
-- * des_read one byte at a time.
-- */
-- static unsigned char *unnet = NULL;
-- static int unnet_start = 0;
-- static int unnet_left = 0;
-- static unsigned char *tmpbuf = NULL;
-- int i;
-- long num = 0, rnum;
-- unsigned char *p;
--
-- if (tmpbuf == NULL) {
-- tmpbuf = OPENSSL_malloc(BSIZE);
-- if (tmpbuf == NULL)
-- return (-1);
-- }
-- if (net == NULL) {
-- net = OPENSSL_malloc(BSIZE);
-- if (net == NULL)
-- return (-1);
-- }
-- if (unnet == NULL) {
-- unnet = OPENSSL_malloc(BSIZE);
-- if (unnet == NULL)
-- return (-1);
-- }
-- /* left over data from last decrypt */
-- if (unnet_left != 0) {
-- if (unnet_left < len) {
-- /*
-- * we still still need more data but will return with the number
-- * of bytes we have - should always check the return value
-- */
-- memcpy(buf, &(unnet[unnet_start]), unnet_left);
-- /*
-- * eay 26/08/92 I had the next 2 lines reversed :-(
-- */
-- i = unnet_left;
-- unnet_start = unnet_left = 0;
-- } else {
-- memcpy(buf, &(unnet[unnet_start]), len);
-- unnet_start += len;
-- unnet_left -= len;
-- i = len;
-- }
-- return (i);
-- }
--
-- /* We need to get more data. */
-- if (len > MAXWRITE)
-- len = MAXWRITE;
--
-- /* first - get the length */
-- while (net_num < HDRSIZE) {
--# ifndef OPENSSL_SYS_WIN32
-- i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
--# else
-- i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
--# endif
--# ifdef EINTR
-- if ((i == -1) && (errno == EINTR))
-- continue;
--# endif
-- if (i <= 0)
-- return (0);
-- net_num += i;
-- }
--
-- /* we now have at net_num bytes in net */
-- p = net;
-- /* num=0; */
-- n2l(p, num);
-- /*
-- * num should be rounded up to the next group of eight we make sure that
-- * we have read a multiple of 8 bytes from the net.
-- */
-- if ((num > MAXWRITE) || (num < 0)) /* error */
-- return (-1);
-- rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8);
--
-- net_num = 0;
-- while (net_num < rnum) {
--# ifndef OPENSSL_SYS_WIN32
-- i = read(fd, (void *)&(net[net_num]), rnum - net_num);
--# else
-- i = _read(fd, (void *)&(net[net_num]), rnum - net_num);
--# endif
--# ifdef EINTR
-- if ((i == -1) && (errno == EINTR))
-- continue;
--# endif
-- if (i <= 0)
-- return (0);
-- net_num += i;
-- }
--
-- /* Check if there will be data left over. */
-- if (len < num) {
-- if (DES_rw_mode & DES_PCBC_MODE)
-- DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
-- else
-- DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
-- memcpy(buf, unnet, len);
-- unnet_start = len;
-- unnet_left = num - len;
--
-- /*
-- * The following line is done because we return num as the number of
-- * bytes read.
-- */
-- num = len;
-- } else {
-- /*-
-- * >output is a multiple of 8 byes, if len < rnum
-- * >we must be careful. The user must be aware that this
-- * >routine will write more bytes than he asked for.
-- * >The length of the buffer must be correct.
-- * FIXED - Should be ok now 18-9-90 - eay */
-- if (len < rnum) {
--
-- if (DES_rw_mode & DES_PCBC_MODE)
-- DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
-- else
-- DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
--
-- /*
-- * eay 26/08/92 fix a bug that returned more bytes than you asked
-- * for (returned len bytes :-(
-- */
-- memcpy(buf, tmpbuf, num);
-- } else {
-- if (DES_rw_mode & DES_PCBC_MODE)
-- DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
-- else
-- DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
-- }
-- }
-- return num;
--#endif /* OPENSSL_NO_POSIX_IO */
--}
---- a/crypto/des/enc_writ.c
-+++ /dev/null
-@@ -1,180 +0,0 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
--#include <errno.h>
--#include <time.h>
--#include <stdio.h>
--#include "internal/cryptlib.h"
--#include "des_locl.h"
--#include <openssl/rand.h>
--
--/*-
-- * WARNINGS:
-- *
-- * - The data format used by DES_enc_write() and DES_enc_read()
-- * has a cryptographic weakness: When asked to write more
-- * than MAXWRITE bytes, DES_enc_write will split the data
-- * into several chunks that are all encrypted
-- * using the same IV. So don't use these functions unless you
-- * are sure you know what you do (in which case you might
-- * not want to use them anyway).
-- *
-- * - This code cannot handle non-blocking sockets.
-- */
--
--int DES_enc_write(int fd, const void *_buf, int len,
-- DES_key_schedule *sched, DES_cblock *iv)
--{
--#if defined(OPENSSL_NO_POSIX_IO)
-- return (-1);
--#else
--# ifdef _LIBC
-- extern unsigned long time();
-- extern int write();
--# endif
-- const unsigned char *buf = _buf;
-- long rnum;
-- int i, j, k, outnum;
-- static unsigned char *outbuf = NULL;
-- unsigned char shortbuf[8];
-- unsigned char *p;
-- const unsigned char *cp;
-- static int start = 1;
--
-- if (len < 0)
-- return -1;
--
-- if (outbuf == NULL) {
-- outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
-- if (outbuf == NULL)
-- return (-1);
-- }
-- /*
-- * If we are sending less than 8 bytes, the same char will look the same
-- * if we don't pad it out with random bytes
-- */
-- if (start) {
-- start = 0;
-- }
--
-- /* lets recurse if we want to send the data in small chunks */
-- if (len > MAXWRITE) {
-- j = 0;
-- for (i = 0; i < len; i += k) {
-- k = DES_enc_write(fd, &(buf[i]),
-- ((len - i) > MAXWRITE) ? MAXWRITE : (len - i),
-- sched, iv);
-- if (k < 0)
-- return (k);
-- else
-- j += k;
-- }
-- return (j);
-- }
--
-- /* write length first */
-- p = outbuf;
-- l2n(len, p);
--
-- /* pad short strings */
-- if (len < 8) {
-- cp = shortbuf;
-- memcpy(shortbuf, buf, len);
-- if (RAND_bytes(shortbuf + len, 8 - len) <= 0)
-- return -1;
-- rnum = 8;
-- } else {
-- cp = buf;
-- rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */
-- }
--
-- if (DES_rw_mode & DES_PCBC_MODE)
-- DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
-- iv, DES_ENCRYPT);
-- else
-- DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
-- iv, DES_ENCRYPT);
--
-- /* output */
-- outnum = rnum + HDRSIZE;
--
-- for (j = 0; j < outnum; j += i) {
-- /*
-- * eay 26/08/92 I was not doing writing from where we got up to.
-- */
--# ifndef _WIN32
-- i = write(fd, (void *)&(outbuf[j]), outnum - j);
--# else
-- i = _write(fd, (void *)&(outbuf[j]), outnum - j);
--# endif
-- if (i == -1) {
--# ifdef EINTR
-- if (errno == EINTR)
-- i = 0;
-- else
--# endif
-- /*
-- * This is really a bad error - very bad It will stuff-up
-- * both ends.
-- */
-- return (-1);
-- }
-- }
--
-- return (len);
--#endif /* OPENSSL_NO_POSIX_IO */
--}
---- a/crypto/des/fcrypt.c
-+++ b/crypto/des/fcrypt.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* NOCW */
- #include <stdio.h>
- #ifdef _OSD_POSIX
-@@ -9,19 +18,6 @@
- # include <openssl/ebcdic.h>
- #endif
-
--/*
-- * This version of crypt has been developed from my MIT compatible DES
-- * library. Eric Young (eay at cryptsoft.com)
-- */
--
--/*
-- * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for
-- * shared memory computers. I have included a directive LONGCRYPT to using
-- * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it
-- * used. The MAXPLEN definition is the maximum of length of password and can
-- * changed. I have defined 24.
-- */
--
- #include <openssl/crypto.h>
- #include "des_locl.h"
-
-@@ -70,27 +66,23 @@ char *DES_crypt(const char *buf, const c
- char e_buf[32 + 1]; /* replace 32 by 8 ? */
- char *ret;
-
-- /* Copy at most 2 chars of salt */
-- if ((e_salt[0] = salt[0]) != '\0')
-- e_salt[1] = salt[1];
-+ if (salt[0] == '\0' || salt[1] == '\0')
-+ return NULL;
-
-- /* Copy at most 32 chars of password */
-- strncpy(e_buf, buf, sizeof(e_buf));
-+ /* Copy salt, convert to ASCII. */
-+ e_salt[0] = salt[0];
-+ e_salt[1] = salt[1];
-+ e_salt[2] = '\0';
-+ ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
-
-- /* Make sure we have a delimiter */
-- e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
--
-- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
-- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
--
-- /* Convert the cleartext password to ASCII */
-+ /* Convert password to ASCII. */
-+ OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
- ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
-
-- /* Encrypt it (from/to ASCII) */
-+ /* Encrypt it (from/to ASCII); if it worked, convert back. */
- ret = DES_fcrypt(e_buf, e_salt, buff);
--
-- /* Convert the result back to EBCDIC */
-- ascii2ebcdic(ret, ret, strlen(ret));
-+ if (ret != NULL)
-+ ascii2ebcdic(ret, ret, strlen(ret));
-
- return ret;
- #endif
-@@ -107,25 +99,14 @@ char *DES_fcrypt(const char *buf, const
- unsigned char *b = bb;
- unsigned char c, u;
-
-- /*
-- * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
-- * have * as the pwd field in /etc/passwd, the function returns
-- * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
-- * crypt to "*". This was found when replacing the crypt in our shared
-- * libraries. People found that the disabled accounts effectively had no
-- * passwd :-(.
-- */
--#ifndef CHARSET_EBCDIC
-- x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
-+ x = ret[0] = salt[0];
-+ if (x == 0 || x >= sizeof(con_salt))
-+ return NULL;
- Eswap0 = con_salt[x] << 2;
-- x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
-+ x = ret[1] = salt[1];
-+ if (x == 0 || x >= sizeof(con_salt))
-+ return NULL;
- Eswap1 = con_salt[x] << 6;
--#else
-- x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
-- Eswap0 = con_salt[x] << 2;
-- x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
-- Eswap1 = con_salt[x] << 6;
--#endif
-
- /*
- * EAY r=strlen(buf); r=(r+7)/8;
---- a/crypto/des/fcrypt_b.c
-+++ b/crypto/des/fcrypt_b.c
-@@ -1,68 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-
--/*
-- * This version of crypt has been developed from my MIT compatible DES
-- * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
-- * Eric Young (eay at cryptsoft.com)
-- */
--
- #define DES_FCRYPT
- #include "des_locl.h"
- #undef DES_FCRYPT
---- a/crypto/des/ncbc_enc.c
-+++ b/crypto/des/ncbc_enc.c
-@@ -1,64 +1,17 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*-
- * #included by:
- * cbc_enc.c (DES_cbc_encrypt)
- * des_enc.c (DES_ncbc_encrypt)
- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
-
- #include "des_locl.h"
-
---- a/crypto/des/ofb64ede.c
-+++ b/crypto/des/ofb64ede.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/ofb64enc.c
-+++ b/crypto/des/ofb64enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/ofb_enc.c
-+++ b/crypto/des/ofb_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/pcbc_enc.c
-+++ b/crypto/des/pcbc_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/des/qud_cksm.c
-+++ b/crypto/des/qud_cksm.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/des/rand_key.c
-+++ b/crypto/des/rand_key.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/des.h>
---- a/crypto/des/read2pwd.c
-+++ /dev/null
-@@ -1,146 +0,0 @@
--/* ====================================================================
-- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
--#include <string.h>
--#include <openssl/des.h>
--#include <openssl/ui.h>
--#include <openssl/crypto.h>
--
--#ifndef OPENSSL_NO_UI
--
--#ifndef BUFSIZ
--#define BUFSIZ 256
--#endif
--
--int DES_read_password(DES_cblock *key, const char *prompt, int verify)
--{
-- int ok;
-- char buf[BUFSIZ], buff[BUFSIZ];
--
-- if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
-- DES_string_to_key(buf, key);
-- OPENSSL_cleanse(buf, BUFSIZ);
-- OPENSSL_cleanse(buff, BUFSIZ);
-- return (ok);
--}
--
--int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
-- const char *prompt, int verify)
--{
-- int ok;
-- char buf[BUFSIZ], buff[BUFSIZ];
--
-- if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
-- DES_string_to_2keys(buf, key1, key2);
-- OPENSSL_cleanse(buf, BUFSIZ);
-- OPENSSL_cleanse(buff, BUFSIZ);
-- return (ok);
--}
--#endif
---- a/crypto/des/rpc_des.h
-+++ b/crypto/des/rpc_des.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */
---- a/crypto/des/rpc_enc.c
-+++ b/crypto/des/rpc_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "rpc_des.h"
---- a/crypto/des/set_key.c
-+++ b/crypto/des/set_key.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*-
---- a/crypto/des/spr.h
-+++ b/crypto/des/spr.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
---- a/crypto/des/str2key.c
-+++ b/crypto/des/str2key.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
-@@ -62,7 +14,6 @@ void DES_string_to_key(const char *str,
- {
- DES_key_schedule ks;
- int i, length;
-- register unsigned char j;
-
- memset(key, 0, 8);
- length = strlen(str);
-@@ -71,7 +22,8 @@ void DES_string_to_key(const char *str,
- (*key)[i % 8] ^= (str[i] << 1);
- #else /* MIT COMPATIBLE */
- for (i = 0; i < length; i++) {
-- j = str[i];
-+ register unsigned char j = str[i];
-+
- if ((i % 16) < 8)
- (*key)[i % 8] ^= (j << 1);
- else {
-@@ -94,7 +46,6 @@ void DES_string_to_2keys(const char *str
- {
- DES_key_schedule ks;
- int i, length;
-- register unsigned char j;
-
- memset(key1, 0, 8);
- memset(key2, 0, 8);
-@@ -114,7 +65,8 @@ void DES_string_to_2keys(const char *str
- }
- #else /* MIT COMPATIBLE */
- for (i = 0; i < length; i++) {
-- j = str[i];
-+ register unsigned char j = str[i];
-+
- if ((i % 32) < 16) {
- if ((i % 16) < 8)
- (*key1)[i % 8] ^= (j << 1);
---- a/crypto/des/xcbc_enc.c
-+++ b/crypto/des/xcbc_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "des_locl.h"
---- a/crypto/dh/Makefile.in
-+++ /dev/null
-@@ -1,45 +0,0 @@
--#
--# OpenSSL/crypto/dh/Makefile
--#
--
--DIR= dh
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
-- dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c
--LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \
-- dh_ameth.o dh_pmeth.o dh_prn.o dh_rfc5114.o dh_kdf.o dh_meth.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -329,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH
- else
- pub_key = NULL;
-
-- if (priv_key == NULL && pub_key == NULL) {
-+ if (x->p == NULL || (ptype == 2 && priv_key == NULL)
-+ || (ptype > 0 && pub_key == NULL)) {
- reason = ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
-@@ -486,7 +438,7 @@ static int dh_copy_parameters(EVP_PKEY *
-
- static int dh_missing_parameters(const EVP_PKEY *a)
- {
-- if (!a->pkey.dh->p || !a->pkey.dh->g)
-+ if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
- return 1;
- return 0;
- }
---- a/crypto/dh/dh_asn1.c
-+++ b/crypto/dh/dh_asn1.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -72,7 +24,7 @@
-
- int DH_check(const DH *dh, int *ret)
- {
-- int ok = 0;
-+ int ok = 0, r;
- BN_CTX *ctx = NULL;
- BN_ULONG l;
- BIGNUM *t1 = NULL, *t2 = NULL;
-@@ -101,7 +53,10 @@ int DH_check(const DH *dh, int *ret)
- if (!BN_is_one(t1))
- *ret |= DH_NOT_SUITABLE_GENERATOR;
- }
-- if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL))
-+ r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
-+ if (r < 0)
-+ goto err;
-+ if (!r)
- *ret |= DH_CHECK_Q_NOT_PRIME;
- /* Check p == 1 mod q i.e. q divides p - 1 */
- if (!BN_div(t1, t2, dh->p, dh->q, ctx))
-@@ -113,21 +68,31 @@ int DH_check(const DH *dh, int *ret)
-
- } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
- l = BN_mod_word(dh->p, 24);
-+ if (l == (BN_ULONG)-1)
-+ goto err;
- if (l != 11)
- *ret |= DH_NOT_SUITABLE_GENERATOR;
- } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
- l = BN_mod_word(dh->p, 10);
-+ if (l == (BN_ULONG)-1)
-+ goto err;
- if ((l != 3) && (l != 7))
- *ret |= DH_NOT_SUITABLE_GENERATOR;
- } else
- *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
-
-- if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
-+ r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
-+ if (r < 0)
-+ goto err;
-+ if (!r)
- *ret |= DH_CHECK_P_NOT_PRIME;
- else if (!dh->q) {
- if (!BN_rshift1(t1, dh->p))
- goto err;
-- if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL))
-+ r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
-+ if (r < 0)
-+ goto err;
-+ if (!r)
- *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
- }
- ok = 1;
---- a/crypto/dh/dh_depr.c
-+++ b/crypto/dh/dh_depr.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* This file contains deprecated functions as wrappers to the new ones */
---- a/crypto/dh/dh_err.c
-+++ b/crypto/dh/dh_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -75,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
- {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
- {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
- {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"},
-+ {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"},
-+ {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"},
-+ {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"},
- {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
- {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"},
- {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"},
-@@ -83,7 +36,6 @@ static ERR_STRING_DATA DH_str_functs[] =
- {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"},
- {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"},
- {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"},
-- {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
- {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"},
- {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"},
- {0, NULL}
-@@ -97,7 +49,6 @@ static ERR_STRING_DATA DH_str_reasons[]
- {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
- {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
- {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
-- {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
- {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
- {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
- {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
-@@ -109,7 +60,7 @@ static ERR_STRING_DATA DH_str_reasons[]
-
- #endif
-
--void ERR_load_DH_strings(void)
-+int ERR_load_DH_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -118,4 +69,5 @@ void ERR_load_DH_strings(void)
- ERR_load_strings(0, DH_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/dh/dh_gen.c
-+++ b/crypto/dh/dh_gen.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/dh/dh_kdf.c
-+++ b/crypto/dh/dh_kdf.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Stephen Henson for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <e_os.h>
-@@ -160,8 +117,8 @@ int DH_KDF_X9_42(unsigned char *out, siz
- goto err;
- for (i = 1;; i++) {
- unsigned char mtmp[EVP_MAX_MD_SIZE];
-- EVP_DigestInit_ex(mctx, md, NULL);
-- if (!EVP_DigestUpdate(mctx, Z, Zlen))
-+ if (!EVP_DigestInit_ex(mctx, md, NULL)
-+ || !EVP_DigestUpdate(mctx, Z, Zlen))
- goto err;
- ctr[3] = i & 0xFF;
- ctr[2] = (i >> 8) & 0xFF;
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -1,63 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
--#include <openssl/rand.h>
- #include "dh_locl.h"
- #include "internal/bn_int.h"
-
-@@ -161,24 +112,18 @@ static int generate_key(DH *dh)
- }
-
- {
-- BIGNUM *local_prk = NULL;
-- BIGNUM *prk;
-+ BIGNUM *prk = BN_new();
-
-- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-- local_prk = prk = BN_new();
-- if (local_prk == NULL)
-- goto err;
-- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-- } else {
-- prk = priv_key;
-- }
-+ if (prk == NULL)
-+ goto err;
-+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
-- BN_free(local_prk);
-+ BN_free(prk);
- goto err;
- }
-- /* We MUST free local_prk before any further use of priv_key */
-- BN_free(local_prk);
-+ /* We MUST free prk before any further use of priv_key */
-+ BN_free(prk);
- }
-
- dh->pub_key = pub_key;
-@@ -223,10 +168,7 @@ static int compute_key(unsigned char *ke
- if (dh->flags & DH_FLAG_CACHE_MONT_P) {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- dh->lock, dh->p, ctx);
-- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-- /* XXX */
-- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-- }
-+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
- if (!mont)
- goto err;
- }
-@@ -255,15 +197,7 @@ static int dh_bn_mod_exp(const DH *dh, B
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
-- /*
-- * If a is only one word long and constant time is false, use the faster
-- * exponentiation function.
-- */
-- if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
-- BN_ULONG A = bn_get_words(a)[0];
-- return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
-- } else
-- return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
- }
-
- static int dh_init(DH *dh)
---- a/crypto/dh/dh_lib.c
-+++ b/crypto/dh/dh_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -109,13 +61,21 @@ DH *DH_new_method(ENGINE *engine)
- return NULL;
- }
-
-+ ret->references = 1;
-+ ret->lock = CRYPTO_THREAD_lock_new();
-+ if (ret->lock == NULL) {
-+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
-+
- ret->meth = DH_get_default_method();
- #ifndef OPENSSL_NO_ENGINE
-+ ret->flags = ret->meth->flags; /* early default init */
- if (engine) {
- if (!ENGINE_init(engine)) {
- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- ret->engine = engine;
- } else
-@@ -124,29 +84,19 @@ DH *DH_new_method(ENGINE *engine)
- ret->meth = ENGINE_get_DH(ret->engine);
- if (ret->meth == NULL) {
- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-- ENGINE_finish(ret->engine);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- }
- #endif
-
-- ret->references = 1;
- ret->flags = ret->meth->flags;
-
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
--
-- ret->lock = CRYPTO_THREAD_lock_new();
-- if (ret->lock == NULL) {
--#ifndef OPENSSL_NO_ENGINE
-- ENGINE_finish(ret->engine);
--#endif
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-- OPENSSL_free(ret);
-- return NULL;
-- }
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
-+ goto err;
-
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
-+err:
- DH_free(ret);
- ret = NULL;
- }
-@@ -233,7 +183,8 @@ int DH_security_bits(const DH *dh)
- }
-
-
--void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g)
-+void DH_get0_pqg(const DH *dh,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
- {
- if (p != NULL)
- *p = dh->p;
-@@ -245,15 +196,25 @@ void DH_get0_pqg(const DH *dh, BIGNUM **
-
- int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
- {
-- /* q is optional */
-- if (p == NULL || g == NULL)
-+ /* If the fields p and g in d are NULL, the corresponding input
-+ * parameters MUST be non-NULL. q may remain NULL.
-+ */
-+ if ((dh->p == NULL && p == NULL)
-+ || (dh->g == NULL && g == NULL))
- return 0;
-- BN_free(dh->p);
-- BN_free(dh->q);
-- BN_free(dh->g);
-- dh->p = p;
-- dh->q = q;
-- dh->g = g;
-+
-+ if (p != NULL) {
-+ BN_free(dh->p);
-+ dh->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(dh->q);
-+ dh->q = q;
-+ }
-+ if (g != NULL) {
-+ BN_free(dh->g);
-+ dh->g = g;
-+ }
-
- if (q != NULL) {
- dh->length = BN_num_bits(q);
-@@ -273,7 +234,7 @@ int DH_set_length(DH *dh, long length)
- return 1;
- }
-
--void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key)
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
- {
- if (pub_key != NULL)
- *pub_key = dh->pub_key;
-@@ -283,14 +244,21 @@ void DH_get0_key(const DH *dh, BIGNUM **
-
- int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
- {
-- /* Note that it is valid for priv_key to be NULL */
-- if (pub_key == NULL)
-+ /* If the field pub_key in dh is NULL, the corresponding input
-+ * parameters MUST be non-NULL. The priv_key field may
-+ * be left NULL.
-+ */
-+ if (dh->pub_key == NULL && pub_key == NULL)
- return 0;
-
-- BN_free(dh->pub_key);
-- BN_free(dh->priv_key);
-- dh->pub_key = pub_key;
-- dh->priv_key = priv_key;
-+ if (pub_key != NULL) {
-+ BN_free(dh->pub_key);
-+ dh->pub_key = pub_key;
-+ }
-+ if (priv_key != NULL) {
-+ BN_free(dh->priv_key);
-+ dh->priv_key = priv_key;
-+ }
-
- return 1;
- }
---- a/crypto/dh/dh_locl.h
-+++ b/crypto/dh/dh_locl.h
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <openssl/dh.h>
---- a/crypto/dh/dh_meth.c
-+++ b/crypto/dh/dh_meth.c
-@@ -1,16 +1,15 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
--
- #include "dh_locl.h"
- #include <string.h>
-+#include <openssl/err.h>
-
- DH_METHOD *DH_meth_new(const char *name, int flags)
- {
-@@ -18,6 +17,11 @@ DH_METHOD *DH_meth_new(const char *name,
-
- if (dhm != NULL) {
- dhm->name = OPENSSL_strdup(name);
-+ if (dhm->name == NULL) {
-+ OPENSSL_free(dhm);
-+ DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- dhm->flags = flags;
- }
-
-@@ -27,8 +31,7 @@ DH_METHOD *DH_meth_new(const char *name,
- void DH_meth_free(DH_METHOD *dhm)
- {
- if (dhm != NULL) {
-- if (dhm->name != NULL)
-- OPENSSL_free(dhm->name);
-+ OPENSSL_free(dhm->name);
- OPENSSL_free(dhm);
- }
- }
-@@ -42,6 +45,11 @@ DH_METHOD *DH_meth_dup(const DH_METHOD *
- if (ret != NULL) {
- memcpy(ret, dhm, sizeof(*dhm));
- ret->name = OPENSSL_strdup(dhm->name);
-+ if (ret->name == NULL) {
-+ OPENSSL_free(ret);
-+ DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- }
-
- return ret;
-@@ -54,10 +62,18 @@ const char *DH_meth_get0_name(const DH_M
-
- int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
- {
-+ char *tmpname;
-+
-+ tmpname = OPENSSL_strdup(name);
-+ if (tmpname == NULL) {
-+ DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
- OPENSSL_free(dhm->name);
-- dhm->name = OPENSSL_strdup(name);
-+ dhm->name = tmpname;
-
-- return dhm->name != NULL;
-+ return 1;
- }
-
- int DH_meth_get_flags(DH_METHOD *dhm)
---- a/crypto/dh/dh_pmeth.c
-+++ b/crypto/dh/dh_pmeth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -112,6 +63,17 @@ static int pkey_dh_init(EVP_PKEY_CTX *ct
- return 1;
- }
-
-+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
-+{
-+ DH_PKEY_CTX *dctx = ctx->data;
-+ if (dctx != NULL) {
-+ OPENSSL_free(dctx->kdf_ukm);
-+ ASN1_OBJECT_free(dctx->kdf_oid);
-+ OPENSSL_free(dctx);
-+ }
-+}
-+
-+
- static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- DH_PKEY_CTX *dctx, *sctx;
-@@ -128,27 +90,19 @@ static int pkey_dh_copy(EVP_PKEY_CTX *ds
-
- dctx->kdf_type = sctx->kdf_type;
- dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
-- if (!dctx->kdf_oid)
-+ if (dctx->kdf_oid == NULL)
- return 0;
- dctx->kdf_md = sctx->kdf_md;
-- if (dctx->kdf_ukm) {
-+ if (sctx->kdf_ukm != NULL) {
- dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
-+ if (dctx->kdf_ukm == NULL)
-+ return 0;
- dctx->kdf_ukmlen = sctx->kdf_ukmlen;
- }
- dctx->kdf_outlen = sctx->kdf_outlen;
- return 1;
- }
-
--static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
--{
-- DH_PKEY_CTX *dctx = ctx->data;
-- if (dctx) {
-- OPENSSL_free(dctx->kdf_ukm);
-- ASN1_OBJECT_free(dctx->kdf_oid);
-- OPENSSL_free(dctx);
-- }
--}
--
- static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
- {
- DH_PKEY_CTX *dctx = ctx->data;
---- a/crypto/dh/dh_prn.c
-+++ b/crypto/dh/dh_prn.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/dh/dh_rfc5114.c
-+++ b/crypto/dh/dh_rfc5114.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2011.
-- */
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/dh/example
-+++ /dev/null
-@@ -1,50 +0,0 @@
--From owner-cypherpunks at toad.com Mon Sep 25 10:50:51 1995
--Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
-- (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
--Received: by minbne.mincom.oz.au id AA19958
-- (5.65c/IDA-1.4.4 for eay at orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
--Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
-- Wed, 27 Sep 1995 19:13:05 +1000
--Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
-- Wed, 27 Sep 1995 04:48:46 -0400
--Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
--Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
--Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14])
-- by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442
-- for <cypherpunks at toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
--Received: (karn at localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1)
-- id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
--Date: Mon, 25 Sep 1995 17:50:51 -0700
--From: Phil Karn <karn at qualcomm.com>
--Message-Id: <199509260050.RAA14732 at servo.qualcomm.com>
--To: cypherpunks at toad.com, ipsec-dev at eit.com
--Subject: Primality verification needed
--Sender: owner-cypherpunks at toad.com
--Precedence: bulk
--Status: RO
--X-Status:
--
--Hi. I've generated a 2047-bit "strong" prime number that I would like to
--use with Diffie-Hellman key exchange. I assert that not only is this number
--'p' prime, but so is (p-1)/2.
--
--I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
--1.3.2 to test this number. This function uses the Miller-Rabin primality test.
--However, to increase my confidence that this number really is a strong prime,
--I'd like to ask others to confirm it with other tests. Here's the number in hex:
--
--72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
--fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
--a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
--fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
--3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
--ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
--56a05180c3bec7ddd5ef6fe76b1f717b
--
--The generator, g, for this prime is 2.
--
--Thanks!
--
--Phil Karn
--
--
---- a/crypto/dh/generate
-+++ /dev/null
-@@ -1,65 +0,0 @@
--From: stewarts at ix.netcom.com (Bill Stewart)
--Newsgroups: sci.crypt
--Subject: Re: Diffie-Hellman key exchange
--Date: Wed, 11 Oct 1995 23:08:28 GMT
--Organization: Freelance Information Architect
--Lines: 32
--Message-ID: <45hir2$7l8 at ixnews7.ix.netcom.com>
--References: <458rhn$76m$1 at mhadf.production.compuserve.com>
--NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
--X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995
--X-Newsreader: Forte Free Agent 1.0.82
--
--Kent Briggs <72124.3234 at CompuServe.COM> wrote:
--
-->I have a copy of the 1976 IEEE article describing the
-->Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm
-->looking for sources that give examples of secure a,q pairs and
-->possible some source code that I could examine.
--
--q should be prime, and ideally should be a "strong prime",
--which means it's of the form 2n+1 where n is also prime.
--q also needs to be long enough to prevent the attacks LaMacchia and
--Odlyzko described (some variant on a factoring attack which generates
--a large pile of simultaneous equations and then solves them);
--long enough is about the same size as factoring, so 512 bits may not
--be secure enough for most applications. (The 192 bits used by
--"secure NFS" was certainly not long enough.)
--
--a should be a generator for q, which means it needs to be
--relatively prime to q-1. Usually a small prime like 2, 3 or 5 will
--work.
--
--....
--
--Date: Tue, 26 Sep 1995 13:52:36 MST
--From: "Richard Schroeppel" <rcs at cs.arizona.edu>
--To: karn
--Cc: ho at cs.arizona.edu
--Subject: random large primes
--
--Since your prime is really random, proving it is hard.
--My personal limit on rigorously proved primes is ~350 digits.
--If you really want a proof, we should talk to Francois Morain,
--or the Australian group.
--
--If you want 2 to be a generator (mod P), then you need it
--to be a non-square. If (P-1)/2 is also prime, then
--non-square == primitive-root for bases << P.
--
--In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
--If you want this, you should restrict your sieve accordingly.
--
--3 is a generator iff P = 5 (mod 12).
--
--5 is a generator iff P = 3 or 7 (mod 10).
--
--2 is perfectly usable as a base even if it's a non-generator, since
--it still covers half the space of possible residues. And an
--eavesdropper can always determine the low-bit of your exponent for
--a generator anyway.
--
--Rich rcs at cs.arizona.edu
--
--
--
---- a/crypto/dllmain.c
-+++ b/crypto/dllmain.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include "internal/cryptlib_int.h"
-
- #if defined(_WIN32) || defined(__CYGWIN__)
---- a/crypto/dsa/Makefile.in
-+++ /dev/null
-@@ -1,47 +0,0 @@
--#
--# OpenSSL/crypto/dsa/Makefile
--#
--
--DIR= dsa
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
-- dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \
-- dsa_meth.c
--LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
-- dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o \
-- dsa_meth.o
--
--SRC= $(LIBSRC)
--
--HEADER= dsa_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -303,7 +254,7 @@ static int int_dsa_size(const EVP_PKEY *
-
- static int dsa_bits(const EVP_PKEY *pkey)
- {
-- return BN_num_bits(pkey->pkey.dsa->p);
-+ return DSA_bits(pkey->pkey.dsa);
- }
-
- static int dsa_security_bits(const EVP_PKEY *pkey)
-@@ -315,7 +266,7 @@ static int dsa_missing_parameters(const
- {
- DSA *dsa;
- dsa = pkey->pkey.dsa;
-- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-+ if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
- return 1;
- return 0;
- }
-@@ -486,9 +437,9 @@ static int dsa_sig_print(BIO *bp, const
- dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
- if (dsa_sig) {
- int rv = 0;
-- BIGNUM *r, *s;
-+ const BIGNUM *r, *s;
-
-- DSA_SIG_get0(&r, &s, dsa_sig);
-+ DSA_SIG_get0(dsa_sig, &r, &s);
-
- if (BIO_write(bp, "\n", 1) != 1)
- goto err;
-@@ -558,7 +509,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
-
- /* NB these are sorted in pkey_id order, lowest first */
-
--const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
-+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
-
- {
- EVP_PKEY_DSA2,
---- a/crypto/dsa/dsa_asn1.c
-+++ b/crypto/dsa/dsa_asn1.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -63,22 +14,47 @@
- #include <openssl/asn1t.h>
- #include <openssl/rand.h>
-
--struct DSA_SIG_st {
-- BIGNUM *r;
-- BIGNUM *s;
--};
--
- ASN1_SEQUENCE(DSA_SIG) = {
- ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
- ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
- } static_ASN1_SEQUENCE_END(DSA_SIG)
-
--IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
-+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
-+
-+DSA_SIG *DSA_SIG_new(void)
-+{
-+ DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
-+ if (sig == NULL)
-+ DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
-+ return sig;
-+}
-+
-+void DSA_SIG_free(DSA_SIG *sig)
-+{
-+ if (sig == NULL)
-+ return;
-+ BN_clear_free(sig->r);
-+ BN_clear_free(sig->s);
-+ OPENSSL_free(sig);
-+}
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+ if (pr != NULL)
-+ *pr = sig->r;
-+ if (ps != NULL)
-+ *ps = sig->s;
-+}
-
--void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig)
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
- {
-- *pr = sig->r;
-- *ps = sig->s;
-+ if (r == NULL || s == NULL)
-+ return 0;
-+ BN_clear_free(sig->r);
-+ BN_clear_free(sig->s);
-+ sig->r = r;
-+ sig->s = s;
-+ return 1;
- }
-
- /* Override the default free and new methods */
---- a/crypto/dsa/dsa_depr.c
-+++ b/crypto/dsa/dsa_depr.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -75,7 +30,6 @@ NON_EMPTY_TRANSLATION_UNIT
- # include <openssl/evp.h>
- # include <openssl/bn.h>
- # include <openssl/dsa.h>
--# include <openssl/rand.h>
- # include <openssl/sha.h>
-
- DSA *DSA_generate_parameters(int bits,
---- a/crypto/dsa/dsa_err.c
-+++ b/crypto/dsa/dsa_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,15 +19,15 @@
- # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
-
- static ERR_STRING_DATA DSA_str_functs[] = {
-- {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
-- {ERR_FUNC(DSA_F_DO_DSA_PRINT), "do_dsa_print"},
- {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
- {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-- {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
- {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
- {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
- {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
- {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-+ {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"},
-+ {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"},
-+ {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"},
- {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
- {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "dsa_param_decode"},
- {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
-@@ -88,13 +38,9 @@ static ERR_STRING_DATA DSA_str_functs[]
- {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
- {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
- {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
-- {ERR_FUNC(DSA_F_DSA_SIG_PRINT), "dsa_sig_print"},
-- {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
-- {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
- {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"},
- {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"},
- {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"},
-- {ERR_FUNC(DSA_F_SIG_CB), "sig_cb"},
- {0, NULL}
- };
-
-@@ -102,15 +48,11 @@ static ERR_STRING_DATA DSA_str_reasons[]
- {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
- {ERR_REASON(DSA_R_BN_DECODE_ERROR), "bn decode error"},
- {ERR_REASON(DSA_R_BN_ERROR), "bn error"},
-- {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
-- "data too large for key size"},
- {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
- {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
- {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
-- {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
- {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
- {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
-- {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
- {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
- {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
- {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
-@@ -119,7 +61,7 @@ static ERR_STRING_DATA DSA_str_reasons[]
-
- #endif
-
--void ERR_load_DSA_strings(void)
-+int ERR_load_DSA_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -128,4 +70,5 @@ void ERR_load_DSA_strings(void)
- ERR_load_strings(0, DSA_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/dsa/dsa_gen.c
-+++ b/crypto/dsa/dsa_gen.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -406,6 +358,8 @@ int dsa_builtin_paramgen2(DSA *ret, size
- X = BN_CTX_get(ctx);
- c = BN_CTX_get(ctx);
- test = BN_CTX_get(ctx);
-+ if (test == NULL)
-+ goto err;
-
- /* if p, q already supplied generate g only */
- if (ret->p && ret->q) {
---- a/crypto/dsa/dsa_key.c
-+++ b/crypto/dsa/dsa_key.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -60,7 +12,6 @@
- #include "internal/cryptlib.h"
- #include <openssl/bn.h>
- #include "dsa_locl.h"
--#include <openssl/rand.h>
-
- static int dsa_builtin_keygen(DSA *dsa);
-
-@@ -98,24 +49,18 @@ static int dsa_builtin_keygen(DSA *dsa)
- pub_key = dsa->pub_key;
-
- {
-- BIGNUM *local_prk = NULL;
-- BIGNUM *prk;
-+ BIGNUM *prk = BN_new();
-
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- local_prk = prk = BN_new();
-- if (local_prk == NULL)
-- goto err;
-- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-- } else {
-- prk = priv_key;
-- }
-+ if (prk == NULL)
-+ goto err;
-+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-
- if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
-- BN_free(local_prk);
-+ BN_free(prk);
- goto err;
- }
-- /* We MUST free local_prk before any further use of priv_key */
-- BN_free(local_prk);
-+ /* We MUST free prk before any further use of priv_key */
-+ BN_free(prk);
- }
-
- dsa->priv_key = priv_key;
---- a/crypto/dsa/dsa_lib.c
-+++ b/crypto/dsa/dsa_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-@@ -111,20 +63,28 @@ const DSA_METHOD *DSA_get_method(DSA *d)
-
- DSA *DSA_new_method(ENGINE *engine)
- {
-- DSA *ret;
-+ DSA *ret = OPENSSL_zalloc(sizeof(*ret));
-
-- ret = OPENSSL_zalloc(sizeof(*ret));
- if (ret == NULL) {
- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-+
-+ ret->references = 1;
-+ ret->lock = CRYPTO_THREAD_lock_new();
-+ if (ret->lock == NULL) {
-+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
-+
- ret->meth = DSA_get_default_method();
- #ifndef OPENSSL_NO_ENGINE
-+ ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
- if (engine) {
- if (!ENGINE_init(engine)) {
- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- ret->engine = engine;
- } else
-@@ -133,29 +93,19 @@ DSA *DSA_new_method(ENGINE *engine)
- ret->meth = ENGINE_get_DSA(ret->engine);
- if (ret->meth == NULL) {
- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-- ENGINE_finish(ret->engine);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- }
- #endif
-
-- ret->references = 1;
- ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
--
-- ret->lock = CRYPTO_THREAD_lock_new();
-- if (ret->lock == NULL) {
--#ifndef OPENSSL_NO_ENGINE
-- ENGINE_finish(ret->engine);
--#endif
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-- OPENSSL_free(ret);
-- return NULL;
-- }
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
-+ goto err;
-
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
-+err:
- DSA_free(ret);
- ret = NULL;
- }
-@@ -303,7 +253,8 @@ DH *DSA_dup_DH(const DSA *r)
- }
- #endif
-
--void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g)
-+void DSA_get0_pqg(const DSA *d,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
- {
- if (p != NULL)
- *p = d->p;
-@@ -315,19 +266,32 @@ void DSA_get0_pqg(const DSA *d, BIGNUM *
-
- int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
- {
-- if (p == NULL || q == NULL || g == NULL)
-+ /* If the fields p, q and g in d are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((d->p == NULL && p == NULL)
-+ || (d->q == NULL && q == NULL)
-+ || (d->g == NULL && g == NULL))
- return 0;
-- BN_free(d->p);
-- BN_free(d->q);
-- BN_free(d->g);
-- d->p = p;
-- d->q = q;
-- d->g = g;
-+
-+ if (p != NULL) {
-+ BN_free(d->p);
-+ d->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(d->q);
-+ d->q = q;
-+ }
-+ if (g != NULL) {
-+ BN_free(d->g);
-+ d->g = g;
-+ }
-
- return 1;
- }
-
--void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key)
-+void DSA_get0_key(const DSA *d,
-+ const BIGNUM **pub_key, const BIGNUM **priv_key)
- {
- if (pub_key != NULL)
- *pub_key = d->pub_key;
-@@ -337,14 +301,21 @@ void DSA_get0_key(const DSA *d, BIGNUM *
-
- int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
- {
-- /* Note that it is valid for priv_key to be NULL */
-- if (pub_key == NULL)
-+ /* If the field pub_key in d is NULL, the corresponding input
-+ * parameters MUST be non-NULL. The priv_key field may
-+ * be left NULL.
-+ */
-+ if (d->pub_key == NULL && pub_key == NULL)
- return 0;
-
-- BN_free(d->pub_key);
-- BN_free(d->priv_key);
-- d->pub_key = pub_key;
-- d->priv_key = priv_key;
-+ if (pub_key != NULL) {
-+ BN_free(d->pub_key);
-+ d->pub_key = pub_key;
-+ }
-+ if (priv_key != NULL) {
-+ BN_free(d->priv_key);
-+ d->priv_key = priv_key;
-+ }
-
- return 1;
- }
-@@ -368,3 +339,8 @@ ENGINE *DSA_get0_engine(DSA *d)
- {
- return d->engine;
- }
-+
-+int DSA_bits(const DSA *dsa)
-+{
-+ return BN_num_bits(dsa->p);
-+}
---- a/crypto/dsa/dsa_locl.h
-+++ b/crypto/dsa/dsa_locl.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/dsa.h>
-@@ -77,6 +32,11 @@ struct dsa_st {
- CRYPTO_RWLOCK *lock;
- };
-
-+struct DSA_SIG_st {
-+ BIGNUM *r;
-+ BIGNUM *s;
-+};
-+
- struct dsa_method {
- char *name;
- DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
-@@ -84,11 +44,11 @@ struct dsa_method {
- BIGNUM **rp);
- int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-- int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-- BN_MONT_CTX *in_mont);
-+ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
-+ const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
- /* Can be null */
-- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
- int (*init) (DSA *dsa);
- int (*finish) (DSA *dsa);
---- a/crypto/dsa/dsa_meth.c
-+++ b/crypto/dsa/dsa_meth.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Licensed under the OpenSSL licenses, (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
-@@ -8,6 +17,7 @@
-
- #include "dsa_locl.h"
- #include <string.h>
-+#include <openssl/err.h>
-
- DSA_METHOD *DSA_meth_new(const char *name, int flags)
- {
-@@ -15,6 +25,11 @@ DSA_METHOD *DSA_meth_new(const char *nam
-
- if (dsam != NULL) {
- dsam->name = OPENSSL_strdup(name);
-+ if (dsam->name == NULL) {
-+ OPENSSL_free(dsam);
-+ DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- dsam->flags = flags;
- }
-
-@@ -24,8 +39,7 @@ DSA_METHOD *DSA_meth_new(const char *nam
- void DSA_meth_free(DSA_METHOD *dsam)
- {
- if (dsam != NULL) {
-- if (dsam->name != NULL)
-- OPENSSL_free(dsam->name);
-+ OPENSSL_free(dsam->name);
- OPENSSL_free(dsam);
- }
- }
-@@ -39,6 +53,11 @@ DSA_METHOD *DSA_meth_dup(const DSA_METHO
- if (ret != NULL) {
- memcpy(ret, dsam, sizeof(*dsam));
- ret->name = OPENSSL_strdup(dsam->name);
-+ if (ret->name == NULL) {
-+ OPENSSL_free(ret);
-+ DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- }
-
- return ret;
-@@ -51,10 +70,18 @@ const char *DSA_meth_get0_name(const DSA
-
- int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
- {
-+ char *tmpname;
-+
-+ tmpname = OPENSSL_strdup(name);
-+ if (tmpname == NULL) {
-+ DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
- OPENSSL_free(dsam->name);
-- dsam->name = OPENSSL_strdup(name);
-+ dsam->name = tmpname;
-
-- return dsam->name != NULL;
-+ return 1;
- }
-
- int DSA_meth_get_flags(DSA_METHOD *dsam)
-@@ -119,29 +146,30 @@ int DSA_meth_set_verify(DSA_METHOD *dsam
- }
-
- int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
-- (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
-- BN_CTX *, BN_MONT_CTX *)
-+ (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
-+ const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)
- {
- return dsam->dsa_mod_exp;
- }
-
- int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
-- int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
-- BIGNUM *, BN_CTX *, BN_MONT_CTX *))
-+ int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
-+ const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
-+ BN_MONT_CTX *))
- {
- dsam->dsa_mod_exp = mod_exp;
- return 1;
- }
-
- int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
-- (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
-+ (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
- BN_MONT_CTX *)
- {
- return dsam->bn_mod_exp;
- }
-
- int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
-- int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
-+ int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
- const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
- {
- dsam->bn_mod_exp = bn_mod_exp;
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-@@ -62,7 +14,6 @@
- #include <openssl/bn.h>
- #include <openssl/sha.h>
- #include "dsa_locl.h"
--#include <openssl/rand.h>
- #include <openssl/asn1.h>
-
- static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-@@ -90,42 +41,6 @@ static DSA_METHOD openssl_dsa_meth = {
- NULL
- };
-
--/*-
-- * These macro wrappers replace attempts to use the dsa_mod_exp() and
-- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
-- * having a the macro work as an expression by bundling an "err_instr". So;
-- *
-- * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
-- * dsa->method_mont_p)) goto err;
-- *
-- * can be replaced by;
-- *
-- * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
-- * dsa->method_mont_p);
-- */
--
--#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-- do { \
-- int _tmp_res53; \
-- if ((dsa)->meth->dsa_mod_exp) \
-- _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-- (a2), (p2), (m), (ctx), (in_mont)); \
-- else \
-- _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-- (m), (ctx), (in_mont)); \
-- if (!_tmp_res53) err_instr; \
-- } while(0)
--#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-- do { \
-- int _tmp_res53; \
-- if ((dsa)->meth->bn_mod_exp) \
-- _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-- (m), (ctx), (m_ctx)); \
-- else \
-- _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-- if (!_tmp_res53) err_instr; \
-- } while(0)
--
- const DSA_METHOD *DSA_OpenSSL(void)
- {
- return &openssl_dsa_meth;
-@@ -136,11 +51,9 @@ static DSA_SIG *dsa_do_sign(const unsign
- BIGNUM *kinv = NULL;
- BIGNUM *m;
- BIGNUM *xr;
-- BIGNUM *r, *s;
- BN_CTX *ctx = NULL;
- int reason = ERR_R_BN_LIB;
- DSA_SIG *ret = NULL;
-- int noredo = 0;
- int rv = 0;
-
- m = BN_new();
-@@ -156,14 +69,16 @@ static DSA_SIG *dsa_do_sign(const unsign
- ret = DSA_SIG_new();
- if (ret == NULL)
- goto err;
--
-- DSA_SIG_get0(&r, &s, ret);
-+ ret->r = BN_new();
-+ ret->s = BN_new();
-+ if (ret->r == NULL || ret->s == NULL)
-+ goto err;
-
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
- redo:
-- if (!dsa_sign_setup(dsa, ctx, &kinv, &r, dgst, dlen))
-+ if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen))
- goto err;
-
- if (dlen > BN_num_bytes(dsa->q))
-@@ -177,27 +92,22 @@ static DSA_SIG *dsa_do_sign(const unsign
- goto err;
-
- /* Compute s = inv(k) (m + xr) mod q */
-- if (!BN_mod_mul(xr, dsa->priv_key, r, dsa->q, ctx))
-+ if (!BN_mod_mul(xr, dsa->priv_key, ret->r, dsa->q, ctx))
- goto err; /* s = xr */
-- if (!BN_add(s, xr, m))
-+ if (!BN_add(ret->s, xr, m))
- goto err; /* s = m + xr */
-- if (BN_cmp(s, dsa->q) > 0)
-- if (!BN_sub(s, s, dsa->q))
-+ if (BN_cmp(ret->s, dsa->q) > 0)
-+ if (!BN_sub(ret->s, ret->s, dsa->q))
- goto err;
-- if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
-+ if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx))
- goto err;
-
- /*
- * Redo if r or s is zero as required by FIPS 186-3: this is very
- * unlikely.
- */
-- if (BN_is_zero(r) || BN_is_zero(s)) {
-- if (noredo) {
-- reason = DSA_R_NEED_NEW_SETUP_VALUES;
-- goto err;
-- }
-+ if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
- goto redo;
-- }
-
- rv = 1;
-
-@@ -225,7 +135,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C
- const unsigned char *dgst, int dlen)
- {
- BN_CTX *ctx = NULL;
-- BIGNUM *k, *kq, *K, *kinv = NULL, *r = *rp;
-+ BIGNUM *k, *kinv = NULL, *r = *rp;
- int ret = 0;
-
- if (!dsa->p || !dsa->q || !dsa->g) {
-@@ -234,8 +144,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C
- }
-
- k = BN_new();
-- kq = BN_new();
-- if (k == NULL || kq == NULL)
-+ if (k == NULL)
- goto err;
-
- if (ctx_in == NULL) {
-@@ -258,9 +167,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C
- goto err;
- } while (BN_is_zero(k));
-
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- BN_set_flags(k, BN_FLG_CONSTTIME);
-- }
-+ BN_set_flags(k, BN_FLG_CONSTTIME);
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -270,30 +177,29 @@ static int dsa_sign_setup(DSA *dsa, BN_C
-
- /* Compute r = (g^k mod p) mod q */
-
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- if (!BN_copy(kq, k))
-- goto err;
--
-- /*
-- * We do not want timing information to leak the length of k, so we
-- * compute g^k using an equivalent exponent of fixed length. (This
-- * is a kludge that we need because the BN_mod_exp_mont() does not
-- * let us specify the desired timing behaviour.)
-- */
-+ /*
-+ * We do not want timing information to leak the length of k, so we
-+ * compute g^k using an equivalent exponent of fixed length. (This
-+ * is a kludge that we need because the BN_mod_exp_mont() does not
-+ * let us specify the desired timing behaviour.)
-+ */
-
-- if (!BN_add(kq, kq, dsa->q))
-+ if (!BN_add(k, k, dsa->q))
-+ goto err;
-+ if (BN_num_bits(k) <= BN_num_bits(dsa->q)) {
-+ if (!BN_add(k, k, dsa->q))
- goto err;
-- if (BN_num_bits(kq) <= BN_num_bits(dsa->q)) {
-- if (!BN_add(kq, kq, dsa->q))
-- goto err;
-- }
-+ }
-
-- K = kq;
-+ if ((dsa)->meth->bn_mod_exp != NULL) {
-+ if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
-+ dsa->method_mont_p))
-+ goto err;
- } else {
-- K = k;
-+ if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
-+ goto err;
- }
-- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-- dsa->method_mont_p);
-+
- if (!BN_mod(r, r, dsa->q, ctx))
- goto err;
-
-@@ -311,7 +217,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
- if (ctx != ctx_in)
- BN_CTX_free(ctx);
- BN_clear_free(k);
-- BN_clear_free(kq);
- return ret;
- }
-
-@@ -321,7 +226,7 @@ static int dsa_do_verify(const unsigned
- BN_CTX *ctx;
- BIGNUM *u1, *u2, *t1;
- BN_MONT_CTX *mont = NULL;
-- BIGNUM *r, *s;
-+ const BIGNUM *r, *s;
- int ret = -1, i;
- if (!dsa->p || !dsa->q || !dsa->g) {
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
-@@ -346,7 +251,7 @@ static int dsa_do_verify(const unsigned
- if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
- goto err;
-
-- DSA_SIG_get0(&r, &s, sig);
-+ DSA_SIG_get0(sig, &r, &s);
-
- if (BN_is_zero(r) || BN_is_negative(r) ||
- BN_ucmp(r, dsa->q) >= 0) {
-@@ -391,9 +296,16 @@ static int dsa_do_verify(const unsigned
- goto err;
- }
-
-- DSA_MOD_EXP(goto err, dsa, t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
-- mont);
-- /* BN_copy(&u1,&t1); */
-+ if (dsa->meth->dsa_mod_exp != NULL) {
-+ if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
-+ dsa->p, ctx, mont))
-+ goto err;
-+ } else {
-+ if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
-+ mont))
-+ goto err;
-+ }
-+
- /* let u1 = u1 mod q */
- if (!BN_mod(u1, t1, dsa->q, ctx))
- goto err;
---- a/crypto/dsa/dsa_pmeth.c
-+++ b/crypto/dsa/dsa_pmeth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/dsa/dsa_prn.c
-+++ b/crypto/dsa/dsa_prn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/dsa/dsa_sign.c
-+++ b/crypto/dsa/dsa_sign.c
-@@ -1,65 +1,16 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
- #include "internal/cryptlib.h"
- #include "dsa_locl.h"
--#include <openssl/rand.h>
- #include <openssl/bn.h>
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
---- a/crypto/dsa/dsa_vrf.c
-+++ b/crypto/dsa/dsa_vrf.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
---- a/crypto/dsa/fips186a.txt
-+++ /dev/null
-@@ -1,122 +0,0 @@
--The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
--examples. This is an updated version that uses SHA-1 (FIPS 180-1)
--supplied to me by Wei Dai
----
-- APPENDIX 5. EXAMPLE OF THE DSA
--
--
--This appendix is for informational purposes only and is not required to meet
--the standard.
--
--Let L = 512 (size of p). The values in this example are expressed in
--hexadecimal notation. The p and q given here were generated by the prime
--generation standard described in appendix 2 using the 160-bit SEED:
--
-- d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
--
--With this SEED, the algorithm found p and q when the counter was at 105.
--
--x was generated by the algorithm described in appendix 3, section 3.1, using
--the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
--
--XSEED =
--
-- bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
--
--t =
-- 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
--
--x = G(t,XSEED) mod q
--
--k was generated by the algorithm described in appendix 3, section 3.2, using
--the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
--
--KSEED =
--
-- 687a66d9 0648f993 867e121f 4ddf9ddb 01205584
--
--t =
-- EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
--
--k = G(t,KSEED) mod q
--
--Finally:
--
--h = 2
--
--p =
-- 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
-- cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
-- 49693dfb f83724c2 ec0736ee 31c80291
--
--
--q =
-- c773218c 737ec8ee 993b4f2d ed30f48e dace915f
--
--
--g =
-- 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
-- 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
-- c42e9f6f 464b088c c572af53 e6d78802
--
--
--x =
-- 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
--
--
--k =
-- 358dad57 1462710f 50e254cf 1a376b2b deaadfbf
--
--
--kinv =
--
-- 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
--
--M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
--
--SHA(M) =
--
-- a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
--
--
--y =
--
-- 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
-- 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
-- 858fba33 f44c0669 9630a76b 030ee333
--
--
--r =
-- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
--
--s =
-- 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
--
--
--w =
-- 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
--
--
--u1 =
-- bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
--
--
--u2 =
-- 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
--
--
--gu1 mod p =
--
-- 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
-- 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
-- 6f96662a 1987a21b e4ec1071 010b6069
--
--
--yu2 mod p =
--
-- 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
-- 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
-- c19441f4 22bf3c34 08aeba1f 0a4dbec7
--
--v =
-- 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
---- a/crypto/dso/Makefile.in
-+++ /dev/null
-@@ -1,45 +0,0 @@
--#
--# OpenSSL/crypto/dso/Makefile
--#
--
--DIR= dso
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c \
-- dso_openssl.c dso_win32.c dso_vms.c
--LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o \
-- dso_openssl.o dso_win32.o dso_vms.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/dso/README
-+++ /dev/null
-@@ -1,22 +0,0 @@
--NOTES
-------
--
--I've checked out HPUX (well, version 11 at least) and shl_t is
--a pointer type so it's safe to use in the way it has been in
--dso_dl.c. On the other hand, HPUX11 support dlfcn too and
--according to their man page, prefer developers to move to that.
--I'll leave Richard's changes there as I guess dso_dl is needed
--for HPUX10.20.
--
--There is now a callback scheme in place where filename conversion can
--(a) be turned off altogether through the use of the
-- DSO_FLAG_NO_NAME_TRANSLATION flag,
--(b) be handled by default using the default DSO_METHOD's converter
--(c) overriden per-DSO by setting the override callback
--(d) a mix of (b) and (c) - eg. implement an override callback that;
-- (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
-- and if so, convert "blah" into "blah32.dll" (the default is
-- otherwise to make it "blah.dll").
-- (ii) default to the normal behaviour - we're not on win32, eg.
-- finish with (return dso->meth->dso_name_converter(dso,NULL)).
--
---- a/crypto/dso/dso_dl.c
-+++ b/crypto/dso/dso_dl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "dso_locl.h"
-@@ -115,8 +66,10 @@ static int dl_load(DSO *dso)
- (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
- DYNAMIC_PATH), 0L);
- if (ptr == NULL) {
-+ char errbuf[160];
- DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
-- ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
-+ if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
-+ ERR_add_error_data(4, "filename(", filename, "): ", errbuf);
- goto err;
- }
- if (!sk_push(dso->meth_data, (char *)ptr)) {
-@@ -179,8 +132,10 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *d
- return (NULL);
- }
- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
-+ char errbuf[160];
- DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
-- ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
-+ if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
-+ ERR_add_error_data(4, "symname(", symname, "): ", errbuf);
- return (NULL);
- }
- return ((DSO_FUNC_TYPE)sym);
---- a/crypto/dso/dso_dlfcn.c
-+++ b/crypto/dso/dso_dlfcn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/dso/dso_err.c
-+++ b/crypto/dso/dso_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -128,7 +78,7 @@ static ERR_STRING_DATA DSO_str_reasons[]
-
- #endif
-
--void ERR_load_DSO_strings(void)
-+int ERR_load_DSO_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -137,4 +87,5 @@ void ERR_load_DSO_strings(void)
- ERR_load_strings(0, DSO_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/dso/dso_lib.c
-+++ b/crypto/dso/dso_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "dso_locl.h"
-@@ -88,6 +39,7 @@ static DSO *DSO_new_method(DSO_METHOD *m
- ret->references = 1;
- ret->lock = CRYPTO_THREAD_lock_new();
- if (ret->lock == NULL) {
-+ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- sk_void_free(ret->meth_data);
- OPENSSL_free(ret);
- return NULL;
---- a/crypto/dso/dso_locl.h
-+++ b/crypto/dso/dso_locl.h
-@@ -1,11 +1,12 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include "internal/dso.h"
---- a/crypto/dso/dso_openssl.c
-+++ b/crypto/dso/dso_openssl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "dso_locl.h"
---- a/crypto/dso/dso_vms.c
-+++ b/crypto/dso/dso_vms.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "dso_locl.h"
-@@ -150,7 +101,7 @@ static int vms_load(DSO *dso)
- # endif /* __INITIAL_POINTER_SIZE == 64 */
-
- const char *sp1, *sp2; /* Search result */
-- const char *ext = NULL; /* possible extension to add */
-+ const char *ext = NULL; /* possible extension to add */
-
- if (filename == NULL) {
- DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
---- a/crypto/dso/dso_win32.c
-+++ b/crypto/dso/dso_win32.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "dso_locl.h"
---- a/crypto/ebcdic.c
-+++ b/crypto/ebcdic.c
-@@ -1,17 +1,103 @@
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- # include <openssl/e_os2.h>
- #ifndef CHARSET_EBCDIC
- NON_EMPTY_TRANSLATION_UNIT
- #else
-
--# include "ebcdic.h"
-+# include <openssl/ebcdic.h>
-
- /*-
- * Initial Port for Apache-1.3 by <Martin.Kraemer at Mch.SNI.De>
- * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer at Mch.SNI.De>
- */
-
--# ifdef _OSD_POSIX
-+# ifdef CHARSET_EBCDIC_TEST
-+/*
-+ * Here we're looking to test the EBCDIC code on an ASCII system so we don't do
-+ * any translation in these tables at all.
-+ */
-+
-+/* The ebcdic-to-ascii table: */
-+const unsigned char os_toascii[256] = {
-+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
-+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
-+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
-+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
-+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
-+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
-+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
-+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
-+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
-+ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
-+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
-+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
-+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
-+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
-+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
-+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
-+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
-+};
-+
-+/* The ascii-to-ebcdic table: */
-+const unsigned char os_toebcdic[256] = {
-+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
-+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
-+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
-+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
-+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
-+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
-+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
-+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
-+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
-+ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
-+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
-+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
-+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
-+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
-+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
-+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
-+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
-+};
-+
-+# elif defined(_OSD_POSIX)
- /*
- * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
- * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
---- a/crypto/ec/Makefile.in
-+++ /dev/null
-@@ -1,73 +0,0 @@
--#
--# crypto/ec/Makefile
--#
--
--DIR= ec
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../include -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\
-- ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
-- ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \
-- ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
-- ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
-- ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c ec_25519.c curve25519.c
--
--LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\
-- ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
-- ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o \
-- ecp_nistp224.o ecp_nistp256.o ecp_nistp521.o ecp_nistputil.o \
-- ecp_oct.o ec2_oct.o ec_oct.o ec_kmeth.o ecdh_ossl.o ecdh_kdf.o \
-- ecdsa_ossl.o ecdsa_sign.o ecdsa_vrf.o ec_25519.o curve25519.o \
-- $(EC_ASM)
--
--SRC= $(LIBSRC)
--
--HEADER= ec_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--ecp_nistz256-x86.s: asm/ecp_nistz256-x86.pl
-- $(PERL) asm/ecp_nistz256-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--ecp_nistz256-x86_64.s: asm/ecp_nistz256-x86_64.pl
-- $(PERL) asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME) $@
--
--ecp_nistz256-avx2.s: asm/ecp_nistz256-avx2.pl
-- $(PERL) asm/ecp_nistz256-avx2.pl $(PERLASM_SCHEME) $@
--
--ecp_nistz256-sparcv9.S: asm/ecp_nistz256-sparcv9.pl
-- $(PERL) asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME) $@
--
--ecp_nistz256-%.S: asm/ecp_nistz256-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--ecp_nistz256-armv4.o: ecp_nistz256-armv4.S
--ecp_nistz256-armv8.o: ecp_nistz256-armv8.S
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/ec/asm/ecp_nistz256-armv4.pl
-+++ b/crypto/ec/asm/ecp_nistz256-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/ec/asm/ecp_nistz256-armv8.pl
-+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/ec/asm/ecp_nistz256-avx2.pl
-+++ b/crypto/ec/asm/ecp_nistz256-avx2.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ##############################################################################
- # #
---- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl
-+++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -94,6 +101,7 @@ my ($bi,$a0,$mask,$carry)=(map("%i$_",(3
- my ($rp_real,$ap_real)=("%g2","%g3");
-
- $code.=<<___;
-+.type ecp_nistz256_precomputed,#object
- .size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
- .align 64
- .LRR: ! 2^512 mod P precomputed for NIST P256 polynomial
-@@ -115,6 +123,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
- nop
- ret
- restore
-+.type ecp_nistz256_to_mont,#function
- .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
-
- ! void ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -129,6 +138,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
- nop
- ret
- restore
-+.type ecp_nistz256_from_mont,#function
- .size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
-
- ! void ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8],
-@@ -142,6 +152,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
- nop
- ret
- restore
-+.type ecp_nistz256_mul_mont,#function
- .size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
-
- ! void ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]);
-@@ -154,6 +165,7 @@ my ($rp_real,$ap_real)=("%g2","%g3");
- nop
- ret
- restore
-+.type ecp_nistz256_sqr_mont,#function
- .size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
- ___
-
-@@ -353,6 +365,7 @@ for($i=1;$i<8;$i++) {
- st @acc[6],[$rp+24]
- retl
- st @acc[7],[$rp+28]
-+.type __ecp_nistz256_mul_mont,#function
- .size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
-
- ! void ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8],
-@@ -372,6 +385,7 @@ for($i=1;$i<8;$i++) {
- ld [$ap+28], at acc[7]
- ret
- restore
-+.type ecp_nistz256_add,#function
- .size ecp_nistz256_add,.-ecp_nistz256_add
-
- .align 32
-@@ -422,6 +436,7 @@ for($i=1;$i<8;$i++) {
- st @acc[6],[$rp+24]
- retl
- st @acc[7],[$rp+28]
-+.type __ecp_nistz256_add,#function
- .size __ecp_nistz256_add,.-__ecp_nistz256_add
-
- ! void ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -440,6 +455,7 @@ for($i=1;$i<8;$i++) {
- ld [$ap+28], at acc[7]
- ret
- restore
-+.type ecp_nistz256_mul_by_2,#function
- .size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
-
- .align 32
-@@ -454,6 +470,7 @@ for($i=1;$i<8;$i++) {
- addccc @acc[7], at acc[7], at acc[7]
- b .Lreduce_by_sub
- subc %g0,%g0,$carry ! broadcast carry bit
-+.type __ecp_nistz256_mul_by_2,#function
- .size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2
-
- ! void ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -472,6 +489,7 @@ for($i=1;$i<8;$i++) {
- ld [$ap+28], at acc[7]
- ret
- restore
-+.type ecp_nistz256_mul_by_3,#function
- .size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
-
- .align 32
-@@ -506,6 +524,7 @@ for($i=1;$i<8;$i++) {
- addccc $t7, at acc[7], at acc[7]
- b .Lreduce_by_sub
- subc %g0,%g0,$carry ! broadcast carry bit
-+.type __ecp_nistz256_mul_by_3,#function
- .size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3
-
- ! void ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8],
-@@ -525,6 +544,7 @@ for($i=1;$i<8;$i++) {
- ld [$ap+28], at acc[7]
- ret
- restore
-+.type ecp_nistz256_sub,#function
- .size ecp_nistz256_sub,.-ecp_nistz256_sub
-
- ! void ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -544,6 +564,7 @@ for($i=1;$i<8;$i++) {
- mov 0, at acc[7]
- ret
- restore
-+.type ecp_nistz256_neg,#function
- .size ecp_nistz256_neg,.-ecp_nistz256_neg
-
- .align 32
-@@ -594,6 +615,7 @@ for($i=1;$i<8;$i++) {
- st @acc[6],[$rp+24]
- retl
- st @acc[7],[$rp+28]
-+.type __ecp_nistz256_sub_from,#function
- .size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
-
- .align 32
-@@ -616,6 +638,7 @@ for($i=1;$i<8;$i++) {
- subccc $t7, at acc[7], at acc[7]
- b .Lreduce_by_add
- subc %g0,%g0,$carry ! broadcast borrow bit
-+.type __ecp_nistz256_sub_morf,#function
- .size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
-
- ! void ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]);
-@@ -634,6 +657,7 @@ for($i=1;$i<8;$i++) {
- ld [$ap+28], at acc[7]
- ret
- restore
-+.type ecp_nistz256_div_by_2,#function
- .size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
-
- .align 32
-@@ -687,6 +711,7 @@ for($i=1;$i<8;$i++) {
- st @acc[6],[$rp+24]
- retl
- st @acc[7],[$rp+28]
-+.type __ecp_nistz256_div_by_2,#function
- .size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
- ___
-
-@@ -816,6 +841,7 @@ SPARC_PIC_THUNK(%g1)
-
- ret
- restore
-+.type ecp_nistz256_point_double,#function
- .size ecp_nistz256_point_double,.-ecp_nistz256_point_double
- ___
- }
-@@ -1118,6 +1144,7 @@ for($i=0;$i<96;$i+=8) { # conditional
- .Ladd_done:
- ret
- restore
-+.type ecp_nistz256_point_add,#function
- .size ecp_nistz256_point_add,.-ecp_nistz256_point_add
- ___
- }
-@@ -1341,6 +1368,7 @@ my $j=($i-64)/4;
- $code.=<<___;
- ret
- restore
-+.type ecp_nistz256_point_add_affine,#function
- .size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
- ___
- } }}}
-@@ -1416,6 +1444,7 @@ my $mask="%o0";
-
- ret
- restore
-+.type ecp_nistz256_scatter_w5,#function
- .size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
-
- ! void ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1,
-@@ -1513,6 +1542,7 @@ my $mask="%o0";
-
- ret
- restore
-+.type ecp_nistz256_gather_w5,#function
- .size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
-
- ! void ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1,
-@@ -1540,6 +1570,7 @@ my $mask="%o0";
-
- ret
- restore
-+.type ecp_nistz256_scatter_w7,#function
- .size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
-
- ! void ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1,
-@@ -1580,6 +1611,7 @@ my $mask="%o0";
-
- ret
- restore
-+.type ecp_nistz256_gather_w7,#function
- .size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
- ___
- }}}
-@@ -1607,6 +1639,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
- addxccc $acc3,$acc3,$acc3
- b .Lreduce_by_sub_vis3
- addxc %g0,%g0,$acc4 ! did it carry?
-+.type __ecp_nistz256_mul_by_2_vis3,#function
- .size __ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3
-
- .align 32
-@@ -1640,6 +1673,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
- stx $acc2,[$rp+16]
- retl
- stx $acc3,[$rp+24]
-+.type __ecp_nistz256_add_vis3,#function
- .size __ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3
-
- ! Trouble with subtraction is that there is no subtraction with 64-bit
-@@ -1686,6 +1720,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
- subc %g0,%g0,$acc4 ! did it borrow?
- b .Lreduce_by_add_vis3
- or $acc3,$acc5,$acc3
-+.type __ecp_nistz256_sub_from_vis3,#function
- .size __ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3
-
- .align 32
-@@ -1744,6 +1779,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
- stx $acc2,[$rp+16]
- retl
- stx $acc3,[$rp+24]
-+.type __ecp_nistz256_sub_morf_vis3,#function
- .size __ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3
-
- .align 32
-@@ -1784,6 +1820,7 @@ my ($acc6,$acc7)=($bp,$bi); # used in sq
- stx $acc2,[$rp+16]
- retl
- stx $acc3,[$rp+24]
-+.type __ecp_nistz256_div_by_2_vis3,#function
- .size __ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3
-
- ! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and
-@@ -1881,6 +1918,7 @@ for($i=1;$i<4;$i++) {
- addxccc $acc4,$t3,$acc3
- b .Lmul_final_vis3 ! see below
- addxc $acc5,%g0,$acc4
-+.type __ecp_nistz256_mul_mont_vis3,#function
- .size __ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3
-
- ! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less
-@@ -2005,6 +2043,7 @@ for($i=0;$i<3;$i++) { # reductions, se
- stx $acc2,[$rp+16]
- retl
- stx $acc3,[$rp+24]
-+.type __ecp_nistz256_sqr_mont_vis3,#function
- .size __ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3
- ___
-
-@@ -2268,6 +2307,7 @@ my ($res_x,$res_y,$res_z,
-
- ret
- restore
-+.type ecp_nistz256_point_double_vis3,#function
- .size ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3
- ___
- }
-@@ -2688,6 +2728,7 @@ for($i=0;$i<96;$i+=16) { # conditional
- .Ladd_done_vis3:
- ret
- restore
-+.type ecp_nistz256_point_add_vis3,#function
- .size ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3
- ___
- }
-@@ -3006,6 +3047,7 @@ for(;$i<96;$i+=16) {
- $code.=<<___;
- ret
- restore
-+.type ecp_nistz256_point_add_affine_vis3,#function
- .size ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3
- .align 64
- .Lone_mont_vis3:
---- a/crypto/ec/asm/ecp_nistz256-x86.pl
-+++ b/crypto/ec/asm/ecp_nistz256-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/ec/asm/ecp_nistz256-x86_64.pl
-+++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ##############################################################################
- # #
-@@ -60,7 +67,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
---- a/crypto/ec/curve25519.c
-+++ b/crypto/ec/curve25519.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
-@@ -670,60 +630,91 @@ static void fe_invert(fe out, const fe z
- fe t3;
- int i;
-
-+ /*
-+ * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
-+ * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
-+ */
-+
-+ /* t0 = z ** 2 */
- fe_sq(t0, z);
-- for (i = 1; i < 1; ++i) {
-- fe_sq(t0, t0);
-- }
-+
-+ /* t1 = t0 ** (2 ** 2) = z ** 8 */
- fe_sq(t1, t0);
-- for (i = 1; i < 2; ++i) {
-- fe_sq(t1, t1);
-- }
-+ fe_sq(t1, t1);
-+
-+ /* t1 = z * t1 = z ** 9 */
- fe_mul(t1, z, t1);
-+ /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
- fe_mul(t0, t0, t1);
-+
-+ /* t2 = t0 ** 2 = z ** 22 */
- fe_sq(t2, t0);
-- for (i = 1; i < 1; ++i) {
-- fe_sq(t2, t2);
-- }
-+
-+ /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
- fe_mul(t1, t1, t2);
-+
-+ /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
- fe_sq(t2, t1);
- for (i = 1; i < 5; ++i) {
- fe_sq(t2, t2);
- }
-+
-+ /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
- fe_mul(t1, t2, t1);
-+
-+ /* Continuing similarly... */
-+
-+ /* t2 = z ** (2 ** 20 - 1) */
- fe_sq(t2, t1);
- for (i = 1; i < 10; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t2, t2, t1);
-+
-+ /* t2 = z ** (2 ** 40 - 1) */
- fe_sq(t3, t2);
- for (i = 1; i < 20; ++i) {
- fe_sq(t3, t3);
- }
- fe_mul(t2, t3, t2);
-- fe_sq(t2, t2);
-- for (i = 1; i < 10; ++i) {
-+
-+ /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
-+ for (i = 0; i < 10; ++i) {
- fe_sq(t2, t2);
- }
-+ /* t1 = z ** (2 ** 50 - 1) */
- fe_mul(t1, t2, t1);
-+
-+ /* t2 = z ** (2 ** 100 - 1) */
- fe_sq(t2, t1);
- for (i = 1; i < 50; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t2, t2, t1);
-+
-+ /* t2 = z ** (2 ** 200 - 1) */
- fe_sq(t3, t2);
- for (i = 1; i < 100; ++i) {
- fe_sq(t3, t3);
- }
- fe_mul(t2, t3, t2);
-+
-+ /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
- fe_sq(t2, t2);
- for (i = 1; i < 50; ++i) {
- fe_sq(t2, t2);
- }
-+
-+ /* t1 = z ** (2 ** 250 - 1) */
- fe_mul(t1, t2, t1);
-+
-+ /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
- fe_sq(t1, t1);
- for (i = 1; i < 5; ++i) {
- fe_sq(t1, t1);
- }
-+
-+ /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
- fe_mul(out, t1, t0);
- }
-
---- a/crypto/ec/ec2_mult.c
-+++ b/crypto/ec/ec2_mult.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -12,59 +21,6 @@
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
-
- #include <openssl/err.h>
-
---- a/crypto/ec/ec2_oct.c
-+++ b/crypto/ec/ec2_oct.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -12,59 +21,6 @@
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
-
- #include <openssl/err.h>
-
-@@ -378,16 +334,14 @@ int ec_GF2m_simple_oct2point(const EC_GR
- }
- }
-
-+ /*
-+ * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
-+ * the point is on the curve.
-+ */
- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
- goto err;
- }
-
-- /* test required by X9.62 */
-- if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-- goto err;
-- }
--
- ret = 1;
-
- err:
---- a/crypto/ec/ec2_smpl.c
-+++ b/crypto/ec/ec2_smpl.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -12,59 +21,6 @@
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
-
- #include <openssl/err.h>
-
---- a/crypto/ec/ec_25519.c
-+++ b/crypto/ec/ec_25519.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -199,7 +155,7 @@ static int x25519_keycopy(EC_KEY *dest,
- return x25519_init_private(dest, src->custom_data);
- }
-
--static int x25519_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len)
-+static int x25519_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
- {
- if (len != EC_X25519_KEYLEN)
- return 0;
-@@ -297,9 +253,9 @@ static int x25519_compute_key(unsigned c
- const EC_POINT *pub_key, const EC_KEY *ecdh)
- {
- unsigned char *key;
-- int ret = -1;
-+ int ret = 0;
- if (ecdh->custom_data == NULL)
-- return -1;
-+ return 0;
- key = OPENSSL_malloc(EC_X25519_KEYLEN);
- if (key == NULL)
- return 0;
---- a/crypto/ec/ec_ameth.c
-+++ b/crypto/ec/ec_ameth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -65,6 +16,7 @@
- #include <openssl/asn1t.h>
- #include "internal/asn1_int.h"
- #include "internal/evp_int.h"
-+#include "ec_lcl.h"
-
- #ifndef OPENSSL_NO_CMS
- static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
-@@ -262,15 +214,13 @@ static int eckey_priv_decode(EVP_PKEY *p
-
- static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
- {
-- EC_KEY *ec_key;
-+ EC_KEY ec_key = *(pkey->pkey.ec);
- unsigned char *ep, *p;
- int eplen, ptype;
- void *pval;
-- unsigned int tmp_flags, old_flags;
-+ unsigned int old_flags;
-
-- ec_key = pkey->pkey.ec;
--
-- if (!eckey_param2type(&ptype, &pval, ec_key)) {
-+ if (!eckey_param2type(&ptype, &pval, &ec_key)) {
- ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
- return 0;
- }
-@@ -281,30 +231,25 @@ static int eckey_priv_encode(PKCS8_PRIV_
- * do not include the parameters in the SEC1 private key see PKCS#11
- * 12.11
- */
-- old_flags = EC_KEY_get_enc_flags(ec_key);
-- tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-- EC_KEY_set_enc_flags(ec_key, tmp_flags);
-- eplen = i2d_ECPrivateKey(ec_key, NULL);
-+ old_flags = EC_KEY_get_enc_flags(&ec_key);
-+ EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
-+
-+ eplen = i2d_ECPrivateKey(&ec_key, NULL);
- if (!eplen) {
-- EC_KEY_set_enc_flags(ec_key, old_flags);
- ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
- return 0;
- }
- ep = OPENSSL_malloc(eplen);
- if (ep == NULL) {
-- EC_KEY_set_enc_flags(ec_key, old_flags);
- ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- p = ep;
-- if (!i2d_ECPrivateKey(ec_key, &p)) {
-- EC_KEY_set_enc_flags(ec_key, old_flags);
-+ if (!i2d_ECPrivateKey(&ec_key, &p)) {
- OPENSSL_free(ep);
- ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
- return 0;
- }
-- /* restore old encoding flags */
-- EC_KEY_set_enc_flags(ec_key, old_flags);
-
- if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
- ptype, pval, ep, eplen))
-@@ -341,7 +286,7 @@ static int ec_security_bits(const EVP_PK
-
- static int ec_missing_parameters(const EVP_PKEY *pkey)
- {
-- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
-+ if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
- return 1;
- return 0;
- }
-@@ -592,6 +537,19 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_me
- old_ec_priv_encode
- };
-
-+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-+{
-+ int private = EC_KEY_get0_private_key(x) != NULL;
-+
-+ return do_EC_KEY_print(bp, x, off,
-+ private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC);
-+}
-+
-+int ECParameters_print(BIO *bp, const EC_KEY *x)
-+{
-+ return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM);
-+}
-+
- #ifndef OPENSSL_NO_CMS
-
- static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -1218,9 +1170,26 @@ ASN1_SEQUENCE(ECDSA_SIG) = {
-
- DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
- DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
--IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
-+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
-
--void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig)
-+ECDSA_SIG *ECDSA_SIG_new(void)
-+{
-+ ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
-+ if (sig == NULL)
-+ ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
-+ return sig;
-+}
-+
-+void ECDSA_SIG_free(ECDSA_SIG *sig)
-+{
-+ if (sig == NULL)
-+ return;
-+ BN_clear_free(sig->r);
-+ BN_clear_free(sig->s);
-+ OPENSSL_free(sig);
-+}
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
- {
- if (pr != NULL)
- *pr = sig->r;
-@@ -1228,6 +1197,17 @@ void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM
- *ps = sig->s;
- }
-
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+ if (r == NULL || s == NULL)
-+ return 0;
-+ BN_clear_free(sig->r);
-+ BN_clear_free(sig->s);
-+ sig->r = r;
-+ sig->s = s;
-+ return 1;
-+}
-+
- int ECDSA_size(const EC_KEY *r)
- {
- int ret, i;
---- a/crypto/ec/ec_check.c
-+++ b/crypto/ec/ec_check.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "ec_lcl.h"
-@@ -73,9 +28,6 @@ int EC_GROUP_check(const EC_GROUP *group
- goto err;
- }
- }
-- BN_CTX_start(ctx);
-- if ((order = BN_CTX_get(ctx)) == NULL)
-- goto err;
-
- /* check the discriminant */
- if (!EC_GROUP_check_discriminant(group, ctx)) {
-@@ -114,8 +66,6 @@ int EC_GROUP_check(const EC_GROUP *group
- ret = 1;
-
- err:
-- if (ctx != NULL)
-- BN_CTX_end(ctx);
- BN_CTX_free(new_ctx);
- EC_POINT_free(point);
- return ret;
---- a/crypto/ec/ec_curve.c
-+++ b/crypto/ec/ec_curve.c
-@@ -1,59 +1,12 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
---- a/crypto/ec/ec_cvt.c
-+++ b/crypto/ec/ec_cvt.c
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
---- a/crypto/ec/ec_err.c
-+++ b/crypto/ec/ec_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,7 +20,6 @@
-
- static ERR_STRING_DATA EC_str_functs[] = {
- {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_to_felem"},
-- {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
- {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
- {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
- {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
-@@ -83,6 +32,7 @@ static ERR_STRING_DATA EC_str_functs[] =
- {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
- {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
- {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
-+ {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"},
- {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"},
- {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"},
- {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"},
-@@ -101,13 +51,8 @@ static ERR_STRING_DATA EC_str_functs[] =
- {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"},
- {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"},
- {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"},
-- {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
-- {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
-- {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
-- {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
- {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "ec_asn1_group2curve"},
- {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "ec_asn1_group2fieldid"},
-- {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
- {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
- "ec_GF2m_montgomery_point_multiply"},
- {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
-@@ -130,8 +75,6 @@ static ERR_STRING_DATA EC_str_functs[] =
- {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
- {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
- "ec_GFp_mont_group_set_curve"},
-- {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),
-- "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
- {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),
- "ec_GFp_nistp224_group_set_curve"},
- {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
-@@ -155,10 +98,6 @@ static ERR_STRING_DATA EC_str_functs[] =
- "ec_GFp_simple_group_check_discriminant"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
- "ec_GFp_simple_group_set_curve"},
-- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),
-- "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),
-- "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
-@@ -166,29 +105,20 @@ static ERR_STRING_DATA EC_str_functs[] =
- "ec_GFp_simple_points_make_affine"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
- "ec_GFp_simple_point_get_affine_coordinates"},
-- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),
-- "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),
- "ec_GFp_simple_point_set_affine_coordinates"},
-- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),
-- "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),
- "ec_GFp_simple_set_compressed_coordinates"},
-- {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),
-- "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
- {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
- {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),
- "EC_GROUP_check_discriminant"},
- {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
-- {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
-- {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_ECPARAMETERS), "EC_GROUP_get_ecparameters"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_ECPKPARAMETERS),
- "EC_GROUP_get_ecpkparameters"},
-- {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
- "EC_GROUP_get_pentanomial_basis"},
- {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
-@@ -200,10 +130,8 @@ static ERR_STRING_DATA EC_str_functs[] =
- "EC_GROUP_new_from_ecparameters"},
- {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS),
- "EC_GROUP_new_from_ecpkparameters"},
-- {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
- {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
- {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-- {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
- {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
- {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
- {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
-@@ -234,7 +162,6 @@ static ERR_STRING_DATA EC_str_functs[] =
- {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
- {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
- {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
-- {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
- {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
- {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
- {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
-@@ -249,7 +176,6 @@ static ERR_STRING_DATA EC_str_functs[] =
- {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
- "EC_POINT_set_Jprojective_coordinates_GFp"},
- {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
-- {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
- {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"},
- {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
- {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
-@@ -276,7 +202,6 @@ static ERR_STRING_DATA EC_str_functs[] =
-
- static ERR_STRING_DATA EC_str_reasons[] = {
- {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
-- {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
- {ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
- {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
- {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
-@@ -312,18 +237,14 @@ static ERR_STRING_DATA EC_str_reasons[]
- {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
- {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
- {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
-- {ERR_REASON(EC_R_KDF_FAILED), "kdf failed"},
- {ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
- {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
- {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
- {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
- {ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
- {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
-- {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),
-- "not a supported NIST prime"},
- {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
- {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
-- {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"},
- {ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"},
- {ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"},
- {ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"},
-@@ -350,7 +271,7 @@ static ERR_STRING_DATA EC_str_reasons[]
-
- #endif
-
--void ERR_load_EC_strings(void)
-+int ERR_load_EC_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -359,4 +280,5 @@ void ERR_load_EC_strings(void)
- ERR_load_strings(0, EC_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/ec/ec_key.c
-+++ b/crypto/ec/ec_key.c
-@@ -1,59 +1,12 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
-@@ -121,7 +74,7 @@ void EC_KEY_free(EC_KEY *r)
- OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
- }
-
--EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src)
-+EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
- {
- if (dest == NULL || src == NULL) {
- ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
-@@ -148,28 +101,29 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY
- return NULL;
- if (!EC_GROUP_copy(dest->group, src->group))
- return NULL;
-- }
-- /* copy the public key */
-- if (src->pub_key != NULL && src->group != NULL) {
-- EC_POINT_free(dest->pub_key);
-- dest->pub_key = EC_POINT_new(src->group);
-- if (dest->pub_key == NULL)
-- return NULL;
-- if (!EC_POINT_copy(dest->pub_key, src->pub_key))
-- return NULL;
-- }
-- /* copy the private key */
-- if (src->priv_key != NULL) {
-- if (dest->priv_key == NULL) {
-- dest->priv_key = BN_new();
-- if (dest->priv_key == NULL)
-+
-+ /* copy the public key */
-+ if (src->pub_key != NULL) {
-+ EC_POINT_free(dest->pub_key);
-+ dest->pub_key = EC_POINT_new(src->group);
-+ if (dest->pub_key == NULL)
-+ return NULL;
-+ if (!EC_POINT_copy(dest->pub_key, src->pub_key))
-+ return NULL;
-+ }
-+ /* copy the private key */
-+ if (src->priv_key != NULL) {
-+ if (dest->priv_key == NULL) {
-+ dest->priv_key = BN_new();
-+ if (dest->priv_key == NULL)
-+ return NULL;
-+ }
-+ if (!BN_copy(dest->priv_key, src->priv_key))
-+ return NULL;
-+ if (src->group->meth->keycopy
-+ && src->group->meth->keycopy(dest, src) == 0)
- return NULL;
- }
-- if (!BN_copy(dest->priv_key, src->priv_key))
-- return NULL;
-- if (src->group->meth->keycopy
-- && src->group->meth->keycopy(dest, src) == 0)
-- return NULL;
- }
-
-
-@@ -197,7 +151,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY
- return dest;
- }
-
--EC_KEY *EC_KEY_dup(EC_KEY *ec_key)
-+EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
- {
- EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
-
-@@ -398,8 +352,9 @@ int EC_KEY_set_public_key_affine_coordin
- }
- ctx = BN_CTX_new();
- if (ctx == NULL)
-- goto err;
-+ return 0;
-
-+ BN_CTX_start(ctx);
- point = EC_POINT_new(key->group);
-
- if (point == NULL)
-@@ -454,6 +409,7 @@ int EC_KEY_set_public_key_affine_coordin
- ok = 1;
-
- err:
-+ BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- EC_POINT_free(point);
- return ok;
-@@ -483,8 +439,8 @@ int EC_KEY_set_private_key(EC_KEY *key,
- {
- if (key->group == NULL || key->group->meth == NULL)
- return 0;
-- if (key->group->meth->set_private
-- && key->meth->set_private(key, priv_key) == 0)
-+ if (key->group->meth->set_private != NULL
-+ && key->group->meth->set_private(key, priv_key) == 0)
- return 0;
- if (key->meth->set_private != NULL
- && key->meth->set_private(key, priv_key) == 0)
-@@ -590,7 +546,8 @@ int EC_KEY_oct2key(EC_KEY *key, const un
- return 1;
- }
-
--size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len)
-+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
-+ unsigned char *buf, size_t len)
- {
- if (eckey->group == NULL || eckey->group->meth == NULL)
- return 0;
-@@ -625,7 +582,7 @@ size_t ec_key_simple_priv2oct(const EC_K
- return buf_len;
- }
-
--int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len)
-+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
- {
- if (eckey->group == NULL || eckey->group->meth == NULL)
- return 0;
-@@ -636,7 +593,7 @@ int EC_KEY_oct2priv(EC_KEY *eckey, unsig
- return eckey->group->meth->oct2priv(eckey, buf, len);
- }
-
--int ec_key_simple_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len)
-+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
- {
- if (eckey->priv_key == NULL)
- eckey->priv_key = BN_secure_new();
---- a/crypto/ec/ec_kmeth.c
-+++ b/crypto/ec/ec_kmeth.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -122,15 +78,11 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine
- ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
-- OPENSSL_free(ret);
-- return NULL;
-- }
-
-+ ret->references = 1;
- ret->lock = CRYPTO_THREAD_lock_new();
- if (ret->lock == NULL) {
- ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
- OPENSSL_free(ret);
- return NULL;
- }
-@@ -140,10 +92,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine
- if (engine != NULL) {
- if (!ENGINE_init(engine)) {
- ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
-- CRYPTO_THREAD_lock_free(ret->lock);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- ret->engine = engine;
- } else
-@@ -152,24 +101,27 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine
- ret->meth = ENGINE_get_EC(ret->engine);
- if (ret->meth == NULL) {
- ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
-- ENGINE_finish(ret->engine);
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
-- CRYPTO_THREAD_lock_free(ret->lock);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- }
- #endif
-
- ret->version = 1;
- ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
-- ret->references = 1;
-+
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
-+ goto err;
-+ }
-
- if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
-- EC_KEY_free(ret);
-- return NULL;
-+ ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
-+ goto err;
- }
- return ret;
-+
-+err:
-+ EC_KEY_free(ret);
-+ return NULL;
- }
-
- int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
---- a/crypto/ec/ec_lcl.h
-+++ b/crypto/ec/ec_lcl.h
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -206,7 +159,7 @@ struct ec_method_st {
- int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
- /* private key operations */
- size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
-- int (*oct2priv)(EC_KEY *eckey, unsigned char *buf, size_t len);
-+ int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len);
- int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
- int (*keygen)(EC_KEY *eckey);
- int (*keycheck)(const EC_KEY *eckey);
-@@ -600,7 +553,7 @@ const EC_METHOD *EC_GFp_nistz256_method(
-
- size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
- unsigned char *buf, size_t len);
--int ec_key_simple_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len);
-+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
- int ec_key_simple_generate_key(EC_KEY *eckey);
- int ec_key_simple_generate_public_key(EC_KEY *eckey);
- int ec_key_simple_check_key(const EC_KEY *eckey);
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
-@@ -331,7 +284,6 @@ int EC_GROUP_set_generator(EC_GROUP *gro
- } else
- BN_zero(group->cofactor);
-
--
- /*
- * Some groups have an order with
- * factors of two, which makes the Montgomery setup fail.
-@@ -747,7 +699,15 @@ int EC_POINT_set_affine_coordinates_GFp(
- EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
-+ if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
-+ return 0;
-+
-+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
-+ EC_R_POINT_IS_NOT_ON_CURVE);
-+ return 0;
-+ }
-+ return 1;
- }
-
- #ifndef OPENSSL_NO_EC2M
-@@ -765,7 +725,15 @@ int EC_POINT_set_affine_coordinates_GF2m
- EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
-+ if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
-+ return 0;
-+
-+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
-+ EC_R_POINT_IS_NOT_ON_CURVE);
-+ return 0;
-+ }
-+ return 1;
- }
- #endif
-
---- a/crypto/ec/ec_mult.c
-+++ b/crypto/ec/ec_mult.c
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
-@@ -359,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, E
- numblocks = (tmp_len + blocksize - 1) / blocksize;
- if (numblocks > pre_comp->numblocks) {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-+ OPENSSL_free(tmp_wNAF);
- goto err;
- }
- totalnum = num + numblocks;
-@@ -373,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, E
- wNAF_len[i] = blocksize;
- if (tmp_len < blocksize) {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-+ OPENSSL_free(tmp_wNAF);
- goto err;
- }
- tmp_len -= blocksize;
---- a/crypto/ec/ec_oct.c
-+++ b/crypto/ec/ec_oct.c
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
---- a/crypto/ec/ec_pmeth.c
-+++ b/crypto/ec/ec_pmeth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ec/ec_print.c
-+++ b/crypto/ec/ec_print.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/ec/ecdh_kdf.c
-+++ b/crypto/ec/ecdh_kdf.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Stephen Henson for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -77,7 +34,8 @@ int ECDH_KDF_X9_62(unsigned char *out, s
- mdlen = EVP_MD_size(md);
- for (i = 1;; i++) {
- unsigned char mtmp[EVP_MAX_MD_SIZE];
-- EVP_DigestInit_ex(mctx, md, NULL);
-+ if (!EVP_DigestInit_ex(mctx, md, NULL))
-+ goto err;
- ctr[3] = i & 0xFF;
- ctr[2] = (i >> 8) & 0xFF;
- ctr[1] = (i >> 16) & 0xFF;
---- a/crypto/ec/ecdh_ossl.c
-+++ b/crypto/ec/ecdh_ossl.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -12,59 +21,6 @@
- * Sun Microsystems Laboratories.
- *
- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
-
- #include <string.h>
- #include <limits.h>
-@@ -82,7 +38,7 @@ int ossl_ecdh_compute_key(unsigned char
- {
- if (ecdh->group->meth->ecdh_compute_key == NULL) {
- ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
-- return -1;
-+ return 0;
- }
-
- return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
---- a/crypto/ec/ecdsa_ossl.c
-+++ b/crypto/ec/ecdsa_ossl.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -269,6 +221,12 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-+ ret->r = BN_new();
-+ ret->s = BN_new();
-+ if (ret->r == NULL || ret->s == NULL) {
-+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
- s = ret->s;
-
- if ((ctx = BN_CTX_new()) == NULL ||
---- a/crypto/ec/ecdsa_sign.c
-+++ b/crypto/ec/ecdsa_sign.c
-@@ -1,61 +1,14 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/ec.h>
- #include "ec_lcl.h"
--#include <openssl/engine.h>
--#include <openssl/rand.h>
- #include <openssl/err.h>
-
- ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
---- a/crypto/ec/ecdsa_vrf.c
-+++ b/crypto/ec/ecdsa_vrf.c
-@@ -1,64 +1,14 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/ec.h>
- #include "ec_lcl.h"
--#include <string.h>
--#include <openssl/engine.h>
- #include <openssl/err.h>
-
- /*-
---- a/crypto/ec/eck_prn.c
-+++ b/crypto/ec/eck_prn.c
-@@ -1,59 +1,12 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
-@@ -113,30 +66,6 @@ int ECParameters_print_fp(FILE *fp, cons
- }
- #endif
-
--int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
--{
-- EVP_PKEY *pk;
-- int ret;
-- pk = EVP_PKEY_new();
-- if (pk == NULL || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
-- return 0;
-- ret = EVP_PKEY_print_private(bp, pk, off, NULL);
-- EVP_PKEY_free(pk);
-- return ret;
--}
--
--int ECParameters_print(BIO *bp, const EC_KEY *x)
--{
-- EVP_PKEY *pk;
-- int ret;
-- pk = EVP_PKEY_new();
-- if (pk == NULL || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
-- return 0;
-- ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
-- EVP_PKEY_free(pk);
-- return ret;
--}
--
- static int print_bin(BIO *fp, const char *str, const unsigned char *num,
- size_t len, int off);
-
---- a/crypto/ec/ecp_mont.c
-+++ b/crypto/ec/ecp_mont.c
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
-@@ -225,6 +178,7 @@ int ec_GFp_mont_group_set_curve(EC_GROUP
- }
-
- err:
-+ BN_free(one);
- BN_CTX_free(new_ctx);
- BN_MONT_CTX_free(mont);
- return ret;
---- a/crypto/ec/ecp_nist.c
-+++ b/crypto/ec/ecp_nist.c
-@@ -1,59 +1,12 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
---- a/crypto/ec/ecp_nistp224.c
-+++ b/crypto/ec/ecp_nistp224.c
-@@ -1,6 +1,12 @@
- /*
-- * Written by Emilia Kasper (Google) for the OpenSSL project.
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
---- a/crypto/ec/ecp_nistp256.c
-+++ b/crypto/ec/ecp_nistp256.c
-@@ -1,6 +1,12 @@
- /*
-- * Written by Adam Langley (Google) for the OpenSSL project
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
---- a/crypto/ec/ecp_nistp521.c
-+++ b/crypto/ec/ecp_nistp521.c
-@@ -1,6 +1,12 @@
- /*
-- * Written by Adam Langley (Google) for the OpenSSL project
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
---- a/crypto/ec/ecp_nistputil.c
-+++ b/crypto/ec/ecp_nistputil.c
-@@ -1,6 +1,12 @@
- /*
-- * Written by Bodo Moeller for the OpenSSL project.
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
---- a/crypto/ec/ecp_nistz256.c
-+++ b/crypto/ec/ecp_nistz256.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /******************************************************************************
- * *
- * Copyright 2014 Intel Corporation *
-@@ -625,9 +634,9 @@ static void ecp_nistz256_mod_inverse(BN_
- }
-
- /*
-- * row[0] is implicitly (0,0,0) (the point at infinity), therefore it
-- * is not stored. All other values are actually stored with an offset
-- * of -1 in table.
-+ * row[0] is implicitly (0,0,0) (the point at infinity), therefore it
-+ * is not stored. All other values are actually stored with an offset
-+ * of -1 in table.
- */
-
- ecp_nistz256_scatter_w5 (row, &temp[0], 1);
---- a/crypto/ec/ecp_nistz256_table.c
-+++ b/crypto/ec/ecp_nistz256_table.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * This is the precomputed constant time access table for the code in
- * ecp_montp256.c, for the default generator. The table consists of 37
- * subtables, each subtable contains 64 affine points. The affine points are
---- a/crypto/ec/ecp_oct.c
-+++ b/crypto/ec/ecp_oct.c
-@@ -1,61 +1,12 @@
- /*
-- * Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
-- * for the OpenSSL project. Includes code written by Bodo Moeller for the
-- * OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
-@@ -404,16 +355,14 @@ int ec_GFp_simple_oct2point(const EC_GRO
- }
- }
-
-+ /*
-+ * EC_POINT_set_affine_coordinates_GFp is responsible for checking that
-+ * the point is on the curve.
-+ */
- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
- goto err;
- }
-
-- /* test required by X9.62 */
-- if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
-- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-- goto err;
-- }
--
- ret = 1;
-
- err:
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -1,61 +1,12 @@
- /*
-- * Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
-- * for the OpenSSL project. Includes code written by Bodo Moeller for the
-- * OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
---- a/crypto/engine/Makefile.in
-+++ /dev/null
-@@ -1,53 +0,0 @@
--#
--# OpenSSL/crypto/engine/Makefile
--#
--
--DIR= engine
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
-- eng_table.c eng_pkey.c eng_fat.c eng_all.c \
-- tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \
-- tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
-- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
-- eng_rdrand.c
--LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
-- eng_table.o eng_pkey.o eng_fat.o eng_all.o \
-- tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o \
-- tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o tb_eckey.o \
-- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
-- eng_rdrand.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/engine/eng_all.c
-+++ b/crypto/engine/eng_all.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -67,7 +18,7 @@ void ENGINE_load_builtin_engines(void)
- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
- }
-
--#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
- void ENGINE_setup_bsd_cryptodev(void)
- {
- static int bsd_cryptodev_default_loaded = 0;
---- a/crypto/engine/eng_cnf.c
-+++ b/crypto/engine/eng_cnf.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
-@@ -63,11 +14,11 @@
-
- /* ENGINE config module */
-
--static char *skip_dot(char *name)
-+static const char *skip_dot(const char *name)
- {
-- char *p;
-- p = strchr(name, '.');
-- if (p)
-+ const char *p = strchr(name, '.');
-+
-+ if (p != NULL)
- return p + 1;
- return name;
- }
-@@ -87,14 +38,14 @@ static int int_engine_init(ENGINE *e)
- return 1;
- }
-
--static int int_engine_configure(char *name, char *value, const CONF *cnf)
-+static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
- {
- int i;
- int ret = 0;
- long do_init = -1;
- STACK_OF(CONF_VALUE) *ecmds;
- CONF_VALUE *ecmd = NULL;
-- char *ctrlname, *ctrlvalue;
-+ const char *ctrlname, *ctrlvalue;
- ENGINE *e = NULL;
- int soft = 0;
-
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright (c) 2002 Bob Beck <beck at openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-@@ -124,13 +133,13 @@ static int cryptodev_rsa_nocrt_mod_exp(B
- static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
- #ifndef OPENSSL_NO_DSA
--static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
--static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
-- BIGNUM *p, BN_CTX *ctx,
-- BN_MONT_CTX *mont);
-+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
-+ const BIGNUM *u1, const BIGNUM *pub_key,
-+ const BIGNUM *u2, const BIGNUM *p,
-+ BN_CTX *ctx, BN_MONT_CTX *mont);
- static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
- DSA *dsa);
- static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-@@ -446,7 +455,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, un
- cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
-
- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-- cryp.iv = *(caddr_t*) EVP_CIPHER_CTX_iv(ctx);
-+ cryp.iv = (caddr_t) EVP_CIPHER_CTX_iv(ctx);
- if (!EVP_CIPHER_CTX_encrypting(ctx)) {
- iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
- memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
-@@ -1248,8 +1257,7 @@ static void zapparams(struct crypt_kop *
- int i;
-
- for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-- if (kop->crk_param[i].crp_p)
-- free(kop->crk_param[i].crp_p);
-+ OPENSSL_free(kop->crk_param[i].crp_p);
- kop->crk_param[i].crp_p = NULL;
- kop->crk_param[i].crp_nbits = 0;
- }
-@@ -1262,16 +1270,24 @@ cryptodev_asym(struct crypt_kop *kop, in
- int fd, ret = -1;
-
- if ((fd = get_asym_dev_crypto()) < 0)
-- return (ret);
-+ return ret;
-
- if (r) {
-- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-+ kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
-+ if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
-+ return ret;
- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
- kop->crk_oparams++;
- }
- if (s) {
- kop->crk_param[kop->crk_iparams + 1].crp_p =
-- calloc(slen, sizeof(char));
-+ OPENSSL_zalloc(slen);
-+ /* No need to free the kop->crk_iparams parameter if it was allocated,
-+ * callers of this routine have to free allocated parameters through
-+ * zapparams both in case of success and failure
-+ */
-+ if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
-+ return ret;
- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
- kop->crk_oparams++;
- }
-@@ -1284,7 +1300,7 @@ cryptodev_asym(struct crypt_kop *kop, in
- ret = 0;
- }
-
-- return (ret);
-+ return ret;
- }
-
- static int
-@@ -1337,8 +1353,8 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0,
- BN_CTX *ctx)
- {
- int r;
-- BIGNUM *n = NULL;
-- BIGNUM *d = NULL;
-+ const BIGNUM *n = NULL;
-+ const BIGNUM *d = NULL;
-
- ctx = BN_CTX_new();
- RSA_get0_key(rsa, &n, NULL, &d);
-@@ -1352,12 +1368,12 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const
- {
- struct crypt_kop kop;
- int ret = 1;
-- BIGNUM *p = NULL;
-- BIGNUM *q = NULL;
-- BIGNUM *dmp1 = NULL;
-- BIGNUM *dmq1 = NULL;
-- BIGNUM *iqmp = NULL;
-- BIGNUM *n = NULL;
-+ const BIGNUM *p = NULL;
-+ const BIGNUM *q = NULL;
-+ const BIGNUM *dmp1 = NULL;
-+ const BIGNUM *dmq1 = NULL;
-+ const BIGNUM *iqmp = NULL;
-+ const BIGNUM *n = NULL;
-
- RSA_get0_factors(rsa, &p, &q);
- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-@@ -1404,21 +1420,23 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const
-
- #ifndef OPENSSL_NO_DSA
- static int
--cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
-- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-+ return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx);
- }
-
- static int
--cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-- BN_CTX *ctx, BN_MONT_CTX *mont)
-+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
-+ const BIGNUM *u1, const BIGNUM *pub_key,
-+ const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx,
-+ BN_MONT_CTX *mont)
- {
-- BIGNUM *t2, *dsag, *dsap, *dsapub_key;
-+ const BIGNUM *dsag, *dsap, *dsapub_key;
-+ BIGNUM *t2;
- int ret = 0;
- const DSA_METHOD *meth;
-- int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *,
-+ int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
- BN_CTX *, BN_MONT_CTX *);
-
- t2 = BN_new();
-@@ -1445,12 +1463,10 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGN
- /* let t2 = y ^ u2 mod p */
- if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
- goto err;
-- /* let u1 = t1 * t2 mod p */
-- if (!BN_mod_mul(u1, t1, t2, dsap, ctx))
-+ /* let t1 = t1 * t2 mod p */
-+ if (!BN_mod_mul(t1, t1, t2, dsap, ctx))
- goto err;
-
-- BN_copy(t1, u1);
--
- ret = 1;
- err:
- BN_free(t2);
-@@ -1461,14 +1477,14 @@ static DSA_SIG *cryptodev_dsa_do_sign(co
- DSA *dsa)
- {
- struct crypt_kop kop;
-- BIGNUM *r = NULL, *s = NULL, *dsap = NULL, *dsaq = NULL, *dsag = NULL;
-- BIGNUM *priv_key = NULL;
-+ BIGNUM *r, *s;
-+ const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL;
-+ const BIGNUM *priv_key = NULL;
- DSA_SIG *dsasig, *dsaret = NULL;
-
- dsasig = DSA_SIG_new();
- if (dsasig == NULL)
- goto err;
-- DSA_SIG_get0(&r, &s, dsasig);
-
- memset(&kop, 0, sizeof(kop));
- kop.crk_op = CRK_DSA_SIGN;
-@@ -1488,8 +1504,15 @@ static DSA_SIG *cryptodev_dsa_do_sign(co
- goto err;
- kop.crk_iparams = 5;
-
-+ r = BN_new();
-+ if (r == NULL)
-+ goto err;
-+ s = BN_new();
-+ if (s == NULL)
-+ goto err;
- if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r,
- BN_num_bytes(dsaq), s) == 0) {
-+ DSA_SIG_set0(dsasig, r, s);
- dsaret = dsasig;
- } else {
- dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
-@@ -1508,7 +1531,7 @@ cryptodev_dsa_verify(const unsigned char
- {
- struct crypt_kop kop;
- int dsaret = 1;
-- BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
-+ const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
-
- memset(&kop, 0, sizeof(kop));
- kop.crk_op = CRK_DSA_VERIFY;
-@@ -1526,7 +1549,7 @@ cryptodev_dsa_verify(const unsigned char
- DSA_get0_key(dsa, &pub_key, NULL);
- if (bn2crparam(pub_key, &kop.crk_param[4]))
- goto err;
-- DSA_SIG_get0(&pr, &ps, sig);
-+ DSA_SIG_get0(sig, &pr, &ps);
- if (bn2crparam(pr, &kop.crk_param[5]))
- goto err;
- if (bn2crparam(ps, &kop.crk_param[6]))
-@@ -1564,8 +1587,8 @@ cryptodev_dh_compute_key(unsigned char *
- struct crypt_kop kop;
- int dhret = 1;
- int fd, keylen;
-- BIGNUM *p = NULL;
-- BIGNUM *priv_key = NULL;
-+ const BIGNUM *p = NULL;
-+ const BIGNUM *priv_key = NULL;
-
- if ((fd = get_asym_dev_crypto()) < 0) {
- const DH_METHOD *meth = DH_OpenSSL();
---- a/crypto/engine/eng_ctrl.c
-+++ b/crypto/engine/eng_ctrl.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
-@@ -248,14 +203,13 @@ int ENGINE_ctrl_cmd(ENGINE *e, const cha
- {
- int num;
-
-- if ((e == NULL) || (cmd_name == NULL)) {
-+ if (e == NULL || cmd_name == NULL) {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-- ENGINE_CTRL_GET_CMD_FROM_NAME,
-- 0, (void *)cmd_name,
-- NULL)) <= 0)) {
-+ if (e->ctrl == NULL
-+ || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
-+ 0, (void *)cmd_name, NULL)) <= 0) {
- /*
- * If the command didn't *have* to be supported, we fake success.
- * This allows certain settings to be specified for multiple ENGINEs
-@@ -286,15 +240,14 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
- int num, flags;
- long l;
- char *ptr;
-- if ((e == NULL) || (cmd_name == NULL)) {
-- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-- ERR_R_PASSED_NULL_PARAMETER);
-+
-+ if (e == NULL || cmd_name == NULL) {
-+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-- if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-- ENGINE_CTRL_GET_CMD_FROM_NAME,
-- 0, (void *)cmd_name,
-- NULL)) <= 0)) {
-+ if (e->ctrl == NULL
-+ || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
-+ 0, (void *)cmd_name, NULL)) <= 0) {
- /*
- * If the command didn't *have* to be supported, we fake success.
- * This allows certain settings to be specified for multiple ENGINEs
-@@ -315,8 +268,9 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, co
- ENGINE_R_CMD_NOT_EXECUTABLE);
- return 0;
- }
-- if ((flags =
-- ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) {
-+
-+ flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
-+ if (flags < 0) {
- /*
- * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
- * success.
---- a/crypto/engine/eng_dyn.c
-+++ b/crypto/engine/eng_dyn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
-@@ -203,6 +154,7 @@ static void dynamic_data_ctx_free_func(v
- static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
- {
- dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
-+ int ret = 1;
-
- if (c == NULL) {
- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-@@ -222,9 +174,11 @@ static int dynamic_set_data_ctx(ENGINE *
- dynamic_ex_data_idx))
- == NULL) {
- /* Good, we're the first */
-- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-- *ctx = c;
-- c = NULL;
-+ ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-+ if (ret) {
-+ *ctx = c;
-+ c = NULL;
-+ }
- }
- CRYPTO_THREAD_unlock(global_engine_lock);
- /*
-@@ -234,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *
- if (c)
- sk_OPENSSL_STRING_free(c->dirs);
- OPENSSL_free(c);
-- return 1;
-+ return ret;
- }
-
- /*
-@@ -395,11 +349,15 @@ static int dynamic_ctrl(ENGINE *e, int c
- }
- {
- char *tmp_str = OPENSSL_strdup(p);
-- if (!tmp_str) {
-+ if (tmp_str == NULL) {
-+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+ if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) {
-+ OPENSSL_free(tmp_str);
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-- sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
- }
- return 1;
- default:
---- a/crypto/engine/eng_err.c
-+++ b/crypto/engine/eng_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -80,10 +30,10 @@ static ERR_STRING_DATA ENGINE_str_functs
- {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
- {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
- {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
-- {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
- {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
-- {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
- {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
-+ {ERR_FUNC(ENGINE_F_ENGINE_GET_FIRST), "ENGINE_get_first"},
-+ {ERR_FUNC(ENGINE_F_ENGINE_GET_LAST), "ENGINE_get_last"},
- {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
- {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),
- "ENGINE_get_pkey_asn1_meth"},
-@@ -97,20 +47,19 @@ static ERR_STRING_DATA ENGINE_str_functs
- {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
- "ENGINE_load_ssl_client_cert"},
- {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-+ {ERR_FUNC(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR),
-+ "ENGINE_pkey_asn1_find_str"},
- {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
- {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
- "ENGINE_set_default_string"},
-- {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
- {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
- {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
- {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "engine_table_register"},
-- {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
- {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "engine_unlocked_finish"},
- {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
- {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "int_ctrl_helper"},
- {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "int_engine_configure"},
- {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "int_engine_module_init"},
-- {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
- {0, NULL}
- };
-
-@@ -124,8 +73,6 @@ static ERR_STRING_DATA ENGINE_str_reason
- {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
- {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
- "ctrl command not implemented"},
-- {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"},
-- {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
- {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
- {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
- {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
-@@ -138,8 +85,6 @@ static ERR_STRING_DATA ENGINE_str_reason
- {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
- "failed loading public key"},
- {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
-- {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED),
-- "could not obtain hardware handle"},
- {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
- {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
- {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
-@@ -155,9 +100,6 @@ static ERR_STRING_DATA ENGINE_str_reason
- {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
- {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
- {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
-- {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"},
-- {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"},
-- {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
- {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
- {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
- {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
-@@ -168,7 +110,7 @@ static ERR_STRING_DATA ENGINE_str_reason
-
- #endif
-
--void ERR_load_ENGINE_strings(void)
-+int ERR_load_ENGINE_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -177,4 +119,5 @@ void ERR_load_ENGINE_strings(void)
- ERR_load_strings(0, ENGINE_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/engine/eng_fat.c
-+++ b/crypto/engine/eng_fat.c
-@@ -1,56 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
---- a/crypto/engine/eng_init.c
-+++ b/crypto/engine/eng_init.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
-@@ -125,7 +80,10 @@ int ENGINE_init(ENGINE *e)
- ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
-+ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
-+ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
- CRYPTO_THREAD_write_lock(global_engine_lock);
- ret = engine_unlocked_init(e);
- CRYPTO_THREAD_unlock(global_engine_lock);
---- a/crypto/engine/eng_int.h
-+++ b/crypto/engine/eng_int.h
-@@ -1,60 +1,12 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -65,8 +17,8 @@
- # define HEADER_ENGINE_INT_H
-
- # include "internal/cryptlib.h"
--# include "internal/threads.h"
- # include <internal/engine.h>
-+# include <internal/thread_once.h>
-
- #ifdef __cplusplus
- extern "C" {
-@@ -172,7 +124,7 @@ void engine_pkey_asn1_meths_free(ENGINE
-
- /* Once initialisation function */
- extern CRYPTO_ONCE engine_lock_init;
--void do_engine_lock_init(void);
-+DECLARE_RUN_ONCE(do_engine_lock_init)
-
- /*
- * This is a structure for storing implementations of various crypto
-@@ -207,7 +159,7 @@ struct engine_st {
- int struct_ref;
- /*
- * reference count on usability of the engine type. NB: This controls the
-- * loading and initialisation of any functionlity required by this
-+ * loading and initialisation of any functionality required by this
- * engine, whereas the previous count is simply to cope with
- * (de)allocation of this structure. Hence, running_ref <= struct_ref at
- * all times.
---- a/crypto/engine/eng_lib.c
-+++ b/crypto/engine/eng_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
-@@ -65,25 +16,27 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ON
-
- /* The "new"/"free" stuff first */
-
--void do_engine_lock_init(void)
-+DEFINE_RUN_ONCE(do_engine_lock_init)
- {
- global_engine_lock = CRYPTO_THREAD_lock_new();
-+ return global_engine_lock != NULL;
- }
-
- ENGINE *ENGINE_new(void)
- {
- ENGINE *ret;
-
-- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
--
-- ret = OPENSSL_zalloc(sizeof(*ret));
-- if (ret == NULL) {
-+ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)
-+ || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
- ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- ret->struct_ref = 1;
- engine_ref_debug(ret, 0, 1);
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
- return ret;
- }
-
---- a/crypto/engine/eng_list.c
-+++ b/crypto/engine/eng_list.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -184,7 +136,11 @@ ENGINE *ENGINE_get_first(void)
- {
- ENGINE *ret;
-
-- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
-+ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
-+ ENGINEerr(ENGINE_F_ENGINE_GET_FIRST, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
- CRYPTO_THREAD_write_lock(global_engine_lock);
- ret = engine_list_head;
- if (ret) {
-@@ -199,7 +155,11 @@ ENGINE *ENGINE_get_last(void)
- {
- ENGINE *ret;
-
-- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
-+ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
-+ ENGINEerr(ENGINE_F_ENGINE_GET_LAST, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
- CRYPTO_THREAD_write_lock(global_engine_lock);
- ret = engine_list_tail;
- if (ret) {
-@@ -327,7 +287,11 @@ ENGINE *ENGINE_by_id(const char *id)
- ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
-- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
-+ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
-+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
- CRYPTO_THREAD_write_lock(global_engine_lock);
- iterator = engine_list_head;
- while (iterator && (strcmp(id, iterator->id) != 0))
---- a/crypto/engine/eng_openssl.c
-+++ b/crypto/engine/eng_openssl.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -312,7 +264,7 @@ static void test_r4_40_cipher_destroy(vo
- }
- static int test_cipher_nids(const int **nids)
- {
-- static int cipher_nids[4] = { 0, 0, 0 };
-+ static int cipher_nids[4] = { 0, 0, 0, 0 };
- static int pos = 0;
- static int init = 0;
-
-@@ -489,6 +441,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *
- return 0;
- hctx->ktmp.type = V_ASN1_OCTET_STRING;
- hctx->ctx = HMAC_CTX_new();
-+ if (hctx->ctx == NULL) {
-+ OPENSSL_free(hctx);
-+ return 0;
-+ }
- EVP_PKEY_CTX_set_data(ctx, hctx);
- EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
- # ifdef TEST_ENG_OPENSSL_HMAC_INIT
-@@ -497,31 +453,42 @@ static int ossl_hmac_init(EVP_PKEY_CTX *
- return 1;
- }
-
-+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
-+
- static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- OSSL_HMAC_PKEY_CTX *sctx, *dctx;
-+
-+ /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
- if (!ossl_hmac_init(dst))
- return 0;
- sctx = EVP_PKEY_CTX_get_data(src);
- dctx = EVP_PKEY_CTX_get_data(dst);
- dctx->md = sctx->md;
- if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
-- return 0;
-+ goto err;
- if (sctx->ktmp.data) {
- if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
- sctx->ktmp.data, sctx->ktmp.length))
-- return 0;
-+ goto err;
- }
- return 1;
-+err:
-+ /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
-+ ossl_hmac_cleanup(dst);
-+ return 0;
- }
-
- static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
- {
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
-
-- HMAC_CTX_free(hctx->ctx);
-- OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
-- OPENSSL_free(hctx);
-+ if (hctx) {
-+ HMAC_CTX_free(hctx->ctx);
-+ OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
-+ OPENSSL_free(hctx);
-+ EVP_PKEY_CTX_set_data(ctx, NULL);
-+ }
- }
-
- static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
---- a/crypto/engine/eng_pkey.c
-+++ b/crypto/engine/eng_pkey.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/eng_rdrand.c
-+++ b/crypto/engine/eng_rdrand.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
---- a/crypto/engine/eng_table.c
-+++ b/crypto/engine/eng_table.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/engine/tb_asnmth.c
-+++ b/crypto/engine/tb_asnmth.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
-@@ -234,7 +189,11 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_
- fstr.str = str;
- fstr.len = len;
-
-- CRYPTO_THREAD_run_once(&engine_lock_init, do_engine_lock_init);
-+ if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
-+ ENGINEerr(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
- CRYPTO_THREAD_write_lock(global_engine_lock);
- engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
- /* If found obtain a structural reference to engine */
---- a/crypto/engine/tb_cipher.c
-+++ b/crypto/engine/tb_cipher.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_dh.c
-+++ b/crypto/engine/tb_dh.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_digest.c
-+++ b/crypto/engine/tb_digest.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_dsa.c
-+++ b/crypto/engine/tb_dsa.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_eckey.c
-+++ b/crypto/engine/tb_eckey.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_pkmeth.c
-+++ b/crypto/engine/tb_pkmeth.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_rand.c
-+++ b/crypto/engine/tb_rand.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/engine/tb_rsa.c
-+++ b/crypto/engine/tb_rsa.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "eng_int.h"
---- a/crypto/err/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/err/Makefile
--#
--
--DIR= err
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=err.c err_all.c err_prn.c
--LIBOBJ=err.o err_all.o err_prn.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- /dev/null
-+++ b/crypto/err/README
-@@ -0,0 +1,44 @@
-+Adding new libraries
-+--------------------
-+
-+When adding a new sub-library to OpenSSL, assign it a library number
-+ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its
-+name to ERR_str_libraries[] (in crypto/err/err.c), and add
-+ERR_load_XXX_strings() to the ERR_load_crypto_strings() function
-+(in crypto/err/err_all.c). Finally, add an entry:
-+
-+ L XXX xxx.h xxx_err.c
-+
-+to crypto/err/openssl.ec, and add xxx_err.c to the Makefile.
-+Running make errors will then generate a file xxx_err.c, and
-+add all error codes used in the library to xxx.h.
-+
-+Additionally the library include file must have a certain form.
-+Typically it will initially look like this:
-+
-+ #ifndef HEADER_XXX_H
-+ #define HEADER_XXX_H
-+
-+ #ifdef __cplusplus
-+ extern "C" {
-+ #endif
-+
-+ /* Include files */
-+
-+ #include <openssl/bio.h>
-+ #include <openssl/x509.h>
-+
-+ /* Macros, structures and function prototypes */
-+
-+
-+ /* BEGIN ERROR CODES */
-+
-+The BEGIN ERROR CODES sequence is used by the error code
-+generation script as the point to place new error codes, any text
-+after this point will be overwritten when make errors is run.
-+The closing #endif etc will be automatically added by the script.
-+
-+The generated C error code file xxx_err.c will load the header
-+files stdio.h, openssl/err.h and openssl/xxx.h so the
-+header file must load any additional header files containing any
-+definitions it uses.
---- a/crypto/err/err.c
-+++ b/crypto/err/err.c
-@@ -1,118 +1,16 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <stdarg.h>
- #include <string.h>
- #include <internal/cryptlib_int.h>
--#include <internal/threads.h>
- #include <internal/err.h>
- #include <internal/err_int.h>
- #include <openssl/lhash.h>
-@@ -120,6 +18,7 @@
- #include <openssl/buffer.h>
- #include <openssl/bio.h>
- #include <openssl/opensslconf.h>
-+#include <internal/thread_once.h>
-
- static void err_load_strings(int lib, ERR_STRING_DATA *str);
-
-@@ -197,26 +96,14 @@ static ERR_STRING_DATA ERR_str_reasons[]
- {ERR_R_DSA_LIB, "DSA lib"},
- {ERR_R_X509_LIB, "X509 lib"},
- {ERR_R_ASN1_LIB, "ASN1 lib"},
-- {ERR_R_CONF_LIB, "CONF lib"},
-- {ERR_R_CRYPTO_LIB, "CRYPTO lib"},
- {ERR_R_EC_LIB, "EC lib"},
-- {ERR_R_SSL_LIB, "SSL lib"},
- {ERR_R_BIO_LIB, "BIO lib"},
- {ERR_R_PKCS7_LIB, "PKCS7 lib"},
- {ERR_R_X509V3_LIB, "X509V3 lib"},
-- {ERR_R_PKCS12_LIB, "PKCS12 lib"},
-- {ERR_R_RAND_LIB, "RAND lib"},
-- {ERR_R_DSO_LIB, "DSO lib"},
- {ERR_R_ENGINE_LIB, "ENGINE lib"},
-- {ERR_R_OCSP_LIB, "OCSP lib"},
-- {ERR_R_TS_LIB, "TS lib"},
- {ERR_R_ECDSA_LIB, "ECDSA lib"},
-
- {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
-- {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"},
-- {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"},
-- {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"},
-- {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"},
- {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
-
- {ERR_R_FATAL, "fatal"},
-@@ -334,12 +221,8 @@ static void build_SYS_str_reasons(void)
- str->error = (unsigned long)i;
- if (str->string == NULL) {
- char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-- char *src = strerror(i);
-- if (src != NULL) {
-- strncpy(*dest, src, sizeof(*dest));
-- (*dest)[sizeof(*dest) - 1] = '\0';
-+ if (openssl_strerror_r(i, *dest, sizeof(*dest)))
- str->string = *dest;
-- }
- }
- if (str->string == NULL)
- str->string = "unknown";
-@@ -388,9 +271,10 @@ static void ERR_STATE_free(ERR_STATE *s)
- OPENSSL_free(s);
- }
-
--static void do_err_strings_init(void)
-+DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
- {
- err_string_lock = CRYPTO_THREAD_lock_new();
-+ return err_string_lock != NULL;
- }
-
- void err_cleanup(void)
-@@ -399,10 +283,11 @@ void err_cleanup(void)
- err_string_lock = NULL;
- }
-
--void ERR_load_ERR_strings(void)
-+int ERR_load_ERR_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
-+ return 0;
-
- err_load_strings(0, ERR_str_libraries);
- err_load_strings(0, ERR_str_reasons);
-@@ -410,6 +295,7 @@ void ERR_load_ERR_strings(void)
- build_SYS_str_reasons();
- err_load_strings(ERR_LIB_SYS, SYS_str_reasons);
- #endif
-+ return 1;
- }
-
- static void err_load_strings(int lib, ERR_STRING_DATA *str)
-@@ -428,17 +314,20 @@ static void err_load_strings(int lib, ER
- CRYPTO_THREAD_unlock(err_string_lock);
- }
-
--void ERR_load_strings(int lib, ERR_STRING_DATA *str)
-+int ERR_load_strings(int lib, ERR_STRING_DATA *str)
- {
-- ERR_load_ERR_strings();
-+ if (ERR_load_ERR_strings() == 0)
-+ return 0;
- err_load_strings(lib, str);
-+ return 1;
- }
-
--void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
-+int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
- {
- LHASH_OF(ERR_STRING_DATA) *hash;
-
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
-+ return 0;
-
- CRYPTO_THREAD_write_lock(err_string_lock);
- hash = get_hash(0, 0);
-@@ -450,11 +339,14 @@ void ERR_unload_strings(int lib, ERR_STR
- }
- }
- CRYPTO_THREAD_unlock(err_string_lock);
-+
-+ return 1;
- }
-
- void err_free_strings_int(void)
- {
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
-+ return;
-
- CRYPTO_THREAD_write_lock(err_string_lock);
- lh_ERR_STRING_DATA_free(int_error_hash);
-@@ -700,7 +592,9 @@ const char *ERR_lib_error_string(unsigne
- ERR_STRING_DATA d, *p;
- unsigned long l;
-
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
-+ return NULL;
-+ }
-
- l = ERR_GET_LIB(e);
- d.error = ERR_PACK(l, 0, 0);
-@@ -713,7 +607,9 @@ const char *ERR_func_error_string(unsign
- ERR_STRING_DATA d, *p;
- unsigned long l, f;
-
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
-+ return NULL;
-+ }
-
- l = ERR_GET_LIB(e);
- f = ERR_GET_FUNC(e);
-@@ -727,7 +623,9 @@ const char *ERR_reason_error_string(unsi
- ERR_STRING_DATA d, *p = NULL;
- unsigned long l, r;
-
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
-+ return NULL;
-+ }
-
- l = ERR_GET_LIB(e);
- r = ERR_GET_REASON(e);
-@@ -740,7 +638,7 @@ const char *ERR_reason_error_string(unsi
- return ((p == NULL) ? NULL : p->string);
- }
-
--void ERR_remove_thread_state(void)
-+void err_delete_thread_state(void)
- {
- ERR_STATE *state = ERR_get_state();
- if (state == NULL)
-@@ -750,23 +648,29 @@ void ERR_remove_thread_state(void)
- ERR_STATE_free(state);
- }
-
-+#if OPENSSL_API_COMPAT < 0x10100000L
-+void ERR_remove_thread_state(void *dummy)
-+{
-+}
-+#endif
-+
- #if OPENSSL_API_COMPAT < 0x10000000L
- void ERR_remove_state(unsigned long pid)
- {
-- ERR_remove_thread_state();
- }
- #endif
-
--static void err_do_init(void)
-+DEFINE_RUN_ONCE_STATIC(err_do_init)
- {
-- CRYPTO_THREAD_init_local(&err_thread_local, NULL);
-+ return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
- }
-
- ERR_STATE *ERR_get_state(void)
- {
- ERR_STATE *state = NULL;
-
-- CRYPTO_THREAD_run_once(&err_init, err_do_init);
-+ if (!RUN_ONCE(&err_init, err_do_init))
-+ return NULL;
-
- state = CRYPTO_THREAD_get_local(&err_thread_local);
-
-@@ -792,7 +696,9 @@ int ERR_get_next_error_library(void)
- {
- int ret;
-
-- CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
-+ if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
-+ return 0;
-+ }
-
- CRYPTO_THREAD_write_lock(err_string_lock);
- ret = int_err_library_number++;
---- a/crypto/err/err_all.c
-+++ b/crypto/err/err_all.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -88,66 +40,70 @@
- #include <openssl/async.h>
- #include <openssl/kdf.h>
-
--void err_load_crypto_strings_int(void)
-+int err_load_crypto_strings_int(void)
- {
-+ if (
- #ifdef OPENSSL_FIPS
-- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-+ FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 ||
- #endif
- #ifndef OPENSSL_NO_ERR
-- ERR_load_ERR_strings(); /* include error strings for SYSerr */
-- ERR_load_BN_strings();
-+ ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
-+ ERR_load_BN_strings() == 0 ||
- # ifndef OPENSSL_NO_RSA
-- ERR_load_RSA_strings();
-+ ERR_load_RSA_strings() == 0 ||
- # endif
- # ifndef OPENSSL_NO_DH
-- ERR_load_DH_strings();
-+ ERR_load_DH_strings() == 0 ||
- # endif
-- ERR_load_EVP_strings();
-- ERR_load_BUF_strings();
-- ERR_load_OBJ_strings();
-- ERR_load_PEM_strings();
-+ ERR_load_EVP_strings() == 0 ||
-+ ERR_load_BUF_strings() == 0 ||
-+ ERR_load_OBJ_strings() == 0 ||
-+ ERR_load_PEM_strings() == 0 ||
- # ifndef OPENSSL_NO_DSA
-- ERR_load_DSA_strings();
-+ ERR_load_DSA_strings() == 0 ||
- # endif
-- ERR_load_X509_strings();
-- ERR_load_ASN1_strings();
-- ERR_load_CONF_strings();
-- ERR_load_CRYPTO_strings();
-+ ERR_load_X509_strings() == 0 ||
-+ ERR_load_ASN1_strings() == 0 ||
-+ ERR_load_CONF_strings() == 0 ||
-+ ERR_load_CRYPTO_strings() == 0 ||
- # ifndef OPENSSL_NO_COMP
-- ERR_load_COMP_strings();
-+ ERR_load_COMP_strings() == 0 ||
- # endif
- # ifndef OPENSSL_NO_EC
-- ERR_load_EC_strings();
-+ ERR_load_EC_strings() == 0 ||
- # endif
-- /* skip ERR_load_SSL_strings() because it is not in this library */
-- ERR_load_BIO_strings();
-- ERR_load_PKCS7_strings();
-- ERR_load_X509V3_strings();
-- ERR_load_PKCS12_strings();
-- ERR_load_RAND_strings();
-- ERR_load_DSO_strings();
-+ /* skip ERR_load_SSL_strings() because it is not in this library */
-+ ERR_load_BIO_strings() == 0 ||
-+ ERR_load_PKCS7_strings() == 0 ||
-+ ERR_load_X509V3_strings() == 0 ||
-+ ERR_load_PKCS12_strings() == 0 ||
-+ ERR_load_RAND_strings() == 0 ||
-+ ERR_load_DSO_strings() == 0 ||
- # ifndef OPENSSL_NO_TS
-- ERR_load_TS_strings();
-+ ERR_load_TS_strings() == 0 ||
- # endif
- # ifndef OPENSSL_NO_ENGINE
-- ERR_load_ENGINE_strings();
-+ ERR_load_ENGINE_strings() == 0 ||
- # endif
- # ifndef OPENSSL_NO_OCSP
-- ERR_load_OCSP_strings();
-+ ERR_load_OCSP_strings() == 0 ||
- # endif
- #ifndef OPENSSL_NO_UI
-- ERR_load_UI_strings();
-+ ERR_load_UI_strings() == 0 ||
- #endif
- # ifdef OPENSSL_FIPS
-- ERR_load_FIPS_strings();
-+ ERR_load_FIPS_strings() == 0 ||
- # endif
- # ifndef OPENSSL_NO_CMS
-- ERR_load_CMS_strings();
-+ ERR_load_CMS_strings() == 0 ||
- # endif
- # ifndef OPENSSL_NO_CT
-- ERR_load_CT_strings();
-+ ERR_load_CT_strings() == 0 ||
- # endif
-- ERR_load_ASYNC_strings();
-+ ERR_load_ASYNC_strings() == 0 ||
- #endif
-- ERR_load_KDF_strings();
-+ ERR_load_KDF_strings() == 0)
-+ return 0;
-+
-+ return 1;
- }
---- a/crypto/err/err_prn.c
-+++ b/crypto/err/err_prn.c
-@@ -1,63 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
--#include "internal/threads.h"
- #include <openssl/lhash.h>
- #include <openssl/crypto.h>
- #include <openssl/buffer.h>
---- a/crypto/err/openssl.ec
-+++ b/crypto/err/openssl.ec
-@@ -28,11 +28,10 @@ L ENGINE include/openssl/engine.h crypto
- L OCSP include/openssl/ocsp.h crypto/ocsp/ocsp_err.c
- L UI include/openssl/ui.h crypto/ui/ui_err.c
- L COMP include/openssl/comp.h crypto/comp/comp_err.c
--L STORE include/openssl/store.h crypto/store/str_err.c
- L TS include/openssl/ts.h crypto/ts/ts_err.c
--L HMAC include/openssl/hmac.h crypto/hmac/hmac_err.c
-+#L HMAC include/openssl/hmac.h crypto/hmac/hmac_err.c
- L CMS include/openssl/cms.h crypto/cms/cms_err.c
--L FIPS include/openssl/fips.h crypto/fips_err.h
-+#L FIPS include/openssl/fips.h crypto/fips_err.h
- L CT include/openssl/ct.h crypto/ct/ct_err.c
- L ASYNC include/openssl/async.h crypto/async/async_err.c
- L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
-@@ -52,6 +51,38 @@ F RSAREF_F_RSA_PRIVATE_ENCRYPT
- F RSAREF_F_RSA_PUBLIC_DECRYPT
- F RSAREF_F_RSA_PUBLIC_ENCRYPT
-
-+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
-+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
-+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-+R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-+R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
-+R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
-+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
-+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
-+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
-+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
-+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
-+R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
-+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
-+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
-+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
-+R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
-+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
-+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
-+R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115
-+R TLS1_AD_NO_APPLICATION_PROTOCOL 1120
-+
- R RSAREF_R_CONTENT_ENCODING 0x0400
- R RSAREF_R_DATA 0x0401
- R RSAREF_R_DIGEST_ALGORITHM 0x0402
---- a/crypto/evp/Makefile.in
-+++ /dev/null
-@@ -1,68 +0,0 @@
--#
--# OpenSSL/crypto/evp/Makefile
--#
--
--DIR= evp
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \
-- e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
-- e_rc4.c e_aes.c names.c e_seed.c \
-- e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
-- m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
-- m_md5_sha1.c m_mdc2.c m_ripemd.c \
-- p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
-- bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
-- c_allc.c c_alld.c evp_lib.c bio_ok.c \
-- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \
-- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
-- e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
-- e_chacha20_poly1305.c cmeth_lib.c
--
--LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_cnf.o \
-- e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
-- e_rc4.o e_aes.o names.o e_seed.o \
-- e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
-- m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \
-- m_md5_sha1.o m_mdc2.o m_ripemd.o \
-- p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
-- bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
-- c_allc.o c_alld.o evp_lib.o bio_ok.o \
-- evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o \
-- e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
-- e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o \
-- e_chacha20_poly1305.o cmeth_lib.o
--
--SRC= $(LIBSRC)
--
--HEADER= evp_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/evp/bio_b64.c
-+++ b/crypto/evp/bio_b64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -118,11 +70,16 @@ static int b64_new(BIO *bi)
-
- ctx = OPENSSL_zalloc(sizeof(*ctx));
- if (ctx == NULL)
-- return (0);
-+ return 0;
-
- ctx->cont = 1;
- ctx->start = 1;
- ctx->base64 = EVP_ENCODE_CTX_new();
-+ if (ctx->base64 == NULL) {
-+ OPENSSL_free(ctx);
-+ return 0;
-+ }
-+
- BIO_set_data(bi, ctx);
- BIO_set_init(bi, 1);
-
-@@ -446,9 +403,10 @@ static int b64_write(BIO *b, const char
- ret += n;
- }
- } else {
-- EVP_EncodeUpdate(ctx->base64,
-- (unsigned char *)ctx->buf, &ctx->buf_len,
-- (unsigned char *)in, n);
-+ if (!EVP_EncodeUpdate(ctx->base64,
-+ (unsigned char *)ctx->buf, &ctx->buf_len,
-+ (unsigned char *)in, n))
-+ return ((ret == 0) ? -1 : ret);
- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- ret += n;
---- a/crypto/evp/bio_enc.c
-+++ b/crypto/evp/bio_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -88,7 +40,7 @@ typedef struct enc_struct {
- * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
- * up to a block more data than is presented to it
- */
-- char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
-+ unsigned char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
- } BIO_ENC_CTX;
-
- static const BIO_METHOD methods_enc = {
-@@ -184,33 +136,52 @@ static int enc_read(BIO *b, char *out, i
- */
-
- while (outl > 0) {
-+ int buf_len;
-+
- if (ctx->cont <= 0)
- break;
-
-+ buf_len = outl + EVP_MAX_BLOCK_LENGTH - 1;
-+ buf_len -= buf_len % EVP_MAX_BLOCK_LENGTH;
-+ if (buf_len > ENC_BLOCK_SIZE) {
-+ buf_len = ENC_BLOCK_SIZE;
-+ }
-+
- /*
- * read in at IV offset, read the EVP_Cipher documentation about why
- */
-- i = BIO_read(next, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE);
-+ i = BIO_read(next, &(ctx->buf[BUF_OFFSET]), buf_len);
-
- if (i <= 0) {
- /* Should be continue next time we are called? */
- if (!BIO_should_retry(next)) {
- ctx->cont = i;
- i = EVP_CipherFinal_ex(ctx->cipher,
-- (unsigned char *)ctx->buf,
-- &(ctx->buf_len));
-+ ctx->buf, &(ctx->buf_len));
- ctx->ok = i;
- ctx->buf_off = 0;
- } else {
- ret = (ret == 0) ? i : ret;
- break;
- }
-+ } else if (outl >= EVP_MAX_BLOCK_LENGTH) {
-+ if (!EVP_CipherUpdate(ctx->cipher,
-+ (unsigned char *)out, &buf_len,
-+ &(ctx->buf[BUF_OFFSET]), i)) {
-+ BIO_clear_retry_flags(b);
-+ return 0;
-+ }
-+ ret += buf_len;
-+ outl -= buf_len;
-+ out += buf_len;
-+
-+ continue;
- } else {
- if (!EVP_CipherUpdate(ctx->cipher,
-- (unsigned char *)ctx->buf, &ctx->buf_len,
-- (unsigned char *)&(ctx->buf[BUF_OFFSET]),
-- i)) {
-+ ctx->buf, &ctx->buf_len,
-+ &(ctx->buf[BUF_OFFSET]), i)) {
- BIO_clear_retry_flags(b);
-+ ctx->ok = 0;
- return 0;
- }
- ctx->cont = 1;
-@@ -275,9 +246,10 @@ static int enc_write(BIO *b, const char
- while (inl > 0) {
- n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
- if (!EVP_CipherUpdate(ctx->cipher,
-- (unsigned char *)ctx->buf, &ctx->buf_len,
-- (unsigned char *)in, n)) {
-+ ctx->buf, &ctx->buf_len,
-+ (const unsigned char *)in, n)) {
- BIO_clear_retry_flags(b);
-+ ctx->ok = 0;
- return 0;
- }
- inl -= n;
---- a/crypto/evp/bio_md.c
-+++ b/crypto/evp/bio_md.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/bio_ok.c
-+++ b/crypto/evp/bio_ok.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*-
-@@ -183,6 +135,10 @@ static int ok_new(BIO *bi)
- ctx->cont = 1;
- ctx->sigio = 1;
- ctx->md = EVP_MD_CTX_new();
-+ if (ctx->md == NULL) {
-+ OPENSSL_free(ctx);
-+ return 0;
-+ }
- BIO_set_init(bi, 0);
- BIO_set_data(bi, ctx);
-
-@@ -446,7 +402,7 @@ static long ok_callback_ctrl(BIO *b, int
- {
- long ret = 1;
- BIO *next;
--
-+
- next = BIO_next(b);
-
- if (next == NULL)
---- a/crypto/evp/c_allc.c
-+++ b/crypto/evp/c_allc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -92,7 +44,11 @@ void openssl_add_all_ciphers_int(void)
-
- EVP_add_cipher(EVP_des_ecb());
- EVP_add_cipher(EVP_des_ede());
-+ EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
-+ EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
- EVP_add_cipher(EVP_des_ede3());
-+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
-+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
- EVP_add_cipher(EVP_des_ede3_wrap());
- EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
- #endif
---- a/crypto/evp/c_alld.c
-+++ b/crypto/evp/c_alld.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/cmeth_lib.c
-+++ b/crypto/evp/cmeth_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (levitte at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -137,7 +36,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
- #ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(ctx->engine);
- #endif
-- memset(ctx, 0, sizeof(*ctx));
-+ OPENSSL_cleanse(ctx, sizeof(*ctx));
-
- return 1;
- }
-@@ -169,10 +68,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- * previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unnecessary.
- */
-- if (ctx->engine && ctx->digest && (!type ||
-- (type
-- && (type->type ==
-- ctx->digest->type))))
-+ if (ctx->engine && ctx->digest &&
-+ (type == NULL || (type->type == ctx->digest->type)))
- goto skip_to_init;
- if (type) {
- /*
-@@ -218,7 +115,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- #endif
- if (ctx->digest != type) {
- if (ctx->digest && ctx->digest->ctx_size) {
-- OPENSSL_free(ctx->md_data);
-+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
- ctx->md_data = NULL;
- }
- ctx->digest = type;
-@@ -273,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
- ctx->digest->cleanup(ctx);
- EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
- }
-- memset(ctx->md_data, 0, ctx->digest->ctx_size);
-+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
- return ret;
- }
-
---- a/crypto/evp/e_aes.c
-+++ b/crypto/evp/e_aes.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2001-2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -184,7 +143,7 @@ void AES_xts_decrypt(const char *inp, ch
- const unsigned char iv[16]);
- #endif
-
--#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
-+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
- # include "ppc_arch.h"
- # ifdef VPAES_ASM
- # define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
-@@ -196,14 +155,15 @@ void AES_xts_decrypt(const char *inp, ch
- # define HWAES_decrypt aes_p8_decrypt
- # define HWAES_cbc_encrypt aes_p8_cbc_encrypt
- # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
-+# define HWAES_xts_encrypt aes_p8_xts_encrypt
-+# define HWAES_xts_decrypt aes_p8_xts_decrypt
- #endif
-
- #if defined(AES_ASM) && !defined(I386_ONLY) && ( \
- ((defined(__i386) || defined(__i386__) || \
- defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
- defined(__x86_64) || defined(__x86_64__) || \
-- defined(_M_AMD64) || defined(_M_X64) || \
-- defined(__INTEL__) )
-+ defined(_M_AMD64) || defined(_M_X64) )
-
- extern unsigned int OPENSSL_ia32cap_P[];
-
-@@ -587,6 +547,17 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
-
- extern unsigned int OPENSSL_sparcv9cap_P[];
-
-+/*
-+ * Initial Fujitsu SPARC64 X support
-+ */
-+# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
-+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
-+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
-+# define HWAES_encrypt aes_fx_encrypt
-+# define HWAES_decrypt aes_fx_decrypt
-+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
-+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
-+
- # define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
-
- void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
-@@ -1041,6 +1012,12 @@ void HWAES_cbc_encrypt(const unsigned ch
- void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
- size_t len, const AES_KEY *key,
- const unsigned char ivec[16]);
-+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
-+ size_t len, const AES_KEY *key1,
-+ const AES_KEY *key2, const unsigned char iv[16]);
-+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
-+ size_t len, const AES_KEY *key1,
-+ const AES_KEY *key2, const unsigned char iv[16]);
- #endif
-
- #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
-@@ -1060,7 +1037,7 @@ static int aes_init_key(EVP_CIPHER_CTX *
-
- mode = EVP_CIPHER_CTX_mode(ctx);
- if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
-- && !enc)
-+ && !enc) {
- #ifdef HWAES_CAPABLE
- if (HWAES_CAPABLE) {
- ret = HWAES_set_decrypt_key(key,
-@@ -1099,6 +1076,7 @@ static int aes_init_key(EVP_CIPHER_CTX *
- dat->block = (block128_f) AES_decrypt;
- dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
- (cbc128_f) AES_cbc_encrypt : NULL;
-+ }
- } else
- #ifdef HWAES_CAPABLE
- if (HWAES_CAPABLE) {
-@@ -1836,11 +1814,17 @@ static int aes_xts_init_key(EVP_CIPHER_C
- EVP_CIPHER_CTX_key_length(ctx) * 4,
- &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) HWAES_encrypt;
-+# ifdef HWAES_xts_encrypt
-+ xctx->stream = HWAES_xts_encrypt;
-+# endif
- } else {
- HWAES_set_decrypt_key(key,
- EVP_CIPHER_CTX_key_length(ctx) * 4,
- &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) HWAES_decrypt;
-+# ifdef HWAES_xts_decrypt
-+ xctx->stream = HWAES_xts_decrypt;
-+#endif
- }
-
- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-@@ -2442,7 +2426,7 @@ void HWAES_ocb_encrypt(const unsigned ch
- const unsigned char L_[][16],
- unsigned char checksum[16]);
- # else
--# define HWAES_ocb_encrypt NULL
-+# define HWAES_ocb_encrypt ((ocb128_f)NULL)
- # endif
- # ifdef HWAES_ocb_decrypt
- void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
-@@ -2452,7 +2436,7 @@ void HWAES_ocb_decrypt(const unsigned ch
- const unsigned char L_[][16],
- unsigned char checksum[16]);
- # else
--# define HWAES_ocb_decrypt NULL
-+# define HWAES_ocb_decrypt ((ocb128_f)NULL)
- # endif
- # endif
-
---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -59,6 +19,7 @@
- #include <openssl/rand.h>
- #include "modes_lcl.h"
- #include "internal/evp_int.h"
-+#include "internal/constant_time_locl.h"
-
- #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
- # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
-@@ -90,8 +51,7 @@ typedef struct {
-
- #if defined(AES_ASM) && ( \
- defined(__x86_64) || defined(__x86_64__) || \
-- defined(_M_AMD64) || defined(_M_X64) || \
-- defined(__INTEL__) )
-+ defined(_M_AMD64) || defined(_M_X64) )
-
- extern unsigned int OPENSSL_ia32cap_P[];
- # define AESNI_CAPABLE (1<<(57-32))
-@@ -584,6 +544,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
- maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
- maxpad &= 255;
-
-+ ret &= constant_time_ge(maxpad, pad);
-+
- inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
- mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
- inp_len &= mask;
-@@ -856,7 +818,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_
-
- if (arg != EVP_AEAD_TLS1_AAD_LEN)
- return -1;
--
-+
- len = p[arg - 2] << 8 | p[arg - 1];
-
- if (EVP_CIPHER_CTX_encrypting(ctx)) {
---- a/crypto/evp/e_aes_cbc_hmac_sha256.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -59,6 +19,7 @@
- #include <openssl/sha.h>
- #include <openssl/rand.h>
- #include "modes_lcl.h"
-+#include "internal/constant_time_locl.h"
- #include "internal/evp_int.h"
-
- #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-@@ -91,8 +52,7 @@ typedef struct {
-
- #if defined(AES_ASM) && ( \
- defined(__x86_64) || defined(__x86_64__) || \
-- defined(_M_AMD64) || defined(_M_X64) || \
-- defined(__INTEL__) )
-+ defined(_M_AMD64) || defined(_M_X64) )
-
- extern unsigned int OPENSSL_ia32cap_P[];
- # define AESNI_CAPABLE (1<<(57-32))
-@@ -121,10 +81,9 @@ static int aesni_cbc_hmac_sha256_init_ke
- int ret;
-
- if (enc)
-- memset(&key->ks, 0, sizeof(key->ks.rd_key)),
-- ret = aesni_set_encrypt_key(inkey,
-- EVP_CIPHER_CTX_key_length(ctx) * 8,
-- &key->ks);
-+ ret = aesni_set_encrypt_key(inkey,
-+ EVP_CIPHER_CTX_key_length(ctx) * 8,
-+ &key->ks);
- else
- ret = aesni_set_decrypt_key(inkey,
- EVP_CIPHER_CTX_key_length(ctx) * 8,
-@@ -595,6 +554,8 @@ static int aesni_cbc_hmac_sha256_cipher(
- maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
- maxpad &= 255;
-
-+ ret &= constant_time_ge(maxpad, pad);
-+
- inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
- mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
- inp_len &= mask;
---- a/crypto/evp/e_bf.c
-+++ b/crypto/evp/e_bf.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/e_camellia.c
-+++ b/crypto/evp/e_camellia.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
---- a/crypto/evp/e_cast.c
-+++ b/crypto/evp/e_cast.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/e_chacha20_poly1305.c
-+++ b/crypto/evp/e_chacha20_poly1305.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -205,7 +164,6 @@ static int chacha20_poly1305_init_key(EV
- const unsigned char *iv, int enc)
- {
- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
-- unsigned char temp[CHACHA_CTR_SIZE];
-
- if (!inkey && !iv)
- return 1;
-@@ -216,16 +174,21 @@ static int chacha20_poly1305_init_key(EV
- actx->mac_inited = 0;
- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
-
-- /* pad on the left */
-- memset(temp, 0, sizeof(temp));
-- if (actx->nonce_len <= CHACHA_CTR_SIZE)
-- memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
--
-- chacha_init_key(ctx, inkey, temp, enc);
--
-- actx->nonce[0] = actx->key.counter[1];
-- actx->nonce[1] = actx->key.counter[2];
-- actx->nonce[2] = actx->key.counter[3];
-+ if (iv != NULL) {
-+ unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
-+
-+ /* pad on the left */
-+ if (actx->nonce_len <= CHACHA_CTR_SIZE)
-+ memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
-+
-+ chacha_init_key(ctx, inkey, temp, enc);
-+
-+ actx->nonce[0] = actx->key.counter[1];
-+ actx->nonce[1] = actx->key.counter[2];
-+ actx->nonce[2] = actx->key.counter[3];
-+ } else {
-+ chacha_init_key(ctx, inkey, NULL, enc);
-+ }
-
- return 1;
- }
-@@ -382,9 +345,11 @@ static int chacha20_poly1305_ctrl(EVP_CI
-
- case EVP_CTRL_COPY:
- if (actx) {
-- if ((((EVP_CIPHER_CTX *)ptr)->cipher_data =
-- OPENSSL_memdup(actx,sizeof(*actx) + Poly1305_ctx_size()))
-- == NULL) {
-+ EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
-+
-+ dst->cipher_data =
-+ OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
-+ if (dst->cipher_data == NULL) {
- EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
- return 0;
- }
---- a/crypto/evp/e_des.c
-+++ b/crypto/evp/e_des.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -212,6 +164,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
- size_t n;
- unsigned char c[1], d[1];
-
-+ if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
-+ inl *= 8;
- for (n = 0; n < inl; ++n) {
- c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
- DES_ede3_cfb_encrypt(c, d, 1, 1,
---- a/crypto/evp/e_idea.c
-+++ b/crypto/evp/e_idea.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -82,13 +34,13 @@ static int idea_ecb_cipher(EVP_CIPHER_CT
- const unsigned char *in, size_t inl)
- {
- BLOCK_CIPHER_ecb_loop()
-- idea_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
-+ IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
- return 1;
- }
-
--BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
--BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
--BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
-+BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
-+BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
-+BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
-
- BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
- 0, idea_init_key, NULL,
---- a/crypto/evp/e_null.c
-+++ b/crypto/evp/e_null.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/e_old.c
-+++ b/crypto/evp/e_old.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
---- a/crypto/evp/e_rc2.c
-+++ b/crypto/evp/e_rc2.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -178,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_
- OPENSSL_assert(l <= sizeof(iv));
- i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
- if (i != (int)l)
-- return (-1);
-+ return -1;
- key_bits = rc2_magic_to_meth((int)num);
- if (!key_bits)
-- return (-1);
-+ return -1;
- if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
- return -1;
- EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-- EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
-+ if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
-+ return -1;
- }
-- return (i);
-+ return i;
- }
-
- static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
---- a/crypto/evp/e_rc4.c
-+++ b/crypto/evp/e_rc4.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/e_rc4_hmac_md5.c
-+++ b/crypto/evp/e_rc4_hmac_md5.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -102,8 +62,7 @@ static int rc4_hmac_md5_init_key(EVP_CIP
-
- # if !defined(OPENSSL_NO_ASM) && ( \
- defined(__x86_64) || defined(__x86_64__) || \
-- defined(_M_AMD64) || defined(_M_X64) || \
-- defined(__INTEL__) )
-+ defined(_M_AMD64) || defined(_M_X64) )
- # define STITCHED_CALL
- # endif
-
-@@ -254,6 +213,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_
- MD5_Init(&key->tail);
- MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
-
-+ OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
-+
- return 1;
- }
- case EVP_CTRL_AEAD_TLS1_AAD:
---- a/crypto/evp/e_rc5.c
-+++ b/crypto/evp/e_rc5.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/e_seed.c
-+++ b/crypto/evp/e_seed.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
-@@ -71,7 +26,8 @@ typedef struct {
- } EVP_SEED_KEY;
-
- IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
-- 16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0)
-+ 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
-+ seed_init_key, 0, 0, 0, 0)
-
- static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
---- a/crypto/evp/e_xcbc_d.c
-+++ b/crypto/evp/e_xcbc_d.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/encode.c
-+++ b/crypto/evp/encode.c
-@@ -1,61 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-+#include <limits.h>
- #include "internal/cryptlib.h"
- #include <openssl/evp.h>
- #include "evp_locl.h"
-@@ -102,7 +55,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
- #define B64_WS 0xE0
- #define B64_ERROR 0xFF
- #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
--#define B64_BASE64(a) !B64_NOT_BASE64(a)
-+#define B64_BASE64(a) (!B64_NOT_BASE64(a))
-
- static const unsigned char data_ascii2bin[128] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-@@ -149,6 +102,14 @@ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX
- {
- OPENSSL_free(ctx);
- }
-+
-+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
-+{
-+ memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
-+
-+ return 1;
-+}
-+
- int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
- {
- return ctx->num;
-@@ -161,20 +122,20 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
- ctx->line_num = 0;
- }
-
--void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- int i, j;
-- unsigned int total = 0;
-+ size_t total = 0;
-
- *outl = 0;
- if (inl <= 0)
-- return;
-+ return 0;
- OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-- if ((ctx->num + inl) < ctx->length) {
-+ if (ctx->length - ctx->num > inl) {
- memcpy(&(ctx->enc_data[ctx->num]), in, inl);
- ctx->num += inl;
-- return;
-+ return 1;
- }
- if (ctx->num != 0) {
- i = ctx->length - ctx->num;
-@@ -188,7 +149,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
- *out = '\0';
- total = j + 1;
- }
-- while (inl >= ctx->length) {
-+ while (inl >= ctx->length && total <= INT_MAX) {
- j = EVP_EncodeBlock(out, in, ctx->length);
- in += ctx->length;
- inl -= ctx->length;
-@@ -197,10 +158,17 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
- *out = '\0';
- total += j + 1;
- }
-+ if (total > INT_MAX) {
-+ /* Too much output data! */
-+ *outl = 0;
-+ return 0;
-+ }
- if (inl != 0)
- memcpy(&(ctx->enc_data[0]), in, inl);
- ctx->num = inl;
- *outl = total;
-+
-+ return 1;
- }
-
- void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
---- a/crypto/evp/evp_cnf.c
-+++ b/crypto/evp/evp_cnf.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2007.
-- */
--/* ====================================================================
-- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/evp_enc.c
-+++ b/crypto/evp/evp_enc.c
-@@ -1,61 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-+#include <assert.h>
- #include "internal/cryptlib.h"
- #include <openssl/evp.h>
- #include <openssl/err.h>
-@@ -120,7 +73,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- * reinitialisation, when it may all be unnecessary.
- */
- if (ctx->engine && ctx->cipher
-- && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
-+ && (cipher == NULL || cipher->nid == ctx->cipher->nid))
- goto skip_to_init;
- #endif
- if (cipher) {
-@@ -300,12 +253,55 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *c
- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
- }
-
-+/*
-+ * According to the letter of standard difference between pointers
-+ * is specified to be valid only within same object. This makes
-+ * it formally challenging to determine if input and output buffers
-+ * are not partially overlapping with standard pointer arithmetic.
-+ */
-+#ifdef PTRDIFF_T
-+# undef PTRDIFF_T
-+#endif
-+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
-+/*
-+ * Then we have VMS that distinguishes itself by adhering to
-+ * sizeof(size_t)==4 even in 64-bit builds, which means that
-+ * difference between two pointers might be truncated to 32 bits.
-+ * In the context one can even wonder how comparison for
-+ * equality is implemented. To be on the safe side we adhere to
-+ * PTRDIFF_T even for comparison for equality.
-+ */
-+# define PTRDIFF_T uint64_t
-+#else
-+# define PTRDIFF_T size_t
-+#endif
-+
-+static int is_partially_overlapping(const void *ptr1, const void *ptr2,
-+ int len)
-+{
-+ PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
-+ /*
-+ * Check for partially overlapping buffers. [Binary logical
-+ * operations are used instead of boolean to minimize number
-+ * of conditional branches.]
-+ */
-+ int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
-+ (diff > (0 - (PTRDIFF_T)len)));
-+ assert(!overlapped);
-+ return overlapped;
-+}
-+
- int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- int i, j, bl;
-
- if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-+ if (is_partially_overlapping(out, in, inl)) {
-+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
-+ return 0;
-+ }
-+
- i = ctx->cipher->do_cipher(ctx, out, in, inl);
- if (i < 0)
- return 0;
-@@ -318,6 +314,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
- *outl = 0;
- return inl == 0;
- }
-+ if (is_partially_overlapping(out, in, inl)) {
-+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
-+ return 0;
-+ }
-
- if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
- if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
-@@ -332,7 +332,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
- bl = ctx->cipher->block_size;
- OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
- if (i != 0) {
-- if (i + inl < bl) {
-+ if (bl - i > inl) {
- memcpy(&(ctx->buf[i]), in, inl);
- ctx->buf_len += inl;
- *outl = 0;
-@@ -340,10 +340,14 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
- } else {
- j = bl - i;
- memcpy(&(ctx->buf[i]), in, j);
-- if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
-- return 0;
- inl -= j;
- in += j;
-+ if (is_partially_overlapping(out, in, bl)) {
-+ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
-+ return 0;
-+ }
-+ if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
-+ return 0;
- out += bl;
- *outl = bl;
- }
-@@ -419,6 +423,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
- unsigned int b;
-
- if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-+ if (is_partially_overlapping(out, in, inl)) {
-+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
-+ return 0;
-+ }
-+
- fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
- if (fix_len < 0) {
- *outl = 0;
-@@ -440,6 +449,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
- OPENSSL_assert(b <= sizeof ctx->final);
-
- if (ctx->final_used) {
-+ /* see comment about PTRDIFF_T comparison above */
-+ if (((PTRDIFF_T)out == (PTRDIFF_T)in)
-+ || is_partially_overlapping(out, in, b)) {
-+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
-+ return 0;
-+ }
- memcpy(out, ctx->final, b);
- out += b;
- fix_len = 1;
---- a/crypto/evp/evp_err.c
-+++ b/crypto/evp/evp_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,30 +20,23 @@
-
- static ERR_STRING_DATA EVP_str_functs[] = {
- {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"},
-- {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"},
- {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
-- {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
-- {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"},
- {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
- {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
- {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
-- {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"},
- {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"},
-- {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
- {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"},
-- {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
-- {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
-- {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
-- {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
- {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
- {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"},
- {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
- {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
- "EVP_CIPHER_CTX_set_key_length"},
- {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
-+ {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
- {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
- {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
-+ {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
- {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
- {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
- {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
-@@ -118,8 +61,8 @@ static ERR_STRING_DATA EVP_str_functs[]
- {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"},
- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"},
- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
-- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_ECDSA), "EVP_PKEY_GET0_ECDSA"},
- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
-+ {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
- {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
- {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
-@@ -133,23 +76,13 @@ static ERR_STRING_DATA EVP_str_functs[]
- {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"},
- {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),
- "EVP_PKEY_verify_recover_init"},
-- {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
- {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
- {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
-- {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_cipherinit"},
-- {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
-- {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
-- {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH),
-- "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
-- {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_digestinit"},
-- {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"},
-- {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"},
- {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"},
- {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
- {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
- {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"},
- {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"},
-- {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
- {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"},
- {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"},
- {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"},
-@@ -157,16 +90,11 @@ static ERR_STRING_DATA EVP_str_functs[]
- };
-
- static ERR_STRING_DATA EVP_str_reasons[] = {
-- {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED), "aes iv setup failed"},
- {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"},
-- {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"},
-- {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"},
- {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"},
-- {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"},
-- {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
-- {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
- {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
-- {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"},
-+ {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
-+ "camellia key setup failed"},
- {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
- {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
- {ERR_REASON(EVP_R_COPY_ERROR), "copy error"},
-@@ -178,25 +106,22 @@ static ERR_STRING_DATA EVP_str_reasons[]
- {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
- {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
- {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
-- {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
-- {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"},
- {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
- {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
-- {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"},
-+ {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
- {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
- {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
- {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
-- {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"},
- {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
- {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
-- {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), "illegal scrypt parameters"},
-+ {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
-+ "illegal scrypt parameters"},
- {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
- {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
- {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
- {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
- {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
- {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
-- {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
- {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
- {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"},
- {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
-@@ -205,21 +130,15 @@ static ERR_STRING_DATA EVP_str_reasons[]
- {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
- {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
- {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
-- {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"},
- {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"},
- {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"},
-- {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),
-- "no sign function configured"},
-- {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),
-- "no verify function configured"},
- {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
- "operation not supported for this keytype"},
- {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
-- {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"},
-+ {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"},
- {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
- {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
- {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
-- {ERR_REASON(EVP_R_TOO_LARGE), "too large"},
- {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
- {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
- {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-@@ -238,13 +157,12 @@ static ERR_STRING_DATA EVP_str_reasons[]
- {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
- {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
- {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
-- {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
- {0, NULL}
- };
-
- #endif
-
--void ERR_load_EVP_strings(void)
-+int ERR_load_EVP_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -253,4 +171,5 @@ void ERR_load_EVP_strings(void)
- ERR_load_strings(0, EVP_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/evp/evp_key.c
-+++ b/crypto/evp/evp_key.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/evp_lib.c
-+++ b/crypto/evp/evp_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/evp_locl.h
-+++ b/crypto/evp/evp_locl.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* EVP_MD_CTX related stuff */
---- a/crypto/evp/evp_pbe.c
-+++ b/crypto/evp/evp_pbe.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -222,7 +173,10 @@ int EVP_PBE_alg_add_type(int pbe_type, i
- pbe_tmp->md_nid = md_nid;
- pbe_tmp->keygen = keygen;
-
-- sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp);
-+ if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
-+ OPENSSL_free(pbe_tmp);
-+ goto err;
-+ }
- return 1;
-
- err:
---- a/crypto/evp/evp_pkey.c
-+++ b/crypto/evp/evp_pkey.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_md2.c
-+++ b/crypto/evp/m_md2.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_md4.c
-+++ b/crypto/evp/m_md4.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_md5.c
-+++ b/crypto/evp/m_md5.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_md5_sha1.c
-+++ b/crypto/evp/m_md5_sha1.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #if !defined(OPENSSL_NO_MD5)
---- a/crypto/evp/m_mdc2.c
-+++ b/crypto/evp/m_mdc2.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_null.c
-+++ b/crypto/evp/m_null.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_ripemd.c
-+++ b/crypto/evp/m_ripemd.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_sha1.c
-+++ b/crypto/evp/m_sha1.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_sigver.c
-+++ b/crypto/evp/m_sigver.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/m_wp.c
-+++ b/crypto/evp/m_wp.c
-@@ -1,3 +1,11 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
---- a/crypto/evp/names.c
-+++ b/crypto/evp/names.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/p5_crpt.c
-+++ b/crypto/evp/p5_crpt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/p5_crpt2.c
-+++ b/crypto/evp/p5_crpt2.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include "internal/cryptlib.h"
-@@ -213,7 +165,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX
-
- /* See if we recognise the key derivation function */
- if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
-- NULL, NULL, &kdf)) {
-+ NULL, NULL, &kdf)) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
- EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
- goto err;
---- a/crypto/evp/p_dec.c
-+++ b/crypto/evp/p_dec.c
-@@ -1,63 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
--#include <openssl/rand.h>
- #include <openssl/rsa.h>
- #include <openssl/evp.h>
- #include <openssl/objects.h>
---- a/crypto/evp/p_enc.c
-+++ b/crypto/evp/p_enc.c
-@@ -1,63 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
--#include <openssl/rand.h>
- #include <openssl/rsa.h>
- #include <openssl/evp.h>
- #include <openssl/objects.h>
---- a/crypto/evp/p_lib.c
-+++ b/crypto/evp/p_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -132,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *t
- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
- goto err;
- }
-+
-+ if (!EVP_PKEY_missing_parameters(to)) {
-+ if (EVP_PKEY_cmp_parameters(to, from) == 1)
-+ return 1;
-+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
-+ return 0;
-+ }
-+
- if (from->ameth && from->ameth->param_copy)
- return from->ameth->param_copy(to, from);
- err:
-@@ -196,10 +156,16 @@ EVP_PKEY *EVP_PKEY_new(void)
- return ret;
- }
-
--void EVP_PKEY_up_ref(EVP_PKEY *pkey)
-+int EVP_PKEY_up_ref(EVP_PKEY *pkey)
- {
- int i;
-- CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock);
-+
-+ if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0)
-+ return 0;
-+
-+ REF_PRINT_COUNT("EVP_PKEY", pkey);
-+ REF_ASSERT_ISNT(i < 2);
-+ return ((i > 1) ? 1 : 0);
- }
-
- /*
-@@ -271,6 +237,18 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey
- return pkey->pkey.ptr;
- }
-
-+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
-+{
-+ ASN1_OCTET_STRING *os = NULL;
-+ if (pkey->type != EVP_PKEY_HMAC) {
-+ EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
-+ return NULL;
-+ }
-+ os = EVP_PKEY_get0(pkey);
-+ *len = os->length;
-+ return os->data;
-+}
-+
- #ifndef OPENSSL_NO_RSA
- int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
- {
---- a/crypto/evp/p_open.c
-+++ b/crypto/evp/p_open.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/evp/p_seal.c
-+++ b/crypto/evp/p_seal.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/p_sign.c
-+++ b/crypto/evp/p_sign.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/p_verify.c
-+++ b/crypto/evp/p_verify.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/pmeth_fn.c
-+++ b/crypto/evp/pmeth_fn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/pmeth_gn.c
-+++ b/crypto/evp/pmeth_gn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/pmeth_lib.c
-+++ b/crypto/evp/pmeth_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/evp/scrypt.c
-+++ b/crypto/evp/scrypt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
---- a/crypto/ex_data.c
-+++ b/crypto/ex_data.c
-@@ -1,115 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib_int.h"
--#include "internal/threads.h"
-+#include "internal/thread_once.h"
- #include <openssl/lhash.h>
-
- /*
-@@ -137,9 +36,10 @@ static EX_CALLBACKS ex_data[CRYPTO_EX_IN
- static CRYPTO_RWLOCK *ex_data_lock = NULL;
- static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
-
--static void do_ex_data_init(void)
-+DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
- {
- ex_data_lock = CRYPTO_THREAD_lock_new();
-+ return ex_data_lock != NULL;
- }
-
- /*
-@@ -155,7 +55,10 @@ static EX_CALLBACKS *get_and_lock(int cl
- return NULL;
- }
-
-- CRYPTO_THREAD_run_once(&ex_data_init, do_ex_data_init);
-+ if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) {
-+ CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-
- if (ex_data_lock == NULL) {
- /*
-@@ -216,7 +119,7 @@ static void dummy_free(void *parent, voi
- {
- }
-
--static int dummy_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-+static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
- void *from_d, int idx,
- long argl, void *argp)
- {
-@@ -347,7 +250,7 @@ int CRYPTO_new_ex_data(int class_index,
- * for each index in the class used by this variable
- */
- int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-- CRYPTO_EX_DATA *from)
-+ const CRYPTO_EX_DATA *from)
- {
- int mx, j, i;
- char *ptr;
---- a/crypto/fips_err.h
-+++ /dev/null
-@@ -1,226 +0,0 @@
--/* ====================================================================
-- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
--/*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-- */
--
--#include <stdio.h>
--#include <openssl/err.h>
--#include <openssl/fips.h>
--
--/* BEGIN ERROR CODES */
--#ifndef OPENSSL_NO_ERR
--
--# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
--# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
--
--static ERR_STRING_DATA FIPS_str_functs[] = {
-- {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-- {ERR_FUNC(FIPS_F_DH_INIT), "DH_INIT"},
-- {ERR_FUNC(FIPS_F_DRBG_RESEED), "DRBG_RESEED"},
-- {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
-- {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
-- {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
-- {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
-- {ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
-- {ERR_FUNC(FIPS_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
-- {ERR_FUNC(FIPS_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
-- {ERR_FUNC(FIPS_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA_PRNG), "fips_check_dsa_prng"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "FIPS_CHECK_EC"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_EC_PRNG), "fips_check_ec_prng"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),
-- "FIPS_check_incore_fingerprint"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
-- {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"},
-- {ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_cipher"},
-- {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_cipherinit"},
-- {ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
-- {ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_digestfinal"},
-- {ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_digestinit"},
-- {ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_digestupdate"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "FIPS_DRBG_BYTES"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "FIPS_DRBG_CHECK"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "FIPS_DRBG_CPRNG_TEST"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "FIPS_DRBG_ERROR_CHECK"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"},
-- {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"},
-- {ERR_FUNC(FIPS_F_FIPS_DSA_SIGN_DIGEST), "FIPS_dsa_sign_digest"},
-- {ERR_FUNC(FIPS_F_FIPS_DSA_VERIFY_DIGEST), "FIPS_dsa_verify_digest"},
-- {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "FIPS_GET_ENTROPY"},
-- {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"},
-- {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
-- {ERR_FUNC(FIPS_F_FIPS_RAND_ADD), "FIPS_rand_add"},
-- {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"},
-- {ERR_FUNC(FIPS_F_FIPS_RAND_PSEUDO_BYTES), "FIPS_rand_pseudo_bytes"},
-- {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"},
-- {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"},
-- {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"},
-- {ERR_FUNC(FIPS_F_FIPS_RSA_SIGN_DIGEST), "FIPS_rsa_sign_digest"},
-- {ERR_FUNC(FIPS_F_FIPS_RSA_VERIFY_DIGEST), "FIPS_rsa_verify_digest"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
-- {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931), "FIPS_selftest_x931"},
-- {ERR_FUNC(FIPS_F_FIPS_SET_PRNG_KEY), "FIPS_SET_PRNG_KEY"},
-- {ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"},
-- {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-- {ERR_FUNC(FIPS_F_RSA_EAY_INIT), "RSA_EAY_INIT"},
-- {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-- {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-- {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-- {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-- {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"},
-- {0, NULL}
--};
--
--static ERR_STRING_DATA FIPS_str_reasons[] = {
-- {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
-- "additional input error undetected"},
-- {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
-- "additional input too long"},
-- {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"},
-- {ERR_REASON(FIPS_R_AUTHENTICATION_FAILURE), "authentication failure"},
-- {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE), "contradicting evidence"},
-- {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"},
-- {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"},
-- {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"},
-- {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
-- "entropy not requested for reseed"},
-- {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"},
-- {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
-- {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
-- {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
-- "error retrieving additional input"},
-- {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"},
-- {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"},
-- {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
-- "fingerprint does not match"},
-- {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),
-- "fingerprint does not match nonpic relocated"},
-- {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),
-- "fingerprint does not match segment aliasing"},
-- {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"},
-- {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"},
-- {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"},
-- {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"},
-- {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),
-- "generate error undetected"},
-- {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
-- {ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),
-- "insufficient security strength"},
-- {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"},
-- {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"},
-- {ERR_REASON(FIPS_R_INVALID_PARAMETERS), "invalid parameters"},
-- {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"},
-- {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"},
-- {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"},
-- {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"},
-- {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"},
-- {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"},
-- {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"},
-- {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"},
-- {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
-- "personalisation error undetected"},
-- {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),
-- "personalisation string too long"},
-- {ERR_REASON(FIPS_R_PRNG_STRENGTH_TOO_LOW), "prng strength too low"},
-- {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
-- {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
-- {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
-- "request length error undetected"},
-- {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
-- "request too large for drbg"},
-- {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"},
-- {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"},
-- {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"},
-- {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"},
-- {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),
-- "strength error undetected"},
-- {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"},
-- {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"},
-- {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
-- "uninstantiate zeroise error"},
-- {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"},
-- {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"},
-- {0, NULL}
--};
--
--#endif
--
--void ERR_load_FIPS_strings(void)
--{
--#ifndef OPENSSL_NO_ERR
--
-- if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
-- ERR_load_strings(0, FIPS_str_functs);
-- ERR_load_strings(0, FIPS_str_reasons);
-- }
--#endif
--}
---- a/crypto/fips_ers.c
-+++ /dev/null
-@@ -1,7 +0,0 @@
--#include <openssl/opensslconf.h>
--
--#ifndef OPENSSL_FIPS
--NON_EMPTY_TRANSLATION_UNIT
--#else
--# include "fips_err.h"
--#endif
---- a/crypto/hmac/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/md/Makefile
--#
--
--DIR= hmac
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=hmac.c hm_ameth.c hm_pmeth.c
--LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/hmac/hm_ameth.c
-+++ b/crypto/hmac/hm_ameth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2007.
-- */
--/* ====================================================================
-- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -95,6 +46,11 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey
- }
- }
-
-+static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-+{
-+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
-+}
-+
- #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
- /*
- * A bogus private key format for test purposes. This is simply the HMAC key
-@@ -150,7 +106,7 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_met
- "HMAC",
- "OpenSSL HMAC method",
-
-- 0, 0, 0, 0,
-+ 0, 0, hmac_pkey_public_cmp, 0,
-
- 0, 0, 0,
-
---- a/crypto/hmac/hm_pmeth.c
-+++ b/crypto/hmac/hm_pmeth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2007.
-- */
--/* ====================================================================
-- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -81,6 +32,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *
- return 0;
- hctx->ktmp.type = V_ASN1_OCTET_STRING;
- hctx->ctx = HMAC_CTX_new();
-+ if (hctx->ctx == NULL) {
-+ OPENSSL_free(hctx);
-+ return 0;
-+ }
-
- ctx->data = hctx;
- ctx->keygen_info_count = 0;
-@@ -88,33 +43,41 @@ static int pkey_hmac_init(EVP_PKEY_CTX *
- return 1;
- }
-
-+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
-+
- static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- HMAC_PKEY_CTX *sctx, *dctx;
-+
-+ /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
- if (!pkey_hmac_init(dst))
- return 0;
-- sctx = src->data;
-- dctx = dst->data;
-+ sctx = EVP_PKEY_CTX_get_data(src);
-+ dctx = EVP_PKEY_CTX_get_data(dst);
- dctx->md = sctx->md;
- if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
-- return 0;
-+ goto err;
- if (sctx->ktmp.data) {
- if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
- sctx->ktmp.data, sctx->ktmp.length))
-- return 0;
-+ goto err;
- }
- return 1;
-+err:
-+ /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
-+ pkey_hmac_cleanup (dst);
-+ return 0;
- }
-
- static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
- {
-- HMAC_PKEY_CTX *hctx = ctx->data;
-+ HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
-
- if (hctx != NULL) {
- HMAC_CTX_free(hctx->ctx);
- OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
- OPENSSL_free(hctx);
-- ctx->data = NULL;
-+ EVP_PKEY_CTX_set_data(ctx, NULL);
- }
- }
-
---- a/crypto/hmac/hmac.c
-+++ b/crypto/hmac/hmac.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -164,7 +116,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
- return 0;
- }
-
--size_t HMAC_size(HMAC_CTX *ctx)
-+size_t HMAC_size(const HMAC_CTX *ctx)
- {
- return EVP_MD_size((ctx)->md);
- }
-@@ -189,7 +141,7 @@ static void hmac_ctx_cleanup(HMAC_CTX *c
- EVP_MD_CTX_reset(ctx->md_ctx);
- ctx->md = NULL;
- ctx->key_length = 0;
-- memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK));
-+ OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
- }
-
- void HMAC_CTX_free(HMAC_CTX *ctx)
-@@ -281,3 +233,8 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, u
- EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
- EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
- }
-+
-+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
-+{
-+ return ctx->md;
-+}
---- a/crypto/hmac/hmac_lcl.h
-+++ b/crypto/hmac/hmac_lcl.h
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef HEADER_HMAC_LCL_H
- # define HEADER_HMAC_LCL_H
-
---- a/crypto/ia64cpuid.S
-+++ b/crypto/ia64cpuid.S
-@@ -1,7 +1,19 @@
-+// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+//
-+// Licensed under the OpenSSL license (the "License"). You may not use
-+// this file except in compliance with the License. You can obtain a copy
-+// in the file LICENSE in the source distribution or at
-+// https://www.openssl.org/source/license.html
- // Works on all IA-64 platforms: Linux, HP-UX, Win64i...
- // On Win64i compile with ias.exe.
- .text
-
-+#if defined(_HPUX_SOURCE) && !defined(_LP64)
-+#define ADDP addp4
-+#else
-+#define ADDP add
-+#endif
-+
- .global OPENSSL_cpuid_setup#
- .proc OPENSSL_cpuid_setup#
- OPENSSL_cpuid_setup:
-@@ -131,9 +143,7 @@
- .proc OPENSSL_cleanse#
- OPENSSL_cleanse:
- { .mib; cmp.eq p6,p0=0,r33 // len==0
--#if defined(_HPUX_SOURCE) && !defined(_LP64)
-- addp4 r32=0,r32
--#endif
-+ ADDP r32=0,r32
- (p6) br.ret.spnt b0 };;
- { .mib; and r2=7,r32
- cmp.leu p6,p0=15,r33 // len>=15
-@@ -166,14 +176,51 @@
- (p6) br.ret.sptk.many b0 };;
- .endp OPENSSL_cleanse#
-
-+.global CRYPTO_memcmp#
-+.proc CRYPTO_memcmp#
-+.align 32
-+.skip 16
-+CRYPTO_memcmp:
-+ .prologue
-+{ .mib; mov r8=0
-+ cmp.eq p6,p0=0,r34 // len==0?
-+(p6) br.ret.spnt b0 };;
-+ .save ar.pfs,r2
-+{ .mib; alloc r2=ar.pfs,3,5,0,8
-+ .save ar.lc,r3
-+ mov r3=ar.lc
-+ brp.loop.imp .Loop_cmp_ctop,.Loop_cmp_cend-16
-+ }
-+{ .mib; sub r10=r34,r0,1
-+ .save pr,r9
-+ mov r9=pr };;
-+{ .mii; ADDP r16=0,r32
-+ mov ar.lc=r10
-+ mov ar.ec=4 }
-+{ .mib; ADDP r17=0,r33
-+ mov pr.rot=1<<16 };;
-+
-+.Loop_cmp_ctop:
-+{ .mib; (p16) ld1 r32=[r16],1
-+ (p18) xor r34=r34,r38 }
-+{ .mib; (p16) ld1 r36=[r17],1
-+ (p19) or r8=r8,r35
-+ br.ctop.sptk .Loop_cmp_ctop };;
-+.Loop_cmp_cend:
-+
-+{ .mib; cmp.ne p6,p0=0,r8
-+ mov ar.lc=r3 };;
-+{ .mib;
-+(p6) mov r8=1
-+ mov pr=r9,0x1ffff
-+ br.ret.sptk.many b0 };;
-+.endp CRYPTO_memcmp#
-+
- .global OPENSSL_instrument_bus#
- .proc OPENSSL_instrument_bus#
- OPENSSL_instrument_bus:
- { .mmi; mov r2=r33
--#if defined(_HPUX_SOURCE) && !defined(_LP64)
-- addp4 r32=0,r32
--#endif
-- }
-+ ADDP r32=0,r32 }
- { .mmi; mov r8=ar.itc;;
- mov r10=r0
- mov r9=r8 };;
-@@ -208,10 +255,7 @@
- .proc OPENSSL_instrument_bus2#
- OPENSSL_instrument_bus2:
- { .mmi; mov r2=r33 // put aside cnt
--#if defined(_HPUX_SOURCE) && !defined(_LP64)
-- addp4 r32=0,r32
--#endif
-- }
-+ ADDP r32=0,r32 }
- { .mmi; mov r8=ar.itc;;
- mov r10=r0
- mov r9=r8 };;
---- a/crypto/idea/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/idea/Makefile
--#
--
--DIR= idea
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
--LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
--
--SRC= $(LIBSRC)
--
--HEADER= idea_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/idea/i_cbc.c
-+++ b/crypto/idea/i_cbc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/idea.h>
---- a/crypto/idea/i_cfb64.c
-+++ b/crypto/idea/i_cfb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/idea.h>
---- a/crypto/idea/i_ecb.c
-+++ b/crypto/idea/i_ecb.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/idea.h>
---- a/crypto/idea/i_ofb64.c
-+++ b/crypto/idea/i_ofb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/idea.h>
---- a/crypto/idea/i_skey.c
-+++ b/crypto/idea/i_skey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/idea.h>
---- a/crypto/idea/idea_lcl.h
-+++ b/crypto/idea/idea_lcl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/idea/version
-+++ /dev/null
-@@ -1,12 +0,0 @@
--1.1 07/12/95 - eay
-- Many thanks to Rhys Weatherley <rweather at us.oracle.com>
-- for pointing out that I was assuming little endian byte
-- order for all quantities what idea actually used
-- bigendian. No where in the spec does it mention
-- this, it is all in terms of 16 bit numbers and even the example
-- does not use byte streams for the input example :-(.
-- If you byte swap each pair of input, keys and iv, the functions
-- would produce the output as the old version :-(.
--
--1.0 ??/??/95 - eay
-- First version.
---- a/crypto/include/internal/asn1_int.h
-+++ b/crypto/include/internal/asn1_int.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Internal ASN1 structures and functions: not for application use */
-@@ -108,10 +59,10 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METH
- extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
- extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
- extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
--extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
-+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
- extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
- extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
--extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
-+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
-
- /*
- * These are used internally in the ASN1_OBJECT to keep track of whether the
-@@ -138,3 +89,5 @@ struct asn1_pctx_st {
- unsigned long oid_flags;
- unsigned long str_flags;
- } /* ASN1_PCTX */ ;
-+
-+int asn1_valid_host(const ASN1_STRING *host);
---- a/crypto/include/internal/async.h
-+++ b/crypto/include/internal/async.h
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/async.h>
---- a/crypto/include/internal/bn_conf.h.in
-+++ b/crypto/include/internal/bn_conf.h.in
-@@ -1,56 +1,11 @@
- {- join("\n",map { "/* $_ */" } @autowarntext) -}
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BN_CONF_H
---- a/crypto/include/internal/bn_dh.h
-+++ b/crypto/include/internal/bn_dh.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #define declare_dh_bn(x) \
- const extern BIGNUM _bignum_dh##x##_p; \
- const extern BIGNUM _bignum_dh##x##_g; \
---- a/crypto/include/internal/bn_int.h
-+++ b/crypto/include/internal/bn_int.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BN_INT_H
---- a/crypto/include/internal/bn_srp.h
-+++ b/crypto/include/internal/bn_srp.h
-@@ -1,3 +1,11 @@
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #ifndef OPENSSL_NO_SRP
-
---- a/crypto/include/internal/chacha.h
-+++ b/crypto/include/internal/chacha.h
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CHACHA_H
---- a/crypto/include/internal/cryptlib.h
-+++ b/crypto/include/internal/cryptlib.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CRYPTLIB_H
-@@ -64,6 +16,7 @@
- # include "e_os.h"
-
- # ifdef OPENSSL_USE_APPLINK
-+# undef BIO_FLAGS_UPLINK
- # define BIO_FLAGS_UPLINK 0x8000
- # include "ms/uplink.h"
- # endif
-@@ -72,7 +25,6 @@
- # include <openssl/buffer.h>
- # include <openssl/bio.h>
- # include <openssl/err.h>
--# include <openssl/opensslconf.h>
-
- #ifdef __cplusplus
- extern "C" {
-@@ -94,11 +46,11 @@ DEFINE_LHASH_OF(MEM);
- # define X509_PRIVATE_DIR OPENSSLDIR "/private"
- # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf"
- # else
--# define X509_CERT_AREA "SSLROOT:[000000]"
--# define X509_CERT_DIR "SSLCERTS:"
--# define X509_CERT_FILE "SSLCERTS:cert.pem"
--# define X509_PRIVATE_DIR "SSLPRIVATE:"
--# define CTLOG_FILE "SSLROOT:ct_log_list.cnf"
-+# define X509_CERT_AREA "OSSL$DATAROOT:[000000]"
-+# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]"
-+# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem"
-+# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]"
-+# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf"
- # endif
-
- # define X509_CERT_DIR_EVP "SSL_CERT_DIR"
-@@ -115,6 +67,13 @@ void OPENSSL_showfatal(const char *fmta,
- extern int OPENSSL_NONPIC_relocated;
- void crypto_cleanup_all_ex_data_int(void);
-
-+int openssl_strerror_r(int errnum, char *buf, size_t buflen);
-+# if !defined(OPENSSL_NO_STDIO)
-+FILE *openssl_fopen(const char *filename, const char *mode);
-+# else
-+void *openssl_fopen(const char *filename, const char *mode);
-+# endif
-+
- #ifdef __cplusplus
- }
- #endif
---- a/crypto/include/internal/cryptlib_int.h
-+++ b/crypto/include/internal/cryptlib_int.h
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <internal/cryptlib.h>
-@@ -68,7 +20,7 @@ int ossl_init_thread_start(uint64_t opts
-
- /*
- * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
-- * are those ommitted from crypto.h because they are "reserverd for internal
-+ * are those ommitted from crypto.h because they are "reserved for internal
- * use".
- */
- # define OPENSSL_INIT_ZLIB 0x00010000L
---- a/crypto/include/internal/dso_conf.h.in
-+++ b/crypto/include/internal/dso_conf.h.in
-@@ -1,56 +1,11 @@
- {- join("\n",map { "/* $_ */" } @autowarntext) -}
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_DSO_CONF_H
---- a/crypto/include/internal/engine.h
-+++ b/crypto/include/internal/engine.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/engine.h>
---- a/crypto/include/internal/err_int.h
-+++ b/crypto/include/internal/err_int.h
-@@ -1,17 +1,17 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #ifndef INTERNAL_ERR_INT_H
- # define INTERNAL_ERR_INT_H
-
--void err_load_crypto_strings_int(void);
-+int err_load_crypto_strings_int(void);
- void err_cleanup(void);
-+void err_delete_thread_state(void);
-
- #endif
---- a/crypto/include/internal/evp_int.h
-+++ b/crypto/include/internal/evp_int.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- struct evp_pkey_ctx_st {
-@@ -187,9 +138,9 @@ struct evp_cipher_st {
- #define BLOCK_CIPHER_ecb_loop() \
- size_t i, bl; \
- bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \
-- if(inl < bl) return 1;\
-+ if (inl < bl) return 1;\
- inl -= bl; \
-- for(i=0; i <= inl; i+=bl)
-+ for (i=0; i <= inl; i+=bl)
-
- #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
- static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-@@ -238,20 +189,25 @@ static int cname##_cbc_cipher(EVP_CIPHER
- #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
- static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
- {\
-- size_t chunk=EVP_MAXCHUNK;\
-- if (cbits==1) chunk>>=3;\
-- if (inl<chunk) chunk=inl;\
-- while(inl && inl>=chunk)\
-- {\
-- int num = EVP_CIPHER_CTX_num(ctx);\
-- cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx)); \
-- EVP_CIPHER_CTX_set_num(ctx, num);\
-- inl-=chunk;\
-- in +=chunk;\
-- out+=chunk;\
-- if(inl<chunk) chunk=inl;\
-- }\
-- return 1;\
-+ size_t chunk = EVP_MAXCHUNK;\
-+ if (cbits == 1) chunk >>= 3;\
-+ if (inl < chunk) chunk = inl;\
-+ while (inl && inl >= chunk)\
-+ {\
-+ int num = EVP_CIPHER_CTX_num(ctx);\
-+ cprefix##_cfb##cbits##_encrypt(in, out, (long) \
-+ ((cbits == 1) \
-+ && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
-+ ? inl*8 : inl), \
-+ &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
-+ &num, EVP_CIPHER_CTX_encrypting(ctx));\
-+ EVP_CIPHER_CTX_set_num(ctx, num);\
-+ inl -= chunk;\
-+ in += chunk;\
-+ out += chunk;\
-+ if (inl < chunk) chunk = inl;\
-+ }\
-+ return 1;\
- }
-
- #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
---- a/crypto/include/internal/md32_common.h
-+++ b/crypto/include/internal/md32_common.h
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*-
-@@ -106,6 +65,8 @@
- * <appro at fy.chalmers.se>
- */
-
-+#include <openssl/crypto.h>
-+
- #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
- # error "DATA_ORDER must be defined!"
- #endif
-@@ -317,6 +278,12 @@ int HASH_UPDATE(HASH_CTX *c, const void
- data += n;
- len -= n;
- c->num = 0;
-+ /*
-+ * We use memset rather than OPENSSL_cleanse() here deliberately.
-+ * Using OPENSSL_cleanse() here could be a performance issue. It
-+ * will get properly cleansed on finalisation so this isn't a
-+ * security problem.
-+ */
- memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
- } else {
- memcpy(p + n, data, len);
-@@ -372,7 +339,7 @@ int HASH_FINAL(unsigned char *md, HASH_C
- p -= HASH_CBLOCK;
- HASH_BLOCK_DATA_ORDER(c, p, 1);
- c->num = 0;
-- memset(p, 0, HASH_CBLOCK);
-+ OPENSSL_cleanse(p, HASH_CBLOCK);
-
- #ifndef HASH_MAKE_STRING
- # error "HASH_MAKE_STRING must be defined!"
-@@ -387,7 +354,7 @@ int HASH_FINAL(unsigned char *md, HASH_C
- # if defined(__alpha) || defined(__sparcv9) || defined(__mips)
- # define MD32_REG_T long
- /*
-- * This comment was originaly written for MD5, which is why it
-+ * This comment was originally written for MD5, which is why it
- * discusses A-D. But it basically applies to all 32-bit digests,
- * which is why it was moved to common header file.
- *
---- a/crypto/include/internal/objects.h
-+++ b/crypto/include/internal/objects.h
-@@ -1,9 +1,10 @@
- /*
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <openssl/objects.h>
---- a/crypto/include/internal/poly1305.h
-+++ b/crypto/include/internal/poly1305.h
-@@ -1,52 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stddef.h>
-
- #define POLY1305_BLOCK_SIZE 16
---- a/crypto/include/internal/rand.h
-+++ b/crypto/include/internal/rand.h
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Licensed under the OpenSSL licenses, (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
---- a/crypto/include/internal/x509_int.h
-+++ b/crypto/include/internal/x509_int.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Internal X509 structures and functions: not for application use */
-@@ -109,19 +60,19 @@ struct X509_req_st {
-
- struct X509_crl_info_st {
- ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */
-- X509_ALGOR sig_alg; /* signagture algorithm */
-+ X509_ALGOR sig_alg; /* signature algorithm */
- X509_NAME *issuer; /* CRL issuer name */
- ASN1_TIME *lastUpdate; /* lastUpdate field */
- ASN1_TIME *nextUpdate; /* nextUpdate field: optional */
-- STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */
-+ STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */
- STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */
-- ASN1_ENCODING enc; /* encoding of signed portion of CRL */
-+ ASN1_ENCODING enc; /* encoding of signed portion of CRL */
- };
-
- struct X509_crl_st {
- X509_CRL_INFO crl; /* signed CRL data */
- X509_ALGOR sig_alg; /* CRL signature algorithm */
-- ASN1_BIT_STRING signature; /* CRL signature */
-+ ASN1_BIT_STRING signature; /* CRL signature */
- int references;
- int flags;
- /*
-@@ -224,8 +175,6 @@ struct x509_st {
- */
- struct x509_store_ctx_st { /* X509_STORE_CTX */
- X509_STORE *ctx;
-- /* used when looking up certs */
-- int current_method;
- /* The following are set by the caller */
- /* The cert to check */
- X509 *cert;
-@@ -253,6 +202,7 @@ struct x509_store_ctx_st { /* X509_
- int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
- /* Check certificate against CRL */
- int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
-+ /* Check policy status of the chain */
- int (*check_policy) (X509_STORE_CTX *ctx);
- STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
- STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
-@@ -312,3 +262,5 @@ struct x509_object_st {
- EVP_PKEY *pkey;
- } data;
- };
-+
-+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
---- a/crypto/init.c
-+++ b/crypto/init.c
-@@ -1,61 +1,12 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--#include <internal/threads.h>
- #include <internal/cryptlib_int.h>
- #include <openssl/err.h>
- #include <internal/rand.h>
-@@ -71,6 +22,7 @@
- #include <internal/objects.h>
- #include <stdlib.h>
- #include <assert.h>
-+#include <internal/thread_once.h>
-
- static int stopped = 0;
-
-@@ -110,7 +62,7 @@ static CRYPTO_RWLOCK *init_lock = NULL;
-
- static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
- static int base_inited = 0;
--static void ossl_init_base(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_base)
- {
- #ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
-@@ -123,21 +75,24 @@ static void ossl_init_base(void)
- #ifndef OPENSSL_SYS_UEFI
- atexit(OPENSSL_cleanup);
- #endif
-- init_lock = CRYPTO_THREAD_lock_new();
-+ if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
-+ return 0;
- OPENSSL_cpuid_setup();
- base_inited = 1;
-+ return 1;
- }
-
- static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
- static int load_crypto_strings_inited = 0;
--static void ossl_init_no_load_crypto_strings(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
- {
- /* Do nothing in this case */
-- return;
-+ return 1;
- }
-
--static void ossl_init_load_crypto_strings(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
- {
-+ int ret = 1;
- /*
- * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
- * pulling in all the error strings during static linking
-@@ -147,13 +102,14 @@ static void ossl_init_load_crypto_string
- fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
- "err_load_crypto_strings_int()\n");
- # endif
-- err_load_crypto_strings_int();
-+ ret = err_load_crypto_strings_int();
- #endif
- load_crypto_strings_inited = 1;
-+ return ret;
- }
-
- static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_add_all_ciphers(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
- {
- /*
- * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
-@@ -165,16 +121,12 @@ static void ossl_init_add_all_ciphers(vo
- "openssl_add_all_ciphers_int()\n");
- # endif
- openssl_add_all_ciphers_int();
--# ifndef OPENSSL_NO_ENGINE
--# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-- ENGINE_setup_bsd_cryptodev();
--# endif
--# endif
- #endif
-+ return 1;
- }
-
- static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_add_all_digests(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
- {
- /*
- * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
-@@ -186,34 +138,31 @@ static void ossl_init_add_all_digests(vo
- "openssl_add_all_digests()\n");
- # endif
- openssl_add_all_digests_int();
--# ifndef OPENSSL_NO_ENGINE
--# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-- ENGINE_setup_bsd_cryptodev();
--# endif
--# endif
- #endif
-+ return 1;
- }
-
--static void ossl_init_no_add_algs(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
- {
- /* Do nothing */
-- return;
-+ return 1;
- }
-
- static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
- static int config_inited = 0;
--static const char *config_filename;
--static void ossl_init_config(void)
-+static const char *appname;
-+DEFINE_RUN_ONCE_STATIC(ossl_init_config)
- {
- #ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr,
- "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
-- config_filename==NULL?"NULL":config_filename);
-+ appname == NULL ? "NULL" : appname);
- #endif
-- openssl_config_int(config_filename);
-+ openssl_config_int(appname);
- config_inited = 1;
-+ return 1;
- }
--static void ossl_init_no_config(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
- {
- #ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr,
-@@ -221,103 +170,114 @@ static void ossl_init_no_config(void)
- #endif
- openssl_no_config_int();
- config_inited = 1;
-+ return 1;
- }
-
- static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
- static int async_inited = 0;
--static void ossl_init_async(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_async)
- {
- #ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
- #endif
-- async_init();
-+ if (!async_init())
-+ return 0;
- async_inited = 1;
-+ return 1;
- }
-
- #ifndef OPENSSL_NO_ENGINE
- static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_openssl(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
- "engine_load_openssl_int()\n");
- # endif
- engine_load_openssl_int();
-+ return 1;
- }
- # if !defined(OPENSSL_NO_HW) && \
- (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
- static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_cryptodev(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: "
- "engine_load_cryptodev_int()\n");
- # endif
- engine_load_cryptodev_int();
-+ return 1;
- }
- # endif
-
- # ifndef OPENSSL_NO_RDRAND
- static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_rdrand(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
- "engine_load_rdrand_int()\n");
- # endif
- engine_load_rdrand_int();
-+ return 1;
- }
- # endif
- static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_dynamic(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
- "engine_load_dynamic_int()\n");
- # endif
- engine_load_dynamic_int();
-+ return 1;
- }
- # ifndef OPENSSL_NO_STATIC_ENGINE
- # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
- static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_padlock(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
- "engine_load_padlock_int()\n");
- # endif
- engine_load_padlock_int();
-+ return 1;
- }
- # endif
- # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_capi(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
- "engine_load_capi_int()\n");
- # endif
- engine_load_capi_int();
-+ return 1;
- }
- # endif
- static CRYPTO_ONCE engine_dasync = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_dasync(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dasync)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dasync: "
- "engine_load_dasync_int()\n");
- # endif
- engine_load_dasync_int();
-+ return 1;
- }
- # if !defined(OPENSSL_NO_AFALGENG)
- static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
--static void ossl_init_engine_afalg(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
- {
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
- "engine_load_afalg_int()\n");
- # endif
- engine_load_afalg_int();
-+ return 1;
- }
- # endif
- # endif
-@@ -327,10 +287,11 @@ static void ossl_init_engine_afalg(void)
- static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
-
- static int zlib_inited = 0;
--static void ossl_init_zlib(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
- {
- /* Do nothing - we need to know about this for the later cleanup */
- zlib_inited = 1;
-+ return 1;
- }
- #endif
-
-@@ -351,9 +312,9 @@ static void ossl_init_thread_stop(struct
- if (locals->err_state) {
- #ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
-- "ERR_remove_thread_state()\n");
-+ "err_delete_thread_state()\n");
- #endif
-- ERR_remove_thread_state();
-+ err_delete_thread_state();
- }
-
- OPENSSL_free(locals);
-@@ -523,94 +484,87 @@ int OPENSSL_init_crypto(uint64_t opts, c
- return 0;
- }
-
-- if (!CRYPTO_THREAD_run_once(&base, ossl_init_base))
-+ if (!RUN_ONCE(&base, ossl_init_base))
- return 0;
-
- if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
-- && !CRYPTO_THREAD_run_once(&load_crypto_strings,
-- ossl_init_no_load_crypto_strings))
-+ && !RUN_ONCE(&load_crypto_strings,
-+ ossl_init_no_load_crypto_strings))
- return 0;
-
- if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
-- && !CRYPTO_THREAD_run_once(&load_crypto_strings,
-- ossl_init_load_crypto_strings))
-+ && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
- return 0;
-
- if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
-- && !CRYPTO_THREAD_run_once(&add_all_ciphers, ossl_init_no_add_algs))
-+ && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
- return 0;
-
- if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
-- && !CRYPTO_THREAD_run_once(&add_all_ciphers,
-- ossl_init_add_all_ciphers))
-+ && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
- return 0;
-
- if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
-- && !CRYPTO_THREAD_run_once(&add_all_digests, ossl_init_no_add_algs))
-+ && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
- return 0;
-
- if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
-- && !CRYPTO_THREAD_run_once(&add_all_digests,
-- ossl_init_add_all_digests))
-+ && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
- return 0;
-
- if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
-- && !CRYPTO_THREAD_run_once(&config, ossl_init_no_config))
-+ && !RUN_ONCE(&config, ossl_init_no_config))
- return 0;
-
- if (opts & OPENSSL_INIT_LOAD_CONFIG) {
- int ret;
- CRYPTO_THREAD_write_lock(init_lock);
-- config_filename = (settings == NULL) ? NULL : settings->config_name;
-- ret = CRYPTO_THREAD_run_once(&config, ossl_init_config);
-+ appname = (settings == NULL) ? NULL : settings->appname;
-+ ret = RUN_ONCE(&config, ossl_init_config);
- CRYPTO_THREAD_unlock(init_lock);
- if (!ret)
- return 0;
- }
-
- if ((opts & OPENSSL_INIT_ASYNC)
-- && !CRYPTO_THREAD_run_once(&async, ossl_init_async))
-+ && !RUN_ONCE(&async, ossl_init_async))
- return 0;
-
- #ifndef OPENSSL_NO_ENGINE
- if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
-- && !CRYPTO_THREAD_run_once(&engine_openssl,
-- ossl_init_engine_openssl))
-+ && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
- return 0;
- # if !defined(OPENSSL_NO_HW) && \
- (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
- if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
-- && !CRYPTO_THREAD_run_once(&engine_cryptodev,
-- ossl_init_engine_cryptodev))
-+ && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev))
- return 0;
- # endif
- # ifndef OPENSSL_NO_RDRAND
- if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
-- && !CRYPTO_THREAD_run_once(&engine_rdrand, ossl_init_engine_rdrand))
-+ && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
- return 0;
- # endif
- if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
-- && !CRYPTO_THREAD_run_once(&engine_dynamic,
-- ossl_init_engine_dynamic))
-+ && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
- return 0;
- # ifndef OPENSSL_NO_STATIC_ENGINE
- # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
- if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
-- && !CRYPTO_THREAD_run_once(&engine_padlock,
-- ossl_init_engine_padlock))
-+ && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
- return 0;
- # endif
- # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- if ((opts & OPENSSL_INIT_ENGINE_CAPI)
-- && !CRYPTO_THREAD_run_once(&engine_capi, ossl_init_engine_capi))
-+ && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
- return 0;
- # endif
- if ((opts & OPENSSL_INIT_ENGINE_DASYNC)
-- && !CRYPTO_THREAD_run_once(&engine_dasync, ossl_init_engine_dasync))
-+ && !RUN_ONCE(&engine_dasync, ossl_init_engine_dasync))
- return 0;
- # if !defined(OPENSSL_NO_AFALGENG)
- if ((opts & OPENSSL_INIT_ENGINE_AFALG)
-- && !CRYPTO_THREAD_run_once(&engine_afalg, ossl_init_engine_afalg))
-+ && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
- return 0;
- # endif
- # endif
-@@ -623,7 +577,7 @@ int OPENSSL_init_crypto(uint64_t opts, c
-
- #ifndef OPENSSL_NO_COMP
- if ((opts & OPENSSL_INIT_ZLIB)
-- && !CRYPTO_THREAD_run_once(&zlib, ossl_init_zlib))
-+ && !RUN_ONCE(&zlib, ossl_init_zlib))
- return 0;
- #endif
-
---- a/crypto/kdf/Makefile.in
-+++ /dev/null
-@@ -1,53 +0,0 @@
--#
--# OpenSSL/crypto/kdf/Makefile
--#
--
--DIR= kdf
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=tls1_prf.c kdf_err.c hkdf.c
--LIBOBJ=tls1_prf.o kdf_err.o hkdf.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--tags:
-- ctags $(SRC)
--
--tests:
--
--lint:
-- lint -DLINT $(INCLUDES) $(SRC)>fluff
--
--update: depend
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/kdf/hkdf.c
-+++ b/crypto/kdf/hkdf.c
-@@ -1,49 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
---- a/crypto/kdf/kdf_err.c
-+++ b/crypto/kdf/kdf_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -83,7 +33,7 @@ static ERR_STRING_DATA KDF_str_reasons[]
-
- #endif
-
--void ERR_load_KDF_strings(void)
-+int ERR_load_KDF_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -92,4 +42,5 @@ void ERR_load_KDF_strings(void)
- ERR_load_strings(0, KDF_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/kdf/tls1_prf.c
-+++ b/crypto/kdf/tls1_prf.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2016.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/lhash/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/lhash/Makefile
--#
--
--DIR= lhash
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=lhash.c lh_stats.c
--LIBOBJ=lhash.o lh_stats.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/lhash/lh_stats.c
-+++ b/crypto/lhash/lh_stats.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -66,50 +18,48 @@
-
- #include <openssl/bio.h>
- #include <openssl/lhash.h>
-+#include "lhash_lcl.h"
-
- # ifndef OPENSSL_NO_STDIO
--void lh_stats(const _LHASH *lh, FILE *fp)
-+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
- {
- BIO *bp;
-
- bp = BIO_new(BIO_s_file());
- if (bp == NULL)
-- goto end;
-+ return;
- BIO_set_fp(bp, fp, BIO_NOCLOSE);
-- lh_stats_bio(lh, bp);
-+ OPENSSL_LH_stats_bio(lh, bp);
- BIO_free(bp);
-- end:;
- }
-
--void lh_node_stats(const _LHASH *lh, FILE *fp)
-+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp)
- {
- BIO *bp;
-
- bp = BIO_new(BIO_s_file());
- if (bp == NULL)
-- goto end;
-+ return;
- BIO_set_fp(bp, fp, BIO_NOCLOSE);
-- lh_node_stats_bio(lh, bp);
-+ OPENSSL_LH_node_stats_bio(lh, bp);
- BIO_free(bp);
-- end:;
- }
-
--void lh_node_usage_stats(const _LHASH *lh, FILE *fp)
-+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
- {
- BIO *bp;
-
- bp = BIO_new(BIO_s_file());
- if (bp == NULL)
-- goto end;
-+ return;
- BIO_set_fp(bp, fp, BIO_NOCLOSE);
-- lh_node_usage_stats_bio(lh, bp);
-+ OPENSSL_LH_node_usage_stats_bio(lh, bp);
- BIO_free(bp);
-- end:;
- }
-
- # endif
-
--void lh_stats_bio(const _LHASH *lh, BIO *out)
-+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
- {
- BIO_printf(out, "num_items = %lu\n", lh->num_items);
- BIO_printf(out, "num_nodes = %u\n", lh->num_nodes);
-@@ -130,9 +80,9 @@ void lh_stats_bio(const _LHASH *lh, BIO
- BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
- }
-
--void lh_node_stats_bio(const _LHASH *lh, BIO *out)
-+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
- {
-- LHASH_NODE *n;
-+ OPENSSL_LH_NODE *n;
- unsigned int i, num;
-
- for (i = 0; i < lh->num_nodes; i++) {
-@@ -142,9 +92,9 @@ void lh_node_stats_bio(const _LHASH *lh,
- }
- }
-
--void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
-+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
- {
-- LHASH_NODE *n;
-+ OPENSSL_LH_NODE *n;
- unsigned long num;
- unsigned int i;
- unsigned long total = 0, n_used = 0;
---- a/crypto/lhash/lhash.c
-+++ b/crypto/lhash/lhash.c
-@@ -1,124 +1,39 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--/*-
-- * Code for dynamic hash table routines
-- * Author - Eric Young v 2.0
-- *
-- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
-- * present. eay 18-Jun-98
-- *
-- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
-- *
-- * 2.0 eay - Fixed a bug that occurred when using lh_delete
-- * from inside lh_doall(). As entries were deleted,
-- * the 'table' was 'contract()ed', making some entries
-- * jump from the end of the table to the start, there by
-- * skipping the lh_doall() processing. eay - 4/12/95
-- *
-- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
-- * were not being free()ed. 21/11/95
-- *
-- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
-- * 19/09/95
-- *
-- * 1.7 eay - Removed the fputs() for realloc failures - the code
-- * should silently tolerate them. I have also fixed things
-- * lint complained about 04/05/95
-- *
-- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
-- *
-- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
-- *
-- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
-- *
-- * 1.3 eay - Fixed a few lint problems 19/3/1991
-- *
-- * 1.2 eay - Fixed lh_doall problem 13/3/1991
-- *
-- * 1.1 eay - Added lh_doall
-- *
-- * 1.0 eay - First version
-- */
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <openssl/crypto.h>
- #include <openssl/lhash.h>
-+#include "lhash_lcl.h"
-+
-
- #undef MIN_NODES
- #define MIN_NODES 16
- #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
- #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
-
--static void expand(_LHASH *lh);
--static void contract(_LHASH *lh);
--static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
-+static int expand(OPENSSL_LHASH *lh);
-+static void contract(OPENSSL_LHASH *lh);
-+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash);
-
--_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
-+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
- {
-- _LHASH *ret;
-+ OPENSSL_LHASH *ret;
-
- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
- goto err0;
- if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
- goto err1;
-- ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c);
-- ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h);
-+ ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
-+ ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
- ret->num_nodes = MIN_NODES / 2;
- ret->num_alloc_nodes = MIN_NODES;
- ret->pmax = MIN_NODES / 2;
-@@ -132,10 +47,10 @@ static LHASH_NODE **getrn(_LHASH *lh, co
- return (NULL);
- }
-
--void lh_free(_LHASH *lh)
-+void OPENSSL_LH_free(OPENSSL_LHASH *lh)
- {
- unsigned int i;
-- LHASH_NODE *n, *nn;
-+ OPENSSL_LH_NODE *n, *nn;
-
- if (lh == NULL)
- return;
-@@ -152,15 +67,15 @@ void lh_free(_LHASH *lh)
- OPENSSL_free(lh);
- }
-
--void *lh_insert(_LHASH *lh, void *data)
-+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
- {
- unsigned long hash;
-- LHASH_NODE *nn, **rn;
-+ OPENSSL_LH_NODE *nn, **rn;
- void *ret;
-
- lh->error = 0;
-- if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
-- expand(lh);
-+ if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh))
-+ return NULL; /* 'lh->error++' already done in 'expand' */
-
- rn = getrn(lh, data, &hash);
-
-@@ -185,10 +100,10 @@ void *lh_insert(_LHASH *lh, void *data)
- return (ret);
- }
-
--void *lh_delete(_LHASH *lh, const void *data)
-+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
- {
- unsigned long hash;
-- LHASH_NODE *nn, **rn;
-+ OPENSSL_LH_NODE *nn, **rn;
- void *ret;
-
- lh->error = 0;
-@@ -213,10 +128,10 @@ void *lh_delete(_LHASH *lh, const void *
- return (ret);
- }
-
--void *lh_retrieve(_LHASH *lh, const void *data)
-+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
- {
- unsigned long hash;
-- LHASH_NODE **rn;
-+ OPENSSL_LH_NODE **rn;
- void *ret;
-
- lh->error = 0;
-@@ -232,11 +147,12 @@ void *lh_retrieve(_LHASH *lh, const void
- return (ret);
- }
-
--static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
-- LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
-+static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg,
-+ OPENSSL_LH_DOALL_FUNC func,
-+ OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg)
- {
- int i;
-- LHASH_NODE *a, *n;
-+ OPENSSL_LH_NODE *a, *n;
-
- if (lh == NULL)
- return;
-@@ -248,13 +164,6 @@ static void doall_util_fn(_LHASH *lh, in
- for (i = lh->num_nodes - 1; i >= 0; i--) {
- a = lh->b[i];
- while (a != NULL) {
-- /*
-- * 28/05/91 - eay - n added so items can be deleted via lh_doall
-- */
-- /*
-- * 22/05/08 - ben - eh? since a is not passed, this should not be
-- * needed
-- */
- n = a->next;
- if (use_arg)
- func_arg(a->data, arg);
-@@ -265,19 +174,19 @@ static void doall_util_fn(_LHASH *lh, in
- }
- }
-
--void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
-+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func)
- {
-- doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
-+ doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL);
- }
-
--void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
-+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg)
- {
-- doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
-+ doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg);
- }
-
--static void expand(_LHASH *lh)
-+static int expand(OPENSSL_LHASH *lh)
- {
-- LHASH_NODE **n, **n1, **n2, *np;
-+ OPENSSL_LH_NODE **n, **n1, **n2, *np;
- unsigned int p, i, j;
- unsigned long hash, nni;
-
-@@ -286,7 +195,7 @@ static void expand(_LHASH *lh)
- p = (int)lh->p++;
- n1 = &(lh->b[p]);
- n2 = &(lh->b[p + (int)lh->pmax]);
-- *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */
-+ *n2 = NULL;
- nni = lh->num_alloc_nodes;
-
- for (np = *n1; np != NULL;) {
-@@ -302,12 +211,12 @@ static void expand(_LHASH *lh)
-
- if ((lh->p) >= lh->pmax) {
- j = (int)lh->num_alloc_nodes * 2;
-- n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j));
-+ n = OPENSSL_realloc(lh->b, (int)(sizeof(OPENSSL_LH_NODE *) * j));
- if (n == NULL) {
- /* fputs("realloc error in lhash",stderr); */
- lh->error++;
- lh->p = 0;
-- return;
-+ return 0;
- }
- for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
- n[i] = NULL; /* 02/03/92 eay */
-@@ -317,17 +226,18 @@ static void expand(_LHASH *lh)
- lh->p = 0;
- lh->b = n;
- }
-+ return 1;
- }
-
--static void contract(_LHASH *lh)
-+static void contract(OPENSSL_LHASH *lh)
- {
-- LHASH_NODE **n, *n1, *np;
-+ OPENSSL_LH_NODE **n, *n1, *np;
-
- np = lh->b[lh->p + lh->pmax - 1];
- lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
- if (lh->p == 0) {
- n = OPENSSL_realloc(lh->b,
-- (unsigned int)(sizeof(LHASH_NODE *) * lh->pmax));
-+ (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
- if (n == NULL) {
- /* fputs("realloc error in lhash",stderr); */
- lh->error++;
-@@ -354,11 +264,12 @@ static void contract(_LHASH *lh)
- }
- }
-
--static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
-+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
-+ const void *data, unsigned long *rhash)
- {
-- LHASH_NODE **ret, *n1;
-+ OPENSSL_LH_NODE **ret, *n1;
- unsigned long hash, nn;
-- LHASH_COMP_FN_TYPE cf;
-+ OPENSSL_LH_COMPFUNC cf;
-
- hash = (*(lh->hash)) (data);
- lh->num_hash_calls++;
-@@ -389,7 +300,7 @@ static LHASH_NODE **getrn(_LHASH *lh, co
- * collisions on /usr/dict/words and it distributes on %2^n quite well, not
- * as good as MD5, but still good.
- */
--unsigned long lh_strhash(const char *c)
-+unsigned long OPENSSL_LH_strhash(const char *c)
- {
- unsigned long ret = 0;
- long n;
-@@ -417,22 +328,22 @@ unsigned long lh_strhash(const char *c)
- return ((ret >> 16) ^ ret);
- }
-
--unsigned long lh_num_items(const _LHASH *lh)
-+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
- {
- return lh ? lh->num_items : 0;
- }
-
--unsigned long lh_get_down_load(const _LHASH *lh)
-+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh)
- {
- return lh->down_load;
- }
-
--void lh_set_down_load(_LHASH *lh, unsigned long down_load)
-+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load)
- {
- lh->down_load = down_load;
- }
-
--int lh_error(_LHASH *lh)
-+int OPENSSL_LH_error(OPENSSL_LHASH *lh)
- {
- return lh->error;
- }
---- /dev/null
-+++ b/crypto/lhash/lhash_lcl.h
-@@ -0,0 +1,42 @@
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+
-+struct lhash_node_st {
-+ void *data;
-+ struct lhash_node_st *next;
-+ unsigned long hash;
-+};
-+
-+struct lhash_st {
-+ OPENSSL_LH_NODE **b;
-+ OPENSSL_LH_COMPFUNC comp;
-+ OPENSSL_LH_HASHFUNC hash;
-+ unsigned int num_nodes;
-+ unsigned int num_alloc_nodes;
-+ unsigned int p;
-+ unsigned int pmax;
-+ unsigned long up_load; /* load times 256 */
-+ unsigned long down_load; /* load times 256 */
-+ unsigned long num_items;
-+ unsigned long num_expands;
-+ unsigned long num_expand_reallocs;
-+ unsigned long num_contracts;
-+ unsigned long num_contract_reallocs;
-+ unsigned long num_hash_calls;
-+ unsigned long num_comp_calls;
-+ unsigned long num_insert;
-+ unsigned long num_replace;
-+ unsigned long num_delete;
-+ unsigned long num_no_delete;
-+ unsigned long num_retrieve;
-+ unsigned long num_retrieve_miss;
-+ unsigned long num_hash_comps;
-+ int error;
-+};
---- a/crypto/lhash/num.pl
-+++ b/crypto/lhash/num.pl
-@@ -1,4 +1,10 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- #node 10 -> 4
-
---- a/crypto/md2/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/md/Makefile
--#
--
--DIR= md2
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=md2_dgst.c md2_one.c
--LIBOBJ=md2_dgst.o md2_one.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/md2/md2_dgst.c
-+++ b/crypto/md2/md2_dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -216,6 +168,6 @@ int MD2_Final(unsigned char *md, MD2_CTX
-
- for (i = 0; i < 16; i++)
- md[i] = (UCHAR) (p1[i] & 0xff);
-- memset(&c, 0, sizeof(c));
-+ OPENSSL_cleanse(c, sizeof(*c));
- return 1;
- }
---- a/crypto/md2/md2_one.c
-+++ b/crypto/md2/md2_one.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/md4/Makefile.in
-+++ /dev/null
-@@ -1,44 +0,0 @@
--#
--# OpenSSL/crypto/md4/Makefile
--#
--
--DIR= md4
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=md4_dgst.c md4_one.c
--LIBOBJ=md4_dgst.o md4_one.o
--
--SRC= $(LIBSRC)
--
--HEADER= md4_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/md4/md4_dgst.c
-+++ b/crypto/md4/md4_dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/md4/md4_locl.h
-+++ b/crypto/md4/md4_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
---- a/crypto/md4/md4_one.c
-+++ b/crypto/md4/md4_one.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/md4/md4s.cpp
-+++ /dev/null
-@@ -1,78 +0,0 @@
--//
--// gettsc.inl
--//
--// gives access to the Pentium's (secret) cycle counter
--//
--// This software was written by Leonard Janke (janke at unixg.ubc.ca)
--// in 1996-7 and is entered, by him, into the public domain.
--
--#if defined(__WATCOMC__)
--void GetTSC(unsigned long&);
--#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
--#elif defined(__GNUC__)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- asm volatile(".byte 15, 49\n\t"
-- : "=eax" (tsc)
-- :
-- : "%edx", "%eax");
--}
--#elif defined(_MSC_VER)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- unsigned long a;
-- __asm _emit 0fh
-- __asm _emit 31h
-- __asm mov a, eax;
-- tsc=a;
--}
--#endif
--
--#include <stdio.h>
--#include <stdlib.h>
--#include <openssl/md4.h>
--
--extern "C" {
--void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
--}
--
--void main(int argc,char *argv[])
-- {
-- unsigned char buffer[64*256];
-- MD4_CTX ctx;
-- unsigned long s1,s2,e1,e2;
-- unsigned char k[16];
-- unsigned long data[2];
-- unsigned char iv[8];
-- int i,num=0,numm;
-- int j=0;
--
-- if (argc >= 2)
-- num=atoi(argv[1]);
--
-- if (num == 0) num=16;
-- if (num > 250) num=16;
-- numm=num+2;
-- num*=64;
-- numm*=64;
--
-- for (j=0; j<6; j++)
-- {
-- for (i=0; i<10; i++) /**/
-- {
-- md4_block_x86(&ctx,buffer,numm);
-- GetTSC(s1);
-- md4_block_x86(&ctx,buffer,numm);
-- GetTSC(e1);
-- GetTSC(s2);
-- md4_block_x86(&ctx,buffer,num);
-- GetTSC(e2);
-- md4_block_x86(&ctx,buffer,num);
-- }
-- printf("md4 (%d bytes) %d %d (%.2f)\n",num,
-- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
-- }
-- }
--
---- a/crypto/md5/Makefile.in
-+++ /dev/null
-@@ -1,61 +0,0 @@
--#
--# OpenSSL/crypto/md5/Makefile
--#
--
--DIR= md5
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=-I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--MD5_ASM_OBJ=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=md5_dgst.c md5_one.c
--LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
--
--SRC= $(LIBSRC)
--
--HEADER= md5_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--md5-586.s: asm/md5-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $@
--
--md5-x86_64.s: asm/md5-x86_64.pl
-- $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) $@
--
--md5-ia64.s: asm/md5-ia64.S
-- $(CC) $(CFLAGS) -E asm/md5-ia64.S | \
-- $(PERL) -ne 's/;\s+/;\n/g; print;' > $@
--
--md5-sparcv9.S: asm/md5-sparcv9.pl
-- $(PERL) asm/md5-sparcv9.pl $(PERLASM_SCHEME) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/md5/asm/md5-586.pl
-+++ b/crypto/md5/asm/md5-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # Normal is the
- # md5_block_x86(MD5_CTX *c, ULONG *X);
---- a/crypto/md5/asm/md5-ia64.S
-+++ b/crypto/md5/asm/md5-ia64.S
-@@ -1,3 +1,13 @@
-+/*
-+ *
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-
- Permission is hereby granted, free of charge, to any person obtaining
---- a/crypto/md5/asm/md5-sparcv9.pl
-+++ b/crypto/md5/asm/md5-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/md5/asm/md5-x86_64.pl
-+++ b/crypto/md5/asm/md5-x86_64.pl
-@@ -1,11 +1,13 @@
--#!/usr/bin/perl -w
--#
--# MD5 optimized for AMD64.
--#
-+#! /usr/bin/env perl
- # Author: Marc Bevand <bevand_m (at) epita.fr>
--# Licence: I hereby disclaim the copyright on this code and place it
--# in the public domain.
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+# MD5 optimized for AMD64.
-
- use strict;
-
-@@ -128,7 +130,7 @@ my $win64=0; $win64=1 if ($flavour =~ /[
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $code .= <<EOF;
---- a/crypto/md5/md5_dgst.c
-+++ b/crypto/md5/md5_dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/md5/md5_locl.h
-+++ b/crypto/md5/md5_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
-@@ -61,7 +13,7 @@
- #include <openssl/md5.h>
-
- #ifdef MD5_ASM
--# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
-+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
- # define md5_block_data_order md5_block_asm_data_order
- # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
---- a/crypto/md5/md5_one.c
-+++ b/crypto/md5/md5_one.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/md5/md5s.cpp
-+++ /dev/null
-@@ -1,78 +0,0 @@
--//
--// gettsc.inl
--//
--// gives access to the Pentium's (secret) cycle counter
--//
--// This software was written by Leonard Janke (janke at unixg.ubc.ca)
--// in 1996-7 and is entered, by him, into the public domain.
--
--#if defined(__WATCOMC__)
--void GetTSC(unsigned long&);
--#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
--#elif defined(__GNUC__)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- asm volatile(".byte 15, 49\n\t"
-- : "=eax" (tsc)
-- :
-- : "%edx", "%eax");
--}
--#elif defined(_MSC_VER)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- unsigned long a;
-- __asm _emit 0fh
-- __asm _emit 31h
-- __asm mov a, eax;
-- tsc=a;
--}
--#endif
--
--#include <stdio.h>
--#include <stdlib.h>
--#include <openssl/md5.h>
--
--extern "C" {
--void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
--}
--
--void main(int argc,char *argv[])
-- {
-- unsigned char buffer[64*256];
-- MD5_CTX ctx;
-- unsigned long s1,s2,e1,e2;
-- unsigned char k[16];
-- unsigned long data[2];
-- unsigned char iv[8];
-- int i,num=0,numm;
-- int j=0;
--
-- if (argc >= 2)
-- num=atoi(argv[1]);
--
-- if (num == 0) num=16;
-- if (num > 250) num=16;
-- numm=num+2;
-- num*=64;
-- numm*=64;
--
-- for (j=0; j<6; j++)
-- {
-- for (i=0; i<10; i++) /**/
-- {
-- md5_block_x86(&ctx,buffer,numm);
-- GetTSC(s1);
-- md5_block_x86(&ctx,buffer,numm);
-- GetTSC(e1);
-- GetTSC(s2);
-- md5_block_x86(&ctx,buffer,num);
-- GetTSC(e2);
-- md5_block_x86(&ctx,buffer,num);
-- }
-- printf("md5 (%d bytes) %d %d (%.2f)\n",num,
-- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
-- }
-- }
--
---- a/crypto/mdc2/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/mdc2/Makefile
--#
--
--DIR= mdc2
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=mdc2dgst.c mdc2_one.c
--LIBOBJ=mdc2dgst.o mdc2_one.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/mdc2/mdc2_one.c
-+++ b/crypto/mdc2/mdc2_one.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/mdc2/mdc2dgst.c
-+++ b/crypto/mdc2/mdc2dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/mem.c
-+++ b/crypto/mem.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -196,14 +148,15 @@ void *CRYPTO_clear_realloc(void *str, si
-
- /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
- if (num < old_len) {
-- memset((char*)str + num, 0, old_len - num);
-+ OPENSSL_cleanse((char*)str + num, old_len - num);
- return str;
- }
-
- ret = CRYPTO_malloc(num, file, line);
-- if (ret)
-+ if (ret != NULL) {
- memcpy(ret, str, old_len);
-- CRYPTO_clear_free(str, old_len, file, line);
-+ CRYPTO_clear_free(str, old_len, file, line);
-+ }
- return ret;
- }
-
---- a/crypto/mem_clr.c
-+++ b/crypto/mem_clr.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -64,7 +15,7 @@
- * the pointer and can't assume that it points to any function in
- * particular (such as memset, which it then might further "optimize")
- */
--typedef void *(*memset_t)(void *,int,size_t);
-+typedef void *(*memset_t)(void *, int, size_t);
-
- static volatile memset_t memset_func = memset;
-
---- a/crypto/mem_dbg.c
-+++ b/crypto/mem_dbg.c
-@@ -1,118 +1,17 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <stdlib.h>
- #include <time.h>
- #include "internal/cryptlib.h"
--#include "internal/threads.h"
-+#include "internal/thread_once.h"
- #include <openssl/crypto.h>
- #include <openssl/buffer.h>
- #include "internal/bio.h"
-@@ -189,11 +88,19 @@ static unsigned int num_disable = 0;
- */
- static CRYPTO_THREAD_ID disabling_threadid;
-
--static void do_memdbg_init(void)
-+DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
- {
- malloc_lock = CRYPTO_THREAD_lock_new();
- long_malloc_lock = CRYPTO_THREAD_lock_new();
-- CRYPTO_THREAD_init_local(&appinfokey, NULL);
-+ if (malloc_lock == NULL || long_malloc_lock == NULL
-+ || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
-+ CRYPTO_THREAD_lock_free(malloc_lock);
-+ malloc_lock = NULL;
-+ CRYPTO_THREAD_lock_free(long_malloc_lock);
-+ long_malloc_lock = NULL;
-+ return 0;
-+ }
-+ return 1;
- }
-
- static void app_info_free(APP_INFO *inf)
-@@ -214,7 +121,8 @@ int CRYPTO_mem_ctrl(int mode)
- #else
- int ret = mh_mode;
-
-- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
-+ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-+ return -1;
-
- CRYPTO_THREAD_write_lock(malloc_lock);
- switch (mode) {
-@@ -287,7 +195,8 @@ static int mem_check_on(void)
- CRYPTO_THREAD_ID cur;
-
- if (mh_mode & CRYPTO_MEM_CHECK_ON) {
-- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
-+ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-+ return 0;
-
- cur = CRYPTO_THREAD_get_current_id();
- CRYPTO_THREAD_read_lock(malloc_lock);
-@@ -330,7 +239,9 @@ static int pop_info(void)
- {
- APP_INFO *current = NULL;
-
-- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
-+ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-+ return 0;
-+
- current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
- if (current != NULL) {
- APP_INFO *next = current->next;
-@@ -360,9 +271,8 @@ int CRYPTO_mem_debug_push(const char *in
- if (mem_check_on()) {
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
-- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
--
-- if ((ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
-+ if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
-+ || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
- goto err;
-
- ami->threadid = CRYPTO_THREAD_get_current_id();
-@@ -415,9 +325,8 @@ void CRYPTO_mem_debug_malloc(void *addr,
- if (mem_check_on()) {
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
-- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
--
-- if ((m = OPENSSL_malloc(sizeof(*m))) == NULL) {
-+ if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
-+ || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
- OPENSSL_free(addr);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
- return;
-@@ -645,7 +554,8 @@ int CRYPTO_mem_leaks(BIO *b)
- /* Ensure all resources are released */
- OPENSSL_cleanup();
-
-- CRYPTO_THREAD_run_once(&memdbg_init, do_memdbg_init);
-+ if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-+ return -1;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
---- a/crypto/mem_sec.c
-+++ b/crypto/mem_sec.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
- * This file is distributed under the terms of the OpenSSL license.
- */
-@@ -25,7 +34,6 @@
- # include <sys/param.h>
- # include <sys/stat.h>
- # include <fcntl.h>
--# include "internal/threads.h"
- #endif
-
- #define CLEAR(p, s) OPENSSL_cleanse(p, s)
-@@ -37,7 +45,6 @@
- static size_t secure_mem_used;
-
- static int secure_mem_initialized;
--static int too_late;
-
- static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
-
-@@ -48,7 +55,7 @@ static int sh_init(size_t size, int mins
- static char *sh_malloc(size_t size);
- static void sh_free(char *ptr);
- static void sh_done(void);
--static int sh_actual_size(char *ptr);
-+static size_t sh_actual_size(char *ptr);
- static int sh_allocated(const char *ptr);
- #endif
-
-@@ -57,10 +64,6 @@ int CRYPTO_secure_malloc_init(size_t siz
- #ifdef IMPLEMENTED
- int ret = 0;
-
-- if (too_late)
-- return ret;
--
-- OPENSSL_assert(!secure_mem_initialized);
- if (!secure_mem_initialized) {
- sec_malloc_lock = CRYPTO_THREAD_lock_new();
- if (sec_malloc_lock == NULL)
-@@ -75,13 +78,17 @@ int CRYPTO_secure_malloc_init(size_t siz
- #endif /* IMPLEMENTED */
- }
-
--void CRYPTO_secure_malloc_done()
-+int CRYPTO_secure_malloc_done()
- {
- #ifdef IMPLEMENTED
-- sh_done();
-- secure_mem_initialized = 0;
-- CRYPTO_THREAD_lock_free(sec_malloc_lock);
-+ if (secure_mem_used == 0) {
-+ sh_done();
-+ secure_mem_initialized = 0;
-+ CRYPTO_THREAD_lock_free(sec_malloc_lock);
-+ return 1;
-+ }
- #endif /* IMPLEMENTED */
-+ return 0;
- }
-
- int CRYPTO_secure_malloc_initialized()
-@@ -100,7 +107,6 @@ void *CRYPTO_secure_malloc(size_t num, c
- size_t actual_size;
-
- if (!secure_mem_initialized) {
-- too_late = 1;
- return CRYPTO_malloc(num, file, line);
- }
- CRYPTO_THREAD_write_lock(sec_malloc_lock);
-@@ -130,7 +136,7 @@ void CRYPTO_secure_free(void *ptr, const
-
- if (ptr == NULL)
- return;
-- if (!secure_mem_initialized) {
-+ if (!CRYPTO_secure_allocated(ptr)) {
- CRYPTO_free(ptr, file, line);
- return;
- }
-@@ -208,9 +214,11 @@ size_t CRYPTO_secure_actual_size(void *p
- * place.
- */
-
--# define TESTBIT(t, b) (t[(b) >> 3] & (1 << ((b) & 7)))
--# define SETBIT(t, b) (t[(b) >> 3] |= (1 << ((b) & 7)))
--# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(1 << ((b) & 7))))
-+#define ONE ((size_t)1)
-+
-+# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
-+# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7)))
-+# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
-
- #define WITHIN_ARENA(p) \
- ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
-@@ -229,21 +237,21 @@ typedef struct sh_st
- char* map_result;
- size_t map_size;
- char *arena;
-- int arena_size;
-+ size_t arena_size;
- char **freelist;
-- int freelist_size;
-- int minsize;
-+ ossl_ssize_t freelist_size;
-+ size_t minsize;
- unsigned char *bittable;
- unsigned char *bitmalloc;
-- int bittable_size; /* size in bits */
-+ size_t bittable_size; /* size in bits */
- } SH;
-
- static SH sh;
-
--static int sh_getlist(char *ptr)
-+static size_t sh_getlist(char *ptr)
- {
-- int list = sh.freelist_size - 1;
-- int bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
-+ ossl_ssize_t list = sh.freelist_size - 1;
-+ size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
-
- for (; bit; bit >>= 1, list--) {
- if (TESTBIT(sh.bittable, bit))
-@@ -257,22 +265,22 @@ static int sh_getlist(char *ptr)
-
- static int sh_testbit(char *ptr, int list, unsigned char *table)
- {
-- int bit;
-+ size_t bit;
-
- OPENSSL_assert(list >= 0 && list < sh.freelist_size);
- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
-- bit = (1 << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
-+ bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
- OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
- return TESTBIT(table, bit);
- }
-
- static void sh_clearbit(char *ptr, int list, unsigned char *table)
- {
-- int bit;
-+ size_t bit;
-
- OPENSSL_assert(list >= 0 && list < sh.freelist_size);
- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
-- bit = (1 << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
-+ bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
- OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
- OPENSSL_assert(TESTBIT(table, bit));
- CLEARBIT(table, bit);
-@@ -280,11 +288,11 @@ static void sh_clearbit(char *ptr, int l
-
- static void sh_setbit(char *ptr, int list, unsigned char *table)
- {
-- int bit;
-+ size_t bit;
-
- OPENSSL_assert(list >= 0 && list < sh.freelist_size);
- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
-- bit = (1 << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
-+ bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
- OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
- OPENSSL_assert(!TESTBIT(table, bit));
- SETBIT(table, bit);
-@@ -449,21 +457,21 @@ static int sh_allocated(const char *ptr)
-
- static char *sh_find_my_buddy(char *ptr, int list)
- {
-- int bit;
-+ size_t bit;
- char *chunk = NULL;
-
-- bit = (1 << list) + (ptr - sh.arena) / (sh.arena_size >> list);
-+ bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
- bit ^= 1;
-
- if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
-- chunk = sh.arena + ((bit & ((1 << list) - 1)) * (sh.arena_size >> list));
-+ chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
-
- return chunk;
- }
-
- static char *sh_malloc(size_t size)
- {
-- int list, slist;
-+ ossl_ssize_t list, slist;
- size_t i;
- char *chunk;
-
-@@ -522,7 +530,7 @@ static char *sh_malloc(size_t size)
-
- static void sh_free(char *ptr)
- {
-- int list;
-+ size_t list;
- char *buddy;
-
- if (ptr == NULL)
-@@ -559,7 +567,7 @@ static void sh_free(char *ptr)
- }
- }
-
--static int sh_actual_size(char *ptr)
-+static size_t sh_actual_size(char *ptr)
- {
- int list;
-
-@@ -568,6 +576,6 @@ static int sh_actual_size(char *ptr)
- return 0;
- list = sh_getlist(ptr);
- OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
-- return sh.arena_size / (1 << list);
-+ return sh.arena_size / (ONE << list);
- }
- #endif /* IMPLEMENTED */
---- a/crypto/modes/Makefile.in
-+++ /dev/null
-@@ -1,76 +0,0 @@
--#
--# OpenSSL/crypto/modes/Makefile
--#
--
--DIR= modes
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--MODES_ASM_OBJ=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \
-- ccm128.c xts128.c wrap128.c ocb128.c
--LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o \
-- ccm128.o xts128.o wrap128.o ocb128.o $(MODES_ASM_OBJ)
--
--SRC= $(LIBSRC)
--
--HEADER= modes_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--ghash-ia64.s: asm/ghash-ia64.pl
-- $(PERL) asm/ghash-ia64.pl $(CFLAGS) $@
--ghash-x86.s: asm/ghash-x86.pl
-- $(PERL) asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--ghash-x86_64.s: asm/ghash-x86_64.pl
-- $(PERL) asm/ghash-x86_64.pl $(PERLASM_SCHEME) $@
--aesni-gcm-x86_64.s: asm/aesni-gcm-x86_64.pl
-- $(PERL) asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME) $@
--ghash-sparcv9.S: asm/ghash-sparcv9.pl
-- $(PERL) asm/ghash-sparcv9.pl $(PERLASM_SCHEME) $@
--ghash-alpha.s: asm/ghash-alpha.pl
-- (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \
-- $(PERL) asm/ghash-alpha.pl $$preproc && \
-- $(CC) -E -P $$preproc > $@ && rm $$preproc)
--ghash-parisc.s: asm/ghash-parisc.pl
-- $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
--ghashv8-armx.S: asm/ghashv8-armx.pl
-- $(PERL) asm/ghashv8-armx.pl $(PERLASM_SCHEME) $@
--ghashp8-ppc.s: asm/ghashp8-ppc.pl
-- $(PERL) asm/ghashp8-ppc.pl $(PERLASM_SCHEME) $@
--
--# GNU make "catch all"
--ghash-%.S: asm/ghash-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--
--ghash-armv4.o: ghash-armv4.S
--ghashv8-armx.o: ghashv8-armx.S
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/modes/asm/aesni-gcm-x86_64.pl
-+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -61,7 +68,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- if ($avx>1) {{{
-@@ -109,6 +116,23 @@ if ($avx>1) {{{
- vpxor $rndkey,$inout3,$inout3
- vmovups 0x10-0x80($key),$T2 # borrow $T2 for $rndkey
- vpclmulqdq \$0x01,$Hkey,$Z3,$Z2
-+
-+ # At this point, the current block of 96 (0x60) bytes has already been
-+ # loaded into registers. Concurrently with processing it, we want to
-+ # load the next 96 bytes of input for the next round. Obviously, we can
-+ # only do this if there are at least 96 more bytes of input beyond the
-+ # input we're currently processing, or else we'd read past the end of
-+ # the input buffer. Here, we set |%r12| to 96 if there are at least 96
-+ # bytes of input beyond the 96 bytes we're already processing, and we
-+ # set |%r12| to 0 otherwise. In the case where we set |%r12| to 96,
-+ # we'll read in the next block so that it is in registers for the next
-+ # loop iteration. In the case where we set |%r12| to 0, we'll re-read
-+ # the current block and then ignore what we re-read.
-+ #
-+ # At this point, |$in0| points to the current (already read into
-+ # registers) block, and |$end0| points to 2*96 bytes before the end of
-+ # the input. Thus, |$in0| > |$end0| means that we do not have the next
-+ # 96-byte block to read in, and |$in0| <= |$end0| means we do.
- xor %r12,%r12
- cmp $in0,$end0
-
-@@ -401,6 +425,9 @@ if ($avx>1) {{{
- .align 32
- aesni_gcm_decrypt:
- xor $ret,$ret
-+
-+ # We call |_aesni_ctr32_ghash_6x|, which requires at least 96 (0x60)
-+ # bytes of input.
- cmp \$0x60,$len # minimal accepted length
- jb .Lgcm_dec_abort
-
-@@ -455,7 +482,15 @@ if ($avx>1) {{{
- vmovdqu 0x50($inp),$Z3 # I[5]
- lea ($inp),$in0
- vmovdqu 0x40($inp),$Z0
-+
-+ # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
-+ # bytes before the end of the input. Note, in particular, that this is
-+ # correct even if |$len| is not an even multiple of 96 or 16. XXX: This
-+ # seems to require that |$inp| + |$len| >= 2*96 (0xc0); i.e. |$inp| must
-+ # not be near the very beginning of the address space when |$len| < 2*96
-+ # (0xc0).
- lea -0xc0($inp,$len),$end0
-+
- vmovdqu 0x30($inp),$Z1
- shr \$4,$len
- xor $ret,$ret
-@@ -611,6 +646,10 @@ if ($avx>1) {{{
- .align 32
- aesni_gcm_encrypt:
- xor $ret,$ret
-+
-+ # We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of
-+ # input. Then we call |_aesni_ctr32_ghash_6x|, which requires at
-+ # least 96 more bytes of input.
- cmp \$0x60*3,$len # minimal accepted length
- jb .Lgcm_enc_abort
-
-@@ -660,7 +699,16 @@ if ($avx>1) {{{
- .Lenc_no_key_aliasing:
-
- lea ($out),$in0
-+
-+ # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
-+ # bytes before the end of the input. Note, in particular, that this is
-+ # correct even if |$len| is not an even multiple of 96 or 16. Unlike in
-+ # the decryption case, there's no caveat that |$out| must not be near
-+ # the very beginning of the address space, because we know that
-+ # |$len| >= 3*96 from the check above, and so we know
-+ # |$out| + |$len| >= 2*96 (0xc0).
- lea -0xc0($out,$len),$end0
-+
- shr \$4,$len
-
- call _aesni_ctr32_6x
---- a/crypto/modes/asm/ghash-alpha.pl
-+++ b/crypto/modes/asm/ghash-alpha.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/asm/ghash-armv4.pl
-+++ b/crypto/modes/asm/ghash-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/asm/ghash-c64xplus.pl
-+++ b/crypto/modes/asm/ghash-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/asm/ghash-ia64.pl
-+++ b/crypto/modes/asm/ghash-ia64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/asm/ghash-parisc.pl
-+++ b/crypto/modes/asm/ghash-parisc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/asm/ghash-s390x.pl
-+++ b/crypto/modes/asm/ghash-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -85,9 +92,7 @@ open STDOUT,">$output";
- tmhl %r0,0x4000 # check for message-security-assist
- jz .Lsoft_gmult
- lghi %r0,0
-- la %r1,16($sp)
-- .long 0xb93e0004 # kimd %r0,%r4
-- lg %r1,24($sp)
-+ lg %r1,24(%r1) # load second word of kimd capabilities vector
- tmhh %r1,0x4000 # check for function 65
- jz .Lsoft_gmult
- stg %r0,16($sp) # arrange 16 bytes of zero input
---- a/crypto/modes/asm/ghash-sparcv9.pl
-+++ b/crypto/modes/asm/ghash-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -446,6 +453,8 @@ undef $len;
- .align 32
- gcm_ghash_vis3:
- save %sp,-$frame,%sp
-+ nop
-+ srln $len,0,$len ! needed on v8+, "nop" on v9
-
- ldx [$Xip+8],$C2 ! load Xi
- ldx [$Xip+0],$C3
---- a/crypto/modes/asm/ghash-x86.pl
-+++ b/crypto/modes/asm/ghash-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/asm/ghash-x86_64.pl
-+++ b/crypto/modes/asm/ghash-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -110,7 +117,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $do4xaggr=1;
---- a/crypto/modes/asm/ghashp8-ppc.pl
-+++ b/crypto/modes/asm/ghashp8-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -18,6 +25,12 @@
- # faster than "4-bit" integer-only compiler-generated 64-bit code.
- # "Initial version" means that there is room for futher improvement.
-
-+# May 2016
-+#
-+# 2x aggregated reduction improves performance by 50% (resulting
-+# performance on POWER8 is 1 cycle per processed byte), and 4x
-+# aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb).
-+
- $flavour=shift;
- $output =shift;
-
-@@ -27,14 +40,21 @@ if ($flavour =~ /64/) {
- $STU="stdu";
- $POP="ld";
- $PUSH="std";
-+ $UCMP="cmpld";
-+ $SHRI="srdi";
- } elsif ($flavour =~ /32/) {
- $SIZE_T=4;
- $LRSAVE=$SIZE_T;
- $STU="stwu";
- $POP="lwz";
- $PUSH="stw";
-+ $UCMP="cmplw";
-+ $SHRI="srwi";
- } else { die "nonsense $flavour"; }
-
-+$sp="r1";
-+$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload
-+
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
- ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-@@ -46,6 +66,7 @@ my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..
-
- my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3));
- my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12));
-+my ($Xl1,$Xm1,$Xh1,$IN1,$H2,$H2h,$H2l)=map("v$_",(13..19));
- my $vrsave="r12";
-
- $code=<<___;
-@@ -56,7 +77,7 @@ my $vrsave="r12";
- .globl .gcm_init_p8
- .align 5
- .gcm_init_p8:
-- lis r0,0xfff0
-+ li r0,-4096
- li r8,0x10
- mfspr $vrsave,256
- li r9,0x20
-@@ -78,17 +99,103 @@ my $vrsave="r12";
- vsl $H,$H,$t0 # H<<=1
- vsrab $t1,$t1,$t2 # broadcast carry bit
- vand $t1,$t1,$xC2
-- vxor $H,$H,$t1 # twisted H
-+ vxor $IN,$H,$t1 # twisted H
-
-- vsldoi $H,$H,$H,8 # twist even more ...
-+ vsldoi $H,$IN,$IN,8 # twist even more ...
- vsldoi $xC2,$zero,$xC2,8 # 0xc2.0
- vsldoi $Hl,$zero,$H,8 # ... and split
- vsldoi $Hh,$H,$zero,8
-
- stvx_u $xC2,0,r3 # save pre-computed table
- stvx_u $Hl,r8,r3
-+ li r8,0x40
- stvx_u $H, r9,r3
-+ li r9,0x50
- stvx_u $Hh,r10,r3
-+ li r10,0x60
-+
-+ vpmsumd $Xl,$IN,$Hl # H.lo·H.lo
-+ vpmsumd $Xm,$IN,$H # H.hi·H.lo+H.lo·H.hi
-+ vpmsumd $Xh,$IN,$Hh # H.hi·H.hi
-+
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-+
-+ vsldoi $t0,$Xm,$zero,8
-+ vsldoi $t1,$zero,$Xm,8
-+ vxor $Xl,$Xl,$t0
-+ vxor $Xh,$Xh,$t1
-+
-+ vsldoi $Xl,$Xl,$Xl,8
-+ vxor $Xl,$Xl,$t2
-+
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
-+ vpmsumd $Xl,$Xl,$xC2
-+ vxor $t1,$t1,$Xh
-+ vxor $IN1,$Xl,$t1
-+
-+ vsldoi $H2,$IN1,$IN1,8
-+ vsldoi $H2l,$zero,$H2,8
-+ vsldoi $H2h,$H2,$zero,8
-+
-+ stvx_u $H2l,r8,r3 # save H^2
-+ li r8,0x70
-+ stvx_u $H2,r9,r3
-+ li r9,0x80
-+ stvx_u $H2h,r10,r3
-+ li r10,0x90
-+___
-+{
-+my ($t4,$t5,$t6) = ($Hl,$H,$Hh);
-+$code.=<<___;
-+ vpmsumd $Xl,$IN,$H2l # H.lo·H^2.lo
-+ vpmsumd $Xl1,$IN1,$H2l # H^2.lo·H^2.lo
-+ vpmsumd $Xm,$IN,$H2 # H.hi·H^2.lo+H.lo·H^2.hi
-+ vpmsumd $Xm1,$IN1,$H2 # H^2.hi·H^2.lo+H^2.lo·H^2.hi
-+ vpmsumd $Xh,$IN,$H2h # H.hi·H^2.hi
-+ vpmsumd $Xh1,$IN1,$H2h # H^2.hi·H^2.hi
-+
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-+ vpmsumd $t6,$Xl1,$xC2 # 1st reduction phase
-+
-+ vsldoi $t0,$Xm,$zero,8
-+ vsldoi $t1,$zero,$Xm,8
-+ vsldoi $t4,$Xm1,$zero,8
-+ vsldoi $t5,$zero,$Xm1,8
-+ vxor $Xl,$Xl,$t0
-+ vxor $Xh,$Xh,$t1
-+ vxor $Xl1,$Xl1,$t4
-+ vxor $Xh1,$Xh1,$t5
-+
-+ vsldoi $Xl,$Xl,$Xl,8
-+ vsldoi $Xl1,$Xl1,$Xl1,8
-+ vxor $Xl,$Xl,$t2
-+ vxor $Xl1,$Xl1,$t6
-+
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
-+ vsldoi $t5,$Xl1,$Xl1,8 # 2nd reduction phase
-+ vpmsumd $Xl,$Xl,$xC2
-+ vpmsumd $Xl1,$Xl1,$xC2
-+ vxor $t1,$t1,$Xh
-+ vxor $t5,$t5,$Xh1
-+ vxor $Xl,$Xl,$t1
-+ vxor $Xl1,$Xl1,$t5
-+
-+ vsldoi $H,$Xl,$Xl,8
-+ vsldoi $H2,$Xl1,$Xl1,8
-+ vsldoi $Hl,$zero,$H,8
-+ vsldoi $Hh,$H,$zero,8
-+ vsldoi $H2l,$zero,$H2,8
-+ vsldoi $H2h,$H2,$zero,8
-+
-+ stvx_u $Hl,r8,r3 # save H^3
-+ li r8,0xa0
-+ stvx_u $H,r9,r3
-+ li r9,0xb0
-+ stvx_u $Hh,r10,r3
-+ li r10,0xc0
-+ stvx_u $H2l,r8,r3 # save H^4
-+ stvx_u $H2,r9,r3
-+ stvx_u $H2h,r10,r3
-
- mtspr 256,$vrsave
- blr
-@@ -96,7 +203,9 @@ my $vrsave="r12";
- .byte 0,12,0x14,0,0,0,2,0
- .long 0
- .size .gcm_init_p8,.-.gcm_init_p8
--
-+___
-+}
-+$code.=<<___;
- .globl .gcm_gmult_p8
- .align 5
- .gcm_gmult_p8:
-@@ -122,7 +231,7 @@ my $vrsave="r12";
- vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
- vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
-
-- vpmsumd $t2,$Xl,$xC2 # 1st phase
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-
- vsldoi $t0,$Xm,$zero,8
- vsldoi $t1,$zero,$Xm,8
-@@ -132,7 +241,7 @@ my $vrsave="r12";
- vsldoi $Xl,$Xl,$Xl,8
- vxor $Xl,$Xl,$t2
-
-- vsldoi $t1,$Xl,$Xl,8 # 2nd phase
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
- vpmsumd $Xl,$Xl,$xC2
- vxor $t1,$t1,$Xh
- vxor $Xl,$Xl,$t1
-@@ -150,7 +259,7 @@ my $vrsave="r12";
- .globl .gcm_ghash_p8
- .align 5
- .gcm_ghash_p8:
-- lis r0,0xfff8
-+ li r0,-4096
- li r8,0x10
- mfspr $vrsave,256
- li r9,0x20
-@@ -159,52 +268,99 @@ my $vrsave="r12";
- lvx_u $Xl,0,$Xip # load Xi
-
- lvx_u $Hl,r8,$Htbl # load pre-computed table
-+ li r8,0x40
- le?lvsl $lemask,r0,r0
- lvx_u $H, r9,$Htbl
-+ li r9,0x50
- le?vspltisb $t0,0x07
- lvx_u $Hh,r10,$Htbl
-+ li r10,0x60
- le?vxor $lemask,$lemask,$t0
- lvx_u $xC2,0,$Htbl
- le?vperm $Xl,$Xl,$Xl,$lemask
- vxor $zero,$zero,$zero
-
-+ ${UCMP}i $len,64
-+ bge Lgcm_ghash_p8_4x
-+
- lvx_u $IN,0,$inp
- addi $inp,$inp,16
-- subi $len,$len,16
-+ subic. $len,$len,16
- le?vperm $IN,$IN,$IN,$lemask
- vxor $IN,$IN,$Xl
-- b Loop
-+ beq Lshort
-+
-+ lvx_u $H2l,r8,$Htbl # load H^2
-+ li r8,16
-+ lvx_u $H2, r9,$Htbl
-+ add r9,$inp,$len # end of input
-+ lvx_u $H2h,r10,$Htbl
-+ be?b Loop_2x
-
- .align 5
--Loop:
-- subic $len,$len,16
-- vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo
-- subfe. r0,r0,r0 # borrow?-1:0
-- vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
-+Loop_2x:
-+ lvx_u $IN1,0,$inp
-+ le?vperm $IN1,$IN1,$IN1,$lemask
-+
-+ subic $len,$len,32
-+ vpmsumd $Xl,$IN,$H2l # H^2.lo·Xi.lo
-+ vpmsumd $Xl1,$IN1,$Hl # H.lo·Xi+1.lo
-+ subfe r0,r0,r0 # borrow?-1:0
-+ vpmsumd $Xm,$IN,$H2 # H^2.hi·Xi.lo+H^2.lo·Xi.hi
-+ vpmsumd $Xm1,$IN1,$H # H.hi·Xi+1.lo+H.lo·Xi+1.hi
- and r0,r0,$len
-- vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
-+ vpmsumd $Xh,$IN,$H2h # H^2.hi·Xi.hi
-+ vpmsumd $Xh1,$IN1,$Hh # H.hi·Xi+1.hi
- add $inp,$inp,r0
-
-- vpmsumd $t2,$Xl,$xC2 # 1st phase
-+ vxor $Xl,$Xl,$Xl1
-+ vxor $Xm,$Xm,$Xm1
-+
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-
- vsldoi $t0,$Xm,$zero,8
- vsldoi $t1,$zero,$Xm,8
-+ vxor $Xh,$Xh,$Xh1
- vxor $Xl,$Xl,$t0
- vxor $Xh,$Xh,$t1
-
- vsldoi $Xl,$Xl,$Xl,8
- vxor $Xl,$Xl,$t2
-- lvx_u $IN,0,$inp
-- addi $inp,$inp,16
-+ lvx_u $IN,r8,$inp
-+ addi $inp,$inp,32
-
-- vsldoi $t1,$Xl,$Xl,8 # 2nd phase
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
- vpmsumd $Xl,$Xl,$xC2
- le?vperm $IN,$IN,$IN,$lemask
- vxor $t1,$t1,$Xh
- vxor $IN,$IN,$t1
- vxor $IN,$IN,$Xl
-- beq Loop # did $len-=16 borrow?
-+ $UCMP r9,$inp
-+ bgt Loop_2x # done yet?
-
-+ cmplwi $len,0
-+ bne Leven
-+
-+Lshort:
-+ vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo
-+ vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi
-+ vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi
-+
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-+
-+ vsldoi $t0,$Xm,$zero,8
-+ vsldoi $t1,$zero,$Xm,8
-+ vxor $Xl,$Xl,$t0
-+ vxor $Xh,$Xh,$t1
-+
-+ vsldoi $Xl,$Xl,$Xl,8
-+ vxor $Xl,$Xl,$t2
-+
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
-+ vpmsumd $Xl,$Xl,$xC2
-+ vxor $t1,$t1,$Xh
-+
-+Leven:
- vxor $Xl,$Xl,$t1
- le?vperm $Xl,$Xl,$Xl,$lemask
- stvx_u $Xl,0,$Xip # write out Xi
-@@ -214,6 +370,284 @@ my $vrsave="r12";
- .long 0
- .byte 0,12,0x14,0,0,0,4,0
- .long 0
-+___
-+{
-+my ($Xl3,$Xm2,$IN2,$H3l,$H3,$H3h,
-+ $Xh3,$Xm3,$IN3,$H4l,$H4,$H4h) = map("v$_",(20..31));
-+my $IN0=$IN;
-+my ($H21l,$H21h,$loperm,$hiperm) = ($Hl,$Hh,$H2l,$H2h);
-+
-+$code.=<<___;
-+.align 5
-+.gcm_ghash_p8_4x:
-+Lgcm_ghash_p8_4x:
-+ $STU $sp,-$FRAME($sp)
-+ li r10,`15+6*$SIZE_T`
-+ li r11,`31+6*$SIZE_T`
-+ stvx v20,r10,$sp
-+ addi r10,r10,32
-+ stvx v21,r11,$sp
-+ addi r11,r11,32
-+ stvx v22,r10,$sp
-+ addi r10,r10,32
-+ stvx v23,r11,$sp
-+ addi r11,r11,32
-+ stvx v24,r10,$sp
-+ addi r10,r10,32
-+ stvx v25,r11,$sp
-+ addi r11,r11,32
-+ stvx v26,r10,$sp
-+ addi r10,r10,32
-+ stvx v27,r11,$sp
-+ addi r11,r11,32
-+ stvx v28,r10,$sp
-+ addi r10,r10,32
-+ stvx v29,r11,$sp
-+ addi r11,r11,32
-+ stvx v30,r10,$sp
-+ li r10,0x60
-+ stvx v31,r11,$sp
-+ li r0,-1
-+ stw $vrsave,`$FRAME-4`($sp) # save vrsave
-+ mtspr 256,r0 # preserve all AltiVec registers
-+
-+ lvsl $t0,0,r8 # 0x0001..0e0f
-+ #lvx_u $H2l,r8,$Htbl # load H^2
-+ li r8,0x70
-+ lvx_u $H2, r9,$Htbl
-+ li r9,0x80
-+ vspltisb $t1,8 # 0x0808..0808
-+ #lvx_u $H2h,r10,$Htbl
-+ li r10,0x90
-+ lvx_u $H3l,r8,$Htbl # load H^3
-+ li r8,0xa0
-+ lvx_u $H3, r9,$Htbl
-+ li r9,0xb0
-+ lvx_u $H3h,r10,$Htbl
-+ li r10,0xc0
-+ lvx_u $H4l,r8,$Htbl # load H^4
-+ li r8,0x10
-+ lvx_u $H4, r9,$Htbl
-+ li r9,0x20
-+ lvx_u $H4h,r10,$Htbl
-+ li r10,0x30
-+
-+ vsldoi $t2,$zero,$t1,8 # 0x0000..0808
-+ vaddubm $hiperm,$t0,$t2 # 0x0001..1617
-+ vaddubm $loperm,$t1,$hiperm # 0x0809..1e1f
-+
-+ $SHRI $len,$len,4 # this allows to use sign bit
-+ # as carry
-+ lvx_u $IN0,0,$inp # load input
-+ lvx_u $IN1,r8,$inp
-+ subic. $len,$len,8
-+ lvx_u $IN2,r9,$inp
-+ lvx_u $IN3,r10,$inp
-+ addi $inp,$inp,0x40
-+ le?vperm $IN0,$IN0,$IN0,$lemask
-+ le?vperm $IN1,$IN1,$IN1,$lemask
-+ le?vperm $IN2,$IN2,$IN2,$lemask
-+ le?vperm $IN3,$IN3,$IN3,$lemask
-+
-+ vxor $Xh,$IN0,$Xl
-+
-+ vpmsumd $Xl1,$IN1,$H3l
-+ vpmsumd $Xm1,$IN1,$H3
-+ vpmsumd $Xh1,$IN1,$H3h
-+
-+ vperm $H21l,$H2,$H,$hiperm
-+ vperm $t0,$IN2,$IN3,$loperm
-+ vperm $H21h,$H2,$H,$loperm
-+ vperm $t1,$IN2,$IN3,$hiperm
-+ vpmsumd $Xm2,$IN2,$H2 # H^2.lo·Xi+2.hi+H^2.hi·Xi+2.lo
-+ vpmsumd $Xl3,$t0,$H21l # H^2.lo·Xi+2.lo+H.lo·Xi+3.lo
-+ vpmsumd $Xm3,$IN3,$H # H.hi·Xi+3.lo +H.lo·Xi+3.hi
-+ vpmsumd $Xh3,$t1,$H21h # H^2.hi·Xi+2.hi+H.hi·Xi+3.hi
-+
-+ vxor $Xm2,$Xm2,$Xm1
-+ vxor $Xl3,$Xl3,$Xl1
-+ vxor $Xm3,$Xm3,$Xm2
-+ vxor $Xh3,$Xh3,$Xh1
-+
-+ blt Ltail_4x
-+
-+Loop_4x:
-+ lvx_u $IN0,0,$inp
-+ lvx_u $IN1,r8,$inp
-+ subic. $len,$len,4
-+ lvx_u $IN2,r9,$inp
-+ lvx_u $IN3,r10,$inp
-+ addi $inp,$inp,0x40
-+ le?vperm $IN1,$IN1,$IN1,$lemask
-+ le?vperm $IN2,$IN2,$IN2,$lemask
-+ le?vperm $IN3,$IN3,$IN3,$lemask
-+ le?vperm $IN0,$IN0,$IN0,$lemask
-+
-+ vpmsumd $Xl,$Xh,$H4l # H^4.lo·Xi.lo
-+ vpmsumd $Xm,$Xh,$H4 # H^4.hi·Xi.lo+H^4.lo·Xi.hi
-+ vpmsumd $Xh,$Xh,$H4h # H^4.hi·Xi.hi
-+ vpmsumd $Xl1,$IN1,$H3l
-+ vpmsumd $Xm1,$IN1,$H3
-+ vpmsumd $Xh1,$IN1,$H3h
-+
-+ vxor $Xl,$Xl,$Xl3
-+ vxor $Xm,$Xm,$Xm3
-+ vxor $Xh,$Xh,$Xh3
-+ vperm $t0,$IN2,$IN3,$loperm
-+ vperm $t1,$IN2,$IN3,$hiperm
-+
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-+ vpmsumd $Xl3,$t0,$H21l # H.lo·Xi+3.lo +H^2.lo·Xi+2.lo
-+ vpmsumd $Xh3,$t1,$H21h # H.hi·Xi+3.hi +H^2.hi·Xi+2.hi
-+
-+ vsldoi $t0,$Xm,$zero,8
-+ vsldoi $t1,$zero,$Xm,8
-+ vxor $Xl,$Xl,$t0
-+ vxor $Xh,$Xh,$t1
-+
-+ vsldoi $Xl,$Xl,$Xl,8
-+ vxor $Xl,$Xl,$t2
-+
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
-+ vpmsumd $Xm2,$IN2,$H2 # H^2.hi·Xi+2.lo+H^2.lo·Xi+2.hi
-+ vpmsumd $Xm3,$IN3,$H # H.hi·Xi+3.lo +H.lo·Xi+3.hi
-+ vpmsumd $Xl,$Xl,$xC2
-+
-+ vxor $Xl3,$Xl3,$Xl1
-+ vxor $Xh3,$Xh3,$Xh1
-+ vxor $Xh,$Xh,$IN0
-+ vxor $Xm2,$Xm2,$Xm1
-+ vxor $Xh,$Xh,$t1
-+ vxor $Xm3,$Xm3,$Xm2
-+ vxor $Xh,$Xh,$Xl
-+ bge Loop_4x
-+
-+Ltail_4x:
-+ vpmsumd $Xl,$Xh,$H4l # H^4.lo·Xi.lo
-+ vpmsumd $Xm,$Xh,$H4 # H^4.hi·Xi.lo+H^4.lo·Xi.hi
-+ vpmsumd $Xh,$Xh,$H4h # H^4.hi·Xi.hi
-+
-+ vxor $Xl,$Xl,$Xl3
-+ vxor $Xm,$Xm,$Xm3
-+
-+ vpmsumd $t2,$Xl,$xC2 # 1st reduction phase
-+
-+ vsldoi $t0,$Xm,$zero,8
-+ vsldoi $t1,$zero,$Xm,8
-+ vxor $Xh,$Xh,$Xh3
-+ vxor $Xl,$Xl,$t0
-+ vxor $Xh,$Xh,$t1
-+
-+ vsldoi $Xl,$Xl,$Xl,8
-+ vxor $Xl,$Xl,$t2
-+
-+ vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase
-+ vpmsumd $Xl,$Xl,$xC2
-+ vxor $t1,$t1,$Xh
-+ vxor $Xl,$Xl,$t1
-+
-+ addic. $len,$len,4
-+ beq Ldone_4x
-+
-+ lvx_u $IN0,0,$inp
-+ ${UCMP}i $len,2
-+ li $len,-4
-+ blt Lone
-+ lvx_u $IN1,r8,$inp
-+ beq Ltwo
-+
-+Lthree:
-+ lvx_u $IN2,r9,$inp
-+ le?vperm $IN0,$IN0,$IN0,$lemask
-+ le?vperm $IN1,$IN1,$IN1,$lemask
-+ le?vperm $IN2,$IN2,$IN2,$lemask
-+
-+ vxor $Xh,$IN0,$Xl
-+ vmr $H4l,$H3l
-+ vmr $H4, $H3
-+ vmr $H4h,$H3h
-+
-+ vperm $t0,$IN1,$IN2,$loperm
-+ vperm $t1,$IN1,$IN2,$hiperm
-+ vpmsumd $Xm2,$IN1,$H2 # H^2.lo·Xi+1.hi+H^2.hi·Xi+1.lo
-+ vpmsumd $Xm3,$IN2,$H # H.hi·Xi+2.lo +H.lo·Xi+2.hi
-+ vpmsumd $Xl3,$t0,$H21l # H^2.lo·Xi+1.lo+H.lo·Xi+2.lo
-+ vpmsumd $Xh3,$t1,$H21h # H^2.hi·Xi+1.hi+H.hi·Xi+2.hi
-+
-+ vxor $Xm3,$Xm3,$Xm2
-+ b Ltail_4x
-+
-+.align 4
-+Ltwo:
-+ le?vperm $IN0,$IN0,$IN0,$lemask
-+ le?vperm $IN1,$IN1,$IN1,$lemask
-+
-+ vxor $Xh,$IN0,$Xl
-+ vperm $t0,$zero,$IN1,$loperm
-+ vperm $t1,$zero,$IN1,$hiperm
-+
-+ vsldoi $H4l,$zero,$H2,8
-+ vmr $H4, $H2
-+ vsldoi $H4h,$H2,$zero,8
-+
-+ vpmsumd $Xl3,$t0, $H21l # H.lo·Xi+1.lo
-+ vpmsumd $Xm3,$IN1,$H # H.hi·Xi+1.lo+H.lo·Xi+2.hi
-+ vpmsumd $Xh3,$t1, $H21h # H.hi·Xi+1.hi
-+
-+ b Ltail_4x
-+
-+.align 4
-+Lone:
-+ le?vperm $IN0,$IN0,$IN0,$lemask
-+
-+ vsldoi $H4l,$zero,$H,8
-+ vmr $H4, $H
-+ vsldoi $H4h,$H,$zero,8
-+
-+ vxor $Xh,$IN0,$Xl
-+ vxor $Xl3,$Xl3,$Xl3
-+ vxor $Xm3,$Xm3,$Xm3
-+ vxor $Xh3,$Xh3,$Xh3
-+
-+ b Ltail_4x
-+
-+Ldone_4x:
-+ le?vperm $Xl,$Xl,$Xl,$lemask
-+ stvx_u $Xl,0,$Xip # write out Xi
-+
-+ li r10,`15+6*$SIZE_T`
-+ li r11,`31+6*$SIZE_T`
-+ mtspr 256,$vrsave
-+ lvx v20,r10,$sp
-+ addi r10,r10,32
-+ lvx v21,r11,$sp
-+ addi r11,r11,32
-+ lvx v22,r10,$sp
-+ addi r10,r10,32
-+ lvx v23,r11,$sp
-+ addi r11,r11,32
-+ lvx v24,r10,$sp
-+ addi r10,r10,32
-+ lvx v25,r11,$sp
-+ addi r11,r11,32
-+ lvx v26,r10,$sp
-+ addi r10,r10,32
-+ lvx v27,r11,$sp
-+ addi r11,r11,32
-+ lvx v28,r10,$sp
-+ addi r10,r10,32
-+ lvx v29,r11,$sp
-+ addi r11,r11,32
-+ lvx v30,r10,$sp
-+ lvx v31,r11,$sp
-+ addi $sp,$sp,$FRAME
-+ blr
-+ .long 0
-+ .byte 0,12,0x04,0,0x80,0,4,0
-+ .long 0
-+___
-+}
-+$code.=<<___;
- .size .gcm_ghash_p8,.-.gcm_ghash_p8
-
- .asciz "GHASH for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
-@@ -221,6 +655,8 @@ my $vrsave="r12";
- ___
-
- foreach (split("\n",$code)) {
-+ s/\`([^\`]*)\`/eval $1/geo;
-+
- if ($flavour =~ /le$/o) { # little-endian
- s/le\?//o or
- s/be\?/#be#/o;
---- a/crypto/modes/asm/ghashv8-armx.pl
-+++ b/crypto/modes/asm/ghashv8-armx.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/modes/build.info
-+++ b/crypto/modes/build.info
-@@ -12,7 +12,7 @@ GENERATE[ghash-x86_64.s]=asm/ghash-x86_6
- GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME)
- GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl $(PERLASM_SCHEME)
- INCLUDE[ghash-sparcv9.o]=..
--GENERATE[ghash-alpha.s]=asm/ghash-alpha.pl
-+GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl $(PERLASM_SCHEME)
- GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl $(PERLASM_SCHEME)
- GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl $(PERLASM_SCHEME)
- GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME)
---- a/crypto/modes/cbc128.c
-+++ b/crypto/modes/cbc128.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/ccm128.c
-+++ b/crypto/modes/ccm128.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/cfb128.c
-+++ b/crypto/modes/cfb128.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/ctr128.c
-+++ b/crypto/modes/ctr128.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/cts128.c
-+++ b/crypto/modes/cts128.c
-@@ -1,8 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Rights for redistribution and usage in source and binary
-- * forms are granted according to the OpenSSL license.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/gcm128.c
-+++ b/crypto/modes/gcm128.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/modes_lcl.h
-+++ b/crypto/modes/modes_lcl.h
-@@ -1,8 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use is governed by OpenSSL license.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/modes.h>
---- a/crypto/modes/ocb128.c
-+++ b/crypto/modes/ocb128.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -147,6 +107,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CO
-
- /* We don't have it - so calculate it */
- if (idx >= ctx->max_l_index) {
-+ void *tmp_ptr;
- /*
- * Each additional entry allows to process almost double as
- * much data, so that in linear world the table will need to
-@@ -157,10 +118,11 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CO
- * the index.
- */
- ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
-- ctx->l =
-+ tmp_ptr =
- OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
-- if (ctx->l == NULL)
-+ if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
- return NULL;
-+ ctx->l = tmp_ptr;
- }
- while (l_index < idx) {
- ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
-@@ -268,7 +230,7 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *
-
- /*
- * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths.
-- * We don't support this at this stage
-+ * We don't support this at this stage
- */
- if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) {
- return -1;
-@@ -415,7 +377,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
-
- /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
- inblock =
-- (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16));
-+ (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16));
- ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1);
- /* Checksum_i = Checksum_{i-1} xor P_i */
- ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum);
---- a/crypto/modes/ofb128.c
-+++ b/crypto/modes/ofb128.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/modes/wrap128.c
-+++ b/crypto/modes/wrap128.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project. Mode with padding contributed by Petr Spacek
-- * (pspacek at redhat.com).
-- */
--/* ====================================================================
-- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /** Beware!
---- a/crypto/modes/xts128.c
-+++ b/crypto/modes/xts128.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/o_dir.c
-+++ b/crypto/o_dir.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <errno.h>
---- a/crypto/o_fips.c
-+++ b/crypto/o_fips.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen henson (steve at openssl.org) for the OpenSSL project
-- * 2011.
-- */
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- /dev/null
-+++ b/crypto/o_fopen.c
-@@ -0,0 +1,103 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include "internal/cryptlib.h"
-+
-+#if !defined(OPENSSL_NO_STDIO)
-+
-+# include <stdio.h>
-+
-+FILE *openssl_fopen(const char *filename, const char *mode)
-+{
-+ FILE *file = NULL;
-+# if defined(_WIN32) && defined(CP_UTF8)
-+ int sz, len_0 = (int)strlen(filename) + 1;
-+ DWORD flags;
-+
-+ /*
-+ * Basically there are three cases to cover: a) filename is
-+ * pure ASCII string; b) actual UTF-8 encoded string and
-+ * c) locale-ized string, i.e. one containing 8-bit
-+ * characters that are meaningful in current system locale.
-+ * If filename is pure ASCII or real UTF-8 encoded string,
-+ * MultiByteToWideChar succeeds and _wfopen works. If
-+ * filename is locale-ized string, chances are that
-+ * MultiByteToWideChar fails reporting
-+ * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
-+ * back to fopen...
-+ */
-+ if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
-+ filename, len_0, NULL, 0)) > 0 ||
-+ (GetLastError() == ERROR_INVALID_FLAGS &&
-+ (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
-+ filename, len_0, NULL, 0)) > 0)
-+ ) {
-+ WCHAR wmode[8];
-+ WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
-+
-+ if (MultiByteToWideChar(CP_UTF8, flags,
-+ filename, len_0, wfilename, sz) &&
-+ MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
-+ wmode, OSSL_NELEM(wmode)) &&
-+ (file = _wfopen(wfilename, wmode)) == NULL &&
-+ (errno == ENOENT || errno == EBADF)
-+ ) {
-+ /*
-+ * UTF-8 decode succeeded, but no file, filename
-+ * could still have been locale-ized...
-+ */
-+ file = fopen(filename, mode);
-+ }
-+ } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
-+ file = fopen(filename, mode);
-+ }
-+# elif defined(__DJGPP__)
-+ {
-+ char *newname = NULL;
-+
-+ if (!HAS_LFN_SUPPORT(filename)) {
-+ char *iterator;
-+ char lastchar;
-+
-+ newname = OPENSSL_malloc(strlen(filename) + 1);
-+ if (newname == NULL)
-+ return NULL;
-+
-+ for (iterator = newname, lastchar = '\0';
-+ *filename; filename++, iterator++) {
-+ if (lastchar == '/' && filename[0] == '.'
-+ && filename[1] != '.' && filename[1] != '/') {
-+ /* Leading dots are not permitted in plain DOS. */
-+ *iterator = '_';
-+ } else {
-+ *iterator = *filename;
-+ }
-+ lastchar = *filename;
-+ }
-+ *iterator = '\0';
-+ filename = newname;
-+ }
-+ file = fopen(filename, mode);
-+
-+ OPENSSL_free(newname);
-+ }
-+# else
-+ file = fopen(filename, mode);
-+# endif
-+ return file;
-+}
-+
-+#else
-+
-+void *openssl_fopen(const char *filename, const char *mode)
-+{
-+ return NULL;
-+}
-+
-+#endif
---- a/crypto/o_init.c
-+++ b/crypto/o_init.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <e_os.h>
---- a/crypto/o_str.c
-+++ b/crypto/o_str.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2003.
-- */
--/* ====================================================================
-- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <ctype.h>
-@@ -63,49 +14,6 @@
- #include "internal/cryptlib.h"
- #include "internal/o_str.h"
-
--#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
-- !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && \
-- !defined(NETWARE_CLIB)
--# include <strings.h>
--#endif
--
--int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
--{
--#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-- while (*str1 && *str2 && n) {
-- int res = toupper(*str1) - toupper(*str2);
-- if (res)
-- return res < 0 ? -1 : 1;
-- str1++;
-- str2++;
-- n--;
-- }
-- if (n == 0)
-- return 0;
-- if (*str1)
-- return 1;
-- if (*str2)
-- return -1;
-- return 0;
--#else
-- /*
-- * Recursion hazard warning! Whenever strncasecmp is #defined as
-- * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
-- * well.
-- */
-- return strncasecmp(str1, str2, n);
--#endif
--}
--
--int OPENSSL_strcasecmp(const char *str1, const char *str2)
--{
--#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-- return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
--#else
-- return strcasecmp(str1, str2);
--#endif
--}
--
- int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
- {
- const unsigned char *c1 = v1, *c2 = v2;
-@@ -290,7 +198,12 @@ char *OPENSSL_buf2hexstr(const unsigned
- const unsigned char *p;
- int i;
-
-- if ((tmp = OPENSSL_malloc(len * 3 + 1)) == NULL) {
-+ if (len == 0)
-+ {
-+ return OPENSSL_zalloc(1);
-+ }
-+
-+ if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {
- CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-@@ -307,3 +220,31 @@ char *OPENSSL_buf2hexstr(const unsigned
-
- return tmp;
- }
-+
-+int openssl_strerror_r(int errnum, char *buf, size_t buflen)
-+{
-+#if defined(_MSC_VER) && _MSC_VER>=1400
-+ return !strerror_s(buf, buflen, errnum);
-+#elif defined(_GNU_SOURCE)
-+ return strerror_r(errnum, buf, buflen) != NULL;
-+#elif (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)
-+ /*
-+ * We can use "real" strerror_r. The OpenSSL version differs in that it
-+ * gives 1 on success and 0 on failure for consistency with other OpenSSL
-+ * functions. Real strerror_r does it the other way around
-+ */
-+ return !strerror_r(errnum, buf, buflen);
-+#else
-+ char *err;
-+ /* Fall back to non-thread safe strerror()...its all we can do */
-+ if (buflen < 2)
-+ return 0;
-+ err = strerror(errnum);
-+ /* Can this ever happen? */
-+ if (err == NULL)
-+ return 0;
-+ strncpy(buf, err, buflen - 1);
-+ buf[buflen - 1] = '\0';
-+ return 1;
-+#endif
-+}
---- a/crypto/o_time.c
-+++ b/crypto/o_time.c
-@@ -1,63 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2001.
-- */
--/*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2008.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/e_os2.h>
---- a/crypto/objects/Makefile.in
-+++ /dev/null
-@@ -1,58 +0,0 @@
--#
--# OpenSSL/crypto/objects/Makefile
--#
--
--DIR= objects
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--PERL= perl
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
--LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o
--
--SRC= $(LIBSRC)
--
--HEADER= obj_dat.h obj_xref.h obj_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: obj_dat.h obj_xref.h lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--obj_dat.h: obj_dat.pl ../../include/openssl/obj_mac.h
-- $(PERL) obj_dat.pl ../../include/openssl/obj_mac.h obj_dat.h
--
--# objects.pl both reads and writes obj_mac.num
--../../include/openssl/obj_mac.h: objects.pl objects.txt obj_mac.num
-- $(PERL) objects.pl objects.txt obj_mac.num ../../include/openssl/obj_mac.h
-- @sleep 1; touch ../../include/openssl/obj_mac.h; sleep 1
--
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-- $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
-- @sleep 1; touch obj_xref.h; sleep 1
--
--generate: obj_dat.h ../../include/openssl/obj_mac.h obj_xref.h
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- /dev/null
-+++ b/crypto/objects/README
-@@ -0,0 +1,44 @@
-+objects.txt syntax
-+------------------
-+
-+To cover all the naming hacks that were previously in objects.h needed some
-+kind of hacks in objects.txt.
-+
-+The basic syntax for adding an object is as follows:
-+
-+ 1 2 3 4 : shortName : Long Name
-+
-+ If Long Name contains only word characters and hyphen-minus
-+ (0x2D) or full stop (0x2E) then Long Name is used as basis
-+ for the base name in C. Otherwise, the shortName is used.
-+
-+ The base name (let's call it 'base') will then be used to
-+ create the C macros SN_base, LN_base, NID_base and OBJ_base.
-+
-+ Note that if the base name contains spaces, dashes or periods,
-+ those will be converte to underscore.
-+
-+Then there are some extra commands:
-+
-+ !Alias foo 1 2 3 4
-+
-+ This just makes a name foo for an OID. The C macro
-+ OBJ_foo will be created as a result.
-+
-+ !Cname foo
-+
-+ This makes sure that the name foo will be used as base name
-+ in C.
-+
-+ !module foo
-+ 1 2 3 4 : shortName : Long Name
-+ !global
-+
-+ The !module command was meant to define a kind of modularity.
-+ What it does is to make sure the module name is prepended
-+ to the base name. !global turns this off. This construction
-+ is not recursive.
-+
-+Lines starting with # are treated as comments, as well as any line starting
-+with ! and not matching the commands above.
-+
---- a/crypto/objects/o_names.c
-+++ b/crypto/objects/o_names.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -23,7 +32,7 @@
- #if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
- static int obj_strcmp(const char *a, const char *b)
- {
-- return strcmp(a, b);
-+ return strcmp(a, b);
- }
- #else
- #define obj_strcmp strcmp
-@@ -67,8 +76,7 @@ int OBJ_NAME_new_index(unsigned long (*h
- int (*cmp_func) (const char *, const char *),
- void (*free_func) (const char *, int, const char *))
- {
-- int ret;
-- int i;
-+ int ret, i, push;
- NAME_FUNCS *name_funcs;
-
- if (name_funcs_stack == NULL) {
-@@ -90,11 +98,18 @@ int OBJ_NAME_new_index(unsigned long (*h
- OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
- return (0);
- }
-- name_funcs->hash_func = lh_strhash;
-+ name_funcs->hash_func = OPENSSL_LH_strhash;
- name_funcs->cmp_func = obj_strcmp;
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-- sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
-+
-+ push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-+
-+ if (!push) {
-+ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
-+ OPENSSL_free(name_funcs);
-+ return 0;
-+ }
- }
- name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
- if (hash_func != NULL)
-@@ -132,7 +147,7 @@ static unsigned long obj_name_hash(const
- sk_NAME_FUNCS_value(name_funcs_stack,
- a->type)->hash_func(a->name);
- } else {
-- ret = lh_strhash(a->name);
-+ ret = OPENSSL_LH_strhash(a->name);
- }
- ret ^= a->type;
- return (ret);
-@@ -182,7 +197,7 @@ int OBJ_NAME_add(const char *name, int t
- onp = OPENSSL_malloc(sizeof(*onp));
- if (onp == NULL) {
- /* ERROR */
-- return (0);
-+ return 0;
- }
-
- onp->name = name;
-@@ -207,10 +222,11 @@ int OBJ_NAME_add(const char *name, int t
- } else {
- if (lh_OBJ_NAME_error(names_lh)) {
- /* ERROR */
-- return (0);
-+ OPENSSL_free(onp);
-+ return 0;
- }
- }
-- return (1);
-+ return 1;
- }
-
- int OBJ_NAME_remove(const char *name, int type)
---- a/crypto/objects/obj_dat.c
-+++ b/crypto/objects/obj_dat.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -116,10 +68,10 @@ static unsigned long added_obj_hash(cons
- ret ^= p[i] << ((i * 3) % 24);
- break;
- case ADDED_SNAME:
-- ret = lh_strhash(a->sn);
-+ ret = OPENSSL_LH_strhash(a->sn);
- break;
- case ADDED_LNAME:
-- ret = lh_strhash(a->ln);
-+ ret = OPENSSL_LH_strhash(a->ln);
- break;
- case ADDED_NID:
- ret = a->nid;
-@@ -247,7 +199,7 @@ int OBJ_add_object(const ASN1_OBJECT *ob
- ao[i]->type = i;
- ao[i]->obj = o;
- aop = lh_ADDED_OBJ_insert(added, ao[i]);
-- /* memory leak, buit should not normally matter */
-+ /* memory leak, but should not normally matter */
- OPENSSL_free(aop);
- }
- }
-@@ -727,30 +679,36 @@ int OBJ_create_objects(BIO *in)
-
- int OBJ_create(const char *oid, const char *sn, const char *ln)
- {
-+ ASN1_OBJECT *tmpoid = NULL;
- int ok = 0;
-- ASN1_OBJECT *op = NULL;
-- unsigned char *buf;
-- int i;
-
-- i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
-- if (i <= 0)
-- return (0);
--
-- if ((buf = OPENSSL_malloc(i)) == NULL) {
-- OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
-- return (0);
-+ /* Check to see if short or long name already present */
-+ if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) {
-+ OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
-+ return 0;
- }
-- i = a2d_ASN1_OBJECT(buf, i, oid, -1);
-- if (i == 0)
-- goto err;
-- op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
-- if (op == NULL)
-+
-+ /* Convert numerical OID string to an ASN1_OBJECT structure */
-+ tmpoid = OBJ_txt2obj(oid, 1);
-+
-+ /* If NID is not NID_undef then object already exists */
-+ if (OBJ_obj2nid(tmpoid) != NID_undef) {
-+ OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
- goto err;
-- ok = OBJ_add_object(op);
-+ }
-+
-+ tmpoid->nid = OBJ_new_nid(1);
-+ tmpoid->sn = (char *)sn;
-+ tmpoid->ln = (char *)ln;
-+
-+ ok = OBJ_add_object(tmpoid);
-+
-+ tmpoid->sn = NULL;
-+ tmpoid->ln = NULL;
-+
- err:
-- ASN1_OBJECT_free(op);
-- OPENSSL_free(buf);
-- return (ok);
-+ ASN1_OBJECT_free(tmpoid);
-+ return ok;
- }
-
- size_t OBJ_length(const ASN1_OBJECT *obj)
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -1,5792 +1,5101 @@
--/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
-- * following command:
-- * perl obj_dat.pl obj_mac.h obj_dat.h
-- */
--
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/obj_dat.pl
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--#define NUM_NID 1058
--#define NUM_SN 1049
--#define NUM_LN 1049
--#define NUM_OBJ 953
--
--static const unsigned char lvalues[6744]={
--0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
--0x55, /* [ 82] OBJ_X500 */
--0x55,0x04, /* [ 83] OBJ_X509 */
--0x55,0x04,0x03, /* [ 85] OBJ_commonName */
--0x55,0x04,0x06, /* [ 88] OBJ_countryName */
--0x55,0x04,0x07, /* [ 91] OBJ_localityName */
--0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */
--0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */
--0x55,0x04,0x0B, /* [100] OBJ_organizationalUnitName */
--0x55,0x08,0x01,0x01, /* [103] OBJ_rsa */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [107] OBJ_pkcs7 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [169] OBJ_pkcs3 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
--0x2B,0x0E,0x03,0x02,0x06, /* [186] OBJ_des_ecb */
--0x2B,0x0E,0x03,0x02,0x09, /* [191] OBJ_des_cfb64 */
--0x2B,0x0E,0x03,0x02,0x07, /* [196] OBJ_des_cbc */
--0x2B,0x0E,0x03,0x02,0x11, /* [201] OBJ_des_ede_ecb */
--0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [217] OBJ_rc2_cbc */
--0x2B,0x0E,0x03,0x02,0x12, /* [225] OBJ_sha */
--0x2B,0x0E,0x03,0x02,0x0F, /* [230] OBJ_shaWithRSAEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [235] OBJ_des_ede3_cbc */
--0x2B,0x0E,0x03,0x02,0x08, /* [243] OBJ_des_ofb64 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [248] OBJ_pkcs9 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [337] OBJ_netscape */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [344] OBJ_netscape_cert_extension */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [352] OBJ_netscape_data_type */
--0x2B,0x0E,0x03,0x02,0x1A, /* [360] OBJ_sha1 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */
--0x2B,0x0E,0x03,0x02,0x0D, /* [374] OBJ_dsaWithSHA */
--0x2B,0x0E,0x03,0x02,0x0C, /* [379] OBJ_dsa_2 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */
--0x2B,0x0E,0x03,0x02,0x1B, /* [402] OBJ_dsaWithSHA1_2 */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */
--0x55,0x1D, /* [488] OBJ_id_ce */
--0x55,0x1D,0x0E, /* [490] OBJ_subject_key_identifier */
--0x55,0x1D,0x0F, /* [493] OBJ_key_usage */
--0x55,0x1D,0x10, /* [496] OBJ_private_key_usage_period */
--0x55,0x1D,0x11, /* [499] OBJ_subject_alt_name */
--0x55,0x1D,0x12, /* [502] OBJ_issuer_alt_name */
--0x55,0x1D,0x13, /* [505] OBJ_basic_constraints */
--0x55,0x1D,0x14, /* [508] OBJ_crl_number */
--0x55,0x1D,0x20, /* [511] OBJ_certificate_policies */
--0x55,0x1D,0x23, /* [514] OBJ_authority_key_identifier */
--0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */
--0x55,0x08,0x03,0x65, /* [526] OBJ_mdc2 */
--0x55,0x08,0x03,0x64, /* [530] OBJ_mdc2WithRSA */
--0x55,0x04,0x2A, /* [534] OBJ_givenName */
--0x55,0x04,0x04, /* [537] OBJ_surname */
--0x55,0x04,0x2B, /* [540] OBJ_initials */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C,/* [543] OBJ_uniqueIdentifier */
--0x55,0x1D,0x1F, /* [553] OBJ_crl_distribution_points */
--0x2B,0x0E,0x03,0x02,0x03, /* [556] OBJ_md5WithRSA */
--0x55,0x04,0x05, /* [561] OBJ_serialNumber */
--0x55,0x04,0x0C, /* [564] OBJ_title */
--0x55,0x04,0x0D, /* [567] OBJ_description */
--0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [570] OBJ_cast5_cbc */
--0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [579] OBJ_pbeWithMD5AndCast5_CBC */
--0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [588] OBJ_dsaWithSHA1 */
--0x2B,0x0E,0x03,0x02,0x1D, /* [595] OBJ_sha1WithRSA */
--0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [600] OBJ_dsa */
--0x2B,0x24,0x03,0x02,0x01, /* [607] OBJ_ripemd160 */
--0x2B,0x24,0x03,0x03,0x01,0x02, /* [612] OBJ_ripemd160WithRSA */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [618] OBJ_rc5_cbc */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [626] OBJ_zlib_compression */
--0x55,0x1D,0x25, /* [637] OBJ_ext_key_usage */
--0x2B,0x06,0x01,0x05,0x05,0x07, /* [640] OBJ_id_pkix */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [646] OBJ_id_kp */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [653] OBJ_server_auth */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [661] OBJ_client_auth */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [669] OBJ_code_sign */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [677] OBJ_email_protect */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [685] OBJ_time_stamp */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [693] OBJ_ms_code_ind */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [703] OBJ_ms_code_com */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [713] OBJ_ms_ctl_sign */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [723] OBJ_ms_sgc */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [733] OBJ_ms_efs */
--0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [743] OBJ_ns_sgc */
--0x55,0x1D,0x1B, /* [752] OBJ_delta_crl */
--0x55,0x1D,0x15, /* [755] OBJ_crl_reason */
--0x55,0x1D,0x18, /* [758] OBJ_invalidity_date */
--0x2B,0x65,0x01,0x04,0x01, /* [761] OBJ_sxnet */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [766] OBJ_pbe_WithSHA1And128BitRC4 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [776] OBJ_pbe_WithSHA1And40BitRC4 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [806] OBJ_pbe_WithSHA1And128BitRC2_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [816] OBJ_pbe_WithSHA1And40BitRC2_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [826] OBJ_keyBag */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [837] OBJ_pkcs8ShroudedKeyBag */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [848] OBJ_certBag */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [859] OBJ_crlBag */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [870] OBJ_secretBag */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [881] OBJ_safeContentsBag */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [892] OBJ_friendlyName */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [901] OBJ_localKeyID */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [910] OBJ_x509Certificate */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [920] OBJ_sdsiCertificate */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [930] OBJ_x509Crl */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [940] OBJ_pbes2 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [949] OBJ_pbmac1 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [958] OBJ_hmacWithSHA1 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [966] OBJ_id_qt_cps */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [974] OBJ_id_qt_unotice */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [982] OBJ_SMIMECapabilities */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [991] OBJ_pbeWithMD2AndRC2_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [1000] OBJ_pbeWithMD5AndRC2_CBC */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1009] OBJ_pbeWithSHA1AndDES_CBC */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1018] OBJ_ms_ext_req */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1028] OBJ_ext_req */
--0x55,0x04,0x29, /* [1037] OBJ_name */
--0x55,0x04,0x2E, /* [1040] OBJ_dnQualifier */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1043] OBJ_id_pe */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1050] OBJ_id_ad */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1057] OBJ_info_access */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1065] OBJ_ad_OCSP */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1073] OBJ_ad_ca_issuers */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1081] OBJ_OCSP_sign */
--0x2A, /* [1089] OBJ_member_body */
--0x2A,0x86,0x48, /* [1090] OBJ_ISO_US */
--0x2A,0x86,0x48,0xCE,0x38, /* [1093] OBJ_X9_57 */
--0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1098] OBJ_X9cm */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1104] OBJ_pkcs1 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1112] OBJ_pkcs5 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1120] OBJ_SMIME */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1129] OBJ_id_smime_mod */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1139] OBJ_id_smime_ct */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1149] OBJ_id_smime_aa */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1159] OBJ_id_smime_alg */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1169] OBJ_id_smime_cd */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1179] OBJ_id_smime_spq */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1189] OBJ_id_smime_cti */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1199] OBJ_id_smime_mod_cms */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1210] OBJ_id_smime_mod_ess */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1221] OBJ_id_smime_mod_oid */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1232] OBJ_id_smime_mod_msg_v3 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1243] OBJ_id_smime_mod_ets_eSignature_88 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1254] OBJ_id_smime_mod_ets_eSignature_97 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1287] OBJ_id_smime_ct_receipt */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1298] OBJ_id_smime_ct_authData */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1309] OBJ_id_smime_ct_publishCert */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1320] OBJ_id_smime_ct_TSTInfo */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1331] OBJ_id_smime_ct_TDTInfo */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1342] OBJ_id_smime_ct_contentInfo */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1353] OBJ_id_smime_ct_DVCSRequestData */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1364] OBJ_id_smime_ct_DVCSResponseData */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1375] OBJ_id_smime_aa_receiptRequest */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1386] OBJ_id_smime_aa_securityLabel */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1397] OBJ_id_smime_aa_mlExpandHistory */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1408] OBJ_id_smime_aa_contentHint */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1419] OBJ_id_smime_aa_msgSigDigest */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1430] OBJ_id_smime_aa_encapContentType */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1441] OBJ_id_smime_aa_contentIdentifier */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1452] OBJ_id_smime_aa_macValue */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1463] OBJ_id_smime_aa_equivalentLabels */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1474] OBJ_id_smime_aa_contentReference */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1485] OBJ_id_smime_aa_encrypKeyPref */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1496] OBJ_id_smime_aa_signingCertificate */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1507] OBJ_id_smime_aa_smimeEncryptCerts */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1518] OBJ_id_smime_aa_timeStampToken */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1529] OBJ_id_smime_aa_ets_sigPolicyId */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1540] OBJ_id_smime_aa_ets_commitmentType */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1551] OBJ_id_smime_aa_ets_signerLocation */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1562] OBJ_id_smime_aa_ets_signerAttr */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1573] OBJ_id_smime_aa_ets_otherSigCert */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1584] OBJ_id_smime_aa_ets_contentTimestamp */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1595] OBJ_id_smime_aa_ets_CertificateRefs */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1606] OBJ_id_smime_aa_ets_RevocationRefs */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1617] OBJ_id_smime_aa_ets_certValues */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1628] OBJ_id_smime_aa_ets_revocationValues */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1639] OBJ_id_smime_aa_ets_escTimeStamp */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1650] OBJ_id_smime_aa_ets_certCRLTimestamp */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1661] OBJ_id_smime_aa_ets_archiveTimeStamp */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1672] OBJ_id_smime_aa_signatureType */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1683] OBJ_id_smime_aa_dvcs_dvc */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1694] OBJ_id_smime_alg_ESDHwith3DES */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1705] OBJ_id_smime_alg_ESDHwithRC2 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1716] OBJ_id_smime_alg_3DESwrap */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1727] OBJ_id_smime_alg_RC2wrap */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1738] OBJ_id_smime_alg_ESDH */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1749] OBJ_id_smime_alg_CMS3DESwrap */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1760] OBJ_id_smime_alg_CMSRC2wrap */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1771] OBJ_id_smime_cd_ldap */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1782] OBJ_id_smime_spq_ets_sqt_uri */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1793] OBJ_id_smime_spq_ets_sqt_unotice */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1804] OBJ_id_smime_cti_ets_proofOfOrigin */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1815] OBJ_id_smime_cti_ets_proofOfReceipt */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1826] OBJ_id_smime_cti_ets_proofOfDelivery */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1837] OBJ_id_smime_cti_ets_proofOfSender */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1848] OBJ_id_smime_cti_ets_proofOfApproval */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1859] OBJ_id_smime_cti_ets_proofOfCreation */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1870] OBJ_md4 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1878] OBJ_id_pkix_mod */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1885] OBJ_id_qt */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1892] OBJ_id_it */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1899] OBJ_id_pkip */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1906] OBJ_id_alg */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1913] OBJ_id_cmc */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1920] OBJ_id_on */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1927] OBJ_id_pda */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1934] OBJ_id_aca */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1941] OBJ_id_qcs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1948] OBJ_id_cct */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1955] OBJ_id_pkix1_explicit_88 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1963] OBJ_id_pkix1_implicit_88 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1971] OBJ_id_pkix1_explicit_93 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1979] OBJ_id_pkix1_implicit_93 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1987] OBJ_id_mod_crmf */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1995] OBJ_id_mod_cmc */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2003] OBJ_id_mod_kea_profile_88 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2011] OBJ_id_mod_kea_profile_93 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2019] OBJ_id_mod_cmp */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2027] OBJ_id_mod_qualified_cert_88 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2035] OBJ_id_mod_qualified_cert_93 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2043] OBJ_id_mod_attribute_cert */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2051] OBJ_id_mod_timestamp_protocol */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2059] OBJ_id_mod_ocsp */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2067] OBJ_id_mod_dvcs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2075] OBJ_id_mod_cmp2000 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2083] OBJ_biometricInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2091] OBJ_qcStatements */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2099] OBJ_ac_auditEntity */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2107] OBJ_ac_targeting */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2115] OBJ_aaControls */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2123] OBJ_sbgp_ipAddrBlock */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2131] OBJ_sbgp_autonomousSysNum */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2139] OBJ_sbgp_routerIdentifier */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2147] OBJ_textNotice */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2155] OBJ_ipsecEndSystem */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2163] OBJ_ipsecTunnel */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2171] OBJ_ipsecUser */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2179] OBJ_dvcs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2187] OBJ_id_it_caProtEncCert */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2195] OBJ_id_it_signKeyPairTypes */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2203] OBJ_id_it_encKeyPairTypes */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2211] OBJ_id_it_preferredSymmAlg */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2219] OBJ_id_it_caKeyUpdateInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2227] OBJ_id_it_currentCRL */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2235] OBJ_id_it_unsupportedOIDs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2243] OBJ_id_it_subscriptionRequest */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2251] OBJ_id_it_subscriptionResponse */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2259] OBJ_id_it_keyPairParamReq */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2267] OBJ_id_it_keyPairParamRep */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2275] OBJ_id_it_revPassphrase */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2283] OBJ_id_it_implicitConfirm */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2291] OBJ_id_it_confirmWaitTime */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2299] OBJ_id_it_origPKIMessage */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2307] OBJ_id_regCtrl */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2315] OBJ_id_regInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2323] OBJ_id_regCtrl_regToken */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2332] OBJ_id_regCtrl_authenticator */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2341] OBJ_id_regCtrl_pkiPublicationInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2350] OBJ_id_regCtrl_pkiArchiveOptions */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2359] OBJ_id_regCtrl_oldCertID */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2368] OBJ_id_regCtrl_protocolEncrKey */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2377] OBJ_id_regInfo_utf8Pairs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2386] OBJ_id_regInfo_certReq */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2395] OBJ_id_alg_des40 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2403] OBJ_id_alg_noSignature */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2411] OBJ_id_alg_dh_sig_hmac_sha1 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2419] OBJ_id_alg_dh_pop */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2427] OBJ_id_cmc_statusInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2435] OBJ_id_cmc_identification */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2443] OBJ_id_cmc_identityProof */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2451] OBJ_id_cmc_dataReturn */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2459] OBJ_id_cmc_transactionId */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2467] OBJ_id_cmc_senderNonce */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2475] OBJ_id_cmc_recipientNonce */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2483] OBJ_id_cmc_addExtensions */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2491] OBJ_id_cmc_encryptedPOP */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2499] OBJ_id_cmc_decryptedPOP */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2507] OBJ_id_cmc_lraPOPWitness */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2515] OBJ_id_cmc_getCert */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2523] OBJ_id_cmc_getCRL */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2531] OBJ_id_cmc_revokeRequest */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2539] OBJ_id_cmc_regInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2547] OBJ_id_cmc_responseInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2555] OBJ_id_cmc_queryPending */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2563] OBJ_id_cmc_popLinkRandom */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2571] OBJ_id_cmc_popLinkWitness */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2579] OBJ_id_cmc_confirmCertAcceptance */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2587] OBJ_id_on_personalData */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2595] OBJ_id_pda_dateOfBirth */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2603] OBJ_id_pda_placeOfBirth */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2611] OBJ_id_pda_gender */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2619] OBJ_id_pda_countryOfCitizenship */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2627] OBJ_id_pda_countryOfResidence */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2635] OBJ_id_aca_authenticationInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2643] OBJ_id_aca_accessIdentity */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2651] OBJ_id_aca_chargingIdentity */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2659] OBJ_id_aca_group */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2667] OBJ_id_aca_role */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2675] OBJ_id_qcs_pkixQCSyntax_v1 */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2683] OBJ_id_cct_crs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2691] OBJ_id_cct_PKIData */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2699] OBJ_id_cct_PKIResponse */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2707] OBJ_ad_timeStamping */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2715] OBJ_ad_dvcs */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2723] OBJ_id_pkix_OCSP_basic */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2732] OBJ_id_pkix_OCSP_Nonce */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2741] OBJ_id_pkix_OCSP_CrlID */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2750] OBJ_id_pkix_OCSP_acceptableResponses */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2759] OBJ_id_pkix_OCSP_noCheck */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2768] OBJ_id_pkix_OCSP_archiveCutoff */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2777] OBJ_id_pkix_OCSP_serviceLocator */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2786] OBJ_id_pkix_OCSP_extendedStatus */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2795] OBJ_id_pkix_OCSP_valid */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2804] OBJ_id_pkix_OCSP_path */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2813] OBJ_id_pkix_OCSP_trustRoot */
--0x2B,0x0E,0x03,0x02, /* [2822] OBJ_algorithm */
--0x2B,0x0E,0x03,0x02,0x0B, /* [2826] OBJ_rsaSignature */
--0x55,0x08, /* [2831] OBJ_X500algorithms */
--0x2B, /* [2833] OBJ_org */
--0x2B,0x06, /* [2834] OBJ_dod */
--0x2B,0x06,0x01, /* [2836] OBJ_iana */
--0x2B,0x06,0x01,0x01, /* [2839] OBJ_Directory */
--0x2B,0x06,0x01,0x02, /* [2843] OBJ_Management */
--0x2B,0x06,0x01,0x03, /* [2847] OBJ_Experimental */
--0x2B,0x06,0x01,0x04, /* [2851] OBJ_Private */
--0x2B,0x06,0x01,0x05, /* [2855] OBJ_Security */
--0x2B,0x06,0x01,0x06, /* [2859] OBJ_SNMPv2 */
--0x2B,0x06,0x01,0x07, /* [2863] OBJ_Mail */
--0x2B,0x06,0x01,0x04,0x01, /* [2867] OBJ_Enterprises */
--0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2872] OBJ_dcObject */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2881] OBJ_domainComponent */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2891] OBJ_Domain */
--0x55,0x01,0x05, /* [2901] OBJ_selected_attribute_types */
--0x55,0x01,0x05,0x37, /* [2904] OBJ_clearance */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2908] OBJ_md4WithRSAEncryption */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2917] OBJ_ac_proxying */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2925] OBJ_sinfo_access */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2933] OBJ_id_aca_encAttrs */
--0x55,0x04,0x48, /* [2941] OBJ_role */
--0x55,0x1D,0x24, /* [2944] OBJ_policy_constraints */
--0x55,0x1D,0x37, /* [2947] OBJ_target_information */
--0x55,0x1D,0x38, /* [2950] OBJ_no_rev_avail */
--0x2A,0x86,0x48,0xCE,0x3D, /* [2953] OBJ_ansi_X9_62 */
--0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2958] OBJ_X9_62_prime_field */
--0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2965] OBJ_X9_62_characteristic_two_field */
--0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2972] OBJ_X9_62_id_ecPublicKey */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2979] OBJ_X9_62_prime192v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2987] OBJ_X9_62_prime192v2 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2995] OBJ_X9_62_prime192v3 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3003] OBJ_X9_62_prime239v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3011] OBJ_X9_62_prime239v2 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3019] OBJ_X9_62_prime239v3 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3027] OBJ_X9_62_prime256v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3035] OBJ_ecdsa_with_SHA1 */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */
--0x55,0x1D,0x17, /* [3159] OBJ_hold_instruction_code */
--0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3162] OBJ_hold_instruction_none */
--0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3169] OBJ_hold_instruction_call_issuer */
--0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3176] OBJ_hold_instruction_reject */
--0x09, /* [3183] OBJ_data */
--0x09,0x92,0x26, /* [3184] OBJ_pss */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3187] OBJ_ucl */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3194] OBJ_pilot */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */
--0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */
--0x55,0x04,0x2D, /* [3848] OBJ_x500UniqueIdentifier */
--0x2B,0x06,0x01,0x07,0x01, /* [3851] OBJ_mime_mhs */
--0x2B,0x06,0x01,0x07,0x01,0x01, /* [3856] OBJ_mime_mhs_headings */
--0x2B,0x06,0x01,0x07,0x01,0x02, /* [3862] OBJ_mime_mhs_bodies */
--0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3868] OBJ_id_hex_partial_message */
--0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3875] OBJ_id_hex_multipart_message */
--0x55,0x04,0x2C, /* [3882] OBJ_generationQualifier */
--0x55,0x04,0x41, /* [3885] OBJ_pseudonym */
--0x67,0x2A, /* [3888] OBJ_id_set */
--0x67,0x2A,0x00, /* [3890] OBJ_set_ctype */
--0x67,0x2A,0x01, /* [3893] OBJ_set_msgExt */
--0x67,0x2A,0x03, /* [3896] OBJ_set_attr */
--0x67,0x2A,0x05, /* [3899] OBJ_set_policy */
--0x67,0x2A,0x07, /* [3902] OBJ_set_certExt */
--0x67,0x2A,0x08, /* [3905] OBJ_set_brand */
--0x67,0x2A,0x00,0x00, /* [3908] OBJ_setct_PANData */
--0x67,0x2A,0x00,0x01, /* [3912] OBJ_setct_PANToken */
--0x67,0x2A,0x00,0x02, /* [3916] OBJ_setct_PANOnly */
--0x67,0x2A,0x00,0x03, /* [3920] OBJ_setct_OIData */
--0x67,0x2A,0x00,0x04, /* [3924] OBJ_setct_PI */
--0x67,0x2A,0x00,0x05, /* [3928] OBJ_setct_PIData */
--0x67,0x2A,0x00,0x06, /* [3932] OBJ_setct_PIDataUnsigned */
--0x67,0x2A,0x00,0x07, /* [3936] OBJ_setct_HODInput */
--0x67,0x2A,0x00,0x08, /* [3940] OBJ_setct_AuthResBaggage */
--0x67,0x2A,0x00,0x09, /* [3944] OBJ_setct_AuthRevReqBaggage */
--0x67,0x2A,0x00,0x0A, /* [3948] OBJ_setct_AuthRevResBaggage */
--0x67,0x2A,0x00,0x0B, /* [3952] OBJ_setct_CapTokenSeq */
--0x67,0x2A,0x00,0x0C, /* [3956] OBJ_setct_PInitResData */
--0x67,0x2A,0x00,0x0D, /* [3960] OBJ_setct_PI_TBS */
--0x67,0x2A,0x00,0x0E, /* [3964] OBJ_setct_PResData */
--0x67,0x2A,0x00,0x10, /* [3968] OBJ_setct_AuthReqTBS */
--0x67,0x2A,0x00,0x11, /* [3972] OBJ_setct_AuthResTBS */
--0x67,0x2A,0x00,0x12, /* [3976] OBJ_setct_AuthResTBSX */
--0x67,0x2A,0x00,0x13, /* [3980] OBJ_setct_AuthTokenTBS */
--0x67,0x2A,0x00,0x14, /* [3984] OBJ_setct_CapTokenData */
--0x67,0x2A,0x00,0x15, /* [3988] OBJ_setct_CapTokenTBS */
--0x67,0x2A,0x00,0x16, /* [3992] OBJ_setct_AcqCardCodeMsg */
--0x67,0x2A,0x00,0x17, /* [3996] OBJ_setct_AuthRevReqTBS */
--0x67,0x2A,0x00,0x18, /* [4000] OBJ_setct_AuthRevResData */
--0x67,0x2A,0x00,0x19, /* [4004] OBJ_setct_AuthRevResTBS */
--0x67,0x2A,0x00,0x1A, /* [4008] OBJ_setct_CapReqTBS */
--0x67,0x2A,0x00,0x1B, /* [4012] OBJ_setct_CapReqTBSX */
--0x67,0x2A,0x00,0x1C, /* [4016] OBJ_setct_CapResData */
--0x67,0x2A,0x00,0x1D, /* [4020] OBJ_setct_CapRevReqTBS */
--0x67,0x2A,0x00,0x1E, /* [4024] OBJ_setct_CapRevReqTBSX */
--0x67,0x2A,0x00,0x1F, /* [4028] OBJ_setct_CapRevResData */
--0x67,0x2A,0x00,0x20, /* [4032] OBJ_setct_CredReqTBS */
--0x67,0x2A,0x00,0x21, /* [4036] OBJ_setct_CredReqTBSX */
--0x67,0x2A,0x00,0x22, /* [4040] OBJ_setct_CredResData */
--0x67,0x2A,0x00,0x23, /* [4044] OBJ_setct_CredRevReqTBS */
--0x67,0x2A,0x00,0x24, /* [4048] OBJ_setct_CredRevReqTBSX */
--0x67,0x2A,0x00,0x25, /* [4052] OBJ_setct_CredRevResData */
--0x67,0x2A,0x00,0x26, /* [4056] OBJ_setct_PCertReqData */
--0x67,0x2A,0x00,0x27, /* [4060] OBJ_setct_PCertResTBS */
--0x67,0x2A,0x00,0x28, /* [4064] OBJ_setct_BatchAdminReqData */
--0x67,0x2A,0x00,0x29, /* [4068] OBJ_setct_BatchAdminResData */
--0x67,0x2A,0x00,0x2A, /* [4072] OBJ_setct_CardCInitResTBS */
--0x67,0x2A,0x00,0x2B, /* [4076] OBJ_setct_MeAqCInitResTBS */
--0x67,0x2A,0x00,0x2C, /* [4080] OBJ_setct_RegFormResTBS */
--0x67,0x2A,0x00,0x2D, /* [4084] OBJ_setct_CertReqData */
--0x67,0x2A,0x00,0x2E, /* [4088] OBJ_setct_CertReqTBS */
--0x67,0x2A,0x00,0x2F, /* [4092] OBJ_setct_CertResData */
--0x67,0x2A,0x00,0x30, /* [4096] OBJ_setct_CertInqReqTBS */
--0x67,0x2A,0x00,0x31, /* [4100] OBJ_setct_ErrorTBS */
--0x67,0x2A,0x00,0x32, /* [4104] OBJ_setct_PIDualSignedTBE */
--0x67,0x2A,0x00,0x33, /* [4108] OBJ_setct_PIUnsignedTBE */
--0x67,0x2A,0x00,0x34, /* [4112] OBJ_setct_AuthReqTBE */
--0x67,0x2A,0x00,0x35, /* [4116] OBJ_setct_AuthResTBE */
--0x67,0x2A,0x00,0x36, /* [4120] OBJ_setct_AuthResTBEX */
--0x67,0x2A,0x00,0x37, /* [4124] OBJ_setct_AuthTokenTBE */
--0x67,0x2A,0x00,0x38, /* [4128] OBJ_setct_CapTokenTBE */
--0x67,0x2A,0x00,0x39, /* [4132] OBJ_setct_CapTokenTBEX */
--0x67,0x2A,0x00,0x3A, /* [4136] OBJ_setct_AcqCardCodeMsgTBE */
--0x67,0x2A,0x00,0x3B, /* [4140] OBJ_setct_AuthRevReqTBE */
--0x67,0x2A,0x00,0x3C, /* [4144] OBJ_setct_AuthRevResTBE */
--0x67,0x2A,0x00,0x3D, /* [4148] OBJ_setct_AuthRevResTBEB */
--0x67,0x2A,0x00,0x3E, /* [4152] OBJ_setct_CapReqTBE */
--0x67,0x2A,0x00,0x3F, /* [4156] OBJ_setct_CapReqTBEX */
--0x67,0x2A,0x00,0x40, /* [4160] OBJ_setct_CapResTBE */
--0x67,0x2A,0x00,0x41, /* [4164] OBJ_setct_CapRevReqTBE */
--0x67,0x2A,0x00,0x42, /* [4168] OBJ_setct_CapRevReqTBEX */
--0x67,0x2A,0x00,0x43, /* [4172] OBJ_setct_CapRevResTBE */
--0x67,0x2A,0x00,0x44, /* [4176] OBJ_setct_CredReqTBE */
--0x67,0x2A,0x00,0x45, /* [4180] OBJ_setct_CredReqTBEX */
--0x67,0x2A,0x00,0x46, /* [4184] OBJ_setct_CredResTBE */
--0x67,0x2A,0x00,0x47, /* [4188] OBJ_setct_CredRevReqTBE */
--0x67,0x2A,0x00,0x48, /* [4192] OBJ_setct_CredRevReqTBEX */
--0x67,0x2A,0x00,0x49, /* [4196] OBJ_setct_CredRevResTBE */
--0x67,0x2A,0x00,0x4A, /* [4200] OBJ_setct_BatchAdminReqTBE */
--0x67,0x2A,0x00,0x4B, /* [4204] OBJ_setct_BatchAdminResTBE */
--0x67,0x2A,0x00,0x4C, /* [4208] OBJ_setct_RegFormReqTBE */
--0x67,0x2A,0x00,0x4D, /* [4212] OBJ_setct_CertReqTBE */
--0x67,0x2A,0x00,0x4E, /* [4216] OBJ_setct_CertReqTBEX */
--0x67,0x2A,0x00,0x4F, /* [4220] OBJ_setct_CertResTBE */
--0x67,0x2A,0x00,0x50, /* [4224] OBJ_setct_CRLNotificationTBS */
--0x67,0x2A,0x00,0x51, /* [4228] OBJ_setct_CRLNotificationResTBS */
--0x67,0x2A,0x00,0x52, /* [4232] OBJ_setct_BCIDistributionTBS */
--0x67,0x2A,0x01,0x01, /* [4236] OBJ_setext_genCrypt */
--0x67,0x2A,0x01,0x03, /* [4240] OBJ_setext_miAuth */
--0x67,0x2A,0x01,0x04, /* [4244] OBJ_setext_pinSecure */
--0x67,0x2A,0x01,0x05, /* [4248] OBJ_setext_pinAny */
--0x67,0x2A,0x01,0x07, /* [4252] OBJ_setext_track2 */
--0x67,0x2A,0x01,0x08, /* [4256] OBJ_setext_cv */
--0x67,0x2A,0x05,0x00, /* [4260] OBJ_set_policy_root */
--0x67,0x2A,0x07,0x00, /* [4264] OBJ_setCext_hashedRoot */
--0x67,0x2A,0x07,0x01, /* [4268] OBJ_setCext_certType */
--0x67,0x2A,0x07,0x02, /* [4272] OBJ_setCext_merchData */
--0x67,0x2A,0x07,0x03, /* [4276] OBJ_setCext_cCertRequired */
--0x67,0x2A,0x07,0x04, /* [4280] OBJ_setCext_tunneling */
--0x67,0x2A,0x07,0x05, /* [4284] OBJ_setCext_setExt */
--0x67,0x2A,0x07,0x06, /* [4288] OBJ_setCext_setQualf */
--0x67,0x2A,0x07,0x07, /* [4292] OBJ_setCext_PGWYcapabilities */
--0x67,0x2A,0x07,0x08, /* [4296] OBJ_setCext_TokenIdentifier */
--0x67,0x2A,0x07,0x09, /* [4300] OBJ_setCext_Track2Data */
--0x67,0x2A,0x07,0x0A, /* [4304] OBJ_setCext_TokenType */
--0x67,0x2A,0x07,0x0B, /* [4308] OBJ_setCext_IssuerCapabilities */
--0x67,0x2A,0x03,0x00, /* [4312] OBJ_setAttr_Cert */
--0x67,0x2A,0x03,0x01, /* [4316] OBJ_setAttr_PGWYcap */
--0x67,0x2A,0x03,0x02, /* [4320] OBJ_setAttr_TokenType */
--0x67,0x2A,0x03,0x03, /* [4324] OBJ_setAttr_IssCap */
--0x67,0x2A,0x03,0x00,0x00, /* [4328] OBJ_set_rootKeyThumb */
--0x67,0x2A,0x03,0x00,0x01, /* [4333] OBJ_set_addPolicy */
--0x67,0x2A,0x03,0x02,0x01, /* [4338] OBJ_setAttr_Token_EMV */
--0x67,0x2A,0x03,0x02,0x02, /* [4343] OBJ_setAttr_Token_B0Prime */
--0x67,0x2A,0x03,0x03,0x03, /* [4348] OBJ_setAttr_IssCap_CVM */
--0x67,0x2A,0x03,0x03,0x04, /* [4353] OBJ_setAttr_IssCap_T2 */
--0x67,0x2A,0x03,0x03,0x05, /* [4358] OBJ_setAttr_IssCap_Sig */
--0x67,0x2A,0x03,0x03,0x03,0x01, /* [4363] OBJ_setAttr_GenCryptgrm */
--0x67,0x2A,0x03,0x03,0x04,0x01, /* [4369] OBJ_setAttr_T2Enc */
--0x67,0x2A,0x03,0x03,0x04,0x02, /* [4375] OBJ_setAttr_T2cleartxt */
--0x67,0x2A,0x03,0x03,0x05,0x01, /* [4381] OBJ_setAttr_TokICCsig */
--0x67,0x2A,0x03,0x03,0x05,0x02, /* [4387] OBJ_setAttr_SecDevSig */
--0x67,0x2A,0x08,0x01, /* [4393] OBJ_set_brand_IATA_ATA */
--0x67,0x2A,0x08,0x1E, /* [4397] OBJ_set_brand_Diners */
--0x67,0x2A,0x08,0x22, /* [4401] OBJ_set_brand_AmericanExpress */
--0x67,0x2A,0x08,0x23, /* [4405] OBJ_set_brand_JCB */
--0x67,0x2A,0x08,0x04, /* [4409] OBJ_set_brand_Visa */
--0x67,0x2A,0x08,0x05, /* [4413] OBJ_set_brand_MasterCard */
--0x67,0x2A,0x08,0xAE,0x7B, /* [4417] OBJ_set_brand_Novus */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4422] OBJ_des_cdmf */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */
--0x67, /* [4439] OBJ_international_organizations */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4440] OBJ_ms_smartcard_login */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4450] OBJ_ms_upn */
--0x55,0x04,0x09, /* [4460] OBJ_streetAddress */
--0x55,0x04,0x11, /* [4463] OBJ_postalCode */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4466] OBJ_id_ppl */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4473] OBJ_proxyCertInfo */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4481] OBJ_id_ppl_anyLanguage */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4489] OBJ_id_ppl_inheritAll */
--0x55,0x1D,0x1E, /* [4497] OBJ_name_constraints */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4500] OBJ_Independent */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4508] OBJ_sha256WithRSAEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4517] OBJ_sha384WithRSAEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4526] OBJ_sha512WithRSAEncryption */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4535] OBJ_sha224WithRSAEncryption */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4544] OBJ_sha256 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4553] OBJ_sha384 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4562] OBJ_sha512 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4571] OBJ_sha224 */
--0x2B, /* [4580] OBJ_identified_organization */
--0x2B,0x81,0x04, /* [4581] OBJ_certicom_arc */
--0x67,0x2B, /* [4584] OBJ_wap */
--0x67,0x2B,0x01, /* [4586] OBJ_wap_wsg */
--0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4589] OBJ_X9_62_id_characteristic_two_basis */
--0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4597] OBJ_X9_62_onBasis */
--0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4606] OBJ_X9_62_tpBasis */
--0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4615] OBJ_X9_62_ppBasis */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4624] OBJ_X9_62_c2pnb163v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4632] OBJ_X9_62_c2pnb163v2 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4640] OBJ_X9_62_c2pnb163v3 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4648] OBJ_X9_62_c2pnb176v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4656] OBJ_X9_62_c2tnb191v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4664] OBJ_X9_62_c2tnb191v2 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4672] OBJ_X9_62_c2tnb191v3 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4680] OBJ_X9_62_c2onb191v4 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4688] OBJ_X9_62_c2onb191v5 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4696] OBJ_X9_62_c2pnb208w1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4704] OBJ_X9_62_c2tnb239v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4712] OBJ_X9_62_c2tnb239v2 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4720] OBJ_X9_62_c2tnb239v3 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4728] OBJ_X9_62_c2onb239v4 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4736] OBJ_X9_62_c2onb239v5 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4744] OBJ_X9_62_c2pnb272w1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4752] OBJ_X9_62_c2pnb304w1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4760] OBJ_X9_62_c2tnb359v1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4768] OBJ_X9_62_c2pnb368w1 */
--0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4776] OBJ_X9_62_c2tnb431r1 */
--0x2B,0x81,0x04,0x00,0x06, /* [4784] OBJ_secp112r1 */
--0x2B,0x81,0x04,0x00,0x07, /* [4789] OBJ_secp112r2 */
--0x2B,0x81,0x04,0x00,0x1C, /* [4794] OBJ_secp128r1 */
--0x2B,0x81,0x04,0x00,0x1D, /* [4799] OBJ_secp128r2 */
--0x2B,0x81,0x04,0x00,0x09, /* [4804] OBJ_secp160k1 */
--0x2B,0x81,0x04,0x00,0x08, /* [4809] OBJ_secp160r1 */
--0x2B,0x81,0x04,0x00,0x1E, /* [4814] OBJ_secp160r2 */
--0x2B,0x81,0x04,0x00,0x1F, /* [4819] OBJ_secp192k1 */
--0x2B,0x81,0x04,0x00,0x20, /* [4824] OBJ_secp224k1 */
--0x2B,0x81,0x04,0x00,0x21, /* [4829] OBJ_secp224r1 */
--0x2B,0x81,0x04,0x00,0x0A, /* [4834] OBJ_secp256k1 */
--0x2B,0x81,0x04,0x00,0x22, /* [4839] OBJ_secp384r1 */
--0x2B,0x81,0x04,0x00,0x23, /* [4844] OBJ_secp521r1 */
--0x2B,0x81,0x04,0x00,0x04, /* [4849] OBJ_sect113r1 */
--0x2B,0x81,0x04,0x00,0x05, /* [4854] OBJ_sect113r2 */
--0x2B,0x81,0x04,0x00,0x16, /* [4859] OBJ_sect131r1 */
--0x2B,0x81,0x04,0x00,0x17, /* [4864] OBJ_sect131r2 */
--0x2B,0x81,0x04,0x00,0x01, /* [4869] OBJ_sect163k1 */
--0x2B,0x81,0x04,0x00,0x02, /* [4874] OBJ_sect163r1 */
--0x2B,0x81,0x04,0x00,0x0F, /* [4879] OBJ_sect163r2 */
--0x2B,0x81,0x04,0x00,0x18, /* [4884] OBJ_sect193r1 */
--0x2B,0x81,0x04,0x00,0x19, /* [4889] OBJ_sect193r2 */
--0x2B,0x81,0x04,0x00,0x1A, /* [4894] OBJ_sect233k1 */
--0x2B,0x81,0x04,0x00,0x1B, /* [4899] OBJ_sect233r1 */
--0x2B,0x81,0x04,0x00,0x03, /* [4904] OBJ_sect239k1 */
--0x2B,0x81,0x04,0x00,0x10, /* [4909] OBJ_sect283k1 */
--0x2B,0x81,0x04,0x00,0x11, /* [4914] OBJ_sect283r1 */
--0x2B,0x81,0x04,0x00,0x24, /* [4919] OBJ_sect409k1 */
--0x2B,0x81,0x04,0x00,0x25, /* [4924] OBJ_sect409r1 */
--0x2B,0x81,0x04,0x00,0x26, /* [4929] OBJ_sect571k1 */
--0x2B,0x81,0x04,0x00,0x27, /* [4934] OBJ_sect571r1 */
--0x67,0x2B,0x01,0x04,0x01, /* [4939] OBJ_wap_wsg_idm_ecid_wtls1 */
--0x67,0x2B,0x01,0x04,0x03, /* [4944] OBJ_wap_wsg_idm_ecid_wtls3 */
--0x67,0x2B,0x01,0x04,0x04, /* [4949] OBJ_wap_wsg_idm_ecid_wtls4 */
--0x67,0x2B,0x01,0x04,0x05, /* [4954] OBJ_wap_wsg_idm_ecid_wtls5 */
--0x67,0x2B,0x01,0x04,0x06, /* [4959] OBJ_wap_wsg_idm_ecid_wtls6 */
--0x67,0x2B,0x01,0x04,0x07, /* [4964] OBJ_wap_wsg_idm_ecid_wtls7 */
--0x67,0x2B,0x01,0x04,0x08, /* [4969] OBJ_wap_wsg_idm_ecid_wtls8 */
--0x67,0x2B,0x01,0x04,0x09, /* [4974] OBJ_wap_wsg_idm_ecid_wtls9 */
--0x67,0x2B,0x01,0x04,0x0A, /* [4979] OBJ_wap_wsg_idm_ecid_wtls10 */
--0x67,0x2B,0x01,0x04,0x0B, /* [4984] OBJ_wap_wsg_idm_ecid_wtls11 */
--0x67,0x2B,0x01,0x04,0x0C, /* [4989] OBJ_wap_wsg_idm_ecid_wtls12 */
--0x55,0x1D,0x20,0x00, /* [4994] OBJ_any_policy */
--0x55,0x1D,0x21, /* [4998] OBJ_policy_mappings */
--0x55,0x1D,0x36, /* [5001] OBJ_inhibit_any_policy */
--0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5004] OBJ_camellia_128_cbc */
--0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5015] OBJ_camellia_192_cbc */
--0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5026] OBJ_camellia_256_cbc */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5037] OBJ_camellia_128_ecb */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5045] OBJ_camellia_192_ecb */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5053] OBJ_camellia_256_ecb */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5061] OBJ_camellia_128_cfb128 */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5069] OBJ_camellia_192_cfb128 */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5077] OBJ_camellia_256_cfb128 */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5085] OBJ_camellia_128_ofb128 */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5093] OBJ_camellia_192_ofb128 */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5101] OBJ_camellia_256_ofb128 */
--0x55,0x1D,0x09, /* [5109] OBJ_subject_directory_attributes */
--0x55,0x1D,0x1C, /* [5112] OBJ_issuing_distribution_point */
--0x55,0x1D,0x1D, /* [5115] OBJ_certificate_issuer */
--0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5118] OBJ_kisa */
--0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5124] OBJ_seed_ecb */
--0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5132] OBJ_seed_cbc */
--0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5140] OBJ_seed_ofb128 */
--0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5148] OBJ_seed_cfb128 */
--0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5156] OBJ_hmac_md5 */
--0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5164] OBJ_hmac_sha1 */
--0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5172] OBJ_id_PasswordBasedMAC */
--0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5181] OBJ_id_DHBasedMac */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5190] OBJ_id_it_suppLangTags */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5198] OBJ_caRepository */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5206] OBJ_id_smime_ct_compressedData */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5217] OBJ_id_ct_asciiTextWithCRLF */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5228] OBJ_id_aes128_wrap */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5237] OBJ_id_aes192_wrap */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5246] OBJ_id_aes256_wrap */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5255] OBJ_ecdsa_with_Recommended */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5262] OBJ_ecdsa_with_Specified */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5269] OBJ_ecdsa_with_SHA224 */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5277] OBJ_ecdsa_with_SHA256 */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5285] OBJ_ecdsa_with_SHA384 */
--0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5293] OBJ_ecdsa_with_SHA512 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5301] OBJ_hmacWithMD5 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5309] OBJ_hmacWithSHA224 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5317] OBJ_hmacWithSHA256 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5325] OBJ_hmacWithSHA384 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5333] OBJ_hmacWithSHA512 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5341] OBJ_dsa_with_SHA224 */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5350] OBJ_dsa_with_SHA256 */
--0x28,0xCF,0x06,0x03,0x00,0x37, /* [5359] OBJ_whirlpool */
--0x2A,0x85,0x03,0x02,0x02, /* [5365] OBJ_cryptopro */
--0x2A,0x85,0x03,0x02,0x09, /* [5370] OBJ_cryptocom */
--0x2A,0x85,0x03,0x02,0x02,0x03, /* [5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */
--0x2A,0x85,0x03,0x02,0x02,0x04, /* [5381] OBJ_id_GostR3411_94_with_GostR3410_94 */
--0x2A,0x85,0x03,0x02,0x02,0x09, /* [5387] OBJ_id_GostR3411_94 */
--0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5393] OBJ_id_HMACGostR3411_94 */
--0x2A,0x85,0x03,0x02,0x02,0x13, /* [5399] OBJ_id_GostR3410_2001 */
--0x2A,0x85,0x03,0x02,0x02,0x14, /* [5405] OBJ_id_GostR3410_94 */
--0x2A,0x85,0x03,0x02,0x02,0x15, /* [5411] OBJ_id_Gost28147_89 */
--0x2A,0x85,0x03,0x02,0x02,0x16, /* [5417] OBJ_id_Gost28147_89_MAC */
--0x2A,0x85,0x03,0x02,0x02,0x17, /* [5423] OBJ_id_GostR3411_94_prf */
--0x2A,0x85,0x03,0x02,0x02,0x62, /* [5429] OBJ_id_GostR3410_2001DH */
--0x2A,0x85,0x03,0x02,0x02,0x63, /* [5435] OBJ_id_GostR3410_94DH */
--0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
--0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5448] OBJ_id_Gost28147_89_None_KeyMeshing */
--0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5455] OBJ_id_GostR3411_94_TestParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5462] OBJ_id_GostR3411_94_CryptoProParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5469] OBJ_id_Gost28147_89_TestParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5525] OBJ_id_GostR3410_94_TestParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5581] OBJ_id_GostR3410_2001_TestParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
--0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5623] OBJ_id_GostR3410_94_a */
--0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5630] OBJ_id_GostR3410_94_aBis */
--0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5637] OBJ_id_GostR3410_94_b */
--0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5644] OBJ_id_GostR3410_94_bBis */
--0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5651] OBJ_id_Gost28147_89_cc */
--0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5659] OBJ_id_GostR3410_94_cc */
--0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5667] OBJ_id_GostR3410_2001_cc */
--0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
--0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
--0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5691] OBJ_id_GostR3410_2001_ParamSet_cc */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5699] OBJ_LocalKeySet */
--0x55,0x1D,0x2E, /* [5708] OBJ_freshest_crl */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5711] OBJ_id_on_permanentIdentifier */
--0x55,0x04,0x0E, /* [5719] OBJ_searchGuide */
--0x55,0x04,0x0F, /* [5722] OBJ_businessCategory */
--0x55,0x04,0x10, /* [5725] OBJ_postalAddress */
--0x55,0x04,0x12, /* [5728] OBJ_postOfficeBox */
--0x55,0x04,0x13, /* [5731] OBJ_physicalDeliveryOfficeName */
--0x55,0x04,0x14, /* [5734] OBJ_telephoneNumber */
--0x55,0x04,0x15, /* [5737] OBJ_telexNumber */
--0x55,0x04,0x16, /* [5740] OBJ_teletexTerminalIdentifier */
--0x55,0x04,0x17, /* [5743] OBJ_facsimileTelephoneNumber */
--0x55,0x04,0x18, /* [5746] OBJ_x121Address */
--0x55,0x04,0x19, /* [5749] OBJ_internationaliSDNNumber */
--0x55,0x04,0x1A, /* [5752] OBJ_registeredAddress */
--0x55,0x04,0x1B, /* [5755] OBJ_destinationIndicator */
--0x55,0x04,0x1C, /* [5758] OBJ_preferredDeliveryMethod */
--0x55,0x04,0x1D, /* [5761] OBJ_presentationAddress */
--0x55,0x04,0x1E, /* [5764] OBJ_supportedApplicationContext */
--0x55,0x04,0x1F, /* [5767] OBJ_member */
--0x55,0x04,0x20, /* [5770] OBJ_owner */
--0x55,0x04,0x21, /* [5773] OBJ_roleOccupant */
--0x55,0x04,0x22, /* [5776] OBJ_seeAlso */
--0x55,0x04,0x23, /* [5779] OBJ_userPassword */
--0x55,0x04,0x24, /* [5782] OBJ_userCertificate */
--0x55,0x04,0x25, /* [5785] OBJ_cACertificate */
--0x55,0x04,0x26, /* [5788] OBJ_authorityRevocationList */
--0x55,0x04,0x27, /* [5791] OBJ_certificateRevocationList */
--0x55,0x04,0x28, /* [5794] OBJ_crossCertificatePair */
--0x55,0x04,0x2F, /* [5797] OBJ_enhancedSearchGuide */
--0x55,0x04,0x30, /* [5800] OBJ_protocolInformation */
--0x55,0x04,0x31, /* [5803] OBJ_distinguishedName */
--0x55,0x04,0x32, /* [5806] OBJ_uniqueMember */
--0x55,0x04,0x33, /* [5809] OBJ_houseIdentifier */
--0x55,0x04,0x34, /* [5812] OBJ_supportedAlgorithms */
--0x55,0x04,0x35, /* [5815] OBJ_deltaRevocationList */
--0x55,0x04,0x36, /* [5818] OBJ_dmdName */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5821] OBJ_id_alg_PWRI_KEK */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5832] OBJ_aes_128_gcm */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5841] OBJ_aes_128_ccm */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5850] OBJ_id_aes128_wrap_pad */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5859] OBJ_aes_192_gcm */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5868] OBJ_aes_192_ccm */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5877] OBJ_id_aes192_wrap_pad */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5886] OBJ_aes_256_gcm */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5895] OBJ_aes_256_ccm */
--0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5904] OBJ_id_aes256_wrap_pad */
--0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5913] OBJ_id_camellia128_wrap */
--0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5924] OBJ_id_camellia192_wrap */
--0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5935] OBJ_id_camellia256_wrap */
--0x55,0x1D,0x25,0x00, /* [5946] OBJ_anyExtendedKeyUsage */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5950] OBJ_mgf1 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5959] OBJ_rsassaPss */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5968] OBJ_rsaesOaep */
--0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5977] OBJ_dhpublicnumber */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5984] OBJ_brainpoolP160r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5993] OBJ_brainpoolP160t1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [6002] OBJ_brainpoolP192r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6011] OBJ_brainpoolP192t1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6020] OBJ_brainpoolP224r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6029] OBJ_brainpoolP224t1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6038] OBJ_brainpoolP256r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6047] OBJ_brainpoolP256t1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6056] OBJ_brainpoolP320r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6065] OBJ_brainpoolP320t1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6074] OBJ_brainpoolP384r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6083] OBJ_brainpoolP384t1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6092] OBJ_brainpoolP512r1 */
--0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6101] OBJ_brainpoolP512t1 */
--0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6110] OBJ_pSpecified */
--0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
--0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
--0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
--0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6185] OBJ_ct_precert_scts */
--0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6195] OBJ_ct_precert_poison */
--0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6205] OBJ_ct_precert_signer */
--0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6215] OBJ_ct_cert_scts */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6225] OBJ_jurisdictionLocalityName */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6236] OBJ_jurisdictionStateOrProvinceName */
--0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6247] OBJ_jurisdictionCountryName */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [6258] OBJ_camellia_128_gcm */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [6266] OBJ_camellia_128_ccm */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [6274] OBJ_camellia_128_ctr */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [6282] OBJ_camellia_128_cmac */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [6290] OBJ_camellia_192_gcm */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [6298] OBJ_camellia_192_ccm */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [6306] OBJ_camellia_192_ctr */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [6314] OBJ_camellia_192_cmac */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [6322] OBJ_camellia_256_gcm */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6330] OBJ_camellia_256_ccm */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6338] OBJ_camellia_256_ctr */
--0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6346] OBJ_camellia_256_cmac */
--0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,/* [6354] OBJ_id_scrypt */
--0x2A,0x85,0x03,0x07,0x01, /* [6363] OBJ_id_tc26 */
--0x2A,0x85,0x03,0x07,0x01,0x01, /* [6368] OBJ_id_tc26_algorithms */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [6374] OBJ_id_tc26_sign */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [6381] OBJ_id_GostR3410_2012_256 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [6389] OBJ_id_GostR3410_2012_512 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [6397] OBJ_id_tc26_digest */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [6404] OBJ_id_GostR3411_2012_256 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [6412] OBJ_id_GostR3411_2012_512 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [6420] OBJ_id_tc26_signwithdigest */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [6443] OBJ_id_tc26_mac */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [6466] OBJ_id_tc26_cipher */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [6473] OBJ_id_tc26_agreement */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */
--0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */
--0x2A,0x85,0x03,0x07,0x01,0x02, /* [6496] OBJ_id_tc26_constants */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [6502] OBJ_id_tc26_sign_constants */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [6509] OBJ_id_tc26_gost_3410_2012_512_constants */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,/* [6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,/* [6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,/* [6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [6544] OBJ_id_tc26_digest_constants */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [6551] OBJ_id_tc26_cipher_constants */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [6558] OBJ_id_tc26_gost_28147_constants */
--0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,/* [6566] OBJ_id_tc26_gost_28147_param_Z */
--0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6575] OBJ_INN */
--0x2A,0x85,0x03,0x64,0x01, /* [6583] OBJ_OGRN */
--0x2A,0x85,0x03,0x64,0x03, /* [6588] OBJ_SNILS */
--0x2A,0x85,0x03,0x64,0x6F, /* [6593] OBJ_subjectSignTool */
--0x2A,0x85,0x03,0x64,0x70, /* [6598] OBJ_issuerSignTool */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [6603] OBJ_tlsfeature */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [6611] OBJ_ipsec_IKE */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [6619] OBJ_capwapAC */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [6627] OBJ_capwapWTP */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [6635] OBJ_sshClient */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [6643] OBJ_sshServer */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [6651] OBJ_sendRouter */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [6659] OBJ_sendProxiedRouter */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [6667] OBJ_sendOwner */
--0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [6675] OBJ_sendProxiedOwner */
--0x2B,0x06,0x01,0x05,0x02,0x03, /* [6683] OBJ_id_pkinit */
--0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [6689] OBJ_pkInitClientAuth */
--0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [6696] OBJ_pkInitKDC */
--0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01,/* [6703] OBJ_X25519 */
--0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x02,/* [6712] OBJ_X448 */
--0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,/* [6721] OBJ_blake2b512 */
--0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,/* [6732] OBJ_blake2s256 */
-+/* Serialized OID's */
-+static const unsigned char so[6777] = {
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, /* [ 37] OBJ_rsaEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02, /* [ 46] OBJ_md2WithRSAEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04, /* [ 55] OBJ_md5WithRSAEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01, /* [ 64] OBJ_pbeWithMD2AndDES_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03, /* [ 73] OBJ_pbeWithMD5AndDES_CBC */
-+ 0x55, /* [ 82] OBJ_X500 */
-+ 0x55,0x04, /* [ 83] OBJ_X509 */
-+ 0x55,0x04,0x03, /* [ 85] OBJ_commonName */
-+ 0x55,0x04,0x06, /* [ 88] OBJ_countryName */
-+ 0x55,0x04,0x07, /* [ 91] OBJ_localityName */
-+ 0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */
-+ 0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */
-+ 0x55,0x04,0x0B, /* [ 100] OBJ_organizationalUnitName */
-+ 0x55,0x08,0x01,0x01, /* [ 103] OBJ_rsa */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [ 107] OBJ_pkcs7 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01, /* [ 115] OBJ_pkcs7_data */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02, /* [ 124] OBJ_pkcs7_signed */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03, /* [ 133] OBJ_pkcs7_enveloped */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04, /* [ 142] OBJ_pkcs7_signedAndEnveloped */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05, /* [ 151] OBJ_pkcs7_digest */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06, /* [ 160] OBJ_pkcs7_encrypted */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [ 169] OBJ_pkcs3 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01, /* [ 177] OBJ_dhKeyAgreement */
-+ 0x2B,0x0E,0x03,0x02,0x06, /* [ 186] OBJ_des_ecb */
-+ 0x2B,0x0E,0x03,0x02,0x09, /* [ 191] OBJ_des_cfb64 */
-+ 0x2B,0x0E,0x03,0x02,0x07, /* [ 196] OBJ_des_cbc */
-+ 0x2B,0x0E,0x03,0x02,0x11, /* [ 201] OBJ_des_ede_ecb */
-+ 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02, /* [ 206] OBJ_idea_cbc */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [ 217] OBJ_rc2_cbc */
-+ 0x2B,0x0E,0x03,0x02,0x12, /* [ 225] OBJ_sha */
-+ 0x2B,0x0E,0x03,0x02,0x0F, /* [ 230] OBJ_shaWithRSAEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [ 235] OBJ_des_ede3_cbc */
-+ 0x2B,0x0E,0x03,0x02,0x08, /* [ 243] OBJ_des_ofb64 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [ 248] OBJ_pkcs9 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01, /* [ 256] OBJ_pkcs9_emailAddress */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02, /* [ 265] OBJ_pkcs9_unstructuredName */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03, /* [ 274] OBJ_pkcs9_contentType */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04, /* [ 283] OBJ_pkcs9_messageDigest */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05, /* [ 292] OBJ_pkcs9_signingTime */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06, /* [ 301] OBJ_pkcs9_countersignature */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07, /* [ 310] OBJ_pkcs9_challengePassword */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08, /* [ 319] OBJ_pkcs9_unstructuredAddress */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09, /* [ 328] OBJ_pkcs9_extCertAttributes */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [ 337] OBJ_netscape */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [ 344] OBJ_netscape_cert_extension */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [ 352] OBJ_netscape_data_type */
-+ 0x2B,0x0E,0x03,0x02,0x1A, /* [ 360] OBJ_sha1 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, /* [ 365] OBJ_sha1WithRSAEncryption */
-+ 0x2B,0x0E,0x03,0x02,0x0D, /* [ 374] OBJ_dsaWithSHA */
-+ 0x2B,0x0E,0x03,0x02,0x0C, /* [ 379] OBJ_dsa_2 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B, /* [ 384] OBJ_pbeWithSHA1AndRC2_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C, /* [ 393] OBJ_id_pbkdf2 */
-+ 0x2B,0x0E,0x03,0x02,0x1B, /* [ 402] OBJ_dsaWithSHA1_2 */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01, /* [ 407] OBJ_netscape_cert_type */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02, /* [ 416] OBJ_netscape_base_url */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03, /* [ 425] OBJ_netscape_revocation_url */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04, /* [ 434] OBJ_netscape_ca_revocation_url */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07, /* [ 443] OBJ_netscape_renewal_url */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08, /* [ 452] OBJ_netscape_ca_policy_url */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C, /* [ 461] OBJ_netscape_ssl_server_name */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D, /* [ 470] OBJ_netscape_comment */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05, /* [ 479] OBJ_netscape_cert_sequence */
-+ 0x55,0x1D, /* [ 488] OBJ_id_ce */
-+ 0x55,0x1D,0x0E, /* [ 490] OBJ_subject_key_identifier */
-+ 0x55,0x1D,0x0F, /* [ 493] OBJ_key_usage */
-+ 0x55,0x1D,0x10, /* [ 496] OBJ_private_key_usage_period */
-+ 0x55,0x1D,0x11, /* [ 499] OBJ_subject_alt_name */
-+ 0x55,0x1D,0x12, /* [ 502] OBJ_issuer_alt_name */
-+ 0x55,0x1D,0x13, /* [ 505] OBJ_basic_constraints */
-+ 0x55,0x1D,0x14, /* [ 508] OBJ_crl_number */
-+ 0x55,0x1D,0x20, /* [ 511] OBJ_certificate_policies */
-+ 0x55,0x1D,0x23, /* [ 514] OBJ_authority_key_identifier */
-+ 0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02, /* [ 517] OBJ_bf_cbc */
-+ 0x55,0x08,0x03,0x65, /* [ 526] OBJ_mdc2 */
-+ 0x55,0x08,0x03,0x64, /* [ 530] OBJ_mdc2WithRSA */
-+ 0x55,0x04,0x2A, /* [ 534] OBJ_givenName */
-+ 0x55,0x04,0x04, /* [ 537] OBJ_surname */
-+ 0x55,0x04,0x2B, /* [ 540] OBJ_initials */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C, /* [ 543] OBJ_uniqueIdentifier */
-+ 0x55,0x1D,0x1F, /* [ 553] OBJ_crl_distribution_points */
-+ 0x2B,0x0E,0x03,0x02,0x03, /* [ 556] OBJ_md5WithRSA */
-+ 0x55,0x04,0x05, /* [ 561] OBJ_serialNumber */
-+ 0x55,0x04,0x0C, /* [ 564] OBJ_title */
-+ 0x55,0x04,0x0D, /* [ 567] OBJ_description */
-+ 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A, /* [ 570] OBJ_cast5_cbc */
-+ 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C, /* [ 579] OBJ_pbeWithMD5AndCast5_CBC */
-+ 0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [ 588] OBJ_dsaWithSHA1 */
-+ 0x2B,0x0E,0x03,0x02,0x1D, /* [ 595] OBJ_sha1WithRSA */
-+ 0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [ 600] OBJ_dsa */
-+ 0x2B,0x24,0x03,0x02,0x01, /* [ 607] OBJ_ripemd160 */
-+ 0x2B,0x24,0x03,0x03,0x01,0x02, /* [ 612] OBJ_ripemd160WithRSA */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [ 618] OBJ_rc5_cbc */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08, /* [ 626] OBJ_zlib_compression */
-+ 0x55,0x1D,0x25, /* [ 637] OBJ_ext_key_usage */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07, /* [ 640] OBJ_id_pkix */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [ 646] OBJ_id_kp */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [ 653] OBJ_server_auth */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [ 661] OBJ_client_auth */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [ 669] OBJ_code_sign */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [ 677] OBJ_email_protect */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [ 685] OBJ_time_stamp */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15, /* [ 693] OBJ_ms_code_ind */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16, /* [ 703] OBJ_ms_code_com */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01, /* [ 713] OBJ_ms_ctl_sign */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03, /* [ 723] OBJ_ms_sgc */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04, /* [ 733] OBJ_ms_efs */
-+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01, /* [ 743] OBJ_ns_sgc */
-+ 0x55,0x1D,0x1B, /* [ 752] OBJ_delta_crl */
-+ 0x55,0x1D,0x15, /* [ 755] OBJ_crl_reason */
-+ 0x55,0x1D,0x18, /* [ 758] OBJ_invalidity_date */
-+ 0x2B,0x65,0x01,0x04,0x01, /* [ 761] OBJ_sxnet */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01, /* [ 766] OBJ_pbe_WithSHA1And128BitRC4 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02, /* [ 776] OBJ_pbe_WithSHA1And40BitRC4 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03, /* [ 786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04, /* [ 796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05, /* [ 806] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06, /* [ 816] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01, /* [ 826] OBJ_keyBag */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02, /* [ 837] OBJ_pkcs8ShroudedKeyBag */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03, /* [ 848] OBJ_certBag */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04, /* [ 859] OBJ_crlBag */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05, /* [ 870] OBJ_secretBag */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06, /* [ 881] OBJ_safeContentsBag */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14, /* [ 892] OBJ_friendlyName */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15, /* [ 901] OBJ_localKeyID */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01, /* [ 910] OBJ_x509Certificate */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02, /* [ 920] OBJ_sdsiCertificate */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01, /* [ 930] OBJ_x509Crl */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D, /* [ 940] OBJ_pbes2 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E, /* [ 949] OBJ_pbmac1 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [ 958] OBJ_hmacWithSHA1 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [ 966] OBJ_id_qt_cps */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [ 974] OBJ_id_qt_unotice */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F, /* [ 982] OBJ_SMIMECapabilities */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04, /* [ 991] OBJ_pbeWithMD2AndRC2_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06, /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A, /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E, /* [ 1018] OBJ_ms_ext_req */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E, /* [ 1028] OBJ_ext_req */
-+ 0x55,0x04,0x29, /* [ 1037] OBJ_name */
-+ 0x55,0x04,0x2E, /* [ 1040] OBJ_dnQualifier */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [ 1043] OBJ_id_pe */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [ 1050] OBJ_id_ad */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [ 1057] OBJ_info_access */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [ 1065] OBJ_ad_OCSP */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [ 1073] OBJ_ad_ca_issuers */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [ 1081] OBJ_OCSP_sign */
-+ 0x2A, /* [ 1089] OBJ_member_body */
-+ 0x2A,0x86,0x48, /* [ 1090] OBJ_ISO_US */
-+ 0x2A,0x86,0x48,0xCE,0x38, /* [ 1093] OBJ_X9_57 */
-+ 0x2A,0x86,0x48,0xCE,0x38,0x04, /* [ 1098] OBJ_X9cm */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [ 1104] OBJ_pkcs1 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [ 1112] OBJ_pkcs5 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10, /* [ 1120] OBJ_SMIME */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00, /* [ 1129] OBJ_id_smime_mod */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01, /* [ 1139] OBJ_id_smime_ct */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02, /* [ 1149] OBJ_id_smime_aa */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03, /* [ 1159] OBJ_id_smime_alg */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04, /* [ 1169] OBJ_id_smime_cd */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05, /* [ 1179] OBJ_id_smime_spq */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06, /* [ 1189] OBJ_id_smime_cti */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01, /* [ 1199] OBJ_id_smime_mod_cms */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02, /* [ 1210] OBJ_id_smime_mod_ess */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03, /* [ 1221] OBJ_id_smime_mod_oid */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04, /* [ 1232] OBJ_id_smime_mod_msg_v3 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05, /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06, /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07, /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08, /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01, /* [ 1287] OBJ_id_smime_ct_receipt */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02, /* [ 1298] OBJ_id_smime_ct_authData */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03, /* [ 1309] OBJ_id_smime_ct_publishCert */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04, /* [ 1320] OBJ_id_smime_ct_TSTInfo */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05, /* [ 1331] OBJ_id_smime_ct_TDTInfo */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06, /* [ 1342] OBJ_id_smime_ct_contentInfo */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07, /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08, /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01, /* [ 1375] OBJ_id_smime_aa_receiptRequest */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02, /* [ 1386] OBJ_id_smime_aa_securityLabel */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03, /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04, /* [ 1408] OBJ_id_smime_aa_contentHint */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05, /* [ 1419] OBJ_id_smime_aa_msgSigDigest */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06, /* [ 1430] OBJ_id_smime_aa_encapContentType */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07, /* [ 1441] OBJ_id_smime_aa_contentIdentifier */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08, /* [ 1452] OBJ_id_smime_aa_macValue */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09, /* [ 1463] OBJ_id_smime_aa_equivalentLabels */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A, /* [ 1474] OBJ_id_smime_aa_contentReference */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B, /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C, /* [ 1496] OBJ_id_smime_aa_signingCertificate */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D, /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E, /* [ 1518] OBJ_id_smime_aa_timeStampToken */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F, /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10, /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11, /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12, /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13, /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14, /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15, /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16, /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17, /* [ 1617] OBJ_id_smime_aa_ets_certValues */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18, /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19, /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A, /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B, /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C, /* [ 1672] OBJ_id_smime_aa_signatureType */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D, /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01, /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02, /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03, /* [ 1716] OBJ_id_smime_alg_3DESwrap */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04, /* [ 1727] OBJ_id_smime_alg_RC2wrap */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05, /* [ 1738] OBJ_id_smime_alg_ESDH */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06, /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07, /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01, /* [ 1771] OBJ_id_smime_cd_ldap */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01, /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02, /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01, /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02, /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03, /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04, /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05, /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06, /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [ 1870] OBJ_md4 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [ 1878] OBJ_id_pkix_mod */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [ 1885] OBJ_id_qt */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [ 1892] OBJ_id_it */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [ 1899] OBJ_id_pkip */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [ 1906] OBJ_id_alg */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [ 1913] OBJ_id_cmc */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [ 1920] OBJ_id_on */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [ 1927] OBJ_id_pda */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [ 1934] OBJ_id_aca */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [ 1941] OBJ_id_qcs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [ 1948] OBJ_id_cct */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [ 1955] OBJ_id_pkix1_explicit_88 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [ 1963] OBJ_id_pkix1_implicit_88 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [ 1971] OBJ_id_pkix1_explicit_93 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [ 1979] OBJ_id_pkix1_implicit_93 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [ 1987] OBJ_id_mod_crmf */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [ 1995] OBJ_id_mod_cmc */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [ 2003] OBJ_id_mod_kea_profile_88 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [ 2011] OBJ_id_mod_kea_profile_93 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [ 2019] OBJ_id_mod_cmp */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [ 2027] OBJ_id_mod_qualified_cert_88 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [ 2035] OBJ_id_mod_qualified_cert_93 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [ 2043] OBJ_id_mod_attribute_cert */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [ 2051] OBJ_id_mod_timestamp_protocol */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [ 2059] OBJ_id_mod_ocsp */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [ 2067] OBJ_id_mod_dvcs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [ 2075] OBJ_id_mod_cmp2000 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [ 2083] OBJ_biometricInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [ 2091] OBJ_qcStatements */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [ 2099] OBJ_ac_auditEntity */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [ 2107] OBJ_ac_targeting */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [ 2115] OBJ_aaControls */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [ 2123] OBJ_sbgp_ipAddrBlock */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [ 2131] OBJ_sbgp_autonomousSysNum */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [ 2139] OBJ_sbgp_routerIdentifier */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [ 2147] OBJ_textNotice */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [ 2155] OBJ_ipsecEndSystem */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [ 2163] OBJ_ipsecTunnel */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [ 2171] OBJ_ipsecUser */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [ 2179] OBJ_dvcs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [ 2187] OBJ_id_it_caProtEncCert */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [ 2195] OBJ_id_it_signKeyPairTypes */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [ 2203] OBJ_id_it_encKeyPairTypes */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [ 2211] OBJ_id_it_preferredSymmAlg */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [ 2219] OBJ_id_it_caKeyUpdateInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [ 2227] OBJ_id_it_currentCRL */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [ 2235] OBJ_id_it_unsupportedOIDs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [ 2243] OBJ_id_it_subscriptionRequest */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [ 2251] OBJ_id_it_subscriptionResponse */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [ 2259] OBJ_id_it_keyPairParamReq */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [ 2267] OBJ_id_it_keyPairParamRep */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [ 2275] OBJ_id_it_revPassphrase */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [ 2283] OBJ_id_it_implicitConfirm */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [ 2291] OBJ_id_it_confirmWaitTime */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [ 2299] OBJ_id_it_origPKIMessage */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [ 2307] OBJ_id_regCtrl */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [ 2315] OBJ_id_regInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01, /* [ 2323] OBJ_id_regCtrl_regToken */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02, /* [ 2332] OBJ_id_regCtrl_authenticator */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03, /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04, /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05, /* [ 2359] OBJ_id_regCtrl_oldCertID */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06, /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01, /* [ 2377] OBJ_id_regInfo_utf8Pairs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02, /* [ 2386] OBJ_id_regInfo_certReq */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [ 2395] OBJ_id_alg_des40 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [ 2403] OBJ_id_alg_noSignature */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [ 2419] OBJ_id_alg_dh_pop */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [ 2427] OBJ_id_cmc_statusInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [ 2435] OBJ_id_cmc_identification */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [ 2443] OBJ_id_cmc_identityProof */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [ 2451] OBJ_id_cmc_dataReturn */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [ 2459] OBJ_id_cmc_transactionId */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [ 2467] OBJ_id_cmc_senderNonce */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [ 2475] OBJ_id_cmc_recipientNonce */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [ 2483] OBJ_id_cmc_addExtensions */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [ 2491] OBJ_id_cmc_encryptedPOP */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [ 2499] OBJ_id_cmc_decryptedPOP */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [ 2507] OBJ_id_cmc_lraPOPWitness */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [ 2515] OBJ_id_cmc_getCert */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [ 2523] OBJ_id_cmc_getCRL */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [ 2531] OBJ_id_cmc_revokeRequest */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [ 2539] OBJ_id_cmc_regInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [ 2547] OBJ_id_cmc_responseInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [ 2555] OBJ_id_cmc_queryPending */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [ 2563] OBJ_id_cmc_popLinkRandom */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [ 2571] OBJ_id_cmc_popLinkWitness */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [ 2587] OBJ_id_on_personalData */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [ 2595] OBJ_id_pda_dateOfBirth */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [ 2603] OBJ_id_pda_placeOfBirth */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [ 2611] OBJ_id_pda_gender */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [ 2619] OBJ_id_pda_countryOfCitizenship */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [ 2627] OBJ_id_pda_countryOfResidence */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [ 2635] OBJ_id_aca_authenticationInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [ 2643] OBJ_id_aca_accessIdentity */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [ 2651] OBJ_id_aca_chargingIdentity */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [ 2659] OBJ_id_aca_group */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [ 2667] OBJ_id_aca_role */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [ 2683] OBJ_id_cct_crs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [ 2691] OBJ_id_cct_PKIData */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [ 2699] OBJ_id_cct_PKIResponse */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [ 2707] OBJ_ad_timeStamping */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [ 2715] OBJ_ad_dvcs */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01, /* [ 2723] OBJ_id_pkix_OCSP_basic */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02, /* [ 2732] OBJ_id_pkix_OCSP_Nonce */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03, /* [ 2741] OBJ_id_pkix_OCSP_CrlID */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04, /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05, /* [ 2759] OBJ_id_pkix_OCSP_noCheck */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06, /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07, /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08, /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09, /* [ 2795] OBJ_id_pkix_OCSP_valid */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A, /* [ 2804] OBJ_id_pkix_OCSP_path */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B, /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */
-+ 0x2B,0x0E,0x03,0x02, /* [ 2822] OBJ_algorithm */
-+ 0x2B,0x0E,0x03,0x02,0x0B, /* [ 2826] OBJ_rsaSignature */
-+ 0x55,0x08, /* [ 2831] OBJ_X500algorithms */
-+ 0x2B, /* [ 2833] OBJ_org */
-+ 0x2B,0x06, /* [ 2834] OBJ_dod */
-+ 0x2B,0x06,0x01, /* [ 2836] OBJ_iana */
-+ 0x2B,0x06,0x01,0x01, /* [ 2839] OBJ_Directory */
-+ 0x2B,0x06,0x01,0x02, /* [ 2843] OBJ_Management */
-+ 0x2B,0x06,0x01,0x03, /* [ 2847] OBJ_Experimental */
-+ 0x2B,0x06,0x01,0x04, /* [ 2851] OBJ_Private */
-+ 0x2B,0x06,0x01,0x05, /* [ 2855] OBJ_Security */
-+ 0x2B,0x06,0x01,0x06, /* [ 2859] OBJ_SNMPv2 */
-+ 0x2B,0x06,0x01,0x07, /* [ 2863] OBJ_Mail */
-+ 0x2B,0x06,0x01,0x04,0x01, /* [ 2867] OBJ_Enterprises */
-+ 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58, /* [ 2872] OBJ_dcObject */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19, /* [ 2881] OBJ_domainComponent */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D, /* [ 2891] OBJ_Domain */
-+ 0x55,0x01,0x05, /* [ 2901] OBJ_selected_attribute_types */
-+ 0x55,0x01,0x05,0x37, /* [ 2904] OBJ_clearance */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03, /* [ 2908] OBJ_md4WithRSAEncryption */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [ 2917] OBJ_ac_proxying */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [ 2925] OBJ_sinfo_access */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [ 2933] OBJ_id_aca_encAttrs */
-+ 0x55,0x04,0x48, /* [ 2941] OBJ_role */
-+ 0x55,0x1D,0x24, /* [ 2944] OBJ_policy_constraints */
-+ 0x55,0x1D,0x37, /* [ 2947] OBJ_target_information */
-+ 0x55,0x1D,0x38, /* [ 2950] OBJ_no_rev_avail */
-+ 0x2A,0x86,0x48,0xCE,0x3D, /* [ 2953] OBJ_ansi_X9_62 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [ 2958] OBJ_X9_62_prime_field */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [ 2965] OBJ_X9_62_characteristic_two_field */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [ 2972] OBJ_X9_62_id_ecPublicKey */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [ 2979] OBJ_X9_62_prime192v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [ 2987] OBJ_X9_62_prime192v2 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [ 2995] OBJ_X9_62_prime192v3 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [ 3003] OBJ_X9_62_prime239v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [ 3011] OBJ_X9_62_prime239v2 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [ 3019] OBJ_X9_62_prime239v3 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [ 3027] OBJ_X9_62_prime256v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [ 3035] OBJ_ecdsa_with_SHA1 */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01, /* [ 3042] OBJ_ms_csp_name */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01, /* [ 3051] OBJ_aes_128_ecb */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02, /* [ 3060] OBJ_aes_128_cbc */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03, /* [ 3069] OBJ_aes_128_ofb128 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04, /* [ 3078] OBJ_aes_128_cfb128 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15, /* [ 3087] OBJ_aes_192_ecb */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16, /* [ 3096] OBJ_aes_192_cbc */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17, /* [ 3105] OBJ_aes_192_ofb128 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18, /* [ 3114] OBJ_aes_192_cfb128 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29, /* [ 3123] OBJ_aes_256_ecb */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A, /* [ 3132] OBJ_aes_256_cbc */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B, /* [ 3141] OBJ_aes_256_ofb128 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C, /* [ 3150] OBJ_aes_256_cfb128 */
-+ 0x55,0x1D,0x17, /* [ 3159] OBJ_hold_instruction_code */
-+ 0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [ 3162] OBJ_hold_instruction_none */
-+ 0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [ 3169] OBJ_hold_instruction_call_issuer */
-+ 0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [ 3176] OBJ_hold_instruction_reject */
-+ 0x09, /* [ 3183] OBJ_data */
-+ 0x09,0x92,0x26, /* [ 3184] OBJ_pss */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [ 3187] OBJ_ucl */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [ 3194] OBJ_pilot */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01, /* [ 3202] OBJ_pilotAttributeType */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03, /* [ 3211] OBJ_pilotAttributeSyntax */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04, /* [ 3220] OBJ_pilotObjectClass */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A, /* [ 3229] OBJ_pilotGroups */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04, /* [ 3238] OBJ_iA5StringSyntax */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05, /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03, /* [ 3258] OBJ_pilotObject */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04, /* [ 3268] OBJ_pilotPerson */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05, /* [ 3278] OBJ_account */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06, /* [ 3288] OBJ_document */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07, /* [ 3298] OBJ_room */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09, /* [ 3308] OBJ_documentSeries */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E, /* [ 3318] OBJ_rFC822localPart */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F, /* [ 3328] OBJ_dNSDomain */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11, /* [ 3338] OBJ_domainRelatedObject */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12, /* [ 3348] OBJ_friendlyCountry */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13, /* [ 3358] OBJ_simpleSecurityObject */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14, /* [ 3368] OBJ_pilotOrganization */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15, /* [ 3378] OBJ_pilotDSA */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16, /* [ 3388] OBJ_qualityLabelledData */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01, /* [ 3398] OBJ_userId */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02, /* [ 3408] OBJ_textEncodedORAddress */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03, /* [ 3418] OBJ_rfc822Mailbox */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04, /* [ 3428] OBJ_info */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05, /* [ 3438] OBJ_favouriteDrink */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06, /* [ 3448] OBJ_roomNumber */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07, /* [ 3458] OBJ_photo */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08, /* [ 3468] OBJ_userClass */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09, /* [ 3478] OBJ_host */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A, /* [ 3488] OBJ_manager */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B, /* [ 3498] OBJ_documentIdentifier */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C, /* [ 3508] OBJ_documentTitle */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D, /* [ 3518] OBJ_documentVersion */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E, /* [ 3528] OBJ_documentAuthor */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F, /* [ 3538] OBJ_documentLocation */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14, /* [ 3548] OBJ_homeTelephoneNumber */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15, /* [ 3558] OBJ_secretary */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16, /* [ 3568] OBJ_otherMailbox */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17, /* [ 3578] OBJ_lastModifiedTime */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18, /* [ 3588] OBJ_lastModifiedBy */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A, /* [ 3598] OBJ_aRecord */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B, /* [ 3608] OBJ_pilotAttributeType27 */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C, /* [ 3618] OBJ_mXRecord */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D, /* [ 3628] OBJ_nSRecord */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E, /* [ 3638] OBJ_sOARecord */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F, /* [ 3648] OBJ_cNAMERecord */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25, /* [ 3658] OBJ_associatedDomain */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26, /* [ 3668] OBJ_associatedName */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27, /* [ 3678] OBJ_homePostalAddress */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28, /* [ 3688] OBJ_personalTitle */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29, /* [ 3698] OBJ_mobileTelephoneNumber */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A, /* [ 3708] OBJ_pagerTelephoneNumber */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B, /* [ 3718] OBJ_friendlyCountryName */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D, /* [ 3728] OBJ_organizationalStatus */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E, /* [ 3738] OBJ_janetMailbox */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F, /* [ 3748] OBJ_mailPreferenceOption */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30, /* [ 3758] OBJ_buildingName */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31, /* [ 3768] OBJ_dSAQuality */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32, /* [ 3778] OBJ_singleLevelQuality */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33, /* [ 3788] OBJ_subtreeMinimumQuality */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34, /* [ 3798] OBJ_subtreeMaximumQuality */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35, /* [ 3808] OBJ_personalSignature */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36, /* [ 3818] OBJ_dITRedirect */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37, /* [ 3828] OBJ_audio */
-+ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38, /* [ 3838] OBJ_documentPublisher */
-+ 0x55,0x04,0x2D, /* [ 3848] OBJ_x500UniqueIdentifier */
-+ 0x2B,0x06,0x01,0x07,0x01, /* [ 3851] OBJ_mime_mhs */
-+ 0x2B,0x06,0x01,0x07,0x01,0x01, /* [ 3856] OBJ_mime_mhs_headings */
-+ 0x2B,0x06,0x01,0x07,0x01,0x02, /* [ 3862] OBJ_mime_mhs_bodies */
-+ 0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [ 3868] OBJ_id_hex_partial_message */
-+ 0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [ 3875] OBJ_id_hex_multipart_message */
-+ 0x55,0x04,0x2C, /* [ 3882] OBJ_generationQualifier */
-+ 0x55,0x04,0x41, /* [ 3885] OBJ_pseudonym */
-+ 0x67,0x2A, /* [ 3888] OBJ_id_set */
-+ 0x67,0x2A,0x00, /* [ 3890] OBJ_set_ctype */
-+ 0x67,0x2A,0x01, /* [ 3893] OBJ_set_msgExt */
-+ 0x67,0x2A,0x03, /* [ 3896] OBJ_set_attr */
-+ 0x67,0x2A,0x05, /* [ 3899] OBJ_set_policy */
-+ 0x67,0x2A,0x07, /* [ 3902] OBJ_set_certExt */
-+ 0x67,0x2A,0x08, /* [ 3905] OBJ_set_brand */
-+ 0x67,0x2A,0x00,0x00, /* [ 3908] OBJ_setct_PANData */
-+ 0x67,0x2A,0x00,0x01, /* [ 3912] OBJ_setct_PANToken */
-+ 0x67,0x2A,0x00,0x02, /* [ 3916] OBJ_setct_PANOnly */
-+ 0x67,0x2A,0x00,0x03, /* [ 3920] OBJ_setct_OIData */
-+ 0x67,0x2A,0x00,0x04, /* [ 3924] OBJ_setct_PI */
-+ 0x67,0x2A,0x00,0x05, /* [ 3928] OBJ_setct_PIData */
-+ 0x67,0x2A,0x00,0x06, /* [ 3932] OBJ_setct_PIDataUnsigned */
-+ 0x67,0x2A,0x00,0x07, /* [ 3936] OBJ_setct_HODInput */
-+ 0x67,0x2A,0x00,0x08, /* [ 3940] OBJ_setct_AuthResBaggage */
-+ 0x67,0x2A,0x00,0x09, /* [ 3944] OBJ_setct_AuthRevReqBaggage */
-+ 0x67,0x2A,0x00,0x0A, /* [ 3948] OBJ_setct_AuthRevResBaggage */
-+ 0x67,0x2A,0x00,0x0B, /* [ 3952] OBJ_setct_CapTokenSeq */
-+ 0x67,0x2A,0x00,0x0C, /* [ 3956] OBJ_setct_PInitResData */
-+ 0x67,0x2A,0x00,0x0D, /* [ 3960] OBJ_setct_PI_TBS */
-+ 0x67,0x2A,0x00,0x0E, /* [ 3964] OBJ_setct_PResData */
-+ 0x67,0x2A,0x00,0x10, /* [ 3968] OBJ_setct_AuthReqTBS */
-+ 0x67,0x2A,0x00,0x11, /* [ 3972] OBJ_setct_AuthResTBS */
-+ 0x67,0x2A,0x00,0x12, /* [ 3976] OBJ_setct_AuthResTBSX */
-+ 0x67,0x2A,0x00,0x13, /* [ 3980] OBJ_setct_AuthTokenTBS */
-+ 0x67,0x2A,0x00,0x14, /* [ 3984] OBJ_setct_CapTokenData */
-+ 0x67,0x2A,0x00,0x15, /* [ 3988] OBJ_setct_CapTokenTBS */
-+ 0x67,0x2A,0x00,0x16, /* [ 3992] OBJ_setct_AcqCardCodeMsg */
-+ 0x67,0x2A,0x00,0x17, /* [ 3996] OBJ_setct_AuthRevReqTBS */
-+ 0x67,0x2A,0x00,0x18, /* [ 4000] OBJ_setct_AuthRevResData */
-+ 0x67,0x2A,0x00,0x19, /* [ 4004] OBJ_setct_AuthRevResTBS */
-+ 0x67,0x2A,0x00,0x1A, /* [ 4008] OBJ_setct_CapReqTBS */
-+ 0x67,0x2A,0x00,0x1B, /* [ 4012] OBJ_setct_CapReqTBSX */
-+ 0x67,0x2A,0x00,0x1C, /* [ 4016] OBJ_setct_CapResData */
-+ 0x67,0x2A,0x00,0x1D, /* [ 4020] OBJ_setct_CapRevReqTBS */
-+ 0x67,0x2A,0x00,0x1E, /* [ 4024] OBJ_setct_CapRevReqTBSX */
-+ 0x67,0x2A,0x00,0x1F, /* [ 4028] OBJ_setct_CapRevResData */
-+ 0x67,0x2A,0x00,0x20, /* [ 4032] OBJ_setct_CredReqTBS */
-+ 0x67,0x2A,0x00,0x21, /* [ 4036] OBJ_setct_CredReqTBSX */
-+ 0x67,0x2A,0x00,0x22, /* [ 4040] OBJ_setct_CredResData */
-+ 0x67,0x2A,0x00,0x23, /* [ 4044] OBJ_setct_CredRevReqTBS */
-+ 0x67,0x2A,0x00,0x24, /* [ 4048] OBJ_setct_CredRevReqTBSX */
-+ 0x67,0x2A,0x00,0x25, /* [ 4052] OBJ_setct_CredRevResData */
-+ 0x67,0x2A,0x00,0x26, /* [ 4056] OBJ_setct_PCertReqData */
-+ 0x67,0x2A,0x00,0x27, /* [ 4060] OBJ_setct_PCertResTBS */
-+ 0x67,0x2A,0x00,0x28, /* [ 4064] OBJ_setct_BatchAdminReqData */
-+ 0x67,0x2A,0x00,0x29, /* [ 4068] OBJ_setct_BatchAdminResData */
-+ 0x67,0x2A,0x00,0x2A, /* [ 4072] OBJ_setct_CardCInitResTBS */
-+ 0x67,0x2A,0x00,0x2B, /* [ 4076] OBJ_setct_MeAqCInitResTBS */
-+ 0x67,0x2A,0x00,0x2C, /* [ 4080] OBJ_setct_RegFormResTBS */
-+ 0x67,0x2A,0x00,0x2D, /* [ 4084] OBJ_setct_CertReqData */
-+ 0x67,0x2A,0x00,0x2E, /* [ 4088] OBJ_setct_CertReqTBS */
-+ 0x67,0x2A,0x00,0x2F, /* [ 4092] OBJ_setct_CertResData */
-+ 0x67,0x2A,0x00,0x30, /* [ 4096] OBJ_setct_CertInqReqTBS */
-+ 0x67,0x2A,0x00,0x31, /* [ 4100] OBJ_setct_ErrorTBS */
-+ 0x67,0x2A,0x00,0x32, /* [ 4104] OBJ_setct_PIDualSignedTBE */
-+ 0x67,0x2A,0x00,0x33, /* [ 4108] OBJ_setct_PIUnsignedTBE */
-+ 0x67,0x2A,0x00,0x34, /* [ 4112] OBJ_setct_AuthReqTBE */
-+ 0x67,0x2A,0x00,0x35, /* [ 4116] OBJ_setct_AuthResTBE */
-+ 0x67,0x2A,0x00,0x36, /* [ 4120] OBJ_setct_AuthResTBEX */
-+ 0x67,0x2A,0x00,0x37, /* [ 4124] OBJ_setct_AuthTokenTBE */
-+ 0x67,0x2A,0x00,0x38, /* [ 4128] OBJ_setct_CapTokenTBE */
-+ 0x67,0x2A,0x00,0x39, /* [ 4132] OBJ_setct_CapTokenTBEX */
-+ 0x67,0x2A,0x00,0x3A, /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */
-+ 0x67,0x2A,0x00,0x3B, /* [ 4140] OBJ_setct_AuthRevReqTBE */
-+ 0x67,0x2A,0x00,0x3C, /* [ 4144] OBJ_setct_AuthRevResTBE */
-+ 0x67,0x2A,0x00,0x3D, /* [ 4148] OBJ_setct_AuthRevResTBEB */
-+ 0x67,0x2A,0x00,0x3E, /* [ 4152] OBJ_setct_CapReqTBE */
-+ 0x67,0x2A,0x00,0x3F, /* [ 4156] OBJ_setct_CapReqTBEX */
-+ 0x67,0x2A,0x00,0x40, /* [ 4160] OBJ_setct_CapResTBE */
-+ 0x67,0x2A,0x00,0x41, /* [ 4164] OBJ_setct_CapRevReqTBE */
-+ 0x67,0x2A,0x00,0x42, /* [ 4168] OBJ_setct_CapRevReqTBEX */
-+ 0x67,0x2A,0x00,0x43, /* [ 4172] OBJ_setct_CapRevResTBE */
-+ 0x67,0x2A,0x00,0x44, /* [ 4176] OBJ_setct_CredReqTBE */
-+ 0x67,0x2A,0x00,0x45, /* [ 4180] OBJ_setct_CredReqTBEX */
-+ 0x67,0x2A,0x00,0x46, /* [ 4184] OBJ_setct_CredResTBE */
-+ 0x67,0x2A,0x00,0x47, /* [ 4188] OBJ_setct_CredRevReqTBE */
-+ 0x67,0x2A,0x00,0x48, /* [ 4192] OBJ_setct_CredRevReqTBEX */
-+ 0x67,0x2A,0x00,0x49, /* [ 4196] OBJ_setct_CredRevResTBE */
-+ 0x67,0x2A,0x00,0x4A, /* [ 4200] OBJ_setct_BatchAdminReqTBE */
-+ 0x67,0x2A,0x00,0x4B, /* [ 4204] OBJ_setct_BatchAdminResTBE */
-+ 0x67,0x2A,0x00,0x4C, /* [ 4208] OBJ_setct_RegFormReqTBE */
-+ 0x67,0x2A,0x00,0x4D, /* [ 4212] OBJ_setct_CertReqTBE */
-+ 0x67,0x2A,0x00,0x4E, /* [ 4216] OBJ_setct_CertReqTBEX */
-+ 0x67,0x2A,0x00,0x4F, /* [ 4220] OBJ_setct_CertResTBE */
-+ 0x67,0x2A,0x00,0x50, /* [ 4224] OBJ_setct_CRLNotificationTBS */
-+ 0x67,0x2A,0x00,0x51, /* [ 4228] OBJ_setct_CRLNotificationResTBS */
-+ 0x67,0x2A,0x00,0x52, /* [ 4232] OBJ_setct_BCIDistributionTBS */
-+ 0x67,0x2A,0x01,0x01, /* [ 4236] OBJ_setext_genCrypt */
-+ 0x67,0x2A,0x01,0x03, /* [ 4240] OBJ_setext_miAuth */
-+ 0x67,0x2A,0x01,0x04, /* [ 4244] OBJ_setext_pinSecure */
-+ 0x67,0x2A,0x01,0x05, /* [ 4248] OBJ_setext_pinAny */
-+ 0x67,0x2A,0x01,0x07, /* [ 4252] OBJ_setext_track2 */
-+ 0x67,0x2A,0x01,0x08, /* [ 4256] OBJ_setext_cv */
-+ 0x67,0x2A,0x05,0x00, /* [ 4260] OBJ_set_policy_root */
-+ 0x67,0x2A,0x07,0x00, /* [ 4264] OBJ_setCext_hashedRoot */
-+ 0x67,0x2A,0x07,0x01, /* [ 4268] OBJ_setCext_certType */
-+ 0x67,0x2A,0x07,0x02, /* [ 4272] OBJ_setCext_merchData */
-+ 0x67,0x2A,0x07,0x03, /* [ 4276] OBJ_setCext_cCertRequired */
-+ 0x67,0x2A,0x07,0x04, /* [ 4280] OBJ_setCext_tunneling */
-+ 0x67,0x2A,0x07,0x05, /* [ 4284] OBJ_setCext_setExt */
-+ 0x67,0x2A,0x07,0x06, /* [ 4288] OBJ_setCext_setQualf */
-+ 0x67,0x2A,0x07,0x07, /* [ 4292] OBJ_setCext_PGWYcapabilities */
-+ 0x67,0x2A,0x07,0x08, /* [ 4296] OBJ_setCext_TokenIdentifier */
-+ 0x67,0x2A,0x07,0x09, /* [ 4300] OBJ_setCext_Track2Data */
-+ 0x67,0x2A,0x07,0x0A, /* [ 4304] OBJ_setCext_TokenType */
-+ 0x67,0x2A,0x07,0x0B, /* [ 4308] OBJ_setCext_IssuerCapabilities */
-+ 0x67,0x2A,0x03,0x00, /* [ 4312] OBJ_setAttr_Cert */
-+ 0x67,0x2A,0x03,0x01, /* [ 4316] OBJ_setAttr_PGWYcap */
-+ 0x67,0x2A,0x03,0x02, /* [ 4320] OBJ_setAttr_TokenType */
-+ 0x67,0x2A,0x03,0x03, /* [ 4324] OBJ_setAttr_IssCap */
-+ 0x67,0x2A,0x03,0x00,0x00, /* [ 4328] OBJ_set_rootKeyThumb */
-+ 0x67,0x2A,0x03,0x00,0x01, /* [ 4333] OBJ_set_addPolicy */
-+ 0x67,0x2A,0x03,0x02,0x01, /* [ 4338] OBJ_setAttr_Token_EMV */
-+ 0x67,0x2A,0x03,0x02,0x02, /* [ 4343] OBJ_setAttr_Token_B0Prime */
-+ 0x67,0x2A,0x03,0x03,0x03, /* [ 4348] OBJ_setAttr_IssCap_CVM */
-+ 0x67,0x2A,0x03,0x03,0x04, /* [ 4353] OBJ_setAttr_IssCap_T2 */
-+ 0x67,0x2A,0x03,0x03,0x05, /* [ 4358] OBJ_setAttr_IssCap_Sig */
-+ 0x67,0x2A,0x03,0x03,0x03,0x01, /* [ 4363] OBJ_setAttr_GenCryptgrm */
-+ 0x67,0x2A,0x03,0x03,0x04,0x01, /* [ 4369] OBJ_setAttr_T2Enc */
-+ 0x67,0x2A,0x03,0x03,0x04,0x02, /* [ 4375] OBJ_setAttr_T2cleartxt */
-+ 0x67,0x2A,0x03,0x03,0x05,0x01, /* [ 4381] OBJ_setAttr_TokICCsig */
-+ 0x67,0x2A,0x03,0x03,0x05,0x02, /* [ 4387] OBJ_setAttr_SecDevSig */
-+ 0x67,0x2A,0x08,0x01, /* [ 4393] OBJ_set_brand_IATA_ATA */
-+ 0x67,0x2A,0x08,0x1E, /* [ 4397] OBJ_set_brand_Diners */
-+ 0x67,0x2A,0x08,0x22, /* [ 4401] OBJ_set_brand_AmericanExpress */
-+ 0x67,0x2A,0x08,0x23, /* [ 4405] OBJ_set_brand_JCB */
-+ 0x67,0x2A,0x08,0x04, /* [ 4409] OBJ_set_brand_Visa */
-+ 0x67,0x2A,0x08,0x05, /* [ 4413] OBJ_set_brand_MasterCard */
-+ 0x67,0x2A,0x08,0xAE,0x7B, /* [ 4417] OBJ_set_brand_Novus */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [ 4422] OBJ_des_cdmf */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06, /* [ 4430] OBJ_rsaOAEPEncryptionSET */
-+ 0x67, /* [ 4439] OBJ_international_organizations */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02, /* [ 4440] OBJ_ms_smartcard_login */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03, /* [ 4450] OBJ_ms_upn */
-+ 0x55,0x04,0x09, /* [ 4460] OBJ_streetAddress */
-+ 0x55,0x04,0x11, /* [ 4463] OBJ_postalCode */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [ 4466] OBJ_id_ppl */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [ 4473] OBJ_proxyCertInfo */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [ 4481] OBJ_id_ppl_anyLanguage */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [ 4489] OBJ_id_ppl_inheritAll */
-+ 0x55,0x1D,0x1E, /* [ 4497] OBJ_name_constraints */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [ 4500] OBJ_Independent */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, /* [ 4508] OBJ_sha256WithRSAEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C, /* [ 4517] OBJ_sha384WithRSAEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D, /* [ 4526] OBJ_sha512WithRSAEncryption */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E, /* [ 4535] OBJ_sha224WithRSAEncryption */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, /* [ 4544] OBJ_sha256 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02, /* [ 4553] OBJ_sha384 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03, /* [ 4562] OBJ_sha512 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04, /* [ 4571] OBJ_sha224 */
-+ 0x2B, /* [ 4580] OBJ_identified_organization */
-+ 0x2B,0x81,0x04, /* [ 4581] OBJ_certicom_arc */
-+ 0x67,0x2B, /* [ 4584] OBJ_wap */
-+ 0x67,0x2B,0x01, /* [ 4586] OBJ_wap_wsg */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01, /* [ 4597] OBJ_X9_62_onBasis */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02, /* [ 4606] OBJ_X9_62_tpBasis */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03, /* [ 4615] OBJ_X9_62_ppBasis */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [ 4624] OBJ_X9_62_c2pnb163v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [ 4632] OBJ_X9_62_c2pnb163v2 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [ 4640] OBJ_X9_62_c2pnb163v3 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [ 4648] OBJ_X9_62_c2pnb176v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [ 4656] OBJ_X9_62_c2tnb191v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [ 4664] OBJ_X9_62_c2tnb191v2 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [ 4672] OBJ_X9_62_c2tnb191v3 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [ 4680] OBJ_X9_62_c2onb191v4 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [ 4688] OBJ_X9_62_c2onb191v5 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [ 4696] OBJ_X9_62_c2pnb208w1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [ 4704] OBJ_X9_62_c2tnb239v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [ 4712] OBJ_X9_62_c2tnb239v2 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [ 4720] OBJ_X9_62_c2tnb239v3 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [ 4728] OBJ_X9_62_c2onb239v4 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [ 4736] OBJ_X9_62_c2onb239v5 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [ 4744] OBJ_X9_62_c2pnb272w1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [ 4752] OBJ_X9_62_c2pnb304w1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [ 4760] OBJ_X9_62_c2tnb359v1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [ 4768] OBJ_X9_62_c2pnb368w1 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [ 4776] OBJ_X9_62_c2tnb431r1 */
-+ 0x2B,0x81,0x04,0x00,0x06, /* [ 4784] OBJ_secp112r1 */
-+ 0x2B,0x81,0x04,0x00,0x07, /* [ 4789] OBJ_secp112r2 */
-+ 0x2B,0x81,0x04,0x00,0x1C, /* [ 4794] OBJ_secp128r1 */
-+ 0x2B,0x81,0x04,0x00,0x1D, /* [ 4799] OBJ_secp128r2 */
-+ 0x2B,0x81,0x04,0x00,0x09, /* [ 4804] OBJ_secp160k1 */
-+ 0x2B,0x81,0x04,0x00,0x08, /* [ 4809] OBJ_secp160r1 */
-+ 0x2B,0x81,0x04,0x00,0x1E, /* [ 4814] OBJ_secp160r2 */
-+ 0x2B,0x81,0x04,0x00,0x1F, /* [ 4819] OBJ_secp192k1 */
-+ 0x2B,0x81,0x04,0x00,0x20, /* [ 4824] OBJ_secp224k1 */
-+ 0x2B,0x81,0x04,0x00,0x21, /* [ 4829] OBJ_secp224r1 */
-+ 0x2B,0x81,0x04,0x00,0x0A, /* [ 4834] OBJ_secp256k1 */
-+ 0x2B,0x81,0x04,0x00,0x22, /* [ 4839] OBJ_secp384r1 */
-+ 0x2B,0x81,0x04,0x00,0x23, /* [ 4844] OBJ_secp521r1 */
-+ 0x2B,0x81,0x04,0x00,0x04, /* [ 4849] OBJ_sect113r1 */
-+ 0x2B,0x81,0x04,0x00,0x05, /* [ 4854] OBJ_sect113r2 */
-+ 0x2B,0x81,0x04,0x00,0x16, /* [ 4859] OBJ_sect131r1 */
-+ 0x2B,0x81,0x04,0x00,0x17, /* [ 4864] OBJ_sect131r2 */
-+ 0x2B,0x81,0x04,0x00,0x01, /* [ 4869] OBJ_sect163k1 */
-+ 0x2B,0x81,0x04,0x00,0x02, /* [ 4874] OBJ_sect163r1 */
-+ 0x2B,0x81,0x04,0x00,0x0F, /* [ 4879] OBJ_sect163r2 */
-+ 0x2B,0x81,0x04,0x00,0x18, /* [ 4884] OBJ_sect193r1 */
-+ 0x2B,0x81,0x04,0x00,0x19, /* [ 4889] OBJ_sect193r2 */
-+ 0x2B,0x81,0x04,0x00,0x1A, /* [ 4894] OBJ_sect233k1 */
-+ 0x2B,0x81,0x04,0x00,0x1B, /* [ 4899] OBJ_sect233r1 */
-+ 0x2B,0x81,0x04,0x00,0x03, /* [ 4904] OBJ_sect239k1 */
-+ 0x2B,0x81,0x04,0x00,0x10, /* [ 4909] OBJ_sect283k1 */
-+ 0x2B,0x81,0x04,0x00,0x11, /* [ 4914] OBJ_sect283r1 */
-+ 0x2B,0x81,0x04,0x00,0x24, /* [ 4919] OBJ_sect409k1 */
-+ 0x2B,0x81,0x04,0x00,0x25, /* [ 4924] OBJ_sect409r1 */
-+ 0x2B,0x81,0x04,0x00,0x26, /* [ 4929] OBJ_sect571k1 */
-+ 0x2B,0x81,0x04,0x00,0x27, /* [ 4934] OBJ_sect571r1 */
-+ 0x67,0x2B,0x01,0x04,0x01, /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */
-+ 0x67,0x2B,0x01,0x04,0x03, /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */
-+ 0x67,0x2B,0x01,0x04,0x04, /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */
-+ 0x67,0x2B,0x01,0x04,0x05, /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */
-+ 0x67,0x2B,0x01,0x04,0x06, /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */
-+ 0x67,0x2B,0x01,0x04,0x07, /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */
-+ 0x67,0x2B,0x01,0x04,0x08, /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */
-+ 0x67,0x2B,0x01,0x04,0x09, /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */
-+ 0x67,0x2B,0x01,0x04,0x0A, /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */
-+ 0x67,0x2B,0x01,0x04,0x0B, /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */
-+ 0x67,0x2B,0x01,0x04,0x0C, /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */
-+ 0x55,0x1D,0x20,0x00, /* [ 4994] OBJ_any_policy */
-+ 0x55,0x1D,0x21, /* [ 4998] OBJ_policy_mappings */
-+ 0x55,0x1D,0x36, /* [ 5001] OBJ_inhibit_any_policy */
-+ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02, /* [ 5004] OBJ_camellia_128_cbc */
-+ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03, /* [ 5015] OBJ_camellia_192_cbc */
-+ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04, /* [ 5026] OBJ_camellia_256_cbc */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [ 5037] OBJ_camellia_128_ecb */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [ 5045] OBJ_camellia_192_ecb */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [ 5053] OBJ_camellia_256_ecb */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [ 5061] OBJ_camellia_128_cfb128 */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [ 5069] OBJ_camellia_192_cfb128 */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [ 5077] OBJ_camellia_256_cfb128 */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [ 5085] OBJ_camellia_128_ofb128 */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [ 5093] OBJ_camellia_192_ofb128 */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [ 5101] OBJ_camellia_256_ofb128 */
-+ 0x55,0x1D,0x09, /* [ 5109] OBJ_subject_directory_attributes */
-+ 0x55,0x1D,0x1C, /* [ 5112] OBJ_issuing_distribution_point */
-+ 0x55,0x1D,0x1D, /* [ 5115] OBJ_certificate_issuer */
-+ 0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [ 5118] OBJ_kisa */
-+ 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [ 5124] OBJ_seed_ecb */
-+ 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [ 5132] OBJ_seed_cbc */
-+ 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [ 5140] OBJ_seed_ofb128 */
-+ 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [ 5148] OBJ_seed_cfb128 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [ 5156] OBJ_hmac_md5 */
-+ 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [ 5164] OBJ_hmac_sha1 */
-+ 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D, /* [ 5172] OBJ_id_PasswordBasedMAC */
-+ 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E, /* [ 5181] OBJ_id_DHBasedMac */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [ 5190] OBJ_id_it_suppLangTags */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [ 5198] OBJ_caRepository */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09, /* [ 5206] OBJ_id_smime_ct_compressedData */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B, /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05, /* [ 5228] OBJ_id_aes128_wrap */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19, /* [ 5237] OBJ_id_aes192_wrap */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D, /* [ 5246] OBJ_id_aes256_wrap */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [ 5255] OBJ_ecdsa_with_Recommended */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [ 5262] OBJ_ecdsa_with_Specified */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [ 5269] OBJ_ecdsa_with_SHA224 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [ 5277] OBJ_ecdsa_with_SHA256 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [ 5285] OBJ_ecdsa_with_SHA384 */
-+ 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [ 5293] OBJ_ecdsa_with_SHA512 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [ 5301] OBJ_hmacWithMD5 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [ 5309] OBJ_hmacWithSHA224 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [ 5317] OBJ_hmacWithSHA256 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [ 5325] OBJ_hmacWithSHA384 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [ 5333] OBJ_hmacWithSHA512 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01, /* [ 5341] OBJ_dsa_with_SHA224 */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02, /* [ 5350] OBJ_dsa_with_SHA256 */
-+ 0x28,0xCF,0x06,0x03,0x00,0x37, /* [ 5359] OBJ_whirlpool */
-+ 0x2A,0x85,0x03,0x02,0x02, /* [ 5365] OBJ_cryptopro */
-+ 0x2A,0x85,0x03,0x02,0x09, /* [ 5370] OBJ_cryptocom */
-+ 0x2A,0x85,0x03,0x02,0x02,0x03, /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x04, /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x09, /* [ 5387] OBJ_id_GostR3411_94 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x0A, /* [ 5393] OBJ_id_HMACGostR3411_94 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x13, /* [ 5399] OBJ_id_GostR3410_2001 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x14, /* [ 5405] OBJ_id_GostR3410_94 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x15, /* [ 5411] OBJ_id_Gost28147_89 */
-+ 0x2A,0x85,0x03,0x02,0x02,0x16, /* [ 5417] OBJ_id_Gost28147_89_MAC */
-+ 0x2A,0x85,0x03,0x02,0x02,0x17, /* [ 5423] OBJ_id_GostR3411_94_prf */
-+ 0x2A,0x85,0x03,0x02,0x02,0x62, /* [ 5429] OBJ_id_GostR3410_2001DH */
-+ 0x2A,0x85,0x03,0x02,0x02,0x63, /* [ 5435] OBJ_id_GostR3410_94DH */
-+ 0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
-+ 0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
-+ 0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [ 5623] OBJ_id_GostR3410_94_a */
-+ 0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [ 5630] OBJ_id_GostR3410_94_aBis */
-+ 0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [ 5637] OBJ_id_GostR3410_94_b */
-+ 0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [ 5644] OBJ_id_GostR3410_94_bBis */
-+ 0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [ 5651] OBJ_id_Gost28147_89_cc */
-+ 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [ 5659] OBJ_id_GostR3410_94_cc */
-+ 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [ 5667] OBJ_id_GostR3410_2001_cc */
-+ 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
-+ 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
-+ 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02, /* [ 5699] OBJ_LocalKeySet */
-+ 0x55,0x1D,0x2E, /* [ 5708] OBJ_freshest_crl */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [ 5711] OBJ_id_on_permanentIdentifier */
-+ 0x55,0x04,0x0E, /* [ 5719] OBJ_searchGuide */
-+ 0x55,0x04,0x0F, /* [ 5722] OBJ_businessCategory */
-+ 0x55,0x04,0x10, /* [ 5725] OBJ_postalAddress */
-+ 0x55,0x04,0x12, /* [ 5728] OBJ_postOfficeBox */
-+ 0x55,0x04,0x13, /* [ 5731] OBJ_physicalDeliveryOfficeName */
-+ 0x55,0x04,0x14, /* [ 5734] OBJ_telephoneNumber */
-+ 0x55,0x04,0x15, /* [ 5737] OBJ_telexNumber */
-+ 0x55,0x04,0x16, /* [ 5740] OBJ_teletexTerminalIdentifier */
-+ 0x55,0x04,0x17, /* [ 5743] OBJ_facsimileTelephoneNumber */
-+ 0x55,0x04,0x18, /* [ 5746] OBJ_x121Address */
-+ 0x55,0x04,0x19, /* [ 5749] OBJ_internationaliSDNNumber */
-+ 0x55,0x04,0x1A, /* [ 5752] OBJ_registeredAddress */
-+ 0x55,0x04,0x1B, /* [ 5755] OBJ_destinationIndicator */
-+ 0x55,0x04,0x1C, /* [ 5758] OBJ_preferredDeliveryMethod */
-+ 0x55,0x04,0x1D, /* [ 5761] OBJ_presentationAddress */
-+ 0x55,0x04,0x1E, /* [ 5764] OBJ_supportedApplicationContext */
-+ 0x55,0x04,0x1F, /* [ 5767] OBJ_member */
-+ 0x55,0x04,0x20, /* [ 5770] OBJ_owner */
-+ 0x55,0x04,0x21, /* [ 5773] OBJ_roleOccupant */
-+ 0x55,0x04,0x22, /* [ 5776] OBJ_seeAlso */
-+ 0x55,0x04,0x23, /* [ 5779] OBJ_userPassword */
-+ 0x55,0x04,0x24, /* [ 5782] OBJ_userCertificate */
-+ 0x55,0x04,0x25, /* [ 5785] OBJ_cACertificate */
-+ 0x55,0x04,0x26, /* [ 5788] OBJ_authorityRevocationList */
-+ 0x55,0x04,0x27, /* [ 5791] OBJ_certificateRevocationList */
-+ 0x55,0x04,0x28, /* [ 5794] OBJ_crossCertificatePair */
-+ 0x55,0x04,0x2F, /* [ 5797] OBJ_enhancedSearchGuide */
-+ 0x55,0x04,0x30, /* [ 5800] OBJ_protocolInformation */
-+ 0x55,0x04,0x31, /* [ 5803] OBJ_distinguishedName */
-+ 0x55,0x04,0x32, /* [ 5806] OBJ_uniqueMember */
-+ 0x55,0x04,0x33, /* [ 5809] OBJ_houseIdentifier */
-+ 0x55,0x04,0x34, /* [ 5812] OBJ_supportedAlgorithms */
-+ 0x55,0x04,0x35, /* [ 5815] OBJ_deltaRevocationList */
-+ 0x55,0x04,0x36, /* [ 5818] OBJ_dmdName */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09, /* [ 5821] OBJ_id_alg_PWRI_KEK */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06, /* [ 5832] OBJ_aes_128_gcm */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07, /* [ 5841] OBJ_aes_128_ccm */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08, /* [ 5850] OBJ_id_aes128_wrap_pad */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A, /* [ 5859] OBJ_aes_192_gcm */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B, /* [ 5868] OBJ_aes_192_ccm */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C, /* [ 5877] OBJ_id_aes192_wrap_pad */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E, /* [ 5886] OBJ_aes_256_gcm */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F, /* [ 5895] OBJ_aes_256_ccm */
-+ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30, /* [ 5904] OBJ_id_aes256_wrap_pad */
-+ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02, /* [ 5913] OBJ_id_camellia128_wrap */
-+ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03, /* [ 5924] OBJ_id_camellia192_wrap */
-+ 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04, /* [ 5935] OBJ_id_camellia256_wrap */
-+ 0x55,0x1D,0x25,0x00, /* [ 5946] OBJ_anyExtendedKeyUsage */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08, /* [ 5950] OBJ_mgf1 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A, /* [ 5959] OBJ_rsassaPss */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07, /* [ 5968] OBJ_rsaesOaep */
-+ 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [ 5977] OBJ_dhpublicnumber */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01, /* [ 5984] OBJ_brainpoolP160r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02, /* [ 5993] OBJ_brainpoolP160t1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03, /* [ 6002] OBJ_brainpoolP192r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04, /* [ 6011] OBJ_brainpoolP192t1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05, /* [ 6020] OBJ_brainpoolP224r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06, /* [ 6029] OBJ_brainpoolP224t1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07, /* [ 6038] OBJ_brainpoolP256r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08, /* [ 6047] OBJ_brainpoolP256t1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09, /* [ 6056] OBJ_brainpoolP320r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A, /* [ 6065] OBJ_brainpoolP320t1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B, /* [ 6074] OBJ_brainpoolP384r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C, /* [ 6083] OBJ_brainpoolP384t1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D, /* [ 6092] OBJ_brainpoolP512r1 */
-+ 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E, /* [ 6101] OBJ_brainpoolP512t1 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09, /* [ 6110] OBJ_pSpecified */
-+ 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02, /* [ 6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0B,0x00, /* [ 6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0B,0x01, /* [ 6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0B,0x02, /* [ 6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0B,0x03, /* [ 6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
-+ 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03, /* [ 6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0E,0x00, /* [ 6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0E,0x01, /* [ 6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0E,0x02, /* [ 6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
-+ 0x2B,0x81,0x04,0x01,0x0E,0x03, /* [ 6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
-+ 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, /* [ 6185] OBJ_ct_precert_scts */
-+ 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03, /* [ 6195] OBJ_ct_precert_poison */
-+ 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04, /* [ 6205] OBJ_ct_precert_signer */
-+ 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05, /* [ 6215] OBJ_ct_cert_scts */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01, /* [ 6225] OBJ_jurisdictionLocalityName */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02, /* [ 6236] OBJ_jurisdictionStateOrProvinceName */
-+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, /* [ 6247] OBJ_jurisdictionCountryName */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [ 6258] OBJ_camellia_128_gcm */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [ 6266] OBJ_camellia_128_ccm */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [ 6274] OBJ_camellia_128_ctr */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [ 6282] OBJ_camellia_128_cmac */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [ 6290] OBJ_camellia_192_gcm */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [ 6298] OBJ_camellia_192_ccm */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [ 6306] OBJ_camellia_192_ctr */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [ 6314] OBJ_camellia_192_cmac */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [ 6322] OBJ_camellia_256_gcm */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [ 6330] OBJ_camellia_256_ccm */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [ 6338] OBJ_camellia_256_ctr */
-+ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [ 6346] OBJ_camellia_256_cmac */
-+ 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B, /* [ 6354] OBJ_id_scrypt */
-+ 0x2A,0x85,0x03,0x07,0x01, /* [ 6363] OBJ_id_tc26 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01, /* [ 6368] OBJ_id_tc26_algorithms */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [ 6374] OBJ_id_tc26_sign */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [ 6381] OBJ_id_GostR3410_2012_256 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [ 6389] OBJ_id_GostR3410_2012_512 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [ 6397] OBJ_id_tc26_digest */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [ 6404] OBJ_id_GostR3411_2012_256 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [ 6412] OBJ_id_GostR3411_2012_512 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [ 6420] OBJ_id_tc26_signwithdigest */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [ 6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [ 6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [ 6443] OBJ_id_tc26_mac */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [ 6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [ 6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [ 6466] OBJ_id_tc26_cipher */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [ 6473] OBJ_id_tc26_agreement */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [ 6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [ 6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02, /* [ 6496] OBJ_id_tc26_constants */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [ 6502] OBJ_id_tc26_sign_constants */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [ 6509] OBJ_id_tc26_gost_3410_2012_512_constants */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00, /* [ 6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01, /* [ 6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02, /* [ 6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [ 6544] OBJ_id_tc26_digest_constants */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [ 6551] OBJ_id_tc26_cipher_constants */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [ 6558] OBJ_id_tc26_gost_28147_constants */
-+ 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01, /* [ 6566] OBJ_id_tc26_gost_28147_param_Z */
-+ 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [ 6575] OBJ_INN */
-+ 0x2A,0x85,0x03,0x64,0x01, /* [ 6583] OBJ_OGRN */
-+ 0x2A,0x85,0x03,0x64,0x03, /* [ 6588] OBJ_SNILS */
-+ 0x2A,0x85,0x03,0x64,0x6F, /* [ 6593] OBJ_subjectSignTool */
-+ 0x2A,0x85,0x03,0x64,0x70, /* [ 6598] OBJ_issuerSignTool */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [ 6603] OBJ_tlsfeature */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [ 6611] OBJ_ipsec_IKE */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [ 6619] OBJ_capwapAC */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [ 6627] OBJ_capwapWTP */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [ 6635] OBJ_sshClient */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [ 6643] OBJ_sshServer */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [ 6651] OBJ_sendRouter */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [ 6659] OBJ_sendProxiedRouter */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [ 6667] OBJ_sendOwner */
-+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [ 6675] OBJ_sendProxiedOwner */
-+ 0x2B,0x06,0x01,0x05,0x02,0x03, /* [ 6683] OBJ_id_pkinit */
-+ 0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [ 6689] OBJ_pkInitClientAuth */
-+ 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [ 6696] OBJ_pkInitKDC */
-+ 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01, /* [ 6703] OBJ_X25519 */
-+ 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x02, /* [ 6712] OBJ_X448 */
-+ 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6721] OBJ_blake2b512 */
-+ 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6732] OBJ_blake2s256 */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6743] OBJ_id_smime_ct_contentCollection */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6754] OBJ_id_smime_ct_authEnvelopedData */
-+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6765] OBJ_id_ct_xml */
- };
-
--static const ASN1_OBJECT nid_objs[NUM_NID]={
--{"UNDEF","undefined",NID_undef,0,NULL,0},
--{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
--{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
--{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
--{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
--{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
--{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
--{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-- &(lvalues[46]),0},
--{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-- &(lvalues[55]),0},
--{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
-- &(lvalues[64]),0},
--{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
-- &(lvalues[73]),0},
--{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0},
--{"X509","X509",NID_X509,2,&(lvalues[83]),0},
--{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
--{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
--{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
--{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
--{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
--{"OU","organizationalUnitName",NID_organizationalUnitName,3,
-- &(lvalues[100]),0},
--{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
--{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
--{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
--{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-- &(lvalues[124]),0},
--{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-- &(lvalues[133]),0},
--{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-- NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
--{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-- &(lvalues[151]),0},
--{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-- &(lvalues[160]),0},
--{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
--{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-- &(lvalues[177]),0},
--{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
--{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
--{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
--{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0},
--{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0},
--{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0},
--{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0},
--{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0},
--{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0},
--{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0},
--{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0},
--{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0},
--{"SHA","sha",NID_sha,5,&(lvalues[225]),0},
--{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-- &(lvalues[230]),0},
--{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0},
--{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0},
--{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0},
--{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0},
--{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0},
--{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
-- &(lvalues[256]),0},
--{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-- &(lvalues[265]),0},
--{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0},
--{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-- &(lvalues[283]),0},
--{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0},
--{"countersignature","countersignature",NID_pkcs9_countersignature,9,
-- &(lvalues[301]),0},
--{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-- 9,&(lvalues[310]),0},
--{"unstructuredAddress","unstructuredAddress",
-- NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0},
--{"extendedCertificateAttributes","extendedCertificateAttributes",
-- NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0},
--{"Netscape","Netscape Communications Corp.",NID_netscape,7,
-- &(lvalues[337]),0},
--{"nsCertExt","Netscape Certificate Extension",
-- NID_netscape_cert_extension,8,&(lvalues[344]),0},
--{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-- &(lvalues[352]),0},
--{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0},
--{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0},
--{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0},
--{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},
--{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0},
--{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-- &(lvalues[365]),0},
--{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0},
--{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0},
--{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
-- 9,&(lvalues[384]),0},
--{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0},
--{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0},
--{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-- &(lvalues[407]),0},
--{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-- &(lvalues[416]),0},
--{"nsRevocationUrl","Netscape Revocation Url",
-- NID_netscape_revocation_url,9,&(lvalues[425]),0},
--{"nsCaRevocationUrl","Netscape CA Revocation Url",
-- NID_netscape_ca_revocation_url,9,&(lvalues[434]),0},
--{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-- &(lvalues[443]),0},
--{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-- 9,&(lvalues[452]),0},
--{"nsSslServerName","Netscape SSL Server Name",
-- NID_netscape_ssl_server_name,9,&(lvalues[461]),0},
--{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0},
--{"nsCertSequence","Netscape Certificate Sequence",
-- NID_netscape_cert_sequence,9,&(lvalues[479]),0},
--{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0},
--{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0},
--{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-- NID_subject_key_identifier,3,&(lvalues[490]),0},
--{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0},
--{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-- NID_private_key_usage_period,3,&(lvalues[496]),0},
--{"subjectAltName","X509v3 Subject Alternative Name",
-- NID_subject_alt_name,3,&(lvalues[499]),0},
--{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-- 3,&(lvalues[502]),0},
--{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-- 3,&(lvalues[505]),0},
--{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0},
--{"certificatePolicies","X509v3 Certificate Policies",
-- NID_certificate_policies,3,&(lvalues[511]),0},
--{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-- NID_authority_key_identifier,3,&(lvalues[514]),0},
--{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0},
--{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0},
--{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0},
--{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0},
--{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0},
--{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0},
--{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0},
--{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0},
--{"GN","givenName",NID_givenName,3,&(lvalues[534]),0},
--{"SN","surname",NID_surname,3,&(lvalues[537]),0},
--{"initials","initials",NID_initials,3,&(lvalues[540]),0},
--{"uid","uniqueIdentifier",NID_uniqueIdentifier,10,&(lvalues[543]),0},
--{"crlDistributionPoints","X509v3 CRL Distribution Points",
-- NID_crl_distribution_points,3,&(lvalues[553]),0},
--{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[556]),0},
--{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[561]),0},
--{"title","title",NID_title,3,&(lvalues[564]),0},
--{"description","description",NID_description,3,&(lvalues[567]),0},
--{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[570]),0},
--{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0},
--{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0},
--{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0},
--{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-- NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[579]),0},
--{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[588]),0},
--{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0},
--{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[595]),0},
--{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[600]),0},
--{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[607]),0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-- &(lvalues[612]),0},
--{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[618]),0},
--{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0},
--{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
--{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[626]),0},
--{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-- &(lvalues[637]),0},
--{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[640]),0},
--{"id-kp","id-kp",NID_id_kp,7,&(lvalues[646]),0},
--{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-- &(lvalues[653]),0},
--{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-- &(lvalues[661]),0},
--{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[669]),0},
--{"emailProtection","E-mail Protection",NID_email_protect,8,
-- &(lvalues[677]),0},
--{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[685]),0},
--{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-- &(lvalues[693]),0},
--{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-- &(lvalues[703]),0},
--{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-- &(lvalues[713]),0},
--{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[723]),0},
--{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-- &(lvalues[733]),0},
--{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[743]),0},
--{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-- &(lvalues[752]),0},
--{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[755]),0},
--{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-- &(lvalues[758]),0},
--{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[761]),0},
--{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-- NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[766]),0},
--{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-- NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[776]),0},
--{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[786]),0},
--{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-- NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[796]),0},
--{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-- NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[806]),0},
--{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-- NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[816]),0},
--{"keyBag","keyBag",NID_keyBag,11,&(lvalues[826]),0},
--{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-- 11,&(lvalues[837]),0},
--{"certBag","certBag",NID_certBag,11,&(lvalues[848]),0},
--{"crlBag","crlBag",NID_crlBag,11,&(lvalues[859]),0},
--{"secretBag","secretBag",NID_secretBag,11,&(lvalues[870]),0},
--{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-- &(lvalues[881]),0},
--{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[892]),0},
--{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[901]),0},
--{"x509Certificate","x509Certificate",NID_x509Certificate,10,
-- &(lvalues[910]),0},
--{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-- &(lvalues[920]),0},
--{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[930]),0},
--{"PBES2","PBES2",NID_pbes2,9,&(lvalues[940]),0},
--{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[949]),0},
--{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[958]),0},
--{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[966]),0},
--{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-- &(lvalues[974]),0},
--{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
--{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-- &(lvalues[982]),0},
--{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-- &(lvalues[991]),0},
--{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-- &(lvalues[1000]),0},
--{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-- &(lvalues[1009]),0},
--{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-- &(lvalues[1018]),0},
--{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1028]),0},
--{"name","name",NID_name,3,&(lvalues[1037]),0},
--{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1040]),0},
--{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1043]),0},
--{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1050]),0},
--{"authorityInfoAccess","Authority Information Access",NID_info_access,
-- 8,&(lvalues[1057]),0},
--{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1065]),0},
--{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1073]),0},
--{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1081]),0},
--{"ISO","iso",NID_iso,0,NULL,0},
--{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1089]),0},
--{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1090]),0},
--{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1093]),0},
--{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1098]),0},
--{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1104]),0},
--{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1112]),0},
--{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1120]),0},
--{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1129]),0},
--{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1139]),0},
--{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1149]),0},
--{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1159]),0},
--{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1169]),0},
--{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1179]),0},
--{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1189]),0},
--{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-- &(lvalues[1199]),0},
--{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-- &(lvalues[1210]),0},
--{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-- &(lvalues[1221]),0},
--{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-- 11,&(lvalues[1232]),0},
--{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-- NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1243]),0},
--{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-- NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1254]),0},
--{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-- NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1265]),0},
--{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-- NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1276]),0},
--{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-- 11,&(lvalues[1287]),0},
--{"id-smime-ct-authData","id-smime-ct-authData",
-- NID_id_smime_ct_authData,11,&(lvalues[1298]),0},
--{"id-smime-ct-publishCert","id-smime-ct-publishCert",
-- NID_id_smime_ct_publishCert,11,&(lvalues[1309]),0},
--{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-- 11,&(lvalues[1320]),0},
--{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-- 11,&(lvalues[1331]),0},
--{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-- NID_id_smime_ct_contentInfo,11,&(lvalues[1342]),0},
--{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-- NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1353]),0},
--{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-- NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1364]),0},
--{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-- NID_id_smime_aa_receiptRequest,11,&(lvalues[1375]),0},
--{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-- NID_id_smime_aa_securityLabel,11,&(lvalues[1386]),0},
--{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-- NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1397]),0},
--{"id-smime-aa-contentHint","id-smime-aa-contentHint",
-- NID_id_smime_aa_contentHint,11,&(lvalues[1408]),0},
--{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-- NID_id_smime_aa_msgSigDigest,11,&(lvalues[1419]),0},
--{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-- NID_id_smime_aa_encapContentType,11,&(lvalues[1430]),0},
--{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-- NID_id_smime_aa_contentIdentifier,11,&(lvalues[1441]),0},
--{"id-smime-aa-macValue","id-smime-aa-macValue",
-- NID_id_smime_aa_macValue,11,&(lvalues[1452]),0},
--{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-- NID_id_smime_aa_equivalentLabels,11,&(lvalues[1463]),0},
--{"id-smime-aa-contentReference","id-smime-aa-contentReference",
-- NID_id_smime_aa_contentReference,11,&(lvalues[1474]),0},
--{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-- NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1485]),0},
--{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-- NID_id_smime_aa_signingCertificate,11,&(lvalues[1496]),0},
--{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-- NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1507]),0},
--{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-- NID_id_smime_aa_timeStampToken,11,&(lvalues[1518]),0},
--{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-- NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1529]),0},
--{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-- NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1540]),0},
--{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-- NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1551]),0},
--{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-- NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1562]),0},
--{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-- NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1573]),0},
--{"id-smime-aa-ets-contentTimestamp",
-- "id-smime-aa-ets-contentTimestamp",
-- NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1584]),0},
--{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-- NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1595]),0},
--{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-- NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1606]),0},
--{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-- NID_id_smime_aa_ets_certValues,11,&(lvalues[1617]),0},
--{"id-smime-aa-ets-revocationValues",
-- "id-smime-aa-ets-revocationValues",
-- NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1628]),0},
--{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-- NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1639]),0},
--{"id-smime-aa-ets-certCRLTimestamp",
-- "id-smime-aa-ets-certCRLTimestamp",
-- NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1650]),0},
--{"id-smime-aa-ets-archiveTimeStamp",
-- "id-smime-aa-ets-archiveTimeStamp",
-- NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1661]),0},
--{"id-smime-aa-signatureType","id-smime-aa-signatureType",
-- NID_id_smime_aa_signatureType,11,&(lvalues[1672]),0},
--{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-- NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1683]),0},
--{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-- NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1694]),0},
--{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-- NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1705]),0},
--{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-- NID_id_smime_alg_3DESwrap,11,&(lvalues[1716]),0},
--{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-- NID_id_smime_alg_RC2wrap,11,&(lvalues[1727]),0},
--{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-- &(lvalues[1738]),0},
--{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-- NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1749]),0},
--{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-- NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1760]),0},
--{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-- &(lvalues[1771]),0},
--{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-- NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1782]),0},
--{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-- NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1793]),0},
--{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-- NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1804]),0},
--{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-- NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1815]),0},
--{"id-smime-cti-ets-proofOfDelivery",
-- "id-smime-cti-ets-proofOfDelivery",
-- NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1826]),0},
--{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-- NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1837]),0},
--{"id-smime-cti-ets-proofOfApproval",
-- "id-smime-cti-ets-proofOfApproval",
-- NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1848]),0},
--{"id-smime-cti-ets-proofOfCreation",
-- "id-smime-cti-ets-proofOfCreation",
-- NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1859]),0},
--{"MD4","md4",NID_md4,8,&(lvalues[1870]),0},
--{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1878]),0},
--{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1885]),0},
--{"id-it","id-it",NID_id_it,7,&(lvalues[1892]),0},
--{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1899]),0},
--{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1906]),0},
--{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1913]),0},
--{"id-on","id-on",NID_id_on,7,&(lvalues[1920]),0},
--{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1927]),0},
--{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1934]),0},
--{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1941]),0},
--{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1948]),0},
--{"id-pkix1-explicit-88","id-pkix1-explicit-88",
-- NID_id_pkix1_explicit_88,8,&(lvalues[1955]),0},
--{"id-pkix1-implicit-88","id-pkix1-implicit-88",
-- NID_id_pkix1_implicit_88,8,&(lvalues[1963]),0},
--{"id-pkix1-explicit-93","id-pkix1-explicit-93",
-- NID_id_pkix1_explicit_93,8,&(lvalues[1971]),0},
--{"id-pkix1-implicit-93","id-pkix1-implicit-93",
-- NID_id_pkix1_implicit_93,8,&(lvalues[1979]),0},
--{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1987]),0},
--{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1995]),0},
--{"id-mod-kea-profile-88","id-mod-kea-profile-88",
-- NID_id_mod_kea_profile_88,8,&(lvalues[2003]),0},
--{"id-mod-kea-profile-93","id-mod-kea-profile-93",
-- NID_id_mod_kea_profile_93,8,&(lvalues[2011]),0},
--{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2019]),0},
--{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-- NID_id_mod_qualified_cert_88,8,&(lvalues[2027]),0},
--{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-- NID_id_mod_qualified_cert_93,8,&(lvalues[2035]),0},
--{"id-mod-attribute-cert","id-mod-attribute-cert",
-- NID_id_mod_attribute_cert,8,&(lvalues[2043]),0},
--{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-- NID_id_mod_timestamp_protocol,8,&(lvalues[2051]),0},
--{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2059]),0},
--{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2067]),0},
--{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-- &(lvalues[2075]),0},
--{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2083]),0},
--{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2091]),0},
--{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-- &(lvalues[2099]),0},
--{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2107]),0},
--{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2115]),0},
--{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
-- &(lvalues[2123]),0},
--{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-- NID_sbgp_autonomousSysNum,8,&(lvalues[2131]),0},
--{"sbgp-routerIdentifier","sbgp-routerIdentifier",
-- NID_sbgp_routerIdentifier,8,&(lvalues[2139]),0},
--{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2147]),0},
--{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-- &(lvalues[2155]),0},
--{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2163]),0},
--{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2171]),0},
--{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2179]),0},
--{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-- 8,&(lvalues[2187]),0},
--{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-- NID_id_it_signKeyPairTypes,8,&(lvalues[2195]),0},
--{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-- NID_id_it_encKeyPairTypes,8,&(lvalues[2203]),0},
--{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-- NID_id_it_preferredSymmAlg,8,&(lvalues[2211]),0},
--{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-- NID_id_it_caKeyUpdateInfo,8,&(lvalues[2219]),0},
--{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-- &(lvalues[2227]),0},
--{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-- NID_id_it_unsupportedOIDs,8,&(lvalues[2235]),0},
--{"id-it-subscriptionRequest","id-it-subscriptionRequest",
-- NID_id_it_subscriptionRequest,8,&(lvalues[2243]),0},
--{"id-it-subscriptionResponse","id-it-subscriptionResponse",
-- NID_id_it_subscriptionResponse,8,&(lvalues[2251]),0},
--{"id-it-keyPairParamReq","id-it-keyPairParamReq",
-- NID_id_it_keyPairParamReq,8,&(lvalues[2259]),0},
--{"id-it-keyPairParamRep","id-it-keyPairParamRep",
-- NID_id_it_keyPairParamRep,8,&(lvalues[2267]),0},
--{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-- 8,&(lvalues[2275]),0},
--{"id-it-implicitConfirm","id-it-implicitConfirm",
-- NID_id_it_implicitConfirm,8,&(lvalues[2283]),0},
--{"id-it-confirmWaitTime","id-it-confirmWaitTime",
-- NID_id_it_confirmWaitTime,8,&(lvalues[2291]),0},
--{"id-it-origPKIMessage","id-it-origPKIMessage",
-- NID_id_it_origPKIMessage,8,&(lvalues[2299]),0},
--{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2307]),0},
--{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2315]),0},
--{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-- 9,&(lvalues[2323]),0},
--{"id-regCtrl-authenticator","id-regCtrl-authenticator",
-- NID_id_regCtrl_authenticator,9,&(lvalues[2332]),0},
--{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-- NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2341]),0},
--{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-- NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2350]),0},
--{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-- NID_id_regCtrl_oldCertID,9,&(lvalues[2359]),0},
--{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-- NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2368]),0},
--{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-- NID_id_regInfo_utf8Pairs,9,&(lvalues[2377]),0},
--{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-- &(lvalues[2386]),0},
--{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2395]),0},
--{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-- &(lvalues[2403]),0},
--{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-- NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2411]),0},
--{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2419]),0},
--{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-- &(lvalues[2427]),0},
--{"id-cmc-identification","id-cmc-identification",
-- NID_id_cmc_identification,8,&(lvalues[2435]),0},
--{"id-cmc-identityProof","id-cmc-identityProof",
-- NID_id_cmc_identityProof,8,&(lvalues[2443]),0},
--{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-- &(lvalues[2451]),0},
--{"id-cmc-transactionId","id-cmc-transactionId",
-- NID_id_cmc_transactionId,8,&(lvalues[2459]),0},
--{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-- &(lvalues[2467]),0},
--{"id-cmc-recipientNonce","id-cmc-recipientNonce",
-- NID_id_cmc_recipientNonce,8,&(lvalues[2475]),0},
--{"id-cmc-addExtensions","id-cmc-addExtensions",
-- NID_id_cmc_addExtensions,8,&(lvalues[2483]),0},
--{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-- 8,&(lvalues[2491]),0},
--{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-- 8,&(lvalues[2499]),0},
--{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-- NID_id_cmc_lraPOPWitness,8,&(lvalues[2507]),0},
--{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-- &(lvalues[2515]),0},
--{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2523]),0},
--{"id-cmc-revokeRequest","id-cmc-revokeRequest",
-- NID_id_cmc_revokeRequest,8,&(lvalues[2531]),0},
--{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-- &(lvalues[2539]),0},
--{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-- 8,&(lvalues[2547]),0},
--{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-- 8,&(lvalues[2555]),0},
--{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-- NID_id_cmc_popLinkRandom,8,&(lvalues[2563]),0},
--{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-- NID_id_cmc_popLinkWitness,8,&(lvalues[2571]),0},
--{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-- NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2579]),0},
--{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-- &(lvalues[2587]),0},
--{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-- &(lvalues[2595]),0},
--{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-- 8,&(lvalues[2603]),0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2611]),0},
--{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-- NID_id_pda_countryOfCitizenship,8,&(lvalues[2619]),0},
--{"id-pda-countryOfResidence","id-pda-countryOfResidence",
-- NID_id_pda_countryOfResidence,8,&(lvalues[2627]),0},
--{"id-aca-authenticationInfo","id-aca-authenticationInfo",
-- NID_id_aca_authenticationInfo,8,&(lvalues[2635]),0},
--{"id-aca-accessIdentity","id-aca-accessIdentity",
-- NID_id_aca_accessIdentity,8,&(lvalues[2643]),0},
--{"id-aca-chargingIdentity","id-aca-chargingIdentity",
-- NID_id_aca_chargingIdentity,8,&(lvalues[2651]),0},
--{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2659]),0},
--{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2667]),0},
--{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-- NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2675]),0},
--{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2683]),0},
--{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-- &(lvalues[2691]),0},
--{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-- &(lvalues[2699]),0},
--{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-- &(lvalues[2707]),0},
--{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2715]),0},
--{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-- &(lvalues[2723]),0},
--{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2732]),0},
--{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2741]),0},
--{"acceptableResponses","Acceptable OCSP Responses",
-- NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2750]),0},
--{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2759]),0},
--{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-- 9,&(lvalues[2768]),0},
--{"serviceLocator","OCSP Service Locator",
-- NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2777]),0},
--{"extendedStatus","Extended OCSP Status",
-- NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2786]),0},
--{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2795]),0},
--{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2804]),0},
--{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-- &(lvalues[2813]),0},
--{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2822]),0},
--{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2826]),0},
--{"X500algorithms","directory services - algorithms",
-- NID_X500algorithms,2,&(lvalues[2831]),0},
--{"ORG","org",NID_org,1,&(lvalues[2833]),0},
--{"DOD","dod",NID_dod,2,&(lvalues[2834]),0},
--{"IANA","iana",NID_iana,3,&(lvalues[2836]),0},
--{"directory","Directory",NID_Directory,4,&(lvalues[2839]),0},
--{"mgmt","Management",NID_Management,4,&(lvalues[2843]),0},
--{"experimental","Experimental",NID_Experimental,4,&(lvalues[2847]),0},
--{"private","Private",NID_Private,4,&(lvalues[2851]),0},
--{"security","Security",NID_Security,4,&(lvalues[2855]),0},
--{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2859]),0},
--{"Mail","Mail",NID_Mail,4,&(lvalues[2863]),0},
--{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2867]),0},
--{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2872]),0},
--{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2881]),0},
--{"domain","Domain",NID_Domain,10,&(lvalues[2891]),0},
--{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0},
--{"selected-attribute-types","Selected Attribute Types",
-- NID_selected_attribute_types,3,&(lvalues[2901]),0},
--{"clearance","clearance",NID_clearance,4,&(lvalues[2904]),0},
--{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-- &(lvalues[2908]),0},
--{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2917]),0},
--{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-- &(lvalues[2925]),0},
--{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-- &(lvalues[2933]),0},
--{"role","role",NID_role,3,&(lvalues[2941]),0},
--{"policyConstraints","X509v3 Policy Constraints",
-- NID_policy_constraints,3,&(lvalues[2944]),0},
--{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-- &(lvalues[2947]),0},
--{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-- &(lvalues[2950]),0},
--{"NULL","NULL",NID_ccitt,0,NULL,0},
--{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0},
--{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0},
--{"characteristic-two-field","characteristic-two-field",
-- NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0},
--{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-- &(lvalues[2972]),0},
--{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0},
--{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0},
--{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0},
--{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0},
--{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0},
--{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0},
--{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0},
--{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-- &(lvalues[3035]),0},
--{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0},
--{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0},
--{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0},
--{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0},
--{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0},
--{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0},
--{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0},
--{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0},
--{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0},
--{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0},
--{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0},
--{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0},
--{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0},
--{"holdInstructionCode","Hold Instruction Code",
-- NID_hold_instruction_code,3,&(lvalues[3159]),0},
--{"holdInstructionNone","Hold Instruction None",
-- NID_hold_instruction_none,7,&(lvalues[3162]),0},
--{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-- NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0},
--{"holdInstructionReject","Hold Instruction Reject",
-- NID_hold_instruction_reject,7,&(lvalues[3176]),0},
--{"data","data",NID_data,1,&(lvalues[3183]),0},
--{"pss","pss",NID_pss,3,&(lvalues[3184]),0},
--{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0},
--{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0},
--{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-- &(lvalues[3202]),0},
--{"pilotAttributeSyntax","pilotAttributeSyntax",
-- NID_pilotAttributeSyntax,9,&(lvalues[3211]),0},
--{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-- &(lvalues[3220]),0},
--{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0},
--{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-- &(lvalues[3238]),0},
--{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-- NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0},
--{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0},
--{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0},
--{"account","account",NID_account,10,&(lvalues[3278]),0},
--{"document","document",NID_document,10,&(lvalues[3288]),0},
--{"room","room",NID_room,10,&(lvalues[3298]),0},
--{"documentSeries","documentSeries",NID_documentSeries,10,
-- &(lvalues[3308]),0},
--{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-- &(lvalues[3318]),0},
--{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0},
--{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-- 10,&(lvalues[3338]),0},
--{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-- &(lvalues[3348]),0},
--{"simpleSecurityObject","simpleSecurityObject",
-- NID_simpleSecurityObject,10,&(lvalues[3358]),0},
--{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-- &(lvalues[3368]),0},
--{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0},
--{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-- 10,&(lvalues[3388]),0},
--{"UID","userId",NID_userId,10,&(lvalues[3398]),0},
--{"textEncodedORAddress","textEncodedORAddress",
-- NID_textEncodedORAddress,10,&(lvalues[3408]),0},
--{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0},
--{"info","info",NID_info,10,&(lvalues[3428]),0},
--{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-- &(lvalues[3438]),0},
--{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0},
--{"photo","photo",NID_photo,10,&(lvalues[3458]),0},
--{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0},
--{"host","host",NID_host,10,&(lvalues[3478]),0},
--{"manager","manager",NID_manager,10,&(lvalues[3488]),0},
--{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-- &(lvalues[3498]),0},
--{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0},
--{"documentVersion","documentVersion",NID_documentVersion,10,
-- &(lvalues[3518]),0},
--{"documentAuthor","documentAuthor",NID_documentAuthor,10,
-- &(lvalues[3528]),0},
--{"documentLocation","documentLocation",NID_documentLocation,10,
-- &(lvalues[3538]),0},
--{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-- 10,&(lvalues[3548]),0},
--{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0},
--{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0},
--{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-- &(lvalues[3578]),0},
--{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-- &(lvalues[3588]),0},
--{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0},
--{"pilotAttributeType27","pilotAttributeType27",
-- NID_pilotAttributeType27,10,&(lvalues[3608]),0},
--{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0},
--{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0},
--{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0},
--{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0},
--{"associatedDomain","associatedDomain",NID_associatedDomain,10,
-- &(lvalues[3658]),0},
--{"associatedName","associatedName",NID_associatedName,10,
-- &(lvalues[3668]),0},
--{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-- &(lvalues[3678]),0},
--{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0},
--{"mobileTelephoneNumber","mobileTelephoneNumber",
-- NID_mobileTelephoneNumber,10,&(lvalues[3698]),0},
--{"pagerTelephoneNumber","pagerTelephoneNumber",
-- NID_pagerTelephoneNumber,10,&(lvalues[3708]),0},
--{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-- 10,&(lvalues[3718]),0},
--{"organizationalStatus","organizationalStatus",
-- NID_organizationalStatus,10,&(lvalues[3728]),0},
--{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0},
--{"mailPreferenceOption","mailPreferenceOption",
-- NID_mailPreferenceOption,10,&(lvalues[3748]),0},
--{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0},
--{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0},
--{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-- &(lvalues[3778]),0},
--{"subtreeMinimumQuality","subtreeMinimumQuality",
-- NID_subtreeMinimumQuality,10,&(lvalues[3788]),0},
--{"subtreeMaximumQuality","subtreeMaximumQuality",
-- NID_subtreeMaximumQuality,10,&(lvalues[3798]),0},
--{"personalSignature","personalSignature",NID_personalSignature,10,
-- &(lvalues[3808]),0},
--{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0},
--{"audio","audio",NID_audio,10,&(lvalues[3828]),0},
--{"documentPublisher","documentPublisher",NID_documentPublisher,10,
-- &(lvalues[3838]),0},
--{"x500UniqueIdentifier","x500UniqueIdentifier",
-- NID_x500UniqueIdentifier,3,&(lvalues[3848]),0},
--{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0},
--{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-- &(lvalues[3856]),0},
--{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-- &(lvalues[3862]),0},
--{"id-hex-partial-message","id-hex-partial-message",
-- NID_id_hex_partial_message,7,&(lvalues[3868]),0},
--{"id-hex-multipart-message","id-hex-multipart-message",
-- NID_id_hex_multipart_message,7,&(lvalues[3875]),0},
--{"generationQualifier","generationQualifier",NID_generationQualifier,
-- 3,&(lvalues[3882]),0},
--{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"id-set","Secure Electronic Transactions",NID_id_set,2,
-- &(lvalues[3888]),0},
--{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0},
--{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0},
--{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0},
--{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0},
--{"set-certExt","certificate extensions",NID_set_certExt,3,
-- &(lvalues[3902]),0},
--{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0},
--{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0},
--{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-- &(lvalues[3912]),0},
--{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0},
--{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0},
--{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0},
--{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0},
--{"setct-PIDataUnsigned","setct-PIDataUnsigned",
-- NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0},
--{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-- &(lvalues[3936]),0},
--{"setct-AuthResBaggage","setct-AuthResBaggage",
-- NID_setct_AuthResBaggage,4,&(lvalues[3940]),0},
--{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-- NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0},
--{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-- NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0},
--{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-- &(lvalues[3952]),0},
--{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-- &(lvalues[3956]),0},
--{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0},
--{"setct-PResData","setct-PResData",NID_setct_PResData,4,
-- &(lvalues[3964]),0},
--{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-- &(lvalues[3968]),0},
--{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-- &(lvalues[3972]),0},
--{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-- &(lvalues[3976]),0},
--{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-- &(lvalues[3980]),0},
--{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-- &(lvalues[3984]),0},
--{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-- &(lvalues[3988]),0},
--{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-- NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0},
--{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-- 4,&(lvalues[3996]),0},
--{"setct-AuthRevResData","setct-AuthRevResData",
-- NID_setct_AuthRevResData,4,&(lvalues[4000]),0},
--{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-- 4,&(lvalues[4004]),0},
--{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-- &(lvalues[4008]),0},
--{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-- &(lvalues[4012]),0},
--{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-- &(lvalues[4016]),0},
--{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-- &(lvalues[4020]),0},
--{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-- 4,&(lvalues[4024]),0},
--{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-- 4,&(lvalues[4028]),0},
--{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-- &(lvalues[4032]),0},
--{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-- &(lvalues[4036]),0},
--{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-- &(lvalues[4040]),0},
--{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-- 4,&(lvalues[4044]),0},
--{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-- NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0},
--{"setct-CredRevResData","setct-CredRevResData",
-- NID_setct_CredRevResData,4,&(lvalues[4052]),0},
--{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-- &(lvalues[4056]),0},
--{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-- &(lvalues[4060]),0},
--{"setct-BatchAdminReqData","setct-BatchAdminReqData",
-- NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0},
--{"setct-BatchAdminResData","setct-BatchAdminResData",
-- NID_setct_BatchAdminResData,4,&(lvalues[4068]),0},
--{"setct-CardCInitResTBS","setct-CardCInitResTBS",
-- NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0},
--{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-- NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0},
--{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-- 4,&(lvalues[4080]),0},
--{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-- &(lvalues[4084]),0},
--{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-- &(lvalues[4088]),0},
--{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-- &(lvalues[4092]),0},
--{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-- 4,&(lvalues[4096]),0},
--{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-- &(lvalues[4100]),0},
--{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-- NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0},
--{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-- 4,&(lvalues[4108]),0},
--{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-- &(lvalues[4112]),0},
--{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-- &(lvalues[4116]),0},
--{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-- &(lvalues[4120]),0},
--{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-- &(lvalues[4124]),0},
--{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-- &(lvalues[4128]),0},
--{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-- &(lvalues[4132]),0},
--{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-- NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0},
--{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-- 4,&(lvalues[4140]),0},
--{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-- 4,&(lvalues[4144]),0},
--{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-- NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0},
--{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-- &(lvalues[4152]),0},
--{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-- &(lvalues[4156]),0},
--{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-- &(lvalues[4160]),0},
--{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-- &(lvalues[4164]),0},
--{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-- 4,&(lvalues[4168]),0},
--{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-- &(lvalues[4172]),0},
--{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-- &(lvalues[4176]),0},
--{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-- &(lvalues[4180]),0},
--{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-- &(lvalues[4184]),0},
--{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-- 4,&(lvalues[4188]),0},
--{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-- NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0},
--{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-- 4,&(lvalues[4196]),0},
--{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-- NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0},
--{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-- NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0},
--{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-- 4,&(lvalues[4208]),0},
--{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-- &(lvalues[4212]),0},
--{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-- &(lvalues[4216]),0},
--{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-- &(lvalues[4220]),0},
--{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-- NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0},
--{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-- NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0},
--{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-- NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0},
--{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-- &(lvalues[4236]),0},
--{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-- &(lvalues[4240]),0},
--{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-- &(lvalues[4244]),0},
--{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0},
--{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0},
--{"setext-cv","additional verification",NID_setext_cv,4,
-- &(lvalues[4256]),0},
--{"set-policy-root","set-policy-root",NID_set_policy_root,4,
-- &(lvalues[4260]),0},
--{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-- &(lvalues[4264]),0},
--{"setCext-certType","setCext-certType",NID_setCext_certType,4,
-- &(lvalues[4268]),0},
--{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-- &(lvalues[4272]),0},
--{"setCext-cCertRequired","setCext-cCertRequired",
-- NID_setCext_cCertRequired,4,&(lvalues[4276]),0},
--{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-- &(lvalues[4280]),0},
--{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-- &(lvalues[4284]),0},
--{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-- &(lvalues[4288]),0},
--{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-- NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0},
--{"setCext-TokenIdentifier","setCext-TokenIdentifier",
-- NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0},
--{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-- &(lvalues[4300]),0},
--{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-- &(lvalues[4304]),0},
--{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-- NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0},
--{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0},
--{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-- 4,&(lvalues[4316]),0},
--{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-- &(lvalues[4320]),0},
--{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-- &(lvalues[4324]),0},
--{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-- &(lvalues[4328]),0},
--{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0},
--{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-- &(lvalues[4338]),0},
--{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-- NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0},
--{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-- &(lvalues[4348]),0},
--{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
-- &(lvalues[4353]),0},
--{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
-- &(lvalues[4358]),0},
--{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-- 6,&(lvalues[4363]),0},
--{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-- &(lvalues[4369]),0},
--{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-- &(lvalues[4375]),0},
--{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-- &(lvalues[4381]),0},
--{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-- 6,&(lvalues[4387]),0},
--{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-- &(lvalues[4393]),0},
--{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-- &(lvalues[4397]),0},
--{"set-brand-AmericanExpress","set-brand-AmericanExpress",
-- NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0},
--{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0},
--{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-- &(lvalues[4409]),0},
--{"set-brand-MasterCard","set-brand-MasterCard",
-- NID_set_brand_MasterCard,4,&(lvalues[4413]),0},
--{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-- &(lvalues[4417]),0},
--{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0},
--{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-- NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0},
--{"ITU-T","itu-t",NID_itu_t,0,NULL,0},
--{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0},
--{"international-organizations","International Organizations",
-- NID_international_organizations,1,&(lvalues[4439]),0},
--{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-- 10,&(lvalues[4440]),0},
--{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-- &(lvalues[4450]),0},
--{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
--{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
--{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
--{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0},
--{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0},
--{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0},
--{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0},
--{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
--{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
--{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
--{"street","streetAddress",NID_streetAddress,3,&(lvalues[4460]),0},
--{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4463]),0},
--{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4466]),0},
--{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
-- &(lvalues[4473]),0},
--{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
-- &(lvalues[4481]),0},
--{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
-- &(lvalues[4489]),0},
--{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-- &(lvalues[4497]),0},
--{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4500]),0},
--{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-- &(lvalues[4508]),0},
--{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-- &(lvalues[4517]),0},
--{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-- &(lvalues[4526]),0},
--{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-- &(lvalues[4535]),0},
--{"SHA256","sha256",NID_sha256,9,&(lvalues[4544]),0},
--{"SHA384","sha384",NID_sha384,9,&(lvalues[4553]),0},
--{"SHA512","sha512",NID_sha512,9,&(lvalues[4562]),0},
--{"SHA224","sha224",NID_sha224,9,&(lvalues[4571]),0},
--{"identified-organization","identified-organization",
-- NID_identified_organization,1,&(lvalues[4580]),0},
--{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4581]),0},
--{"wap","wap",NID_wap,2,&(lvalues[4584]),0},
--{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4586]),0},
--{"id-characteristic-two-basis","id-characteristic-two-basis",
-- NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4589]),0},
--{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4597]),0},
--{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4606]),0},
--{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4615]),0},
--{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4624]),0},
--{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4632]),0},
--{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4640]),0},
--{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4648]),0},
--{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4656]),0},
--{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4664]),0},
--{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4672]),0},
--{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4680]),0},
--{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4688]),0},
--{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4696]),0},
--{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4704]),0},
--{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4712]),0},
--{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4720]),0},
--{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4728]),0},
--{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4736]),0},
--{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4744]),0},
--{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4752]),0},
--{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4760]),0},
--{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4768]),0},
--{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4776]),0},
--{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4784]),0},
--{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4789]),0},
--{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4794]),0},
--{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4799]),0},
--{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4804]),0},
--{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4809]),0},
--{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4814]),0},
--{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4819]),0},
--{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4824]),0},
--{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4829]),0},
--{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4834]),0},
--{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4839]),0},
--{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4844]),0},
--{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4849]),0},
--{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4854]),0},
--{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4859]),0},
--{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4864]),0},
--{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4869]),0},
--{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4874]),0},
--{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4879]),0},
--{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4884]),0},
--{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4889]),0},
--{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4894]),0},
--{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4899]),0},
--{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4904]),0},
--{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4909]),0},
--{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4914]),0},
--{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4919]),0},
--{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4924]),0},
--{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4929]),0},
--{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4934]),0},
--{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
-- NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4939]),0},
--{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
-- NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4944]),0},
--{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
-- NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4949]),0},
--{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
-- NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4954]),0},
--{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
-- NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4959]),0},
--{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
-- NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4964]),0},
--{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
-- NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4969]),0},
--{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
-- NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4974]),0},
--{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
-- NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4979]),0},
--{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
-- NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4984]),0},
--{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
-- NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4989]),0},
--{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4994]),0},
--{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,
-- &(lvalues[4998]),0},
--{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
-- NID_inhibit_any_policy,3,&(lvalues[5001]),0},
--{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
--{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
--{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,
-- &(lvalues[5004]),0},
--{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,
-- &(lvalues[5015]),0},
--{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,
-- &(lvalues[5026]),0},
--{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,
-- &(lvalues[5037]),0},
--{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,
-- &(lvalues[5045]),0},
--{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,
-- &(lvalues[5053]),0},
--{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,
-- &(lvalues[5061]),0},
--{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,
-- &(lvalues[5069]),0},
--{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,
-- &(lvalues[5077]),0},
--{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},
--{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},
--{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},
--{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0},
--{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},
--{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},
--{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,
-- &(lvalues[5085]),0},
--{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
-- &(lvalues[5093]),0},
--{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
-- &(lvalues[5101]),0},
--{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
-- NID_subject_directory_attributes,3,&(lvalues[5109]),0},
--{"issuingDistributionPoint","X509v3 Issuing Distribution Point",
-- NID_issuing_distribution_point,3,&(lvalues[5112]),0},
--{"certificateIssuer","X509v3 Certificate Issuer",
-- NID_certificate_issuer,3,&(lvalues[5115]),0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"KISA","kisa",NID_kisa,6,&(lvalues[5118]),0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5124]),0},
--{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5132]),0},
--{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5140]),0},
--{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5148]),0},
--{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5156]),0},
--{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5164]),0},
--{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9,
-- &(lvalues[5172]),0},
--{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9,
-- &(lvalues[5181]),0},
--{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8,
-- &(lvalues[5190]),0},
--{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5198]),0},
--{"id-smime-ct-compressedData","id-smime-ct-compressedData",
-- NID_id_smime_ct_compressedData,11,&(lvalues[5206]),0},
--{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
-- NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5217]),0},
--{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
-- &(lvalues[5228]),0},
--{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
-- &(lvalues[5237]),0},
--{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
-- &(lvalues[5246]),0},
--{"ecdsa-with-Recommended","ecdsa-with-Recommended",
-- NID_ecdsa_with_Recommended,7,&(lvalues[5255]),0},
--{"ecdsa-with-Specified","ecdsa-with-Specified",
-- NID_ecdsa_with_Specified,7,&(lvalues[5262]),0},
--{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
-- &(lvalues[5269]),0},
--{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
-- &(lvalues[5277]),0},
--{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
-- &(lvalues[5285]),0},
--{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
-- &(lvalues[5293]),0},
--{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5301]),0},
--{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8,
-- &(lvalues[5309]),0},
--{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8,
-- &(lvalues[5317]),0},
--{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8,
-- &(lvalues[5325]),0},
--{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8,
-- &(lvalues[5333]),0},
--{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
-- &(lvalues[5341]),0},
--{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
-- &(lvalues[5350]),0},
--{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5359]),0},
--{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5365]),0},
--{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5370]),0},
--{"id-GostR3411-94-with-GostR3410-2001",
-- "GOST R 34.11-94 with GOST R 34.10-2001",
-- NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5375]),0},
--{"id-GostR3411-94-with-GostR3410-94",
-- "GOST R 34.11-94 with GOST R 34.10-94",
-- NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5381]),0},
--{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5387]),0},
--{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6,
-- &(lvalues[5393]),0},
--{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6,
-- &(lvalues[5399]),0},
--{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5405]),0},
--{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5411]),0},
--{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
--{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
-- &(lvalues[5417]),0},
--{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6,
-- &(lvalues[5423]),0},
--{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH,
-- 6,&(lvalues[5429]),0},
--{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6,
-- &(lvalues[5435]),0},
--{"id-Gost28147-89-CryptoPro-KeyMeshing",
-- "id-Gost28147-89-CryptoPro-KeyMeshing",
-- NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5441]),0},
--{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing",
-- NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5448]),0},
--{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet",
-- NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5455]),0},
--{"id-GostR3411-94-CryptoProParamSet",
-- "id-GostR3411-94-CryptoProParamSet",
-- NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5462]),0},
--{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet",
-- NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5469]),0},
--{"id-Gost28147-89-CryptoPro-A-ParamSet",
-- "id-Gost28147-89-CryptoPro-A-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5476]),0},
--{"id-Gost28147-89-CryptoPro-B-ParamSet",
-- "id-Gost28147-89-CryptoPro-B-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5483]),0},
--{"id-Gost28147-89-CryptoPro-C-ParamSet",
-- "id-Gost28147-89-CryptoPro-C-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5490]),0},
--{"id-Gost28147-89-CryptoPro-D-ParamSet",
-- "id-Gost28147-89-CryptoPro-D-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5497]),0},
--{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-- "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5504]),
-- 0},
--{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-- "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5511]),
-- 0},
--{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-- "id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-- NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5518]),0},
--{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet",
-- NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5525]),0},
--{"id-GostR3410-94-CryptoPro-A-ParamSet",
-- "id-GostR3410-94-CryptoPro-A-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5532]),0},
--{"id-GostR3410-94-CryptoPro-B-ParamSet",
-- "id-GostR3410-94-CryptoPro-B-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5539]),0},
--{"id-GostR3410-94-CryptoPro-C-ParamSet",
-- "id-GostR3410-94-CryptoPro-C-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5546]),0},
--{"id-GostR3410-94-CryptoPro-D-ParamSet",
-- "id-GostR3410-94-CryptoPro-D-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5553]),0},
--{"id-GostR3410-94-CryptoPro-XchA-ParamSet",
-- "id-GostR3410-94-CryptoPro-XchA-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5560]),0},
--{"id-GostR3410-94-CryptoPro-XchB-ParamSet",
-- "id-GostR3410-94-CryptoPro-XchB-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5567]),0},
--{"id-GostR3410-94-CryptoPro-XchC-ParamSet",
-- "id-GostR3410-94-CryptoPro-XchC-ParamSet",
-- NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5574]),0},
--{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet",
-- NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5581]),0},
--{"id-GostR3410-2001-CryptoPro-A-ParamSet",
-- "id-GostR3410-2001-CryptoPro-A-ParamSet",
-- NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5588]),0},
--{"id-GostR3410-2001-CryptoPro-B-ParamSet",
-- "id-GostR3410-2001-CryptoPro-B-ParamSet",
-- NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5595]),0},
--{"id-GostR3410-2001-CryptoPro-C-ParamSet",
-- "id-GostR3410-2001-CryptoPro-C-ParamSet",
-- NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5602]),0},
--{"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-- "id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-- NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5609]),0},
--
--{"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-- "id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-- NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5616]),0},
--
--{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7,
-- &(lvalues[5623]),0},
--{"id-GostR3410-94-aBis","id-GostR3410-94-aBis",
-- NID_id_GostR3410_94_aBis,7,&(lvalues[5630]),0},
--{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7,
-- &(lvalues[5637]),0},
--{"id-GostR3410-94-bBis","id-GostR3410-94-bBis",
-- NID_id_GostR3410_94_bBis,7,&(lvalues[5644]),0},
--{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet",
-- NID_id_Gost28147_89_cc,8,&(lvalues[5651]),0},
--{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8,
-- &(lvalues[5659]),0},
--{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8,
-- &(lvalues[5667]),0},
--{"id-GostR3411-94-with-GostR3410-94-cc",
-- "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom",
-- NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5675]),0},
--{"id-GostR3411-94-with-GostR3410-2001-cc",
-- "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom",
-- NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5683]),0},
--{"id-GostR3410-2001-ParamSet-cc",
-- "GOST R 3410-2001 Parameter Set Cryptocom",
-- NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5691]),0},
--{"HMAC","hmac",NID_hmac,0,NULL,0},
--{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
-- &(lvalues[5699]),0},
--{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
-- &(lvalues[5708]),0},
--{"id-on-permanentIdentifier","Permanent Identifier",
-- NID_id_on_permanentIdentifier,8,&(lvalues[5711]),0},
--{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5719]),0},
--{"businessCategory","businessCategory",NID_businessCategory,3,
-- &(lvalues[5722]),0},
--{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5725]),0},
--{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5728]),0},
--{"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
-- NID_physicalDeliveryOfficeName,3,&(lvalues[5731]),0},
--{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
-- &(lvalues[5734]),0},
--{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5737]),0},
--{"teletexTerminalIdentifier","teletexTerminalIdentifier",
-- NID_teletexTerminalIdentifier,3,&(lvalues[5740]),0},
--{"facsimileTelephoneNumber","facsimileTelephoneNumber",
-- NID_facsimileTelephoneNumber,3,&(lvalues[5743]),0},
--{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5746]),0},
--{"internationaliSDNNumber","internationaliSDNNumber",
-- NID_internationaliSDNNumber,3,&(lvalues[5749]),0},
--{"registeredAddress","registeredAddress",NID_registeredAddress,3,
-- &(lvalues[5752]),0},
--{"destinationIndicator","destinationIndicator",
-- NID_destinationIndicator,3,&(lvalues[5755]),0},
--{"preferredDeliveryMethod","preferredDeliveryMethod",
-- NID_preferredDeliveryMethod,3,&(lvalues[5758]),0},
--{"presentationAddress","presentationAddress",NID_presentationAddress,
-- 3,&(lvalues[5761]),0},
--{"supportedApplicationContext","supportedApplicationContext",
-- NID_supportedApplicationContext,3,&(lvalues[5764]),0},
--{"member","member",NID_member,3,&(lvalues[5767]),0},
--{"owner","owner",NID_owner,3,&(lvalues[5770]),0},
--{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5773]),0},
--{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5776]),0},
--{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5779]),0},
--{"userCertificate","userCertificate",NID_userCertificate,3,
-- &(lvalues[5782]),0},
--{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5785]),0},
--{"authorityRevocationList","authorityRevocationList",
-- NID_authorityRevocationList,3,&(lvalues[5788]),0},
--{"certificateRevocationList","certificateRevocationList",
-- NID_certificateRevocationList,3,&(lvalues[5791]),0},
--{"crossCertificatePair","crossCertificatePair",
-- NID_crossCertificatePair,3,&(lvalues[5794]),0},
--{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
-- 3,&(lvalues[5797]),0},
--{"protocolInformation","protocolInformation",NID_protocolInformation,
-- 3,&(lvalues[5800]),0},
--{"distinguishedName","distinguishedName",NID_distinguishedName,3,
-- &(lvalues[5803]),0},
--{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5806]),0},
--{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
-- &(lvalues[5809]),0},
--{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
-- 3,&(lvalues[5812]),0},
--{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
-- 3,&(lvalues[5815]),0},
--{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5818]),0},
--{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11,
-- &(lvalues[5821]),0},
--{"CMAC","cmac",NID_cmac,0,NULL,0},
--{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5832]),0},
--{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5841]),0},
--{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9,
-- &(lvalues[5850]),0},
--{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5859]),0},
--{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5868]),0},
--{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9,
-- &(lvalues[5877]),0},
--{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5886]),0},
--{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5895]),0},
--{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9,
-- &(lvalues[5904]),0},
--{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0},
--{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0},
--{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0},
--{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap,
-- 11,&(lvalues[5913]),0},
--{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap,
-- 11,&(lvalues[5924]),0},
--{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap,
-- 11,&(lvalues[5935]),0},
--{"anyExtendedKeyUsage","Any Extended Key Usage",
-- NID_anyExtendedKeyUsage,4,&(lvalues[5946]),0},
--{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5950]),0},
--{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5959]),0},
--{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0},
--{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0},
--{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0},
--{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1",
-- NID_aes_128_cbc_hmac_sha1,0,NULL,0},
--{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1",
-- NID_aes_192_cbc_hmac_sha1,0,NULL,0},
--{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
-- NID_aes_256_cbc_hmac_sha1,0,NULL,0},
--{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5968]),0},
--{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5977]),0},
--{"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9,
-- &(lvalues[5984]),0},
--{"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9,
-- &(lvalues[5993]),0},
--{"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9,
-- &(lvalues[6002]),0},
--{"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9,
-- &(lvalues[6011]),0},
--{"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9,
-- &(lvalues[6020]),0},
--{"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9,
-- &(lvalues[6029]),0},
--{"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9,
-- &(lvalues[6038]),0},
--{"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9,
-- &(lvalues[6047]),0},
--{"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9,
-- &(lvalues[6056]),0},
--{"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9,
-- &(lvalues[6065]),0},
--{"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9,
-- &(lvalues[6074]),0},
--{"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9,
-- &(lvalues[6083]),0},
--{"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9,
-- &(lvalues[6092]),0},
--{"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9,
-- &(lvalues[6101]),0},
--{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6110]),0},
--{"dhSinglePass-stdDH-sha1kdf-scheme",
-- "dhSinglePass-stdDH-sha1kdf-scheme",
-- NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6119]),0},
--{"dhSinglePass-stdDH-sha224kdf-scheme",
-- "dhSinglePass-stdDH-sha224kdf-scheme",
-- NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6128]),0},
--{"dhSinglePass-stdDH-sha256kdf-scheme",
-- "dhSinglePass-stdDH-sha256kdf-scheme",
-- NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6134]),0},
--{"dhSinglePass-stdDH-sha384kdf-scheme",
-- "dhSinglePass-stdDH-sha384kdf-scheme",
-- NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6140]),0},
--{"dhSinglePass-stdDH-sha512kdf-scheme",
-- "dhSinglePass-stdDH-sha512kdf-scheme",
-- NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6146]),0},
--{"dhSinglePass-cofactorDH-sha1kdf-scheme",
-- "dhSinglePass-cofactorDH-sha1kdf-scheme",
-- NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6152]),0},
--{"dhSinglePass-cofactorDH-sha224kdf-scheme",
-- "dhSinglePass-cofactorDH-sha224kdf-scheme",
-- NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6161]),0},
--{"dhSinglePass-cofactorDH-sha256kdf-scheme",
-- "dhSinglePass-cofactorDH-sha256kdf-scheme",
-- NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6167]),0},
--{"dhSinglePass-cofactorDH-sha384kdf-scheme",
-- "dhSinglePass-cofactorDH-sha384kdf-scheme",
-- NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6173]),0},
--{"dhSinglePass-cofactorDH-sha512kdf-scheme",
-- "dhSinglePass-cofactorDH-sha512kdf-scheme",
-- NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6179]),0},
--{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0},
--{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0},
--{"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256",
-- NID_aes_128_cbc_hmac_sha256,0,NULL,0},
--{"AES-192-CBC-HMAC-SHA256","aes-192-cbc-hmac-sha256",
-- NID_aes_192_cbc_hmac_sha256,0,NULL,0},
--{"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256",
-- NID_aes_256_cbc_hmac_sha256,0,NULL,0},
--{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10,
-- &(lvalues[6185]),0},
--{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison,
-- 10,&(lvalues[6195]),0},
--{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer,
-- 10,&(lvalues[6205]),0},
--{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10,
-- &(lvalues[6215]),0},
--{"jurisdictionL","jurisdictionLocalityName",
-- NID_jurisdictionLocalityName,11,&(lvalues[6225]),0},
--{"jurisdictionST","jurisdictionStateOrProvinceName",
-- NID_jurisdictionStateOrProvinceName,11,&(lvalues[6236]),0},
--{"jurisdictionC","jurisdictionCountryName",
-- NID_jurisdictionCountryName,11,&(lvalues[6247]),0},
--{"AES-128-OCB","aes-128-ocb",NID_aes_128_ocb,0,NULL,0},
--{"AES-192-OCB","aes-192-ocb",NID_aes_192_ocb,0,NULL,0},
--{"AES-256-OCB","aes-256-ocb",NID_aes_256_ocb,0,NULL,0},
--{"CAMELLIA-128-GCM","camellia-128-gcm",NID_camellia_128_gcm,8,
-- &(lvalues[6258]),0},
--{"CAMELLIA-128-CCM","camellia-128-ccm",NID_camellia_128_ccm,8,
-- &(lvalues[6266]),0},
--{"CAMELLIA-128-CTR","camellia-128-ctr",NID_camellia_128_ctr,8,
-- &(lvalues[6274]),0},
--{"CAMELLIA-128-CMAC","camellia-128-cmac",NID_camellia_128_cmac,8,
-- &(lvalues[6282]),0},
--{"CAMELLIA-192-GCM","camellia-192-gcm",NID_camellia_192_gcm,8,
-- &(lvalues[6290]),0},
--{"CAMELLIA-192-CCM","camellia-192-ccm",NID_camellia_192_ccm,8,
-- &(lvalues[6298]),0},
--{"CAMELLIA-192-CTR","camellia-192-ctr",NID_camellia_192_ctr,8,
-- &(lvalues[6306]),0},
--{"CAMELLIA-192-CMAC","camellia-192-cmac",NID_camellia_192_cmac,8,
-- &(lvalues[6314]),0},
--{"CAMELLIA-256-GCM","camellia-256-gcm",NID_camellia_256_gcm,8,
-- &(lvalues[6322]),0},
--{"CAMELLIA-256-CCM","camellia-256-ccm",NID_camellia_256_ccm,8,
-- &(lvalues[6330]),0},
--{"CAMELLIA-256-CTR","camellia-256-ctr",NID_camellia_256_ctr,8,
-- &(lvalues[6338]),0},
--{"CAMELLIA-256-CMAC","camellia-256-cmac",NID_camellia_256_cmac,8,
-- &(lvalues[6346]),0},
--{"id-scrypt","id-scrypt",NID_id_scrypt,9,&(lvalues[6354]),0},
--{"id-tc26","id-tc26",NID_id_tc26,5,&(lvalues[6363]),0},
--{"gost89-cnt-12","gost89-cnt-12",NID_gost89_cnt_12,0,NULL,0},
--{"gost-mac-12","gost-mac-12",NID_gost_mac_12,0,NULL,0},
--{"id-tc26-algorithms","id-tc26-algorithms",NID_id_tc26_algorithms,6,
-- &(lvalues[6368]),0},
--{"id-tc26-sign","id-tc26-sign",NID_id_tc26_sign,7,&(lvalues[6374]),0},
--{"gost2012_256","GOST R 34.10-2012 with 256 bit modulus",
-- NID_id_GostR3410_2012_256,8,&(lvalues[6381]),0},
--{"gost2012_512","GOST R 34.10-2012 with 512 bit modulus",
-- NID_id_GostR3410_2012_512,8,&(lvalues[6389]),0},
--{"id-tc26-digest","id-tc26-digest",NID_id_tc26_digest,7,
-- &(lvalues[6397]),0},
--{"md_gost12_256","GOST R 34.11-2012 with 256 bit hash",
-- NID_id_GostR3411_2012_256,8,&(lvalues[6404]),0},
--{"md_gost12_512","GOST R 34.11-2012 with 512 bit hash",
-- NID_id_GostR3411_2012_512,8,&(lvalues[6412]),0},
--{"id-tc26-signwithdigest","id-tc26-signwithdigest",
-- NID_id_tc26_signwithdigest,7,&(lvalues[6420]),0},
--{"id-tc26-signwithdigest-gost3410-2012-256",
-- "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)",
-- NID_id_tc26_signwithdigest_gost3410_2012_256,8,&(lvalues[6427]),0},
--{"id-tc26-signwithdigest-gost3410-2012-512",
-- "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)",
-- NID_id_tc26_signwithdigest_gost3410_2012_512,8,&(lvalues[6435]),0},
--{"id-tc26-mac","id-tc26-mac",NID_id_tc26_mac,7,&(lvalues[6443]),0},
--{"id-tc26-hmac-gost-3411-2012-256","HMAC GOST 34.11-2012 256 bit",
-- NID_id_tc26_hmac_gost_3411_2012_256,8,&(lvalues[6450]),0},
--{"id-tc26-hmac-gost-3411-2012-512","HMAC GOST 34.11-2012 512 bit",
-- NID_id_tc26_hmac_gost_3411_2012_512,8,&(lvalues[6458]),0},
--{"id-tc26-cipher","id-tc26-cipher",NID_id_tc26_cipher,7,
-- &(lvalues[6466]),0},
--{"id-tc26-agreement","id-tc26-agreement",NID_id_tc26_agreement,7,
-- &(lvalues[6473]),0},
--{"id-tc26-agreement-gost-3410-2012-256",
-- "id-tc26-agreement-gost-3410-2012-256",
-- NID_id_tc26_agreement_gost_3410_2012_256,8,&(lvalues[6480]),0},
--{"id-tc26-agreement-gost-3410-2012-512",
-- "id-tc26-agreement-gost-3410-2012-512",
-- NID_id_tc26_agreement_gost_3410_2012_512,8,&(lvalues[6488]),0},
--{"id-tc26-constants","id-tc26-constants",NID_id_tc26_constants,6,
-- &(lvalues[6496]),0},
--{"id-tc26-sign-constants","id-tc26-sign-constants",
-- NID_id_tc26_sign_constants,7,&(lvalues[6502]),0},
--{"id-tc26-gost-3410-2012-512-constants",
-- "id-tc26-gost-3410-2012-512-constants",
-- NID_id_tc26_gost_3410_2012_512_constants,8,&(lvalues[6509]),0},
--{"id-tc26-gost-3410-2012-512-paramSetTest",
-- "GOST R 34.10-2012 (512 bit) testing parameter set",
-- NID_id_tc26_gost_3410_2012_512_paramSetTest,9,&(lvalues[6517]),0},
--{"id-tc26-gost-3410-2012-512-paramSetA",
-- "GOST R 34.10-2012 (512 bit) ParamSet A",
-- NID_id_tc26_gost_3410_2012_512_paramSetA,9,&(lvalues[6526]),0},
--{"id-tc26-gost-3410-2012-512-paramSetB",
-- "GOST R 34.10-2012 (512 bit) ParamSet B",
-- NID_id_tc26_gost_3410_2012_512_paramSetB,9,&(lvalues[6535]),0},
--{"id-tc26-digest-constants","id-tc26-digest-constants",
-- NID_id_tc26_digest_constants,7,&(lvalues[6544]),0},
--{"id-tc26-cipher-constants","id-tc26-cipher-constants",
-- NID_id_tc26_cipher_constants,7,&(lvalues[6551]),0},
--{"id-tc26-gost-28147-constants","id-tc26-gost-28147-constants",
-- NID_id_tc26_gost_28147_constants,8,&(lvalues[6558]),0},
--{"id-tc26-gost-28147-param-Z","GOST 28147-89 TC26 parameter set",
-- NID_id_tc26_gost_28147_param_Z,9,&(lvalues[6566]),0},
--{"INN","INN",NID_INN,8,&(lvalues[6575]),0},
--{"OGRN","OGRN",NID_OGRN,5,&(lvalues[6583]),0},
--{"SNILS","SNILS",NID_SNILS,5,&(lvalues[6588]),0},
--{"subjectSignTool","Signing Tool of Subject",NID_subjectSignTool,5,
-- &(lvalues[6593]),0},
--{"issuerSignTool","Signing Tool of Issuer",NID_issuerSignTool,5,
-- &(lvalues[6598]),0},
--{"gost89-cbc","gost89-cbc",NID_gost89_cbc,0,NULL,0},
--{"gost89-ecb","gost89-ecb",NID_gost89_ecb,0,NULL,0},
--{"gost89-ctr","gost89-ctr",NID_gost89_ctr,0,NULL,0},
--{"grasshopper-ecb","grasshopper-ecb",NID_grasshopper_ecb,0,NULL,0},
--{"grasshopper-ctr","grasshopper-ctr",NID_grasshopper_ctr,0,NULL,0},
--{"grasshopper-ofb","grasshopper-ofb",NID_grasshopper_ofb,0,NULL,0},
--{"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0},
--{"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0},
--{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0},
--{"ChaCha20-Poly1305","chacha20-poly1305",NID_chacha20_poly1305,0,NULL,0},
--{"ChaCha20","chacha20",NID_chacha20,0,NULL,0},
--{"tlsfeature","TLS Feature",NID_tlsfeature,8,&(lvalues[6603]),0},
--{"TLS1-PRF","tls1-prf",NID_tls1_prf,0,NULL,0},
--{"ipsecIKE","ipsec Internet Key Exchange",NID_ipsec_IKE,8,
-- &(lvalues[6611]),0},
--{"capwapAC","Ctrl/provision WAP Access",NID_capwapAC,8,
-- &(lvalues[6619]),0},
--{"capwapWTP","Ctrl/Provision WAP Termination",NID_capwapWTP,8,
-- &(lvalues[6627]),0},
--{"secureShellClient","SSH Client",NID_sshClient,8,&(lvalues[6635]),0},
--{"secureShellServer","SSH Server",NID_sshServer,8,&(lvalues[6643]),0},
--{"sendRouter","Send Router",NID_sendRouter,8,&(lvalues[6651]),0},
--{"sendProxiedRouter","Send Proxied Router",NID_sendProxiedRouter,8,
-- &(lvalues[6659]),0},
--{"sendOwner","Send Owner",NID_sendOwner,8,&(lvalues[6667]),0},
--{"sendProxiedOwner","Send Proxied Owner",NID_sendProxiedOwner,8,
-- &(lvalues[6675]),0},
--{"id-pkinit","id-pkinit",NID_id_pkinit,6,&(lvalues[6683]),0},
--{"pkInitClientAuth","PKINIT Client Auth",NID_pkInitClientAuth,7,
-- &(lvalues[6689]),0},
--{"pkInitKDC","Signing KDC Response",NID_pkInitKDC,7,&(lvalues[6696]),0},
--{"X25519","X25519",NID_X25519,9,&(lvalues[6703]),0},
--{"X448","X448",NID_X448,9,&(lvalues[6712]),0},
--{"HKDF","hkdf",NID_hkdf,0,NULL,0},
--{"KxRSA","kx-rsa",NID_kx_rsa,0,NULL,0},
--{"KxECDHE","kx-ecdhe",NID_kx_ecdhe,0,NULL,0},
--{"KxDHE","kx-dhe",NID_kx_dhe,0,NULL,0},
--{"KxECDHE-PSK","kx-ecdhe-psk",NID_kx_ecdhe_psk,0,NULL,0},
--{"KxDHE-PSK","kx-dhe-psk",NID_kx_dhe_psk,0,NULL,0},
--{"KxRSA_PSK","kx-rsa-psk",NID_kx_rsa_psk,0,NULL,0},
--{"KxPSK","kx-psk",NID_kx_psk,0,NULL,0},
--{"KxSRP","kx-srp",NID_kx_srp,0,NULL,0},
--{"KxGOST","kx-gost",NID_kx_gost,0,NULL,0},
--{"AuthRSA","auth-rsa",NID_auth_rsa,0,NULL,0},
--{"AuthECDSA","auth-ecdsa",NID_auth_ecdsa,0,NULL,0},
--{"AuthPSK","auth-psk",NID_auth_psk,0,NULL,0},
--{"AuthDSS","auth-dss",NID_auth_dss,0,NULL,0},
--{"AuthGOST01","auth-gost01",NID_auth_gost01,0,NULL,0},
--{"AuthGOST12","auth-gost12",NID_auth_gost12,0,NULL,0},
--{"AuthSRP","auth-srp",NID_auth_srp,0,NULL,0},
--{"AuthNULL","auth-null",NID_auth_null,0,NULL,0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{NULL,NULL,NID_undef,0,NULL,0},
--{"BLAKE2b512","blake2b512",NID_blake2b512,11,&(lvalues[6721]),0},
--{"BLAKE2s256","blake2s256",NID_blake2s256,11,&(lvalues[6732]),0},
-+#define NUM_NID 1061
-+static const ASN1_OBJECT nid_objs[NUM_NID] = {
-+ {"UNDEF", "undefined", NID_undef},
-+ {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
-+ {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]},
-+ {"MD2", "md2", NID_md2, 8, &so[13]},
-+ {"MD5", "md5", NID_md5, 8, &so[21]},
-+ {"RC4", "rc4", NID_rc4, 8, &so[29]},
-+ {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]},
-+ {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]},
-+ {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]},
-+ {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]},
-+ {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]},
-+ {"X500", "directory services (X.500)", NID_X500, 1, &so[82]},
-+ {"X509", "X509", NID_X509, 2, &so[83]},
-+ {"CN", "commonName", NID_commonName, 3, &so[85]},
-+ {"C", "countryName", NID_countryName, 3, &so[88]},
-+ {"L", "localityName", NID_localityName, 3, &so[91]},
-+ {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]},
-+ {"O", "organizationName", NID_organizationName, 3, &so[97]},
-+ {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]},
-+ {"RSA", "rsa", NID_rsa, 4, &so[103]},
-+ {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]},
-+ {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]},
-+ {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]},
-+ {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]},
-+ {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]},
-+ {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]},
-+ {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]},
-+ {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]},
-+ {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]},
-+ {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]},
-+ {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]},
-+ {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]},
-+ {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]},
-+ {"DES-EDE3", "des-ede3", NID_des_ede3_ecb},
-+ {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]},
-+ {"IDEA-CFB", "idea-cfb", NID_idea_cfb64},
-+ {"IDEA-ECB", "idea-ecb", NID_idea_ecb},
-+ {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]},
-+ {"RC2-ECB", "rc2-ecb", NID_rc2_ecb},
-+ {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64},
-+ {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64},
-+ {"SHA", "sha", NID_sha, 5, &so[225]},
-+ {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]},
-+ {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc},
-+ {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]},
-+ {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]},
-+ {"IDEA-OFB", "idea-ofb", NID_idea_ofb64},
-+ {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]},
-+ {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]},
-+ {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]},
-+ {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]},
-+ {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]},
-+ {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]},
-+ {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]},
-+ {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]},
-+ {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]},
-+ {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]},
-+ {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]},
-+ {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]},
-+ {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]},
-+ {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64},
-+ {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64},
-+ {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64},
-+ {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64},
-+ {"SHA1", "sha1", NID_sha1, 5, &so[360]},
-+ {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]},
-+ {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]},
-+ {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]},
-+ {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]},
-+ {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]},
-+ {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]},
-+ {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]},
-+ {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]},
-+ {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]},
-+ {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]},
-+ {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]},
-+ {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]},
-+ {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]},
-+ {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]},
-+ {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]},
-+ {"DESX-CBC", "desx-cbc", NID_desx_cbc},
-+ {"id-ce", "id-ce", NID_id_ce, 2, &so[488]},
-+ {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]},
-+ {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]},
-+ {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]},
-+ {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]},
-+ {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]},
-+ {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]},
-+ {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]},
-+ {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]},
-+ {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]},
-+ {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]},
-+ {"BF-ECB", "bf-ecb", NID_bf_ecb},
-+ {"BF-CFB", "bf-cfb", NID_bf_cfb64},
-+ {"BF-OFB", "bf-ofb", NID_bf_ofb64},
-+ {"MDC2", "mdc2", NID_mdc2, 4, &so[526]},
-+ {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]},
-+ {"RC4-40", "rc4-40", NID_rc4_40},
-+ {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc},
-+ {"GN", "givenName", NID_givenName, 3, &so[534]},
-+ {"SN", "surname", NID_surname, 3, &so[537]},
-+ {"initials", "initials", NID_initials, 3, &so[540]},
-+ {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]},
-+ {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]},
-+ {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]},
-+ {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]},
-+ {"title", "title", NID_title, 3, &so[564]},
-+ {"description", "description", NID_description, 3, &so[567]},
-+ {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]},
-+ {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb},
-+ {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64},
-+ {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64},
-+ {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]},
-+ {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]},
-+ {"MD5-SHA1", "md5-sha1", NID_md5_sha1},
-+ {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]},
-+ {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]},
-+ {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]},
-+ { NULL, NULL, NID_undef },
-+ {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]},
-+ {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]},
-+ {"RC5-ECB", "rc5-ecb", NID_rc5_ecb},
-+ {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64},
-+ {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64},
-+ { NULL, NULL, NID_undef },
-+ {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]},
-+ {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]},
-+ {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]},
-+ {"id-kp", "id-kp", NID_id_kp, 7, &so[646]},
-+ {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]},
-+ {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]},
-+ {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]},
-+ {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]},
-+ {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]},
-+ {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]},
-+ {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]},
-+ {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]},
-+ {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]},
-+ {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]},
-+ {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]},
-+ {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]},
-+ {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]},
-+ {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]},
-+ {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]},
-+ {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]},
-+ {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]},
-+ {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]},
-+ {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]},
-+ {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]},
-+ {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]},
-+ {"keyBag", "keyBag", NID_keyBag, 11, &so[826]},
-+ {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]},
-+ {"certBag", "certBag", NID_certBag, 11, &so[848]},
-+ {"crlBag", "crlBag", NID_crlBag, 11, &so[859]},
-+ {"secretBag", "secretBag", NID_secretBag, 11, &so[870]},
-+ {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]},
-+ {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]},
-+ {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]},
-+ {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]},
-+ {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]},
-+ {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]},
-+ {"PBES2", "PBES2", NID_pbes2, 9, &so[940]},
-+ {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]},
-+ {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]},
-+ {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]},
-+ {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]},
-+ {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc},
-+ {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]},
-+ {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]},
-+ {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]},
-+ {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]},
-+ {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]},
-+ {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]},
-+ {"name", "name", NID_name, 3, &so[1037]},
-+ {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]},
-+ {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]},
-+ {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]},
-+ {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]},
-+ {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]},
-+ {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]},
-+ {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]},
-+ {"ISO", "iso", NID_iso},
-+ {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]},
-+ {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]},
-+ {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]},
-+ {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]},
-+ {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]},
-+ {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]},
-+ {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]},
-+ {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]},
-+ {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]},
-+ {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]},
-+ {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]},
-+ {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]},
-+ {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]},
-+ {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]},
-+ {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]},
-+ {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]},
-+ {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]},
-+ {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]},
-+ {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]},
-+ {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]},
-+ {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]},
-+ {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]},
-+ {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]},
-+ {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]},
-+ {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]},
-+ {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]},
-+ {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]},
-+ {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]},
-+ {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]},
-+ {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]},
-+ {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]},
-+ {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]},
-+ {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]},
-+ {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]},
-+ {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]},
-+ {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]},
-+ {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]},
-+ {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]},
-+ {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]},
-+ {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]},
-+ {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]},
-+ {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]},
-+ {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]},
-+ {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]},
-+ {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]},
-+ {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]},
-+ {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]},
-+ {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]},
-+ {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]},
-+ {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]},
-+ {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]},
-+ {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]},
-+ {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]},
-+ {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]},
-+ {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]},
-+ {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]},
-+ {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]},
-+ {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]},
-+ {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]},
-+ {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]},
-+ {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]},
-+ {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]},
-+ {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]},
-+ {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]},
-+ {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]},
-+ {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]},
-+ {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]},
-+ {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]},
-+ {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]},
-+ {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]},
-+ {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]},
-+ {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]},
-+ {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]},
-+ {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]},
-+ {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]},
-+ {"MD4", "md4", NID_md4, 8, &so[1870]},
-+ {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]},
-+ {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]},
-+ {"id-it", "id-it", NID_id_it, 7, &so[1892]},
-+ {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]},
-+ {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]},
-+ {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]},
-+ {"id-on", "id-on", NID_id_on, 7, &so[1920]},
-+ {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]},
-+ {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]},
-+ {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]},
-+ {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]},
-+ {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]},
-+ {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]},
-+ {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]},
-+ {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]},
-+ {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]},
-+ {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]},
-+ {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]},
-+ {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]},
-+ {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]},
-+ {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]},
-+ {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]},
-+ {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]},
-+ {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]},
-+ {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]},
-+ {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]},
-+ {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]},
-+ {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]},
-+ {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]},
-+ {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]},
-+ {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]},
-+ {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]},
-+ {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]},
-+ {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]},
-+ {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]},
-+ {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]},
-+ {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]},
-+ {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]},
-+ {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]},
-+ {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]},
-+ {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]},
-+ {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]},
-+ {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]},
-+ {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]},
-+ {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]},
-+ {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]},
-+ {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]},
-+ {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]},
-+ {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]},
-+ {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]},
-+ {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]},
-+ {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]},
-+ {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]},
-+ {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]},
-+ {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]},
-+ {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]},
-+ {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]},
-+ {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]},
-+ {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]},
-+ {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]},
-+ {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]},
-+ {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]},
-+ {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]},
-+ {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]},
-+ {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]},
-+ {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]},
-+ {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]},
-+ {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]},
-+ {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]},
-+ {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]},
-+ {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]},
-+ {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]},
-+ {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]},
-+ {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]},
-+ {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]},
-+ {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]},
-+ {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]},
-+ {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]},
-+ {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]},
-+ {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]},
-+ {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]},
-+ {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]},
-+ {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]},
-+ {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]},
-+ {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]},
-+ {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]},
-+ {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]},
-+ {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]},
-+ {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]},
-+ {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]},
-+ {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]},
-+ {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]},
-+ { NULL, NULL, NID_undef },
-+ {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]},
-+ {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]},
-+ {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]},
-+ {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]},
-+ {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]},
-+ {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]},
-+ {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]},
-+ {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]},
-+ {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]},
-+ {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]},
-+ {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]},
-+ {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]},
-+ {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]},
-+ {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]},
-+ {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]},
-+ {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]},
-+ {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]},
-+ {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]},
-+ {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]},
-+ {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]},
-+ {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]},
-+ {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]},
-+ {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]},
-+ {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]},
-+ {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]},
-+ {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]},
-+ {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]},
-+ {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]},
-+ {"ORG", "org", NID_org, 1, &so[2833]},
-+ {"DOD", "dod", NID_dod, 2, &so[2834]},
-+ {"IANA", "iana", NID_iana, 3, &so[2836]},
-+ {"directory", "Directory", NID_Directory, 4, &so[2839]},
-+ {"mgmt", "Management", NID_Management, 4, &so[2843]},
-+ {"experimental", "Experimental", NID_Experimental, 4, &so[2847]},
-+ {"private", "Private", NID_Private, 4, &so[2851]},
-+ {"security", "Security", NID_Security, 4, &so[2855]},
-+ {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]},
-+ {"Mail", "Mail", NID_Mail, 4, &so[2863]},
-+ {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]},
-+ {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]},
-+ {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]},
-+ {"domain", "Domain", NID_Domain, 10, &so[2891]},
-+ {"NULL", "NULL", NID_joint_iso_ccitt},
-+ {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]},
-+ {"clearance", "clearance", NID_clearance, 4, &so[2904]},
-+ {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]},
-+ {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]},
-+ {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]},
-+ {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]},
-+ {"role", "role", NID_role, 3, &so[2941]},
-+ {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]},
-+ {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]},
-+ {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]},
-+ {"NULL", "NULL", NID_ccitt},
-+ {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]},
-+ {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]},
-+ {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]},
-+ {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]},
-+ {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]},
-+ {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]},
-+ {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]},
-+ {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]},
-+ {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]},
-+ {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]},
-+ {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]},
-+ {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]},
-+ {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]},
-+ {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]},
-+ {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]},
-+ {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]},
-+ {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]},
-+ {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]},
-+ {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]},
-+ {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]},
-+ {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]},
-+ {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]},
-+ {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]},
-+ {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]},
-+ {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]},
-+ {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]},
-+ {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]},
-+ {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]},
-+ {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]},
-+ {"data", "data", NID_data, 1, &so[3183]},
-+ {"pss", "pss", NID_pss, 3, &so[3184]},
-+ {"ucl", "ucl", NID_ucl, 7, &so[3187]},
-+ {"pilot", "pilot", NID_pilot, 8, &so[3194]},
-+ {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]},
-+ {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]},
-+ {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]},
-+ {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]},
-+ {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]},
-+ {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]},
-+ {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]},
-+ {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]},
-+ {"account", "account", NID_account, 10, &so[3278]},
-+ {"document", "document", NID_document, 10, &so[3288]},
-+ {"room", "room", NID_room, 10, &so[3298]},
-+ {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]},
-+ {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]},
-+ {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]},
-+ {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]},
-+ {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]},
-+ {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]},
-+ {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]},
-+ {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]},
-+ {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]},
-+ {"UID", "userId", NID_userId, 10, &so[3398]},
-+ {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]},
-+ {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]},
-+ {"info", "info", NID_info, 10, &so[3428]},
-+ {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]},
-+ {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]},
-+ {"photo", "photo", NID_photo, 10, &so[3458]},
-+ {"userClass", "userClass", NID_userClass, 10, &so[3468]},
-+ {"host", "host", NID_host, 10, &so[3478]},
-+ {"manager", "manager", NID_manager, 10, &so[3488]},
-+ {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]},
-+ {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]},
-+ {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]},
-+ {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]},
-+ {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]},
-+ {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]},
-+ {"secretary", "secretary", NID_secretary, 10, &so[3558]},
-+ {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]},
-+ {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]},
-+ {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]},
-+ {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]},
-+ {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]},
-+ {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]},
-+ {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]},
-+ {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]},
-+ {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]},
-+ {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]},
-+ {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]},
-+ {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]},
-+ {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]},
-+ {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]},
-+ {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]},
-+ {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]},
-+ {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]},
-+ {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]},
-+ {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]},
-+ {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]},
-+ {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]},
-+ {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]},
-+ {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]},
-+ {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]},
-+ {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]},
-+ {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]},
-+ {"audio", "audio", NID_audio, 10, &so[3828]},
-+ {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]},
-+ {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]},
-+ {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]},
-+ {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]},
-+ {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]},
-+ {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]},
-+ {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]},
-+ {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]},
-+ {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]},
-+ { NULL, NULL, NID_undef },
-+ {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]},
-+ {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]},
-+ {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]},
-+ {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]},
-+ {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]},
-+ {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]},
-+ {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]},
-+ {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]},
-+ {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]},
-+ {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]},
-+ {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]},
-+ {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]},
-+ {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]},
-+ {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]},
-+ {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]},
-+ {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]},
-+ {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]},
-+ {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]},
-+ {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]},
-+ {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]},
-+ {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]},
-+ {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]},
-+ {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]},
-+ {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]},
-+ {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]},
-+ {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]},
-+ {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]},
-+ {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]},
-+ {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]},
-+ {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]},
-+ {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]},
-+ {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]},
-+ {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]},
-+ {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]},
-+ {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]},
-+ {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]},
-+ {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]},
-+ {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]},
-+ {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]},
-+ {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]},
-+ {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]},
-+ {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]},
-+ {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]},
-+ {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]},
-+ {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]},
-+ {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]},
-+ {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]},
-+ {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]},
-+ {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]},
-+ {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]},
-+ {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]},
-+ {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]},
-+ {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]},
-+ {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]},
-+ {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]},
-+ {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]},
-+ {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]},
-+ {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]},
-+ {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]},
-+ {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]},
-+ {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]},
-+ {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]},
-+ {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]},
-+ {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]},
-+ {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]},
-+ {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]},
-+ {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]},
-+ {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]},
-+ {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]},
-+ {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]},
-+ {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]},
-+ {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]},
-+ {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]},
-+ {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]},
-+ {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]},
-+ {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]},
-+ {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]},
-+ {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]},
-+ {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]},
-+ {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]},
-+ {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]},
-+ {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]},
-+ {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]},
-+ {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]},
-+ {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]},
-+ {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]},
-+ {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]},
-+ {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]},
-+ {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]},
-+ {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]},
-+ {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]},
-+ {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]},
-+ {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]},
-+ {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]},
-+ {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]},
-+ {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]},
-+ {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]},
-+ {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]},
-+ {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]},
-+ {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]},
-+ {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]},
-+ {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]},
-+ {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]},
-+ {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]},
-+ {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]},
-+ {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]},
-+ {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]},
-+ {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]},
-+ {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]},
-+ {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]},
-+ {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]},
-+ {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]},
-+ {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]},
-+ {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]},
-+ {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]},
-+ {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]},
-+ {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]},
-+ {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]},
-+ {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]},
-+ {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]},
-+ {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]},
-+ {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]},
-+ {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]},
-+ {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]},
-+ {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]},
-+ {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]},
-+ {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]},
-+ {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]},
-+ {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]},
-+ {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]},
-+ {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]},
-+ {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]},
-+ {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]},
-+ {"ITU-T", "itu-t", NID_itu_t},
-+ {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
-+ {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]},
-+ {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]},
-+ {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]},
-+ {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
-+ {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
-+ {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
-+ {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8},
-+ {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8},
-+ {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8},
-+ {"DES-CFB1", "des-cfb1", NID_des_cfb1},
-+ {"DES-CFB8", "des-cfb8", NID_des_cfb8},
-+ {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1},
-+ {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8},
-+ {"street", "streetAddress", NID_streetAddress, 3, &so[4460]},
-+ {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]},
-+ {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]},
-+ {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]},
-+ {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]},
-+ {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]},
-+ {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]},
-+ {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]},
-+ {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]},
-+ {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]},
-+ {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]},
-+ {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]},
-+ {"SHA256", "sha256", NID_sha256, 9, &so[4544]},
-+ {"SHA384", "sha384", NID_sha384, 9, &so[4553]},
-+ {"SHA512", "sha512", NID_sha512, 9, &so[4562]},
-+ {"SHA224", "sha224", NID_sha224, 9, &so[4571]},
-+ {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]},
-+ {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]},
-+ {"wap", "wap", NID_wap, 2, &so[4584]},
-+ {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]},
-+ {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]},
-+ {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]},
-+ {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]},
-+ {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]},
-+ {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]},
-+ {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]},
-+ {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]},
-+ {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]},
-+ {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]},
-+ {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]},
-+ {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]},
-+ {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]},
-+ {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]},
-+ {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]},
-+ {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]},
-+ {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]},
-+ {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]},
-+ {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]},
-+ {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]},
-+ {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]},
-+ {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]},
-+ {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]},
-+ {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]},
-+ {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]},
-+ {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]},
-+ {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]},
-+ {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]},
-+ {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]},
-+ {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]},
-+ {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]},
-+ {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]},
-+ {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]},
-+ {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]},
-+ {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]},
-+ {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]},
-+ {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]},
-+ {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]},
-+ {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]},
-+ {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]},
-+ {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]},
-+ {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]},
-+ {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]},
-+ {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]},
-+ {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]},
-+ {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]},
-+ {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]},
-+ {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]},
-+ {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]},
-+ {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]},
-+ {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]},
-+ {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]},
-+ {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]},
-+ {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]},
-+ {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]},
-+ {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]},
-+ {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]},
-+ {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]},
-+ {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]},
-+ {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]},
-+ {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]},
-+ {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]},
-+ {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]},
-+ {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]},
-+ {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]},
-+ {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]},
-+ {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]},
-+ {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]},
-+ {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]},
-+ {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]},
-+ {"Oakley-EC2N-3", "ipsec3", NID_ipsec3},
-+ {"Oakley-EC2N-4", "ipsec4", NID_ipsec4},
-+ {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]},
-+ {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]},
-+ {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]},
-+ {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]},
-+ {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]},
-+ {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]},
-+ {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]},
-+ {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]},
-+ {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]},
-+ {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1},
-+ {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1},
-+ {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1},
-+ {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8},
-+ {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8},
-+ {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8},
-+ {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]},
-+ {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]},
-+ {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]},
-+ {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]},
-+ {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]},
-+ {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]},
-+ { NULL, NULL, NID_undef },
-+ {"KISA", "kisa", NID_kisa, 6, &so[5118]},
-+ { NULL, NULL, NID_undef },
-+ { NULL, NULL, NID_undef },
-+ {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]},
-+ {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]},
-+ {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]},
-+ {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]},
-+ {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]},
-+ {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]},
-+ {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]},
-+ {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]},
-+ {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]},
-+ {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]},
-+ {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]},
-+ {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]},
-+ {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]},
-+ {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]},
-+ {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]},
-+ {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]},
-+ {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]},
-+ {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]},
-+ {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]},
-+ {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]},
-+ {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]},
-+ {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]},
-+ {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]},
-+ {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]},
-+ {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]},
-+ {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]},
-+ {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]},
-+ {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]},
-+ {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]},
-+ {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]},
-+ {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]},
-+ {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]},
-+ {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]},
-+ {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]},
-+ {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]},
-+ {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]},
-+ {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]},
-+ {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]},
-+ {"gost89-cnt", "gost89-cnt", NID_gost89_cnt},
-+ {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]},
-+ {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]},
-+ {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]},
-+ {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]},
-+ {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]},
-+ {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]},
-+ {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]},
-+ {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]},
-+ {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]},
-+ {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]},
-+ {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]},
-+ {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]},
-+ {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]},
-+ {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]},
-+ {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]},
-+ {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]},
-+ {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]},
-+ {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]},
-+ {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]},
-+ {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]},
-+ {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]},
-+ {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]},
-+ {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]},
-+ {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]},
-+ {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]},
-+ {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]},
-+ {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]},
-+ {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]},
-+ {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]},
-+ {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]},
-+ {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]},
-+ {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]},
-+ {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]},
-+ {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]},
-+ {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]},
-+ {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]},
-+ {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]},
-+ {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]},
-+ {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]},
-+ {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]},
-+ {"HMAC", "hmac", NID_hmac},
-+ {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]},
-+ {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]},
-+ {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]},
-+ {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]},
-+ {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]},
-+ {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]},
-+ {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]},
-+ {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]},
-+ {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]},
-+ {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]},
-+ {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]},
-+ {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]},
-+ {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]},
-+ {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]},
-+ {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]},
-+ {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]},
-+ {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]},
-+ {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]},
-+ {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]},
-+ {"member", "member", NID_member, 3, &so[5767]},
-+ {"owner", "owner", NID_owner, 3, &so[5770]},
-+ {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]},
-+ {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]},
-+ {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]},
-+ {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]},
-+ {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]},
-+ {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]},
-+ {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]},
-+ {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]},
-+ {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]},
-+ {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]},
-+ {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]},
-+ {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]},
-+ {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]},
-+ {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]},
-+ {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]},
-+ {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]},
-+ {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]},
-+ {"CMAC", "cmac", NID_cmac},
-+ {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]},
-+ {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]},
-+ {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]},
-+ {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]},
-+ {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]},
-+ {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]},
-+ {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]},
-+ {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]},
-+ {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]},
-+ {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr},
-+ {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr},
-+ {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr},
-+ {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]},
-+ {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]},
-+ {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]},
-+ {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]},
-+ {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]},
-+ {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]},
-+ {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts},
-+ {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts},
-+ {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5},
-+ {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1},
-+ {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1},
-+ {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1},
-+ {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5968]},
-+ {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5977]},
-+ {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[5984]},
-+ {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[5993]},
-+ {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6002]},
-+ {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6011]},
-+ {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6020]},
-+ {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6029]},
-+ {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6038]},
-+ {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6047]},
-+ {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6056]},
-+ {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6065]},
-+ {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6074]},
-+ {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6083]},
-+ {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6092]},
-+ {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6101]},
-+ {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6110]},
-+ {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6119]},
-+ {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6128]},
-+ {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6134]},
-+ {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6140]},
-+ {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6146]},
-+ {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6152]},
-+ {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6161]},
-+ {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6167]},
-+ {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6173]},
-+ {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6179]},
-+ {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf},
-+ {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf},
-+ {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256},
-+ {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256},
-+ {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256},
-+ {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6185]},
-+ {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6195]},
-+ {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6205]},
-+ {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6215]},
-+ {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6225]},
-+ {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6236]},
-+ {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6247]},
-+ {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb},
-+ {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb},
-+ {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb},
-+ {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6258]},
-+ {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6266]},
-+ {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6274]},
-+ {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6282]},
-+ {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6290]},
-+ {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6298]},
-+ {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6306]},
-+ {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6314]},
-+ {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6322]},
-+ {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6330]},
-+ {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6338]},
-+ {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6346]},
-+ {"id-scrypt", "id-scrypt", NID_id_scrypt, 9, &so[6354]},
-+ {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6363]},
-+ {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12},
-+ {"gost-mac-12", "gost-mac-12", NID_gost_mac_12},
-+ {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6368]},
-+ {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6374]},
-+ {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6381]},
-+ {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6389]},
-+ {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6397]},
-+ {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6404]},
-+ {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6412]},
-+ {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6420]},
-+ {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6427]},
-+ {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6435]},
-+ {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6443]},
-+ {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6450]},
-+ {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6458]},
-+ {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6466]},
-+ {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6473]},
-+ {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6480]},
-+ {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6488]},
-+ {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6496]},
-+ {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6502]},
-+ {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6509]},
-+ {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6517]},
-+ {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6526]},
-+ {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6535]},
-+ {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6544]},
-+ {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6551]},
-+ {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6558]},
-+ {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6566]},
-+ {"INN", "INN", NID_INN, 8, &so[6575]},
-+ {"OGRN", "OGRN", NID_OGRN, 5, &so[6583]},
-+ {"SNILS", "SNILS", NID_SNILS, 5, &so[6588]},
-+ {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6593]},
-+ {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6598]},
-+ {"gost89-cbc", "gost89-cbc", NID_gost89_cbc},
-+ {"gost89-ecb", "gost89-ecb", NID_gost89_ecb},
-+ {"gost89-ctr", "gost89-ctr", NID_gost89_ctr},
-+ {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb},
-+ {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr},
-+ {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb},
-+ {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc},
-+ {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb},
-+ {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac},
-+ {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305},
-+ {"ChaCha20", "chacha20", NID_chacha20},
-+ {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6603]},
-+ {"TLS1-PRF", "tls1-prf", NID_tls1_prf},
-+ {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6611]},
-+ {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6619]},
-+ {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6627]},
-+ {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6635]},
-+ {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6643]},
-+ {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6651]},
-+ {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6659]},
-+ {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6667]},
-+ {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6675]},
-+ {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6683]},
-+ {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6689]},
-+ {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6696]},
-+ {"X25519", "X25519", NID_X25519, 9, &so[6703]},
-+ {"X448", "X448", NID_X448, 9, &so[6712]},
-+ {"HKDF", "hkdf", NID_hkdf},
-+ {"KxRSA", "kx-rsa", NID_kx_rsa},
-+ {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe},
-+ {"KxDHE", "kx-dhe", NID_kx_dhe},
-+ {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk},
-+ {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk},
-+ {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk},
-+ {"KxPSK", "kx-psk", NID_kx_psk},
-+ {"KxSRP", "kx-srp", NID_kx_srp},
-+ {"KxGOST", "kx-gost", NID_kx_gost},
-+ {"AuthRSA", "auth-rsa", NID_auth_rsa},
-+ {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa},
-+ {"AuthPSK", "auth-psk", NID_auth_psk},
-+ {"AuthDSS", "auth-dss", NID_auth_dss},
-+ {"AuthGOST01", "auth-gost01", NID_auth_gost01},
-+ {"AuthGOST12", "auth-gost12", NID_auth_gost12},
-+ {"AuthSRP", "auth-srp", NID_auth_srp},
-+ {"AuthNULL", "auth-null", NID_auth_null},
-+ { NULL, NULL, NID_undef },
-+ { NULL, NULL, NID_undef },
-+ {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6721]},
-+ {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6732]},
-+ {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6743]},
-+ {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6754]},
-+ {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6765]},
- };
-
--static const unsigned int sn_objs[NUM_SN]={
--364, /* "AD_DVCS" */
--419, /* "AES-128-CBC" */
--916, /* "AES-128-CBC-HMAC-SHA1" */
--948, /* "AES-128-CBC-HMAC-SHA256" */
--421, /* "AES-128-CFB" */
--650, /* "AES-128-CFB1" */
--653, /* "AES-128-CFB8" */
--904, /* "AES-128-CTR" */
--418, /* "AES-128-ECB" */
--958, /* "AES-128-OCB" */
--420, /* "AES-128-OFB" */
--913, /* "AES-128-XTS" */
--423, /* "AES-192-CBC" */
--917, /* "AES-192-CBC-HMAC-SHA1" */
--949, /* "AES-192-CBC-HMAC-SHA256" */
--425, /* "AES-192-CFB" */
--651, /* "AES-192-CFB1" */
--654, /* "AES-192-CFB8" */
--905, /* "AES-192-CTR" */
--422, /* "AES-192-ECB" */
--959, /* "AES-192-OCB" */
--424, /* "AES-192-OFB" */
--427, /* "AES-256-CBC" */
--918, /* "AES-256-CBC-HMAC-SHA1" */
--950, /* "AES-256-CBC-HMAC-SHA256" */
--429, /* "AES-256-CFB" */
--652, /* "AES-256-CFB1" */
--655, /* "AES-256-CFB8" */
--906, /* "AES-256-CTR" */
--426, /* "AES-256-ECB" */
--960, /* "AES-256-OCB" */
--428, /* "AES-256-OFB" */
--914, /* "AES-256-XTS" */
--1049, /* "AuthDSS" */
--1047, /* "AuthECDSA" */
--1050, /* "AuthGOST01" */
--1051, /* "AuthGOST12" */
--1053, /* "AuthNULL" */
--1048, /* "AuthPSK" */
--1046, /* "AuthRSA" */
--1052, /* "AuthSRP" */
--91, /* "BF-CBC" */
--93, /* "BF-CFB" */
--92, /* "BF-ECB" */
--94, /* "BF-OFB" */
--1056, /* "BLAKE2b512" */
--1057, /* "BLAKE2s256" */
--14, /* "C" */
--751, /* "CAMELLIA-128-CBC" */
--962, /* "CAMELLIA-128-CCM" */
--757, /* "CAMELLIA-128-CFB" */
--760, /* "CAMELLIA-128-CFB1" */
--763, /* "CAMELLIA-128-CFB8" */
--964, /* "CAMELLIA-128-CMAC" */
--963, /* "CAMELLIA-128-CTR" */
--754, /* "CAMELLIA-128-ECB" */
--961, /* "CAMELLIA-128-GCM" */
--766, /* "CAMELLIA-128-OFB" */
--752, /* "CAMELLIA-192-CBC" */
--966, /* "CAMELLIA-192-CCM" */
--758, /* "CAMELLIA-192-CFB" */
--761, /* "CAMELLIA-192-CFB1" */
--764, /* "CAMELLIA-192-CFB8" */
--968, /* "CAMELLIA-192-CMAC" */
--967, /* "CAMELLIA-192-CTR" */
--755, /* "CAMELLIA-192-ECB" */
--965, /* "CAMELLIA-192-GCM" */
--767, /* "CAMELLIA-192-OFB" */
--753, /* "CAMELLIA-256-CBC" */
--970, /* "CAMELLIA-256-CCM" */
--759, /* "CAMELLIA-256-CFB" */
--762, /* "CAMELLIA-256-CFB1" */
--765, /* "CAMELLIA-256-CFB8" */
--972, /* "CAMELLIA-256-CMAC" */
--971, /* "CAMELLIA-256-CTR" */
--756, /* "CAMELLIA-256-ECB" */
--969, /* "CAMELLIA-256-GCM" */
--768, /* "CAMELLIA-256-OFB" */
--108, /* "CAST5-CBC" */
--110, /* "CAST5-CFB" */
--109, /* "CAST5-ECB" */
--111, /* "CAST5-OFB" */
--894, /* "CMAC" */
--13, /* "CN" */
--141, /* "CRLReason" */
--417, /* "CSPName" */
--1019, /* "ChaCha20" */
--1018, /* "ChaCha20-Poly1305" */
--367, /* "CrlID" */
--391, /* "DC" */
--31, /* "DES-CBC" */
--643, /* "DES-CDMF" */
--30, /* "DES-CFB" */
--656, /* "DES-CFB1" */
--657, /* "DES-CFB8" */
--29, /* "DES-ECB" */
--32, /* "DES-EDE" */
--43, /* "DES-EDE-CBC" */
--60, /* "DES-EDE-CFB" */
--62, /* "DES-EDE-OFB" */
--33, /* "DES-EDE3" */
--44, /* "DES-EDE3-CBC" */
--61, /* "DES-EDE3-CFB" */
--658, /* "DES-EDE3-CFB1" */
--659, /* "DES-EDE3-CFB8" */
--63, /* "DES-EDE3-OFB" */
--45, /* "DES-OFB" */
--80, /* "DESX-CBC" */
--380, /* "DOD" */
--116, /* "DSA" */
--66, /* "DSA-SHA" */
--113, /* "DSA-SHA1" */
--70, /* "DSA-SHA1-old" */
--67, /* "DSA-old" */
--297, /* "DVCS" */
--99, /* "GN" */
--1036, /* "HKDF" */
--855, /* "HMAC" */
--780, /* "HMAC-MD5" */
--781, /* "HMAC-SHA1" */
--381, /* "IANA" */
--34, /* "IDEA-CBC" */
--35, /* "IDEA-CFB" */
--36, /* "IDEA-ECB" */
--46, /* "IDEA-OFB" */
--1004, /* "INN" */
--181, /* "ISO" */
--183, /* "ISO-US" */
--645, /* "ITU-T" */
--646, /* "JOINT-ISO-ITU-T" */
--773, /* "KISA" */
--1039, /* "KxDHE" */
--1041, /* "KxDHE-PSK" */
--1038, /* "KxECDHE" */
--1040, /* "KxECDHE-PSK" */
--1045, /* "KxGOST" */
--1043, /* "KxPSK" */
--1037, /* "KxRSA" */
--1042, /* "KxRSA_PSK" */
--1044, /* "KxSRP" */
--15, /* "L" */
--856, /* "LocalKeySet" */
-- 3, /* "MD2" */
--257, /* "MD4" */
-- 4, /* "MD5" */
--114, /* "MD5-SHA1" */
--95, /* "MDC2" */
--911, /* "MGF1" */
--388, /* "Mail" */
--393, /* "NULL" */
--404, /* "NULL" */
--57, /* "Netscape" */
--366, /* "Nonce" */
--17, /* "O" */
--178, /* "OCSP" */
--180, /* "OCSPSigning" */
--1005, /* "OGRN" */
--379, /* "ORG" */
--18, /* "OU" */
--749, /* "Oakley-EC2N-3" */
--750, /* "Oakley-EC2N-4" */
-- 9, /* "PBE-MD2-DES" */
--168, /* "PBE-MD2-RC2-64" */
--10, /* "PBE-MD5-DES" */
--169, /* "PBE-MD5-RC2-64" */
--147, /* "PBE-SHA1-2DES" */
--146, /* "PBE-SHA1-3DES" */
--170, /* "PBE-SHA1-DES" */
--148, /* "PBE-SHA1-RC2-128" */
--149, /* "PBE-SHA1-RC2-40" */
--68, /* "PBE-SHA1-RC2-64" */
--144, /* "PBE-SHA1-RC4-128" */
--145, /* "PBE-SHA1-RC4-40" */
--161, /* "PBES2" */
--69, /* "PBKDF2" */
--162, /* "PBMAC1" */
--127, /* "PKIX" */
--935, /* "PSPECIFIED" */
--98, /* "RC2-40-CBC" */
--166, /* "RC2-64-CBC" */
--37, /* "RC2-CBC" */
--39, /* "RC2-CFB" */
--38, /* "RC2-ECB" */
--40, /* "RC2-OFB" */
-- 5, /* "RC4" */
--97, /* "RC4-40" */
--915, /* "RC4-HMAC-MD5" */
--120, /* "RC5-CBC" */
--122, /* "RC5-CFB" */
--121, /* "RC5-ECB" */
--123, /* "RC5-OFB" */
--117, /* "RIPEMD160" */
--19, /* "RSA" */
-- 7, /* "RSA-MD2" */
--396, /* "RSA-MD4" */
-- 8, /* "RSA-MD5" */
--96, /* "RSA-MDC2" */
--104, /* "RSA-NP-MD5" */
--119, /* "RSA-RIPEMD160" */
--42, /* "RSA-SHA" */
--65, /* "RSA-SHA1" */
--115, /* "RSA-SHA1-2" */
--671, /* "RSA-SHA224" */
--668, /* "RSA-SHA256" */
--669, /* "RSA-SHA384" */
--670, /* "RSA-SHA512" */
--919, /* "RSAES-OAEP" */
--912, /* "RSASSA-PSS" */
--777, /* "SEED-CBC" */
--779, /* "SEED-CFB" */
--776, /* "SEED-ECB" */
--778, /* "SEED-OFB" */
--41, /* "SHA" */
--64, /* "SHA1" */
--675, /* "SHA224" */
--672, /* "SHA256" */
--673, /* "SHA384" */
--674, /* "SHA512" */
--188, /* "SMIME" */
--167, /* "SMIME-CAPS" */
--100, /* "SN" */
--1006, /* "SNILS" */
--16, /* "ST" */
--143, /* "SXNetID" */
--1021, /* "TLS1-PRF" */
--458, /* "UID" */
-- 0, /* "UNDEF" */
--1034, /* "X25519" */
--1035, /* "X448" */
--11, /* "X500" */
--378, /* "X500algorithms" */
--12, /* "X509" */
--184, /* "X9-57" */
--185, /* "X9cm" */
--125, /* "ZLIB" */
--478, /* "aRecord" */
--289, /* "aaControls" */
--287, /* "ac-auditEntity" */
--397, /* "ac-proxying" */
--288, /* "ac-targeting" */
--368, /* "acceptableResponses" */
--446, /* "account" */
--363, /* "ad_timestamping" */
--376, /* "algorithm" */
--405, /* "ansi-X9-62" */
--910, /* "anyExtendedKeyUsage" */
--746, /* "anyPolicy" */
--370, /* "archiveCutoff" */
--484, /* "associatedDomain" */
--485, /* "associatedName" */
--501, /* "audio" */
--177, /* "authorityInfoAccess" */
--90, /* "authorityKeyIdentifier" */
--882, /* "authorityRevocationList" */
--87, /* "basicConstraints" */
--365, /* "basicOCSPResponse" */
--285, /* "biometricInfo" */
--921, /* "brainpoolP160r1" */
--922, /* "brainpoolP160t1" */
--923, /* "brainpoolP192r1" */
--924, /* "brainpoolP192t1" */
--925, /* "brainpoolP224r1" */
--926, /* "brainpoolP224t1" */
--927, /* "brainpoolP256r1" */
--928, /* "brainpoolP256t1" */
--929, /* "brainpoolP320r1" */
--930, /* "brainpoolP320t1" */
--931, /* "brainpoolP384r1" */
--932, /* "brainpoolP384t1" */
--933, /* "brainpoolP512r1" */
--934, /* "brainpoolP512t1" */
--494, /* "buildingName" */
--860, /* "businessCategory" */
--691, /* "c2onb191v4" */
--692, /* "c2onb191v5" */
--697, /* "c2onb239v4" */
--698, /* "c2onb239v5" */
--684, /* "c2pnb163v1" */
--685, /* "c2pnb163v2" */
--686, /* "c2pnb163v3" */
--687, /* "c2pnb176v1" */
--693, /* "c2pnb208w1" */
--699, /* "c2pnb272w1" */
--700, /* "c2pnb304w1" */
--702, /* "c2pnb368w1" */
--688, /* "c2tnb191v1" */
--689, /* "c2tnb191v2" */
--690, /* "c2tnb191v3" */
--694, /* "c2tnb239v1" */
--695, /* "c2tnb239v2" */
--696, /* "c2tnb239v3" */
--701, /* "c2tnb359v1" */
--703, /* "c2tnb431r1" */
--881, /* "cACertificate" */
--483, /* "cNAMERecord" */
--179, /* "caIssuers" */
--785, /* "caRepository" */
--1023, /* "capwapAC" */
--1024, /* "capwapWTP" */
--443, /* "caseIgnoreIA5StringSyntax" */
--152, /* "certBag" */
--677, /* "certicom-arc" */
--771, /* "certificateIssuer" */
--89, /* "certificatePolicies" */
--883, /* "certificateRevocationList" */
--54, /* "challengePassword" */
--407, /* "characteristic-two-field" */
--395, /* "clearance" */
--130, /* "clientAuth" */
--131, /* "codeSigning" */
--50, /* "contentType" */
--53, /* "countersignature" */
--153, /* "crlBag" */
--103, /* "crlDistributionPoints" */
--88, /* "crlNumber" */
--884, /* "crossCertificatePair" */
--806, /* "cryptocom" */
--805, /* "cryptopro" */
--954, /* "ct_cert_scts" */
--952, /* "ct_precert_poison" */
--951, /* "ct_precert_scts" */
--953, /* "ct_precert_signer" */
--500, /* "dITRedirect" */
--451, /* "dNSDomain" */
--495, /* "dSAQuality" */
--434, /* "data" */
--390, /* "dcobject" */
--140, /* "deltaCRL" */
--891, /* "deltaRevocationList" */
--107, /* "description" */
--871, /* "destinationIndicator" */
--947, /* "dh-cofactor-kdf" */
--946, /* "dh-std-kdf" */
--28, /* "dhKeyAgreement" */
--941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
--942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
--943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
--944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
--945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
--936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */
--937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */
--938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */
--939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */
--940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */
--920, /* "dhpublicnumber" */
--382, /* "directory" */
--887, /* "distinguishedName" */
--892, /* "dmdName" */
--174, /* "dnQualifier" */
--447, /* "document" */
--471, /* "documentAuthor" */
--468, /* "documentIdentifier" */
--472, /* "documentLocation" */
--502, /* "documentPublisher" */
--449, /* "documentSeries" */
--469, /* "documentTitle" */
--470, /* "documentVersion" */
--392, /* "domain" */
--452, /* "domainRelatedObject" */
--802, /* "dsa_with_SHA224" */
--803, /* "dsa_with_SHA256" */
--791, /* "ecdsa-with-Recommended" */
--416, /* "ecdsa-with-SHA1" */
--793, /* "ecdsa-with-SHA224" */
--794, /* "ecdsa-with-SHA256" */
--795, /* "ecdsa-with-SHA384" */
--796, /* "ecdsa-with-SHA512" */
--792, /* "ecdsa-with-Specified" */
--48, /* "emailAddress" */
--132, /* "emailProtection" */
--885, /* "enhancedSearchGuide" */
--389, /* "enterprises" */
--384, /* "experimental" */
--172, /* "extReq" */
--56, /* "extendedCertificateAttributes" */
--126, /* "extendedKeyUsage" */
--372, /* "extendedStatus" */
--867, /* "facsimileTelephoneNumber" */
--462, /* "favouriteDrink" */
--857, /* "freshestCRL" */
--453, /* "friendlyCountry" */
--490, /* "friendlyCountryName" */
--156, /* "friendlyName" */
--509, /* "generationQualifier" */
--815, /* "gost-mac" */
--976, /* "gost-mac-12" */
--811, /* "gost2001" */
--851, /* "gost2001cc" */
--979, /* "gost2012_256" */
--980, /* "gost2012_512" */
--813, /* "gost89" */
--1009, /* "gost89-cbc" */
--814, /* "gost89-cnt" */
--975, /* "gost89-cnt-12" */
--1011, /* "gost89-ctr" */
--1010, /* "gost89-ecb" */
--812, /* "gost94" */
--850, /* "gost94cc" */
--1015, /* "grasshopper-cbc" */
--1016, /* "grasshopper-cfb" */
--1013, /* "grasshopper-ctr" */
--1012, /* "grasshopper-ecb" */
--1017, /* "grasshopper-mac" */
--1014, /* "grasshopper-ofb" */
--797, /* "hmacWithMD5" */
--163, /* "hmacWithSHA1" */
--798, /* "hmacWithSHA224" */
--799, /* "hmacWithSHA256" */
--800, /* "hmacWithSHA384" */
--801, /* "hmacWithSHA512" */
--432, /* "holdInstructionCallIssuer" */
--430, /* "holdInstructionCode" */
--431, /* "holdInstructionNone" */
--433, /* "holdInstructionReject" */
--486, /* "homePostalAddress" */
--473, /* "homeTelephoneNumber" */
--466, /* "host" */
--889, /* "houseIdentifier" */
--442, /* "iA5StringSyntax" */
--783, /* "id-DHBasedMac" */
--824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
--825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
--826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
--827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
--819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
--829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
--828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
--830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
--820, /* "id-Gost28147-89-None-KeyMeshing" */
--823, /* "id-Gost28147-89-TestParamSet" */
--849, /* "id-Gost28147-89-cc" */
--840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
--841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
--842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
--843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
--844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
--854, /* "id-GostR3410-2001-ParamSet-cc" */
--839, /* "id-GostR3410-2001-TestParamSet" */
--817, /* "id-GostR3410-2001DH" */
--832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
--833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
--834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
--835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
--836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
--837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
--838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
--831, /* "id-GostR3410-94-TestParamSet" */
--845, /* "id-GostR3410-94-a" */
--846, /* "id-GostR3410-94-aBis" */
--847, /* "id-GostR3410-94-b" */
--848, /* "id-GostR3410-94-bBis" */
--818, /* "id-GostR3410-94DH" */
--822, /* "id-GostR3411-94-CryptoProParamSet" */
--821, /* "id-GostR3411-94-TestParamSet" */
--807, /* "id-GostR3411-94-with-GostR3410-2001" */
--853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */
--808, /* "id-GostR3411-94-with-GostR3410-94" */
--852, /* "id-GostR3411-94-with-GostR3410-94-cc" */
--810, /* "id-HMACGostR3411-94" */
--782, /* "id-PasswordBasedMAC" */
--266, /* "id-aca" */
--355, /* "id-aca-accessIdentity" */
--354, /* "id-aca-authenticationInfo" */
--356, /* "id-aca-chargingIdentity" */
--399, /* "id-aca-encAttrs" */
--357, /* "id-aca-group" */
--358, /* "id-aca-role" */
--176, /* "id-ad" */
--896, /* "id-aes128-CCM" */
--895, /* "id-aes128-GCM" */
--788, /* "id-aes128-wrap" */
--897, /* "id-aes128-wrap-pad" */
--899, /* "id-aes192-CCM" */
--898, /* "id-aes192-GCM" */
--789, /* "id-aes192-wrap" */
--900, /* "id-aes192-wrap-pad" */
--902, /* "id-aes256-CCM" */
--901, /* "id-aes256-GCM" */
--790, /* "id-aes256-wrap" */
--903, /* "id-aes256-wrap-pad" */
--262, /* "id-alg" */
--893, /* "id-alg-PWRI-KEK" */
--323, /* "id-alg-des40" */
--326, /* "id-alg-dh-pop" */
--325, /* "id-alg-dh-sig-hmac-sha1" */
--324, /* "id-alg-noSignature" */
--907, /* "id-camellia128-wrap" */
--908, /* "id-camellia192-wrap" */
--909, /* "id-camellia256-wrap" */
--268, /* "id-cct" */
--361, /* "id-cct-PKIData" */
--362, /* "id-cct-PKIResponse" */
--360, /* "id-cct-crs" */
--81, /* "id-ce" */
--680, /* "id-characteristic-two-basis" */
--263, /* "id-cmc" */
--334, /* "id-cmc-addExtensions" */
--346, /* "id-cmc-confirmCertAcceptance" */
--330, /* "id-cmc-dataReturn" */
--336, /* "id-cmc-decryptedPOP" */
--335, /* "id-cmc-encryptedPOP" */
--339, /* "id-cmc-getCRL" */
--338, /* "id-cmc-getCert" */
--328, /* "id-cmc-identification" */
--329, /* "id-cmc-identityProof" */
--337, /* "id-cmc-lraPOPWitness" */
--344, /* "id-cmc-popLinkRandom" */
--345, /* "id-cmc-popLinkWitness" */
--343, /* "id-cmc-queryPending" */
--333, /* "id-cmc-recipientNonce" */
--341, /* "id-cmc-regInfo" */
--342, /* "id-cmc-responseInfo" */
--340, /* "id-cmc-revokeRequest" */
--332, /* "id-cmc-senderNonce" */
--327, /* "id-cmc-statusInfo" */
--331, /* "id-cmc-transactionId" */
--787, /* "id-ct-asciiTextWithCRLF" */
--408, /* "id-ecPublicKey" */
--508, /* "id-hex-multipart-message" */
--507, /* "id-hex-partial-message" */
--260, /* "id-it" */
--302, /* "id-it-caKeyUpdateInfo" */
--298, /* "id-it-caProtEncCert" */
--311, /* "id-it-confirmWaitTime" */
--303, /* "id-it-currentCRL" */
--300, /* "id-it-encKeyPairTypes" */
--310, /* "id-it-implicitConfirm" */
--308, /* "id-it-keyPairParamRep" */
--307, /* "id-it-keyPairParamReq" */
--312, /* "id-it-origPKIMessage" */
--301, /* "id-it-preferredSymmAlg" */
--309, /* "id-it-revPassphrase" */
--299, /* "id-it-signKeyPairTypes" */
--305, /* "id-it-subscriptionRequest" */
--306, /* "id-it-subscriptionResponse" */
--784, /* "id-it-suppLangTags" */
--304, /* "id-it-unsupportedOIDs" */
--128, /* "id-kp" */
--280, /* "id-mod-attribute-cert" */
--274, /* "id-mod-cmc" */
--277, /* "id-mod-cmp" */
--284, /* "id-mod-cmp2000" */
--273, /* "id-mod-crmf" */
--283, /* "id-mod-dvcs" */
--275, /* "id-mod-kea-profile-88" */
--276, /* "id-mod-kea-profile-93" */
--282, /* "id-mod-ocsp" */
--278, /* "id-mod-qualified-cert-88" */
--279, /* "id-mod-qualified-cert-93" */
--281, /* "id-mod-timestamp-protocol" */
--264, /* "id-on" */
--858, /* "id-on-permanentIdentifier" */
--347, /* "id-on-personalData" */
--265, /* "id-pda" */
--352, /* "id-pda-countryOfCitizenship" */
--353, /* "id-pda-countryOfResidence" */
--348, /* "id-pda-dateOfBirth" */
--351, /* "id-pda-gender" */
--349, /* "id-pda-placeOfBirth" */
--175, /* "id-pe" */
--1031, /* "id-pkinit" */
--261, /* "id-pkip" */
--258, /* "id-pkix-mod" */
--269, /* "id-pkix1-explicit-88" */
--271, /* "id-pkix1-explicit-93" */
--270, /* "id-pkix1-implicit-88" */
--272, /* "id-pkix1-implicit-93" */
--662, /* "id-ppl" */
--664, /* "id-ppl-anyLanguage" */
--667, /* "id-ppl-independent" */
--665, /* "id-ppl-inheritAll" */
--267, /* "id-qcs" */
--359, /* "id-qcs-pkixQCSyntax-v1" */
--259, /* "id-qt" */
--164, /* "id-qt-cps" */
--165, /* "id-qt-unotice" */
--313, /* "id-regCtrl" */
--316, /* "id-regCtrl-authenticator" */
--319, /* "id-regCtrl-oldCertID" */
--318, /* "id-regCtrl-pkiArchiveOptions" */
--317, /* "id-regCtrl-pkiPublicationInfo" */
--320, /* "id-regCtrl-protocolEncrKey" */
--315, /* "id-regCtrl-regToken" */
--314, /* "id-regInfo" */
--322, /* "id-regInfo-certReq" */
--321, /* "id-regInfo-utf8Pairs" */
--973, /* "id-scrypt" */
--512, /* "id-set" */
--191, /* "id-smime-aa" */
--215, /* "id-smime-aa-contentHint" */
--218, /* "id-smime-aa-contentIdentifier" */
--221, /* "id-smime-aa-contentReference" */
--240, /* "id-smime-aa-dvcs-dvc" */
--217, /* "id-smime-aa-encapContentType" */
--222, /* "id-smime-aa-encrypKeyPref" */
--220, /* "id-smime-aa-equivalentLabels" */
--232, /* "id-smime-aa-ets-CertificateRefs" */
--233, /* "id-smime-aa-ets-RevocationRefs" */
--238, /* "id-smime-aa-ets-archiveTimeStamp" */
--237, /* "id-smime-aa-ets-certCRLTimestamp" */
--234, /* "id-smime-aa-ets-certValues" */
--227, /* "id-smime-aa-ets-commitmentType" */
--231, /* "id-smime-aa-ets-contentTimestamp" */
--236, /* "id-smime-aa-ets-escTimeStamp" */
--230, /* "id-smime-aa-ets-otherSigCert" */
--235, /* "id-smime-aa-ets-revocationValues" */
--226, /* "id-smime-aa-ets-sigPolicyId" */
--229, /* "id-smime-aa-ets-signerAttr" */
--228, /* "id-smime-aa-ets-signerLocation" */
--219, /* "id-smime-aa-macValue" */
--214, /* "id-smime-aa-mlExpandHistory" */
--216, /* "id-smime-aa-msgSigDigest" */
--212, /* "id-smime-aa-receiptRequest" */
--213, /* "id-smime-aa-securityLabel" */
--239, /* "id-smime-aa-signatureType" */
--223, /* "id-smime-aa-signingCertificate" */
--224, /* "id-smime-aa-smimeEncryptCerts" */
--225, /* "id-smime-aa-timeStampToken" */
--192, /* "id-smime-alg" */
--243, /* "id-smime-alg-3DESwrap" */
--246, /* "id-smime-alg-CMS3DESwrap" */
--247, /* "id-smime-alg-CMSRC2wrap" */
--245, /* "id-smime-alg-ESDH" */
--241, /* "id-smime-alg-ESDHwith3DES" */
--242, /* "id-smime-alg-ESDHwithRC2" */
--244, /* "id-smime-alg-RC2wrap" */
--193, /* "id-smime-cd" */
--248, /* "id-smime-cd-ldap" */
--190, /* "id-smime-ct" */
--210, /* "id-smime-ct-DVCSRequestData" */
--211, /* "id-smime-ct-DVCSResponseData" */
--208, /* "id-smime-ct-TDTInfo" */
--207, /* "id-smime-ct-TSTInfo" */
--205, /* "id-smime-ct-authData" */
--786, /* "id-smime-ct-compressedData" */
--209, /* "id-smime-ct-contentInfo" */
--206, /* "id-smime-ct-publishCert" */
--204, /* "id-smime-ct-receipt" */
--195, /* "id-smime-cti" */
--255, /* "id-smime-cti-ets-proofOfApproval" */
--256, /* "id-smime-cti-ets-proofOfCreation" */
--253, /* "id-smime-cti-ets-proofOfDelivery" */
--251, /* "id-smime-cti-ets-proofOfOrigin" */
--252, /* "id-smime-cti-ets-proofOfReceipt" */
--254, /* "id-smime-cti-ets-proofOfSender" */
--189, /* "id-smime-mod" */
--196, /* "id-smime-mod-cms" */
--197, /* "id-smime-mod-ess" */
--202, /* "id-smime-mod-ets-eSigPolicy-88" */
--203, /* "id-smime-mod-ets-eSigPolicy-97" */
--200, /* "id-smime-mod-ets-eSignature-88" */
--201, /* "id-smime-mod-ets-eSignature-97" */
--199, /* "id-smime-mod-msg-v3" */
--198, /* "id-smime-mod-oid" */
--194, /* "id-smime-spq" */
--250, /* "id-smime-spq-ets-sqt-unotice" */
--249, /* "id-smime-spq-ets-sqt-uri" */
--974, /* "id-tc26" */
--991, /* "id-tc26-agreement" */
--992, /* "id-tc26-agreement-gost-3410-2012-256" */
--993, /* "id-tc26-agreement-gost-3410-2012-512" */
--977, /* "id-tc26-algorithms" */
--990, /* "id-tc26-cipher" */
--1001, /* "id-tc26-cipher-constants" */
--994, /* "id-tc26-constants" */
--981, /* "id-tc26-digest" */
--1000, /* "id-tc26-digest-constants" */
--1002, /* "id-tc26-gost-28147-constants" */
--1003, /* "id-tc26-gost-28147-param-Z" */
--996, /* "id-tc26-gost-3410-2012-512-constants" */
--998, /* "id-tc26-gost-3410-2012-512-paramSetA" */
--999, /* "id-tc26-gost-3410-2012-512-paramSetB" */
--997, /* "id-tc26-gost-3410-2012-512-paramSetTest" */
--988, /* "id-tc26-hmac-gost-3411-2012-256" */
--989, /* "id-tc26-hmac-gost-3411-2012-512" */
--987, /* "id-tc26-mac" */
--978, /* "id-tc26-sign" */
--995, /* "id-tc26-sign-constants" */
--984, /* "id-tc26-signwithdigest" */
--985, /* "id-tc26-signwithdigest-gost3410-2012-256" */
--986, /* "id-tc26-signwithdigest-gost3410-2012-512" */
--676, /* "identified-organization" */
--461, /* "info" */
--748, /* "inhibitAnyPolicy" */
--101, /* "initials" */
--647, /* "international-organizations" */
--869, /* "internationaliSDNNumber" */
--142, /* "invalidityDate" */
--294, /* "ipsecEndSystem" */
--1022, /* "ipsecIKE" */
--295, /* "ipsecTunnel" */
--296, /* "ipsecUser" */
--86, /* "issuerAltName" */
--1008, /* "issuerSignTool" */
--770, /* "issuingDistributionPoint" */
--492, /* "janetMailbox" */
--957, /* "jurisdictionC" */
--955, /* "jurisdictionL" */
--956, /* "jurisdictionST" */
--150, /* "keyBag" */
--83, /* "keyUsage" */
--477, /* "lastModifiedBy" */
--476, /* "lastModifiedTime" */
--157, /* "localKeyID" */
--480, /* "mXRecord" */
--460, /* "mail" */
--493, /* "mailPreferenceOption" */
--467, /* "manager" */
--982, /* "md_gost12_256" */
--983, /* "md_gost12_512" */
--809, /* "md_gost94" */
--875, /* "member" */
--182, /* "member-body" */
--51, /* "messageDigest" */
--383, /* "mgmt" */
--504, /* "mime-mhs" */
--506, /* "mime-mhs-bodies" */
--505, /* "mime-mhs-headings" */
--488, /* "mobileTelephoneNumber" */
--136, /* "msCTLSign" */
--135, /* "msCodeCom" */
--134, /* "msCodeInd" */
--138, /* "msEFS" */
--171, /* "msExtReq" */
--137, /* "msSGC" */
--648, /* "msSmartcardLogin" */
--649, /* "msUPN" */
--481, /* "nSRecord" */
--173, /* "name" */
--666, /* "nameConstraints" */
--369, /* "noCheck" */
--403, /* "noRevAvail" */
--72, /* "nsBaseUrl" */
--76, /* "nsCaPolicyUrl" */
--74, /* "nsCaRevocationUrl" */
--58, /* "nsCertExt" */
--79, /* "nsCertSequence" */
--71, /* "nsCertType" */
--78, /* "nsComment" */
--59, /* "nsDataType" */
--75, /* "nsRenewalUrl" */
--73, /* "nsRevocationUrl" */
--139, /* "nsSGC" */
--77, /* "nsSslServerName" */
--681, /* "onBasis" */
--491, /* "organizationalStatus" */
--475, /* "otherMailbox" */
--876, /* "owner" */
--489, /* "pagerTelephoneNumber" */
--374, /* "path" */
--112, /* "pbeWithMD5AndCast5CBC" */
--499, /* "personalSignature" */
--487, /* "personalTitle" */
--464, /* "photo" */
--863, /* "physicalDeliveryOfficeName" */
--437, /* "pilot" */
--439, /* "pilotAttributeSyntax" */
--438, /* "pilotAttributeType" */
--479, /* "pilotAttributeType27" */
--456, /* "pilotDSA" */
--441, /* "pilotGroups" */
--444, /* "pilotObject" */
--440, /* "pilotObjectClass" */
--455, /* "pilotOrganization" */
--445, /* "pilotPerson" */
--1032, /* "pkInitClientAuth" */
--1033, /* "pkInitKDC" */
-- 2, /* "pkcs" */
--186, /* "pkcs1" */
--27, /* "pkcs3" */
--187, /* "pkcs5" */
--20, /* "pkcs7" */
--21, /* "pkcs7-data" */
--25, /* "pkcs7-digestData" */
--26, /* "pkcs7-encryptedData" */
--23, /* "pkcs7-envelopedData" */
--24, /* "pkcs7-signedAndEnvelopedData" */
--22, /* "pkcs7-signedData" */
--151, /* "pkcs8ShroudedKeyBag" */
--47, /* "pkcs9" */
--401, /* "policyConstraints" */
--747, /* "policyMappings" */
--862, /* "postOfficeBox" */
--861, /* "postalAddress" */
--661, /* "postalCode" */
--683, /* "ppBasis" */
--872, /* "preferredDeliveryMethod" */
--873, /* "presentationAddress" */
--816, /* "prf-gostr3411-94" */
--406, /* "prime-field" */
--409, /* "prime192v1" */
--410, /* "prime192v2" */
--411, /* "prime192v3" */
--412, /* "prime239v1" */
--413, /* "prime239v2" */
--414, /* "prime239v3" */
--415, /* "prime256v1" */
--385, /* "private" */
--84, /* "privateKeyUsagePeriod" */
--886, /* "protocolInformation" */
--663, /* "proxyCertInfo" */
--510, /* "pseudonym" */
--435, /* "pss" */
--286, /* "qcStatements" */
--457, /* "qualityLabelledData" */
--450, /* "rFC822localPart" */
--870, /* "registeredAddress" */
--400, /* "role" */
--877, /* "roleOccupant" */
--448, /* "room" */
--463, /* "roomNumber" */
-- 6, /* "rsaEncryption" */
--644, /* "rsaOAEPEncryptionSET" */
--377, /* "rsaSignature" */
-- 1, /* "rsadsi" */
--482, /* "sOARecord" */
--155, /* "safeContentsBag" */
--291, /* "sbgp-autonomousSysNum" */
--290, /* "sbgp-ipAddrBlock" */
--292, /* "sbgp-routerIdentifier" */
--159, /* "sdsiCertificate" */
--859, /* "searchGuide" */
--704, /* "secp112r1" */
--705, /* "secp112r2" */
--706, /* "secp128r1" */
--707, /* "secp128r2" */
--708, /* "secp160k1" */
--709, /* "secp160r1" */
--710, /* "secp160r2" */
--711, /* "secp192k1" */
--712, /* "secp224k1" */
--713, /* "secp224r1" */
--714, /* "secp256k1" */
--715, /* "secp384r1" */
--716, /* "secp521r1" */
--154, /* "secretBag" */
--474, /* "secretary" */
--717, /* "sect113r1" */
--718, /* "sect113r2" */
--719, /* "sect131r1" */
--720, /* "sect131r2" */
--721, /* "sect163k1" */
--722, /* "sect163r1" */
--723, /* "sect163r2" */
--724, /* "sect193r1" */
--725, /* "sect193r2" */
--726, /* "sect233k1" */
--727, /* "sect233r1" */
--728, /* "sect239k1" */
--729, /* "sect283k1" */
--730, /* "sect283r1" */
--731, /* "sect409k1" */
--732, /* "sect409r1" */
--733, /* "sect571k1" */
--734, /* "sect571r1" */
--1025, /* "secureShellClient" */
--1026, /* "secureShellServer" */
--386, /* "security" */
--878, /* "seeAlso" */
--394, /* "selected-attribute-types" */
--1029, /* "sendOwner" */
--1030, /* "sendProxiedOwner" */
--1028, /* "sendProxiedRouter" */
--1027, /* "sendRouter" */
--105, /* "serialNumber" */
--129, /* "serverAuth" */
--371, /* "serviceLocator" */
--625, /* "set-addPolicy" */
--515, /* "set-attr" */
--518, /* "set-brand" */
--638, /* "set-brand-AmericanExpress" */
--637, /* "set-brand-Diners" */
--636, /* "set-brand-IATA-ATA" */
--639, /* "set-brand-JCB" */
--641, /* "set-brand-MasterCard" */
--642, /* "set-brand-Novus" */
--640, /* "set-brand-Visa" */
--517, /* "set-certExt" */
--513, /* "set-ctype" */
--514, /* "set-msgExt" */
--516, /* "set-policy" */
--607, /* "set-policy-root" */
--624, /* "set-rootKeyThumb" */
--620, /* "setAttr-Cert" */
--631, /* "setAttr-GenCryptgrm" */
--623, /* "setAttr-IssCap" */
--628, /* "setAttr-IssCap-CVM" */
--630, /* "setAttr-IssCap-Sig" */
--629, /* "setAttr-IssCap-T2" */
--621, /* "setAttr-PGWYcap" */
--635, /* "setAttr-SecDevSig" */
--632, /* "setAttr-T2Enc" */
--633, /* "setAttr-T2cleartxt" */
--634, /* "setAttr-TokICCsig" */
--627, /* "setAttr-Token-B0Prime" */
--626, /* "setAttr-Token-EMV" */
--622, /* "setAttr-TokenType" */
--619, /* "setCext-IssuerCapabilities" */
--615, /* "setCext-PGWYcapabilities" */
--616, /* "setCext-TokenIdentifier" */
--618, /* "setCext-TokenType" */
--617, /* "setCext-Track2Data" */
--611, /* "setCext-cCertRequired" */
--609, /* "setCext-certType" */
--608, /* "setCext-hashedRoot" */
--610, /* "setCext-merchData" */
--613, /* "setCext-setExt" */
--614, /* "setCext-setQualf" */
--612, /* "setCext-tunneling" */
--540, /* "setct-AcqCardCodeMsg" */
--576, /* "setct-AcqCardCodeMsgTBE" */
--570, /* "setct-AuthReqTBE" */
--534, /* "setct-AuthReqTBS" */
--527, /* "setct-AuthResBaggage" */
--571, /* "setct-AuthResTBE" */
--572, /* "setct-AuthResTBEX" */
--535, /* "setct-AuthResTBS" */
--536, /* "setct-AuthResTBSX" */
--528, /* "setct-AuthRevReqBaggage" */
--577, /* "setct-AuthRevReqTBE" */
--541, /* "setct-AuthRevReqTBS" */
--529, /* "setct-AuthRevResBaggage" */
--542, /* "setct-AuthRevResData" */
--578, /* "setct-AuthRevResTBE" */
--579, /* "setct-AuthRevResTBEB" */
--543, /* "setct-AuthRevResTBS" */
--573, /* "setct-AuthTokenTBE" */
--537, /* "setct-AuthTokenTBS" */
--600, /* "setct-BCIDistributionTBS" */
--558, /* "setct-BatchAdminReqData" */
--592, /* "setct-BatchAdminReqTBE" */
--559, /* "setct-BatchAdminResData" */
--593, /* "setct-BatchAdminResTBE" */
--599, /* "setct-CRLNotificationResTBS" */
--598, /* "setct-CRLNotificationTBS" */
--580, /* "setct-CapReqTBE" */
--581, /* "setct-CapReqTBEX" */
--544, /* "setct-CapReqTBS" */
--545, /* "setct-CapReqTBSX" */
--546, /* "setct-CapResData" */
--582, /* "setct-CapResTBE" */
--583, /* "setct-CapRevReqTBE" */
--584, /* "setct-CapRevReqTBEX" */
--547, /* "setct-CapRevReqTBS" */
--548, /* "setct-CapRevReqTBSX" */
--549, /* "setct-CapRevResData" */
--585, /* "setct-CapRevResTBE" */
--538, /* "setct-CapTokenData" */
--530, /* "setct-CapTokenSeq" */
--574, /* "setct-CapTokenTBE" */
--575, /* "setct-CapTokenTBEX" */
--539, /* "setct-CapTokenTBS" */
--560, /* "setct-CardCInitResTBS" */
--566, /* "setct-CertInqReqTBS" */
--563, /* "setct-CertReqData" */
--595, /* "setct-CertReqTBE" */
--596, /* "setct-CertReqTBEX" */
--564, /* "setct-CertReqTBS" */
--565, /* "setct-CertResData" */
--597, /* "setct-CertResTBE" */
--586, /* "setct-CredReqTBE" */
--587, /* "setct-CredReqTBEX" */
--550, /* "setct-CredReqTBS" */
--551, /* "setct-CredReqTBSX" */
--552, /* "setct-CredResData" */
--588, /* "setct-CredResTBE" */
--589, /* "setct-CredRevReqTBE" */
--590, /* "setct-CredRevReqTBEX" */
--553, /* "setct-CredRevReqTBS" */
--554, /* "setct-CredRevReqTBSX" */
--555, /* "setct-CredRevResData" */
--591, /* "setct-CredRevResTBE" */
--567, /* "setct-ErrorTBS" */
--526, /* "setct-HODInput" */
--561, /* "setct-MeAqCInitResTBS" */
--522, /* "setct-OIData" */
--519, /* "setct-PANData" */
--521, /* "setct-PANOnly" */
--520, /* "setct-PANToken" */
--556, /* "setct-PCertReqData" */
--557, /* "setct-PCertResTBS" */
--523, /* "setct-PI" */
--532, /* "setct-PI-TBS" */
--524, /* "setct-PIData" */
--525, /* "setct-PIDataUnsigned" */
--568, /* "setct-PIDualSignedTBE" */
--569, /* "setct-PIUnsignedTBE" */
--531, /* "setct-PInitResData" */
--533, /* "setct-PResData" */
--594, /* "setct-RegFormReqTBE" */
--562, /* "setct-RegFormResTBS" */
--606, /* "setext-cv" */
--601, /* "setext-genCrypt" */
--602, /* "setext-miAuth" */
--604, /* "setext-pinAny" */
--603, /* "setext-pinSecure" */
--605, /* "setext-track2" */
--52, /* "signingTime" */
--454, /* "simpleSecurityObject" */
--496, /* "singleLevelQuality" */
--387, /* "snmpv2" */
--660, /* "street" */
--85, /* "subjectAltName" */
--769, /* "subjectDirectoryAttributes" */
--398, /* "subjectInfoAccess" */
--82, /* "subjectKeyIdentifier" */
--1007, /* "subjectSignTool" */
--498, /* "subtreeMaximumQuality" */
--497, /* "subtreeMinimumQuality" */
--890, /* "supportedAlgorithms" */
--874, /* "supportedApplicationContext" */
--402, /* "targetInformation" */
--864, /* "telephoneNumber" */
--866, /* "teletexTerminalIdentifier" */
--865, /* "telexNumber" */
--459, /* "textEncodedORAddress" */
--293, /* "textNotice" */
--133, /* "timeStamping" */
--106, /* "title" */
--1020, /* "tlsfeature" */
--682, /* "tpBasis" */
--375, /* "trustRoot" */
--436, /* "ucl" */
--102, /* "uid" */
--888, /* "uniqueMember" */
--55, /* "unstructuredAddress" */
--49, /* "unstructuredName" */
--880, /* "userCertificate" */
--465, /* "userClass" */
--879, /* "userPassword" */
--373, /* "valid" */
--678, /* "wap" */
--679, /* "wap-wsg" */
--735, /* "wap-wsg-idm-ecid-wtls1" */
--743, /* "wap-wsg-idm-ecid-wtls10" */
--744, /* "wap-wsg-idm-ecid-wtls11" */
--745, /* "wap-wsg-idm-ecid-wtls12" */
--736, /* "wap-wsg-idm-ecid-wtls3" */
--737, /* "wap-wsg-idm-ecid-wtls4" */
--738, /* "wap-wsg-idm-ecid-wtls5" */
--739, /* "wap-wsg-idm-ecid-wtls6" */
--740, /* "wap-wsg-idm-ecid-wtls7" */
--741, /* "wap-wsg-idm-ecid-wtls8" */
--742, /* "wap-wsg-idm-ecid-wtls9" */
--804, /* "whirlpool" */
--868, /* "x121Address" */
--503, /* "x500UniqueIdentifier" */
--158, /* "x509Certificate" */
--160, /* "x509Crl" */
-+#define NUM_SN 1052
-+static const unsigned int sn_objs[NUM_SN] = {
-+ 364, /* "AD_DVCS" */
-+ 419, /* "AES-128-CBC" */
-+ 916, /* "AES-128-CBC-HMAC-SHA1" */
-+ 948, /* "AES-128-CBC-HMAC-SHA256" */
-+ 421, /* "AES-128-CFB" */
-+ 650, /* "AES-128-CFB1" */
-+ 653, /* "AES-128-CFB8" */
-+ 904, /* "AES-128-CTR" */
-+ 418, /* "AES-128-ECB" */
-+ 958, /* "AES-128-OCB" */
-+ 420, /* "AES-128-OFB" */
-+ 913, /* "AES-128-XTS" */
-+ 423, /* "AES-192-CBC" */
-+ 917, /* "AES-192-CBC-HMAC-SHA1" */
-+ 949, /* "AES-192-CBC-HMAC-SHA256" */
-+ 425, /* "AES-192-CFB" */
-+ 651, /* "AES-192-CFB1" */
-+ 654, /* "AES-192-CFB8" */
-+ 905, /* "AES-192-CTR" */
-+ 422, /* "AES-192-ECB" */
-+ 959, /* "AES-192-OCB" */
-+ 424, /* "AES-192-OFB" */
-+ 427, /* "AES-256-CBC" */
-+ 918, /* "AES-256-CBC-HMAC-SHA1" */
-+ 950, /* "AES-256-CBC-HMAC-SHA256" */
-+ 429, /* "AES-256-CFB" */
-+ 652, /* "AES-256-CFB1" */
-+ 655, /* "AES-256-CFB8" */
-+ 906, /* "AES-256-CTR" */
-+ 426, /* "AES-256-ECB" */
-+ 960, /* "AES-256-OCB" */
-+ 428, /* "AES-256-OFB" */
-+ 914, /* "AES-256-XTS" */
-+ 1049, /* "AuthDSS" */
-+ 1047, /* "AuthECDSA" */
-+ 1050, /* "AuthGOST01" */
-+ 1051, /* "AuthGOST12" */
-+ 1053, /* "AuthNULL" */
-+ 1048, /* "AuthPSK" */
-+ 1046, /* "AuthRSA" */
-+ 1052, /* "AuthSRP" */
-+ 91, /* "BF-CBC" */
-+ 93, /* "BF-CFB" */
-+ 92, /* "BF-ECB" */
-+ 94, /* "BF-OFB" */
-+ 1056, /* "BLAKE2b512" */
-+ 1057, /* "BLAKE2s256" */
-+ 14, /* "C" */
-+ 751, /* "CAMELLIA-128-CBC" */
-+ 962, /* "CAMELLIA-128-CCM" */
-+ 757, /* "CAMELLIA-128-CFB" */
-+ 760, /* "CAMELLIA-128-CFB1" */
-+ 763, /* "CAMELLIA-128-CFB8" */
-+ 964, /* "CAMELLIA-128-CMAC" */
-+ 963, /* "CAMELLIA-128-CTR" */
-+ 754, /* "CAMELLIA-128-ECB" */
-+ 961, /* "CAMELLIA-128-GCM" */
-+ 766, /* "CAMELLIA-128-OFB" */
-+ 752, /* "CAMELLIA-192-CBC" */
-+ 966, /* "CAMELLIA-192-CCM" */
-+ 758, /* "CAMELLIA-192-CFB" */
-+ 761, /* "CAMELLIA-192-CFB1" */
-+ 764, /* "CAMELLIA-192-CFB8" */
-+ 968, /* "CAMELLIA-192-CMAC" */
-+ 967, /* "CAMELLIA-192-CTR" */
-+ 755, /* "CAMELLIA-192-ECB" */
-+ 965, /* "CAMELLIA-192-GCM" */
-+ 767, /* "CAMELLIA-192-OFB" */
-+ 753, /* "CAMELLIA-256-CBC" */
-+ 970, /* "CAMELLIA-256-CCM" */
-+ 759, /* "CAMELLIA-256-CFB" */
-+ 762, /* "CAMELLIA-256-CFB1" */
-+ 765, /* "CAMELLIA-256-CFB8" */
-+ 972, /* "CAMELLIA-256-CMAC" */
-+ 971, /* "CAMELLIA-256-CTR" */
-+ 756, /* "CAMELLIA-256-ECB" */
-+ 969, /* "CAMELLIA-256-GCM" */
-+ 768, /* "CAMELLIA-256-OFB" */
-+ 108, /* "CAST5-CBC" */
-+ 110, /* "CAST5-CFB" */
-+ 109, /* "CAST5-ECB" */
-+ 111, /* "CAST5-OFB" */
-+ 894, /* "CMAC" */
-+ 13, /* "CN" */
-+ 141, /* "CRLReason" */
-+ 417, /* "CSPName" */
-+ 1019, /* "ChaCha20" */
-+ 1018, /* "ChaCha20-Poly1305" */
-+ 367, /* "CrlID" */
-+ 391, /* "DC" */
-+ 31, /* "DES-CBC" */
-+ 643, /* "DES-CDMF" */
-+ 30, /* "DES-CFB" */
-+ 656, /* "DES-CFB1" */
-+ 657, /* "DES-CFB8" */
-+ 29, /* "DES-ECB" */
-+ 32, /* "DES-EDE" */
-+ 43, /* "DES-EDE-CBC" */
-+ 60, /* "DES-EDE-CFB" */
-+ 62, /* "DES-EDE-OFB" */
-+ 33, /* "DES-EDE3" */
-+ 44, /* "DES-EDE3-CBC" */
-+ 61, /* "DES-EDE3-CFB" */
-+ 658, /* "DES-EDE3-CFB1" */
-+ 659, /* "DES-EDE3-CFB8" */
-+ 63, /* "DES-EDE3-OFB" */
-+ 45, /* "DES-OFB" */
-+ 80, /* "DESX-CBC" */
-+ 380, /* "DOD" */
-+ 116, /* "DSA" */
-+ 66, /* "DSA-SHA" */
-+ 113, /* "DSA-SHA1" */
-+ 70, /* "DSA-SHA1-old" */
-+ 67, /* "DSA-old" */
-+ 297, /* "DVCS" */
-+ 99, /* "GN" */
-+ 1036, /* "HKDF" */
-+ 855, /* "HMAC" */
-+ 780, /* "HMAC-MD5" */
-+ 781, /* "HMAC-SHA1" */
-+ 381, /* "IANA" */
-+ 34, /* "IDEA-CBC" */
-+ 35, /* "IDEA-CFB" */
-+ 36, /* "IDEA-ECB" */
-+ 46, /* "IDEA-OFB" */
-+ 1004, /* "INN" */
-+ 181, /* "ISO" */
-+ 183, /* "ISO-US" */
-+ 645, /* "ITU-T" */
-+ 646, /* "JOINT-ISO-ITU-T" */
-+ 773, /* "KISA" */
-+ 1039, /* "KxDHE" */
-+ 1041, /* "KxDHE-PSK" */
-+ 1038, /* "KxECDHE" */
-+ 1040, /* "KxECDHE-PSK" */
-+ 1045, /* "KxGOST" */
-+ 1043, /* "KxPSK" */
-+ 1037, /* "KxRSA" */
-+ 1042, /* "KxRSA_PSK" */
-+ 1044, /* "KxSRP" */
-+ 15, /* "L" */
-+ 856, /* "LocalKeySet" */
-+ 3, /* "MD2" */
-+ 257, /* "MD4" */
-+ 4, /* "MD5" */
-+ 114, /* "MD5-SHA1" */
-+ 95, /* "MDC2" */
-+ 911, /* "MGF1" */
-+ 388, /* "Mail" */
-+ 393, /* "NULL" */
-+ 404, /* "NULL" */
-+ 57, /* "Netscape" */
-+ 366, /* "Nonce" */
-+ 17, /* "O" */
-+ 178, /* "OCSP" */
-+ 180, /* "OCSPSigning" */
-+ 1005, /* "OGRN" */
-+ 379, /* "ORG" */
-+ 18, /* "OU" */
-+ 749, /* "Oakley-EC2N-3" */
-+ 750, /* "Oakley-EC2N-4" */
-+ 9, /* "PBE-MD2-DES" */
-+ 168, /* "PBE-MD2-RC2-64" */
-+ 10, /* "PBE-MD5-DES" */
-+ 169, /* "PBE-MD5-RC2-64" */
-+ 147, /* "PBE-SHA1-2DES" */
-+ 146, /* "PBE-SHA1-3DES" */
-+ 170, /* "PBE-SHA1-DES" */
-+ 148, /* "PBE-SHA1-RC2-128" */
-+ 149, /* "PBE-SHA1-RC2-40" */
-+ 68, /* "PBE-SHA1-RC2-64" */
-+ 144, /* "PBE-SHA1-RC4-128" */
-+ 145, /* "PBE-SHA1-RC4-40" */
-+ 161, /* "PBES2" */
-+ 69, /* "PBKDF2" */
-+ 162, /* "PBMAC1" */
-+ 127, /* "PKIX" */
-+ 935, /* "PSPECIFIED" */
-+ 98, /* "RC2-40-CBC" */
-+ 166, /* "RC2-64-CBC" */
-+ 37, /* "RC2-CBC" */
-+ 39, /* "RC2-CFB" */
-+ 38, /* "RC2-ECB" */
-+ 40, /* "RC2-OFB" */
-+ 5, /* "RC4" */
-+ 97, /* "RC4-40" */
-+ 915, /* "RC4-HMAC-MD5" */
-+ 120, /* "RC5-CBC" */
-+ 122, /* "RC5-CFB" */
-+ 121, /* "RC5-ECB" */
-+ 123, /* "RC5-OFB" */
-+ 117, /* "RIPEMD160" */
-+ 19, /* "RSA" */
-+ 7, /* "RSA-MD2" */
-+ 396, /* "RSA-MD4" */
-+ 8, /* "RSA-MD5" */
-+ 96, /* "RSA-MDC2" */
-+ 104, /* "RSA-NP-MD5" */
-+ 119, /* "RSA-RIPEMD160" */
-+ 42, /* "RSA-SHA" */
-+ 65, /* "RSA-SHA1" */
-+ 115, /* "RSA-SHA1-2" */
-+ 671, /* "RSA-SHA224" */
-+ 668, /* "RSA-SHA256" */
-+ 669, /* "RSA-SHA384" */
-+ 670, /* "RSA-SHA512" */
-+ 919, /* "RSAES-OAEP" */
-+ 912, /* "RSASSA-PSS" */
-+ 777, /* "SEED-CBC" */
-+ 779, /* "SEED-CFB" */
-+ 776, /* "SEED-ECB" */
-+ 778, /* "SEED-OFB" */
-+ 41, /* "SHA" */
-+ 64, /* "SHA1" */
-+ 675, /* "SHA224" */
-+ 672, /* "SHA256" */
-+ 673, /* "SHA384" */
-+ 674, /* "SHA512" */
-+ 188, /* "SMIME" */
-+ 167, /* "SMIME-CAPS" */
-+ 100, /* "SN" */
-+ 1006, /* "SNILS" */
-+ 16, /* "ST" */
-+ 143, /* "SXNetID" */
-+ 1021, /* "TLS1-PRF" */
-+ 458, /* "UID" */
-+ 0, /* "UNDEF" */
-+ 1034, /* "X25519" */
-+ 1035, /* "X448" */
-+ 11, /* "X500" */
-+ 378, /* "X500algorithms" */
-+ 12, /* "X509" */
-+ 184, /* "X9-57" */
-+ 185, /* "X9cm" */
-+ 125, /* "ZLIB" */
-+ 478, /* "aRecord" */
-+ 289, /* "aaControls" */
-+ 287, /* "ac-auditEntity" */
-+ 397, /* "ac-proxying" */
-+ 288, /* "ac-targeting" */
-+ 368, /* "acceptableResponses" */
-+ 446, /* "account" */
-+ 363, /* "ad_timestamping" */
-+ 376, /* "algorithm" */
-+ 405, /* "ansi-X9-62" */
-+ 910, /* "anyExtendedKeyUsage" */
-+ 746, /* "anyPolicy" */
-+ 370, /* "archiveCutoff" */
-+ 484, /* "associatedDomain" */
-+ 485, /* "associatedName" */
-+ 501, /* "audio" */
-+ 177, /* "authorityInfoAccess" */
-+ 90, /* "authorityKeyIdentifier" */
-+ 882, /* "authorityRevocationList" */
-+ 87, /* "basicConstraints" */
-+ 365, /* "basicOCSPResponse" */
-+ 285, /* "biometricInfo" */
-+ 921, /* "brainpoolP160r1" */
-+ 922, /* "brainpoolP160t1" */
-+ 923, /* "brainpoolP192r1" */
-+ 924, /* "brainpoolP192t1" */
-+ 925, /* "brainpoolP224r1" */
-+ 926, /* "brainpoolP224t1" */
-+ 927, /* "brainpoolP256r1" */
-+ 928, /* "brainpoolP256t1" */
-+ 929, /* "brainpoolP320r1" */
-+ 930, /* "brainpoolP320t1" */
-+ 931, /* "brainpoolP384r1" */
-+ 932, /* "brainpoolP384t1" */
-+ 933, /* "brainpoolP512r1" */
-+ 934, /* "brainpoolP512t1" */
-+ 494, /* "buildingName" */
-+ 860, /* "businessCategory" */
-+ 691, /* "c2onb191v4" */
-+ 692, /* "c2onb191v5" */
-+ 697, /* "c2onb239v4" */
-+ 698, /* "c2onb239v5" */
-+ 684, /* "c2pnb163v1" */
-+ 685, /* "c2pnb163v2" */
-+ 686, /* "c2pnb163v3" */
-+ 687, /* "c2pnb176v1" */
-+ 693, /* "c2pnb208w1" */
-+ 699, /* "c2pnb272w1" */
-+ 700, /* "c2pnb304w1" */
-+ 702, /* "c2pnb368w1" */
-+ 688, /* "c2tnb191v1" */
-+ 689, /* "c2tnb191v2" */
-+ 690, /* "c2tnb191v3" */
-+ 694, /* "c2tnb239v1" */
-+ 695, /* "c2tnb239v2" */
-+ 696, /* "c2tnb239v3" */
-+ 701, /* "c2tnb359v1" */
-+ 703, /* "c2tnb431r1" */
-+ 881, /* "cACertificate" */
-+ 483, /* "cNAMERecord" */
-+ 179, /* "caIssuers" */
-+ 785, /* "caRepository" */
-+ 1023, /* "capwapAC" */
-+ 1024, /* "capwapWTP" */
-+ 443, /* "caseIgnoreIA5StringSyntax" */
-+ 152, /* "certBag" */
-+ 677, /* "certicom-arc" */
-+ 771, /* "certificateIssuer" */
-+ 89, /* "certificatePolicies" */
-+ 883, /* "certificateRevocationList" */
-+ 54, /* "challengePassword" */
-+ 407, /* "characteristic-two-field" */
-+ 395, /* "clearance" */
-+ 130, /* "clientAuth" */
-+ 131, /* "codeSigning" */
-+ 50, /* "contentType" */
-+ 53, /* "countersignature" */
-+ 153, /* "crlBag" */
-+ 103, /* "crlDistributionPoints" */
-+ 88, /* "crlNumber" */
-+ 884, /* "crossCertificatePair" */
-+ 806, /* "cryptocom" */
-+ 805, /* "cryptopro" */
-+ 954, /* "ct_cert_scts" */
-+ 952, /* "ct_precert_poison" */
-+ 951, /* "ct_precert_scts" */
-+ 953, /* "ct_precert_signer" */
-+ 500, /* "dITRedirect" */
-+ 451, /* "dNSDomain" */
-+ 495, /* "dSAQuality" */
-+ 434, /* "data" */
-+ 390, /* "dcobject" */
-+ 140, /* "deltaCRL" */
-+ 891, /* "deltaRevocationList" */
-+ 107, /* "description" */
-+ 871, /* "destinationIndicator" */
-+ 947, /* "dh-cofactor-kdf" */
-+ 946, /* "dh-std-kdf" */
-+ 28, /* "dhKeyAgreement" */
-+ 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
-+ 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
-+ 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
-+ 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
-+ 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
-+ 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */
-+ 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */
-+ 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */
-+ 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */
-+ 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */
-+ 920, /* "dhpublicnumber" */
-+ 382, /* "directory" */
-+ 887, /* "distinguishedName" */
-+ 892, /* "dmdName" */
-+ 174, /* "dnQualifier" */
-+ 447, /* "document" */
-+ 471, /* "documentAuthor" */
-+ 468, /* "documentIdentifier" */
-+ 472, /* "documentLocation" */
-+ 502, /* "documentPublisher" */
-+ 449, /* "documentSeries" */
-+ 469, /* "documentTitle" */
-+ 470, /* "documentVersion" */
-+ 392, /* "domain" */
-+ 452, /* "domainRelatedObject" */
-+ 802, /* "dsa_with_SHA224" */
-+ 803, /* "dsa_with_SHA256" */
-+ 791, /* "ecdsa-with-Recommended" */
-+ 416, /* "ecdsa-with-SHA1" */
-+ 793, /* "ecdsa-with-SHA224" */
-+ 794, /* "ecdsa-with-SHA256" */
-+ 795, /* "ecdsa-with-SHA384" */
-+ 796, /* "ecdsa-with-SHA512" */
-+ 792, /* "ecdsa-with-Specified" */
-+ 48, /* "emailAddress" */
-+ 132, /* "emailProtection" */
-+ 885, /* "enhancedSearchGuide" */
-+ 389, /* "enterprises" */
-+ 384, /* "experimental" */
-+ 172, /* "extReq" */
-+ 56, /* "extendedCertificateAttributes" */
-+ 126, /* "extendedKeyUsage" */
-+ 372, /* "extendedStatus" */
-+ 867, /* "facsimileTelephoneNumber" */
-+ 462, /* "favouriteDrink" */
-+ 857, /* "freshestCRL" */
-+ 453, /* "friendlyCountry" */
-+ 490, /* "friendlyCountryName" */
-+ 156, /* "friendlyName" */
-+ 509, /* "generationQualifier" */
-+ 815, /* "gost-mac" */
-+ 976, /* "gost-mac-12" */
-+ 811, /* "gost2001" */
-+ 851, /* "gost2001cc" */
-+ 979, /* "gost2012_256" */
-+ 980, /* "gost2012_512" */
-+ 813, /* "gost89" */
-+ 1009, /* "gost89-cbc" */
-+ 814, /* "gost89-cnt" */
-+ 975, /* "gost89-cnt-12" */
-+ 1011, /* "gost89-ctr" */
-+ 1010, /* "gost89-ecb" */
-+ 812, /* "gost94" */
-+ 850, /* "gost94cc" */
-+ 1015, /* "grasshopper-cbc" */
-+ 1016, /* "grasshopper-cfb" */
-+ 1013, /* "grasshopper-ctr" */
-+ 1012, /* "grasshopper-ecb" */
-+ 1017, /* "grasshopper-mac" */
-+ 1014, /* "grasshopper-ofb" */
-+ 797, /* "hmacWithMD5" */
-+ 163, /* "hmacWithSHA1" */
-+ 798, /* "hmacWithSHA224" */
-+ 799, /* "hmacWithSHA256" */
-+ 800, /* "hmacWithSHA384" */
-+ 801, /* "hmacWithSHA512" */
-+ 432, /* "holdInstructionCallIssuer" */
-+ 430, /* "holdInstructionCode" */
-+ 431, /* "holdInstructionNone" */
-+ 433, /* "holdInstructionReject" */
-+ 486, /* "homePostalAddress" */
-+ 473, /* "homeTelephoneNumber" */
-+ 466, /* "host" */
-+ 889, /* "houseIdentifier" */
-+ 442, /* "iA5StringSyntax" */
-+ 783, /* "id-DHBasedMac" */
-+ 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-+ 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-+ 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-+ 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-+ 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-+ 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-+ 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-+ 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-+ 820, /* "id-Gost28147-89-None-KeyMeshing" */
-+ 823, /* "id-Gost28147-89-TestParamSet" */
-+ 849, /* "id-Gost28147-89-cc" */
-+ 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-+ 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-+ 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-+ 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-+ 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-+ 854, /* "id-GostR3410-2001-ParamSet-cc" */
-+ 839, /* "id-GostR3410-2001-TestParamSet" */
-+ 817, /* "id-GostR3410-2001DH" */
-+ 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-+ 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-+ 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-+ 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-+ 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-+ 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-+ 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-+ 831, /* "id-GostR3410-94-TestParamSet" */
-+ 845, /* "id-GostR3410-94-a" */
-+ 846, /* "id-GostR3410-94-aBis" */
-+ 847, /* "id-GostR3410-94-b" */
-+ 848, /* "id-GostR3410-94-bBis" */
-+ 818, /* "id-GostR3410-94DH" */
-+ 822, /* "id-GostR3411-94-CryptoProParamSet" */
-+ 821, /* "id-GostR3411-94-TestParamSet" */
-+ 807, /* "id-GostR3411-94-with-GostR3410-2001" */
-+ 853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */
-+ 808, /* "id-GostR3411-94-with-GostR3410-94" */
-+ 852, /* "id-GostR3411-94-with-GostR3410-94-cc" */
-+ 810, /* "id-HMACGostR3411-94" */
-+ 782, /* "id-PasswordBasedMAC" */
-+ 266, /* "id-aca" */
-+ 355, /* "id-aca-accessIdentity" */
-+ 354, /* "id-aca-authenticationInfo" */
-+ 356, /* "id-aca-chargingIdentity" */
-+ 399, /* "id-aca-encAttrs" */
-+ 357, /* "id-aca-group" */
-+ 358, /* "id-aca-role" */
-+ 176, /* "id-ad" */
-+ 896, /* "id-aes128-CCM" */
-+ 895, /* "id-aes128-GCM" */
-+ 788, /* "id-aes128-wrap" */
-+ 897, /* "id-aes128-wrap-pad" */
-+ 899, /* "id-aes192-CCM" */
-+ 898, /* "id-aes192-GCM" */
-+ 789, /* "id-aes192-wrap" */
-+ 900, /* "id-aes192-wrap-pad" */
-+ 902, /* "id-aes256-CCM" */
-+ 901, /* "id-aes256-GCM" */
-+ 790, /* "id-aes256-wrap" */
-+ 903, /* "id-aes256-wrap-pad" */
-+ 262, /* "id-alg" */
-+ 893, /* "id-alg-PWRI-KEK" */
-+ 323, /* "id-alg-des40" */
-+ 326, /* "id-alg-dh-pop" */
-+ 325, /* "id-alg-dh-sig-hmac-sha1" */
-+ 324, /* "id-alg-noSignature" */
-+ 907, /* "id-camellia128-wrap" */
-+ 908, /* "id-camellia192-wrap" */
-+ 909, /* "id-camellia256-wrap" */
-+ 268, /* "id-cct" */
-+ 361, /* "id-cct-PKIData" */
-+ 362, /* "id-cct-PKIResponse" */
-+ 360, /* "id-cct-crs" */
-+ 81, /* "id-ce" */
-+ 680, /* "id-characteristic-two-basis" */
-+ 263, /* "id-cmc" */
-+ 334, /* "id-cmc-addExtensions" */
-+ 346, /* "id-cmc-confirmCertAcceptance" */
-+ 330, /* "id-cmc-dataReturn" */
-+ 336, /* "id-cmc-decryptedPOP" */
-+ 335, /* "id-cmc-encryptedPOP" */
-+ 339, /* "id-cmc-getCRL" */
-+ 338, /* "id-cmc-getCert" */
-+ 328, /* "id-cmc-identification" */
-+ 329, /* "id-cmc-identityProof" */
-+ 337, /* "id-cmc-lraPOPWitness" */
-+ 344, /* "id-cmc-popLinkRandom" */
-+ 345, /* "id-cmc-popLinkWitness" */
-+ 343, /* "id-cmc-queryPending" */
-+ 333, /* "id-cmc-recipientNonce" */
-+ 341, /* "id-cmc-regInfo" */
-+ 342, /* "id-cmc-responseInfo" */
-+ 340, /* "id-cmc-revokeRequest" */
-+ 332, /* "id-cmc-senderNonce" */
-+ 327, /* "id-cmc-statusInfo" */
-+ 331, /* "id-cmc-transactionId" */
-+ 787, /* "id-ct-asciiTextWithCRLF" */
-+ 1060, /* "id-ct-xml" */
-+ 408, /* "id-ecPublicKey" */
-+ 508, /* "id-hex-multipart-message" */
-+ 507, /* "id-hex-partial-message" */
-+ 260, /* "id-it" */
-+ 302, /* "id-it-caKeyUpdateInfo" */
-+ 298, /* "id-it-caProtEncCert" */
-+ 311, /* "id-it-confirmWaitTime" */
-+ 303, /* "id-it-currentCRL" */
-+ 300, /* "id-it-encKeyPairTypes" */
-+ 310, /* "id-it-implicitConfirm" */
-+ 308, /* "id-it-keyPairParamRep" */
-+ 307, /* "id-it-keyPairParamReq" */
-+ 312, /* "id-it-origPKIMessage" */
-+ 301, /* "id-it-preferredSymmAlg" */
-+ 309, /* "id-it-revPassphrase" */
-+ 299, /* "id-it-signKeyPairTypes" */
-+ 305, /* "id-it-subscriptionRequest" */
-+ 306, /* "id-it-subscriptionResponse" */
-+ 784, /* "id-it-suppLangTags" */
-+ 304, /* "id-it-unsupportedOIDs" */
-+ 128, /* "id-kp" */
-+ 280, /* "id-mod-attribute-cert" */
-+ 274, /* "id-mod-cmc" */
-+ 277, /* "id-mod-cmp" */
-+ 284, /* "id-mod-cmp2000" */
-+ 273, /* "id-mod-crmf" */
-+ 283, /* "id-mod-dvcs" */
-+ 275, /* "id-mod-kea-profile-88" */
-+ 276, /* "id-mod-kea-profile-93" */
-+ 282, /* "id-mod-ocsp" */
-+ 278, /* "id-mod-qualified-cert-88" */
-+ 279, /* "id-mod-qualified-cert-93" */
-+ 281, /* "id-mod-timestamp-protocol" */
-+ 264, /* "id-on" */
-+ 858, /* "id-on-permanentIdentifier" */
-+ 347, /* "id-on-personalData" */
-+ 265, /* "id-pda" */
-+ 352, /* "id-pda-countryOfCitizenship" */
-+ 353, /* "id-pda-countryOfResidence" */
-+ 348, /* "id-pda-dateOfBirth" */
-+ 351, /* "id-pda-gender" */
-+ 349, /* "id-pda-placeOfBirth" */
-+ 175, /* "id-pe" */
-+ 1031, /* "id-pkinit" */
-+ 261, /* "id-pkip" */
-+ 258, /* "id-pkix-mod" */
-+ 269, /* "id-pkix1-explicit-88" */
-+ 271, /* "id-pkix1-explicit-93" */
-+ 270, /* "id-pkix1-implicit-88" */
-+ 272, /* "id-pkix1-implicit-93" */
-+ 662, /* "id-ppl" */
-+ 664, /* "id-ppl-anyLanguage" */
-+ 667, /* "id-ppl-independent" */
-+ 665, /* "id-ppl-inheritAll" */
-+ 267, /* "id-qcs" */
-+ 359, /* "id-qcs-pkixQCSyntax-v1" */
-+ 259, /* "id-qt" */
-+ 164, /* "id-qt-cps" */
-+ 165, /* "id-qt-unotice" */
-+ 313, /* "id-regCtrl" */
-+ 316, /* "id-regCtrl-authenticator" */
-+ 319, /* "id-regCtrl-oldCertID" */
-+ 318, /* "id-regCtrl-pkiArchiveOptions" */
-+ 317, /* "id-regCtrl-pkiPublicationInfo" */
-+ 320, /* "id-regCtrl-protocolEncrKey" */
-+ 315, /* "id-regCtrl-regToken" */
-+ 314, /* "id-regInfo" */
-+ 322, /* "id-regInfo-certReq" */
-+ 321, /* "id-regInfo-utf8Pairs" */
-+ 973, /* "id-scrypt" */
-+ 512, /* "id-set" */
-+ 191, /* "id-smime-aa" */
-+ 215, /* "id-smime-aa-contentHint" */
-+ 218, /* "id-smime-aa-contentIdentifier" */
-+ 221, /* "id-smime-aa-contentReference" */
-+ 240, /* "id-smime-aa-dvcs-dvc" */
-+ 217, /* "id-smime-aa-encapContentType" */
-+ 222, /* "id-smime-aa-encrypKeyPref" */
-+ 220, /* "id-smime-aa-equivalentLabels" */
-+ 232, /* "id-smime-aa-ets-CertificateRefs" */
-+ 233, /* "id-smime-aa-ets-RevocationRefs" */
-+ 238, /* "id-smime-aa-ets-archiveTimeStamp" */
-+ 237, /* "id-smime-aa-ets-certCRLTimestamp" */
-+ 234, /* "id-smime-aa-ets-certValues" */
-+ 227, /* "id-smime-aa-ets-commitmentType" */
-+ 231, /* "id-smime-aa-ets-contentTimestamp" */
-+ 236, /* "id-smime-aa-ets-escTimeStamp" */
-+ 230, /* "id-smime-aa-ets-otherSigCert" */
-+ 235, /* "id-smime-aa-ets-revocationValues" */
-+ 226, /* "id-smime-aa-ets-sigPolicyId" */
-+ 229, /* "id-smime-aa-ets-signerAttr" */
-+ 228, /* "id-smime-aa-ets-signerLocation" */
-+ 219, /* "id-smime-aa-macValue" */
-+ 214, /* "id-smime-aa-mlExpandHistory" */
-+ 216, /* "id-smime-aa-msgSigDigest" */
-+ 212, /* "id-smime-aa-receiptRequest" */
-+ 213, /* "id-smime-aa-securityLabel" */
-+ 239, /* "id-smime-aa-signatureType" */
-+ 223, /* "id-smime-aa-signingCertificate" */
-+ 224, /* "id-smime-aa-smimeEncryptCerts" */
-+ 225, /* "id-smime-aa-timeStampToken" */
-+ 192, /* "id-smime-alg" */
-+ 243, /* "id-smime-alg-3DESwrap" */
-+ 246, /* "id-smime-alg-CMS3DESwrap" */
-+ 247, /* "id-smime-alg-CMSRC2wrap" */
-+ 245, /* "id-smime-alg-ESDH" */
-+ 241, /* "id-smime-alg-ESDHwith3DES" */
-+ 242, /* "id-smime-alg-ESDHwithRC2" */
-+ 244, /* "id-smime-alg-RC2wrap" */
-+ 193, /* "id-smime-cd" */
-+ 248, /* "id-smime-cd-ldap" */
-+ 190, /* "id-smime-ct" */
-+ 210, /* "id-smime-ct-DVCSRequestData" */
-+ 211, /* "id-smime-ct-DVCSResponseData" */
-+ 208, /* "id-smime-ct-TDTInfo" */
-+ 207, /* "id-smime-ct-TSTInfo" */
-+ 205, /* "id-smime-ct-authData" */
-+ 1059, /* "id-smime-ct-authEnvelopedData" */
-+ 786, /* "id-smime-ct-compressedData" */
-+ 1058, /* "id-smime-ct-contentCollection" */
-+ 209, /* "id-smime-ct-contentInfo" */
-+ 206, /* "id-smime-ct-publishCert" */
-+ 204, /* "id-smime-ct-receipt" */
-+ 195, /* "id-smime-cti" */
-+ 255, /* "id-smime-cti-ets-proofOfApproval" */
-+ 256, /* "id-smime-cti-ets-proofOfCreation" */
-+ 253, /* "id-smime-cti-ets-proofOfDelivery" */
-+ 251, /* "id-smime-cti-ets-proofOfOrigin" */
-+ 252, /* "id-smime-cti-ets-proofOfReceipt" */
-+ 254, /* "id-smime-cti-ets-proofOfSender" */
-+ 189, /* "id-smime-mod" */
-+ 196, /* "id-smime-mod-cms" */
-+ 197, /* "id-smime-mod-ess" */
-+ 202, /* "id-smime-mod-ets-eSigPolicy-88" */
-+ 203, /* "id-smime-mod-ets-eSigPolicy-97" */
-+ 200, /* "id-smime-mod-ets-eSignature-88" */
-+ 201, /* "id-smime-mod-ets-eSignature-97" */
-+ 199, /* "id-smime-mod-msg-v3" */
-+ 198, /* "id-smime-mod-oid" */
-+ 194, /* "id-smime-spq" */
-+ 250, /* "id-smime-spq-ets-sqt-unotice" */
-+ 249, /* "id-smime-spq-ets-sqt-uri" */
-+ 974, /* "id-tc26" */
-+ 991, /* "id-tc26-agreement" */
-+ 992, /* "id-tc26-agreement-gost-3410-2012-256" */
-+ 993, /* "id-tc26-agreement-gost-3410-2012-512" */
-+ 977, /* "id-tc26-algorithms" */
-+ 990, /* "id-tc26-cipher" */
-+ 1001, /* "id-tc26-cipher-constants" */
-+ 994, /* "id-tc26-constants" */
-+ 981, /* "id-tc26-digest" */
-+ 1000, /* "id-tc26-digest-constants" */
-+ 1002, /* "id-tc26-gost-28147-constants" */
-+ 1003, /* "id-tc26-gost-28147-param-Z" */
-+ 996, /* "id-tc26-gost-3410-2012-512-constants" */
-+ 998, /* "id-tc26-gost-3410-2012-512-paramSetA" */
-+ 999, /* "id-tc26-gost-3410-2012-512-paramSetB" */
-+ 997, /* "id-tc26-gost-3410-2012-512-paramSetTest" */
-+ 988, /* "id-tc26-hmac-gost-3411-2012-256" */
-+ 989, /* "id-tc26-hmac-gost-3411-2012-512" */
-+ 987, /* "id-tc26-mac" */
-+ 978, /* "id-tc26-sign" */
-+ 995, /* "id-tc26-sign-constants" */
-+ 984, /* "id-tc26-signwithdigest" */
-+ 985, /* "id-tc26-signwithdigest-gost3410-2012-256" */
-+ 986, /* "id-tc26-signwithdigest-gost3410-2012-512" */
-+ 676, /* "identified-organization" */
-+ 461, /* "info" */
-+ 748, /* "inhibitAnyPolicy" */
-+ 101, /* "initials" */
-+ 647, /* "international-organizations" */
-+ 869, /* "internationaliSDNNumber" */
-+ 142, /* "invalidityDate" */
-+ 294, /* "ipsecEndSystem" */
-+ 1022, /* "ipsecIKE" */
-+ 295, /* "ipsecTunnel" */
-+ 296, /* "ipsecUser" */
-+ 86, /* "issuerAltName" */
-+ 1008, /* "issuerSignTool" */
-+ 770, /* "issuingDistributionPoint" */
-+ 492, /* "janetMailbox" */
-+ 957, /* "jurisdictionC" */
-+ 955, /* "jurisdictionL" */
-+ 956, /* "jurisdictionST" */
-+ 150, /* "keyBag" */
-+ 83, /* "keyUsage" */
-+ 477, /* "lastModifiedBy" */
-+ 476, /* "lastModifiedTime" */
-+ 157, /* "localKeyID" */
-+ 480, /* "mXRecord" */
-+ 460, /* "mail" */
-+ 493, /* "mailPreferenceOption" */
-+ 467, /* "manager" */
-+ 982, /* "md_gost12_256" */
-+ 983, /* "md_gost12_512" */
-+ 809, /* "md_gost94" */
-+ 875, /* "member" */
-+ 182, /* "member-body" */
-+ 51, /* "messageDigest" */
-+ 383, /* "mgmt" */
-+ 504, /* "mime-mhs" */
-+ 506, /* "mime-mhs-bodies" */
-+ 505, /* "mime-mhs-headings" */
-+ 488, /* "mobileTelephoneNumber" */
-+ 136, /* "msCTLSign" */
-+ 135, /* "msCodeCom" */
-+ 134, /* "msCodeInd" */
-+ 138, /* "msEFS" */
-+ 171, /* "msExtReq" */
-+ 137, /* "msSGC" */
-+ 648, /* "msSmartcardLogin" */
-+ 649, /* "msUPN" */
-+ 481, /* "nSRecord" */
-+ 173, /* "name" */
-+ 666, /* "nameConstraints" */
-+ 369, /* "noCheck" */
-+ 403, /* "noRevAvail" */
-+ 72, /* "nsBaseUrl" */
-+ 76, /* "nsCaPolicyUrl" */
-+ 74, /* "nsCaRevocationUrl" */
-+ 58, /* "nsCertExt" */
-+ 79, /* "nsCertSequence" */
-+ 71, /* "nsCertType" */
-+ 78, /* "nsComment" */
-+ 59, /* "nsDataType" */
-+ 75, /* "nsRenewalUrl" */
-+ 73, /* "nsRevocationUrl" */
-+ 139, /* "nsSGC" */
-+ 77, /* "nsSslServerName" */
-+ 681, /* "onBasis" */
-+ 491, /* "organizationalStatus" */
-+ 475, /* "otherMailbox" */
-+ 876, /* "owner" */
-+ 489, /* "pagerTelephoneNumber" */
-+ 374, /* "path" */
-+ 112, /* "pbeWithMD5AndCast5CBC" */
-+ 499, /* "personalSignature" */
-+ 487, /* "personalTitle" */
-+ 464, /* "photo" */
-+ 863, /* "physicalDeliveryOfficeName" */
-+ 437, /* "pilot" */
-+ 439, /* "pilotAttributeSyntax" */
-+ 438, /* "pilotAttributeType" */
-+ 479, /* "pilotAttributeType27" */
-+ 456, /* "pilotDSA" */
-+ 441, /* "pilotGroups" */
-+ 444, /* "pilotObject" */
-+ 440, /* "pilotObjectClass" */
-+ 455, /* "pilotOrganization" */
-+ 445, /* "pilotPerson" */
-+ 1032, /* "pkInitClientAuth" */
-+ 1033, /* "pkInitKDC" */
-+ 2, /* "pkcs" */
-+ 186, /* "pkcs1" */
-+ 27, /* "pkcs3" */
-+ 187, /* "pkcs5" */
-+ 20, /* "pkcs7" */
-+ 21, /* "pkcs7-data" */
-+ 25, /* "pkcs7-digestData" */
-+ 26, /* "pkcs7-encryptedData" */
-+ 23, /* "pkcs7-envelopedData" */
-+ 24, /* "pkcs7-signedAndEnvelopedData" */
-+ 22, /* "pkcs7-signedData" */
-+ 151, /* "pkcs8ShroudedKeyBag" */
-+ 47, /* "pkcs9" */
-+ 401, /* "policyConstraints" */
-+ 747, /* "policyMappings" */
-+ 862, /* "postOfficeBox" */
-+ 861, /* "postalAddress" */
-+ 661, /* "postalCode" */
-+ 683, /* "ppBasis" */
-+ 872, /* "preferredDeliveryMethod" */
-+ 873, /* "presentationAddress" */
-+ 816, /* "prf-gostr3411-94" */
-+ 406, /* "prime-field" */
-+ 409, /* "prime192v1" */
-+ 410, /* "prime192v2" */
-+ 411, /* "prime192v3" */
-+ 412, /* "prime239v1" */
-+ 413, /* "prime239v2" */
-+ 414, /* "prime239v3" */
-+ 415, /* "prime256v1" */
-+ 385, /* "private" */
-+ 84, /* "privateKeyUsagePeriod" */
-+ 886, /* "protocolInformation" */
-+ 663, /* "proxyCertInfo" */
-+ 510, /* "pseudonym" */
-+ 435, /* "pss" */
-+ 286, /* "qcStatements" */
-+ 457, /* "qualityLabelledData" */
-+ 450, /* "rFC822localPart" */
-+ 870, /* "registeredAddress" */
-+ 400, /* "role" */
-+ 877, /* "roleOccupant" */
-+ 448, /* "room" */
-+ 463, /* "roomNumber" */
-+ 6, /* "rsaEncryption" */
-+ 644, /* "rsaOAEPEncryptionSET" */
-+ 377, /* "rsaSignature" */
-+ 1, /* "rsadsi" */
-+ 482, /* "sOARecord" */
-+ 155, /* "safeContentsBag" */
-+ 291, /* "sbgp-autonomousSysNum" */
-+ 290, /* "sbgp-ipAddrBlock" */
-+ 292, /* "sbgp-routerIdentifier" */
-+ 159, /* "sdsiCertificate" */
-+ 859, /* "searchGuide" */
-+ 704, /* "secp112r1" */
-+ 705, /* "secp112r2" */
-+ 706, /* "secp128r1" */
-+ 707, /* "secp128r2" */
-+ 708, /* "secp160k1" */
-+ 709, /* "secp160r1" */
-+ 710, /* "secp160r2" */
-+ 711, /* "secp192k1" */
-+ 712, /* "secp224k1" */
-+ 713, /* "secp224r1" */
-+ 714, /* "secp256k1" */
-+ 715, /* "secp384r1" */
-+ 716, /* "secp521r1" */
-+ 154, /* "secretBag" */
-+ 474, /* "secretary" */
-+ 717, /* "sect113r1" */
-+ 718, /* "sect113r2" */
-+ 719, /* "sect131r1" */
-+ 720, /* "sect131r2" */
-+ 721, /* "sect163k1" */
-+ 722, /* "sect163r1" */
-+ 723, /* "sect163r2" */
-+ 724, /* "sect193r1" */
-+ 725, /* "sect193r2" */
-+ 726, /* "sect233k1" */
-+ 727, /* "sect233r1" */
-+ 728, /* "sect239k1" */
-+ 729, /* "sect283k1" */
-+ 730, /* "sect283r1" */
-+ 731, /* "sect409k1" */
-+ 732, /* "sect409r1" */
-+ 733, /* "sect571k1" */
-+ 734, /* "sect571r1" */
-+ 1025, /* "secureShellClient" */
-+ 1026, /* "secureShellServer" */
-+ 386, /* "security" */
-+ 878, /* "seeAlso" */
-+ 394, /* "selected-attribute-types" */
-+ 1029, /* "sendOwner" */
-+ 1030, /* "sendProxiedOwner" */
-+ 1028, /* "sendProxiedRouter" */
-+ 1027, /* "sendRouter" */
-+ 105, /* "serialNumber" */
-+ 129, /* "serverAuth" */
-+ 371, /* "serviceLocator" */
-+ 625, /* "set-addPolicy" */
-+ 515, /* "set-attr" */
-+ 518, /* "set-brand" */
-+ 638, /* "set-brand-AmericanExpress" */
-+ 637, /* "set-brand-Diners" */
-+ 636, /* "set-brand-IATA-ATA" */
-+ 639, /* "set-brand-JCB" */
-+ 641, /* "set-brand-MasterCard" */
-+ 642, /* "set-brand-Novus" */
-+ 640, /* "set-brand-Visa" */
-+ 517, /* "set-certExt" */
-+ 513, /* "set-ctype" */
-+ 514, /* "set-msgExt" */
-+ 516, /* "set-policy" */
-+ 607, /* "set-policy-root" */
-+ 624, /* "set-rootKeyThumb" */
-+ 620, /* "setAttr-Cert" */
-+ 631, /* "setAttr-GenCryptgrm" */
-+ 623, /* "setAttr-IssCap" */
-+ 628, /* "setAttr-IssCap-CVM" */
-+ 630, /* "setAttr-IssCap-Sig" */
-+ 629, /* "setAttr-IssCap-T2" */
-+ 621, /* "setAttr-PGWYcap" */
-+ 635, /* "setAttr-SecDevSig" */
-+ 632, /* "setAttr-T2Enc" */
-+ 633, /* "setAttr-T2cleartxt" */
-+ 634, /* "setAttr-TokICCsig" */
-+ 627, /* "setAttr-Token-B0Prime" */
-+ 626, /* "setAttr-Token-EMV" */
-+ 622, /* "setAttr-TokenType" */
-+ 619, /* "setCext-IssuerCapabilities" */
-+ 615, /* "setCext-PGWYcapabilities" */
-+ 616, /* "setCext-TokenIdentifier" */
-+ 618, /* "setCext-TokenType" */
-+ 617, /* "setCext-Track2Data" */
-+ 611, /* "setCext-cCertRequired" */
-+ 609, /* "setCext-certType" */
-+ 608, /* "setCext-hashedRoot" */
-+ 610, /* "setCext-merchData" */
-+ 613, /* "setCext-setExt" */
-+ 614, /* "setCext-setQualf" */
-+ 612, /* "setCext-tunneling" */
-+ 540, /* "setct-AcqCardCodeMsg" */
-+ 576, /* "setct-AcqCardCodeMsgTBE" */
-+ 570, /* "setct-AuthReqTBE" */
-+ 534, /* "setct-AuthReqTBS" */
-+ 527, /* "setct-AuthResBaggage" */
-+ 571, /* "setct-AuthResTBE" */
-+ 572, /* "setct-AuthResTBEX" */
-+ 535, /* "setct-AuthResTBS" */
-+ 536, /* "setct-AuthResTBSX" */
-+ 528, /* "setct-AuthRevReqBaggage" */
-+ 577, /* "setct-AuthRevReqTBE" */
-+ 541, /* "setct-AuthRevReqTBS" */
-+ 529, /* "setct-AuthRevResBaggage" */
-+ 542, /* "setct-AuthRevResData" */
-+ 578, /* "setct-AuthRevResTBE" */
-+ 579, /* "setct-AuthRevResTBEB" */
-+ 543, /* "setct-AuthRevResTBS" */
-+ 573, /* "setct-AuthTokenTBE" */
-+ 537, /* "setct-AuthTokenTBS" */
-+ 600, /* "setct-BCIDistributionTBS" */
-+ 558, /* "setct-BatchAdminReqData" */
-+ 592, /* "setct-BatchAdminReqTBE" */
-+ 559, /* "setct-BatchAdminResData" */
-+ 593, /* "setct-BatchAdminResTBE" */
-+ 599, /* "setct-CRLNotificationResTBS" */
-+ 598, /* "setct-CRLNotificationTBS" */
-+ 580, /* "setct-CapReqTBE" */
-+ 581, /* "setct-CapReqTBEX" */
-+ 544, /* "setct-CapReqTBS" */
-+ 545, /* "setct-CapReqTBSX" */
-+ 546, /* "setct-CapResData" */
-+ 582, /* "setct-CapResTBE" */
-+ 583, /* "setct-CapRevReqTBE" */
-+ 584, /* "setct-CapRevReqTBEX" */
-+ 547, /* "setct-CapRevReqTBS" */
-+ 548, /* "setct-CapRevReqTBSX" */
-+ 549, /* "setct-CapRevResData" */
-+ 585, /* "setct-CapRevResTBE" */
-+ 538, /* "setct-CapTokenData" */
-+ 530, /* "setct-CapTokenSeq" */
-+ 574, /* "setct-CapTokenTBE" */
-+ 575, /* "setct-CapTokenTBEX" */
-+ 539, /* "setct-CapTokenTBS" */
-+ 560, /* "setct-CardCInitResTBS" */
-+ 566, /* "setct-CertInqReqTBS" */
-+ 563, /* "setct-CertReqData" */
-+ 595, /* "setct-CertReqTBE" */
-+ 596, /* "setct-CertReqTBEX" */
-+ 564, /* "setct-CertReqTBS" */
-+ 565, /* "setct-CertResData" */
-+ 597, /* "setct-CertResTBE" */
-+ 586, /* "setct-CredReqTBE" */
-+ 587, /* "setct-CredReqTBEX" */
-+ 550, /* "setct-CredReqTBS" */
-+ 551, /* "setct-CredReqTBSX" */
-+ 552, /* "setct-CredResData" */
-+ 588, /* "setct-CredResTBE" */
-+ 589, /* "setct-CredRevReqTBE" */
-+ 590, /* "setct-CredRevReqTBEX" */
-+ 553, /* "setct-CredRevReqTBS" */
-+ 554, /* "setct-CredRevReqTBSX" */
-+ 555, /* "setct-CredRevResData" */
-+ 591, /* "setct-CredRevResTBE" */
-+ 567, /* "setct-ErrorTBS" */
-+ 526, /* "setct-HODInput" */
-+ 561, /* "setct-MeAqCInitResTBS" */
-+ 522, /* "setct-OIData" */
-+ 519, /* "setct-PANData" */
-+ 521, /* "setct-PANOnly" */
-+ 520, /* "setct-PANToken" */
-+ 556, /* "setct-PCertReqData" */
-+ 557, /* "setct-PCertResTBS" */
-+ 523, /* "setct-PI" */
-+ 532, /* "setct-PI-TBS" */
-+ 524, /* "setct-PIData" */
-+ 525, /* "setct-PIDataUnsigned" */
-+ 568, /* "setct-PIDualSignedTBE" */
-+ 569, /* "setct-PIUnsignedTBE" */
-+ 531, /* "setct-PInitResData" */
-+ 533, /* "setct-PResData" */
-+ 594, /* "setct-RegFormReqTBE" */
-+ 562, /* "setct-RegFormResTBS" */
-+ 606, /* "setext-cv" */
-+ 601, /* "setext-genCrypt" */
-+ 602, /* "setext-miAuth" */
-+ 604, /* "setext-pinAny" */
-+ 603, /* "setext-pinSecure" */
-+ 605, /* "setext-track2" */
-+ 52, /* "signingTime" */
-+ 454, /* "simpleSecurityObject" */
-+ 496, /* "singleLevelQuality" */
-+ 387, /* "snmpv2" */
-+ 660, /* "street" */
-+ 85, /* "subjectAltName" */
-+ 769, /* "subjectDirectoryAttributes" */
-+ 398, /* "subjectInfoAccess" */
-+ 82, /* "subjectKeyIdentifier" */
-+ 1007, /* "subjectSignTool" */
-+ 498, /* "subtreeMaximumQuality" */
-+ 497, /* "subtreeMinimumQuality" */
-+ 890, /* "supportedAlgorithms" */
-+ 874, /* "supportedApplicationContext" */
-+ 402, /* "targetInformation" */
-+ 864, /* "telephoneNumber" */
-+ 866, /* "teletexTerminalIdentifier" */
-+ 865, /* "telexNumber" */
-+ 459, /* "textEncodedORAddress" */
-+ 293, /* "textNotice" */
-+ 133, /* "timeStamping" */
-+ 106, /* "title" */
-+ 1020, /* "tlsfeature" */
-+ 682, /* "tpBasis" */
-+ 375, /* "trustRoot" */
-+ 436, /* "ucl" */
-+ 102, /* "uid" */
-+ 888, /* "uniqueMember" */
-+ 55, /* "unstructuredAddress" */
-+ 49, /* "unstructuredName" */
-+ 880, /* "userCertificate" */
-+ 465, /* "userClass" */
-+ 879, /* "userPassword" */
-+ 373, /* "valid" */
-+ 678, /* "wap" */
-+ 679, /* "wap-wsg" */
-+ 735, /* "wap-wsg-idm-ecid-wtls1" */
-+ 743, /* "wap-wsg-idm-ecid-wtls10" */
-+ 744, /* "wap-wsg-idm-ecid-wtls11" */
-+ 745, /* "wap-wsg-idm-ecid-wtls12" */
-+ 736, /* "wap-wsg-idm-ecid-wtls3" */
-+ 737, /* "wap-wsg-idm-ecid-wtls4" */
-+ 738, /* "wap-wsg-idm-ecid-wtls5" */
-+ 739, /* "wap-wsg-idm-ecid-wtls6" */
-+ 740, /* "wap-wsg-idm-ecid-wtls7" */
-+ 741, /* "wap-wsg-idm-ecid-wtls8" */
-+ 742, /* "wap-wsg-idm-ecid-wtls9" */
-+ 804, /* "whirlpool" */
-+ 868, /* "x121Address" */
-+ 503, /* "x500UniqueIdentifier" */
-+ 158, /* "x509Certificate" */
-+ 160, /* "x509Crl" */
- };
-
--static const unsigned int ln_objs[NUM_LN]={
--363, /* "AD Time Stamping" */
--405, /* "ANSI X9.62" */
--368, /* "Acceptable OCSP Responses" */
--910, /* "Any Extended Key Usage" */
--664, /* "Any language" */
--177, /* "Authority Information Access" */
--365, /* "Basic OCSP Response" */
--285, /* "Biometric Info" */
--179, /* "CA Issuers" */
--785, /* "CA Repository" */
--954, /* "CT Certificate SCTs" */
--952, /* "CT Precertificate Poison" */
--951, /* "CT Precertificate SCTs" */
--953, /* "CT Precertificate Signer" */
--131, /* "Code Signing" */
--1024, /* "Ctrl/Provision WAP Termination" */
--1023, /* "Ctrl/provision WAP Access" */
--783, /* "Diffie-Hellman based MAC" */
--382, /* "Directory" */
--392, /* "Domain" */
--132, /* "E-mail Protection" */
--389, /* "Enterprises" */
--384, /* "Experimental" */
--372, /* "Extended OCSP Status" */
--172, /* "Extension Request" */
--813, /* "GOST 28147-89" */
--849, /* "GOST 28147-89 Cryptocom ParamSet" */
--815, /* "GOST 28147-89 MAC" */
--1003, /* "GOST 28147-89 TC26 parameter set" */
--851, /* "GOST 34.10-2001 Cryptocom" */
--850, /* "GOST 34.10-94 Cryptocom" */
--811, /* "GOST R 34.10-2001" */
--817, /* "GOST R 34.10-2001 DH" */
--998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
--999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
--997, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
--979, /* "GOST R 34.10-2012 with 256 bit modulus" */
--980, /* "GOST R 34.10-2012 with 512 bit modulus" */
--985, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
--986, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
--812, /* "GOST R 34.10-94" */
--818, /* "GOST R 34.10-94 DH" */
--982, /* "GOST R 34.11-2012 with 256 bit hash" */
--983, /* "GOST R 34.11-2012 with 512 bit hash" */
--809, /* "GOST R 34.11-94" */
--816, /* "GOST R 34.11-94 PRF" */
--807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */
--853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
--808, /* "GOST R 34.11-94 with GOST R 34.10-94" */
--852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
--854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */
--988, /* "HMAC GOST 34.11-2012 256 bit" */
--989, /* "HMAC GOST 34.11-2012 512 bit" */
--810, /* "HMAC GOST 34.11-94" */
--432, /* "Hold Instruction Call Issuer" */
--430, /* "Hold Instruction Code" */
--431, /* "Hold Instruction None" */
--433, /* "Hold Instruction Reject" */
--634, /* "ICC or token signature" */
--1004, /* "INN" */
--294, /* "IPSec End System" */
--295, /* "IPSec Tunnel" */
--296, /* "IPSec User" */
--182, /* "ISO Member Body" */
--183, /* "ISO US Member Body" */
--667, /* "Independent" */
--665, /* "Inherit all" */
--647, /* "International Organizations" */
--142, /* "Invalidity Date" */
--504, /* "MIME MHS" */
--388, /* "Mail" */
--383, /* "Management" */
--417, /* "Microsoft CSP Name" */
--135, /* "Microsoft Commercial Code Signing" */
--138, /* "Microsoft Encrypted File System" */
--171, /* "Microsoft Extension Request" */
--134, /* "Microsoft Individual Code Signing" */
--856, /* "Microsoft Local Key set" */
--137, /* "Microsoft Server Gated Crypto" */
--648, /* "Microsoft Smartcardlogin" */
--136, /* "Microsoft Trust List Signing" */
--649, /* "Microsoft Universal Principal Name" */
--393, /* "NULL" */
--404, /* "NULL" */
--72, /* "Netscape Base Url" */
--76, /* "Netscape CA Policy Url" */
--74, /* "Netscape CA Revocation Url" */
--71, /* "Netscape Cert Type" */
--58, /* "Netscape Certificate Extension" */
--79, /* "Netscape Certificate Sequence" */
--78, /* "Netscape Comment" */
--57, /* "Netscape Communications Corp." */
--59, /* "Netscape Data Type" */
--75, /* "Netscape Renewal Url" */
--73, /* "Netscape Revocation Url" */
--77, /* "Netscape SSL Server Name" */
--139, /* "Netscape Server Gated Crypto" */
--178, /* "OCSP" */
--370, /* "OCSP Archive Cutoff" */
--367, /* "OCSP CRL ID" */
--369, /* "OCSP No Check" */
--366, /* "OCSP Nonce" */
--371, /* "OCSP Service Locator" */
--180, /* "OCSP Signing" */
--1005, /* "OGRN" */
--161, /* "PBES2" */
--69, /* "PBKDF2" */
--162, /* "PBMAC1" */
--1032, /* "PKINIT Client Auth" */
--127, /* "PKIX" */
--858, /* "Permanent Identifier" */
--164, /* "Policy Qualifier CPS" */
--165, /* "Policy Qualifier User Notice" */
--385, /* "Private" */
--663, /* "Proxy Certificate Information" */
-- 1, /* "RSA Data Security, Inc." */
-- 2, /* "RSA Data Security, Inc. PKCS" */
--188, /* "S/MIME" */
--167, /* "S/MIME Capabilities" */
--1006, /* "SNILS" */
--387, /* "SNMPv2" */
--1025, /* "SSH Client" */
--1026, /* "SSH Server" */
--512, /* "Secure Electronic Transactions" */
--386, /* "Security" */
--394, /* "Selected Attribute Types" */
--1029, /* "Send Owner" */
--1030, /* "Send Proxied Owner" */
--1028, /* "Send Proxied Router" */
--1027, /* "Send Router" */
--1033, /* "Signing KDC Response" */
--1008, /* "Signing Tool of Issuer" */
--1007, /* "Signing Tool of Subject" */
--143, /* "Strong Extranet ID" */
--398, /* "Subject Information Access" */
--1020, /* "TLS Feature" */
--130, /* "TLS Web Client Authentication" */
--129, /* "TLS Web Server Authentication" */
--133, /* "Time Stamping" */
--375, /* "Trust Root" */
--1034, /* "X25519" */
--1035, /* "X448" */
--12, /* "X509" */
--402, /* "X509v3 AC Targeting" */
--746, /* "X509v3 Any Policy" */
--90, /* "X509v3 Authority Key Identifier" */
--87, /* "X509v3 Basic Constraints" */
--103, /* "X509v3 CRL Distribution Points" */
--88, /* "X509v3 CRL Number" */
--141, /* "X509v3 CRL Reason Code" */
--771, /* "X509v3 Certificate Issuer" */
--89, /* "X509v3 Certificate Policies" */
--140, /* "X509v3 Delta CRL Indicator" */
--126, /* "X509v3 Extended Key Usage" */
--857, /* "X509v3 Freshest CRL" */
--748, /* "X509v3 Inhibit Any Policy" */
--86, /* "X509v3 Issuer Alternative Name" */
--770, /* "X509v3 Issuing Distribution Point" */
--83, /* "X509v3 Key Usage" */
--666, /* "X509v3 Name Constraints" */
--403, /* "X509v3 No Revocation Available" */
--401, /* "X509v3 Policy Constraints" */
--747, /* "X509v3 Policy Mappings" */
--84, /* "X509v3 Private Key Usage Period" */
--85, /* "X509v3 Subject Alternative Name" */
--769, /* "X509v3 Subject Directory Attributes" */
--82, /* "X509v3 Subject Key Identifier" */
--920, /* "X9.42 DH" */
--184, /* "X9.57" */
--185, /* "X9.57 CM ?" */
--478, /* "aRecord" */
--289, /* "aaControls" */
--287, /* "ac-auditEntity" */
--397, /* "ac-proxying" */
--288, /* "ac-targeting" */
--446, /* "account" */
--364, /* "ad dvcs" */
--606, /* "additional verification" */
--419, /* "aes-128-cbc" */
--916, /* "aes-128-cbc-hmac-sha1" */
--948, /* "aes-128-cbc-hmac-sha256" */
--896, /* "aes-128-ccm" */
--421, /* "aes-128-cfb" */
--650, /* "aes-128-cfb1" */
--653, /* "aes-128-cfb8" */
--904, /* "aes-128-ctr" */
--418, /* "aes-128-ecb" */
--895, /* "aes-128-gcm" */
--958, /* "aes-128-ocb" */
--420, /* "aes-128-ofb" */
--913, /* "aes-128-xts" */
--423, /* "aes-192-cbc" */
--917, /* "aes-192-cbc-hmac-sha1" */
--949, /* "aes-192-cbc-hmac-sha256" */
--899, /* "aes-192-ccm" */
--425, /* "aes-192-cfb" */
--651, /* "aes-192-cfb1" */
--654, /* "aes-192-cfb8" */
--905, /* "aes-192-ctr" */
--422, /* "aes-192-ecb" */
--898, /* "aes-192-gcm" */
--959, /* "aes-192-ocb" */
--424, /* "aes-192-ofb" */
--427, /* "aes-256-cbc" */
--918, /* "aes-256-cbc-hmac-sha1" */
--950, /* "aes-256-cbc-hmac-sha256" */
--902, /* "aes-256-ccm" */
--429, /* "aes-256-cfb" */
--652, /* "aes-256-cfb1" */
--655, /* "aes-256-cfb8" */
--906, /* "aes-256-ctr" */
--426, /* "aes-256-ecb" */
--901, /* "aes-256-gcm" */
--960, /* "aes-256-ocb" */
--428, /* "aes-256-ofb" */
--914, /* "aes-256-xts" */
--376, /* "algorithm" */
--484, /* "associatedDomain" */
--485, /* "associatedName" */
--501, /* "audio" */
--1049, /* "auth-dss" */
--1047, /* "auth-ecdsa" */
--1050, /* "auth-gost01" */
--1051, /* "auth-gost12" */
--1053, /* "auth-null" */
--1048, /* "auth-psk" */
--1046, /* "auth-rsa" */
--1052, /* "auth-srp" */
--882, /* "authorityRevocationList" */
--91, /* "bf-cbc" */
--93, /* "bf-cfb" */
--92, /* "bf-ecb" */
--94, /* "bf-ofb" */
--1056, /* "blake2b512" */
--1057, /* "blake2s256" */
--921, /* "brainpoolP160r1" */
--922, /* "brainpoolP160t1" */
--923, /* "brainpoolP192r1" */
--924, /* "brainpoolP192t1" */
--925, /* "brainpoolP224r1" */
--926, /* "brainpoolP224t1" */
--927, /* "brainpoolP256r1" */
--928, /* "brainpoolP256t1" */
--929, /* "brainpoolP320r1" */
--930, /* "brainpoolP320t1" */
--931, /* "brainpoolP384r1" */
--932, /* "brainpoolP384t1" */
--933, /* "brainpoolP512r1" */
--934, /* "brainpoolP512t1" */
--494, /* "buildingName" */
--860, /* "businessCategory" */
--691, /* "c2onb191v4" */
--692, /* "c2onb191v5" */
--697, /* "c2onb239v4" */
--698, /* "c2onb239v5" */
--684, /* "c2pnb163v1" */
--685, /* "c2pnb163v2" */
--686, /* "c2pnb163v3" */
--687, /* "c2pnb176v1" */
--693, /* "c2pnb208w1" */
--699, /* "c2pnb272w1" */
--700, /* "c2pnb304w1" */
--702, /* "c2pnb368w1" */
--688, /* "c2tnb191v1" */
--689, /* "c2tnb191v2" */
--690, /* "c2tnb191v3" */
--694, /* "c2tnb239v1" */
--695, /* "c2tnb239v2" */
--696, /* "c2tnb239v3" */
--701, /* "c2tnb359v1" */
--703, /* "c2tnb431r1" */
--881, /* "cACertificate" */
--483, /* "cNAMERecord" */
--751, /* "camellia-128-cbc" */
--962, /* "camellia-128-ccm" */
--757, /* "camellia-128-cfb" */
--760, /* "camellia-128-cfb1" */
--763, /* "camellia-128-cfb8" */
--964, /* "camellia-128-cmac" */
--963, /* "camellia-128-ctr" */
--754, /* "camellia-128-ecb" */
--961, /* "camellia-128-gcm" */
--766, /* "camellia-128-ofb" */
--752, /* "camellia-192-cbc" */
--966, /* "camellia-192-ccm" */
--758, /* "camellia-192-cfb" */
--761, /* "camellia-192-cfb1" */
--764, /* "camellia-192-cfb8" */
--968, /* "camellia-192-cmac" */
--967, /* "camellia-192-ctr" */
--755, /* "camellia-192-ecb" */
--965, /* "camellia-192-gcm" */
--767, /* "camellia-192-ofb" */
--753, /* "camellia-256-cbc" */
--970, /* "camellia-256-ccm" */
--759, /* "camellia-256-cfb" */
--762, /* "camellia-256-cfb1" */
--765, /* "camellia-256-cfb8" */
--972, /* "camellia-256-cmac" */
--971, /* "camellia-256-ctr" */
--756, /* "camellia-256-ecb" */
--969, /* "camellia-256-gcm" */
--768, /* "camellia-256-ofb" */
--443, /* "caseIgnoreIA5StringSyntax" */
--108, /* "cast5-cbc" */
--110, /* "cast5-cfb" */
--109, /* "cast5-ecb" */
--111, /* "cast5-ofb" */
--152, /* "certBag" */
--677, /* "certicom-arc" */
--517, /* "certificate extensions" */
--883, /* "certificateRevocationList" */
--1019, /* "chacha20" */
--1018, /* "chacha20-poly1305" */
--54, /* "challengePassword" */
--407, /* "characteristic-two-field" */
--395, /* "clearance" */
--633, /* "cleartext track 2" */
--894, /* "cmac" */
--13, /* "commonName" */
--513, /* "content types" */
--50, /* "contentType" */
--53, /* "countersignature" */
--14, /* "countryName" */
--153, /* "crlBag" */
--884, /* "crossCertificatePair" */
--806, /* "cryptocom" */
--805, /* "cryptopro" */
--500, /* "dITRedirect" */
--451, /* "dNSDomain" */
--495, /* "dSAQuality" */
--434, /* "data" */
--390, /* "dcObject" */
--891, /* "deltaRevocationList" */
--31, /* "des-cbc" */
--643, /* "des-cdmf" */
--30, /* "des-cfb" */
--656, /* "des-cfb1" */
--657, /* "des-cfb8" */
--29, /* "des-ecb" */
--32, /* "des-ede" */
--43, /* "des-ede-cbc" */
--60, /* "des-ede-cfb" */
--62, /* "des-ede-ofb" */
--33, /* "des-ede3" */
--44, /* "des-ede3-cbc" */
--61, /* "des-ede3-cfb" */
--658, /* "des-ede3-cfb1" */
--659, /* "des-ede3-cfb8" */
--63, /* "des-ede3-ofb" */
--45, /* "des-ofb" */
--107, /* "description" */
--871, /* "destinationIndicator" */
--80, /* "desx-cbc" */
--947, /* "dh-cofactor-kdf" */
--946, /* "dh-std-kdf" */
--28, /* "dhKeyAgreement" */
--941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
--942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
--943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
--944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
--945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
--936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */
--937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */
--938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */
--939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */
--940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */
--11, /* "directory services (X.500)" */
--378, /* "directory services - algorithms" */
--887, /* "distinguishedName" */
--892, /* "dmdName" */
--174, /* "dnQualifier" */
--447, /* "document" */
--471, /* "documentAuthor" */
--468, /* "documentIdentifier" */
--472, /* "documentLocation" */
--502, /* "documentPublisher" */
--449, /* "documentSeries" */
--469, /* "documentTitle" */
--470, /* "documentVersion" */
--380, /* "dod" */
--391, /* "domainComponent" */
--452, /* "domainRelatedObject" */
--116, /* "dsaEncryption" */
--67, /* "dsaEncryption-old" */
--66, /* "dsaWithSHA" */
--113, /* "dsaWithSHA1" */
--70, /* "dsaWithSHA1-old" */
--802, /* "dsa_with_SHA224" */
--803, /* "dsa_with_SHA256" */
--297, /* "dvcs" */
--791, /* "ecdsa-with-Recommended" */
--416, /* "ecdsa-with-SHA1" */
--793, /* "ecdsa-with-SHA224" */
--794, /* "ecdsa-with-SHA256" */
--795, /* "ecdsa-with-SHA384" */
--796, /* "ecdsa-with-SHA512" */
--792, /* "ecdsa-with-Specified" */
--48, /* "emailAddress" */
--632, /* "encrypted track 2" */
--885, /* "enhancedSearchGuide" */
--56, /* "extendedCertificateAttributes" */
--867, /* "facsimileTelephoneNumber" */
--462, /* "favouriteDrink" */
--453, /* "friendlyCountry" */
--490, /* "friendlyCountryName" */
--156, /* "friendlyName" */
--631, /* "generate cryptogram" */
--509, /* "generationQualifier" */
--601, /* "generic cryptogram" */
--99, /* "givenName" */
--976, /* "gost-mac-12" */
--1009, /* "gost89-cbc" */
--814, /* "gost89-cnt" */
--975, /* "gost89-cnt-12" */
--1011, /* "gost89-ctr" */
--1010, /* "gost89-ecb" */
--1015, /* "grasshopper-cbc" */
--1016, /* "grasshopper-cfb" */
--1013, /* "grasshopper-ctr" */
--1012, /* "grasshopper-ecb" */
--1017, /* "grasshopper-mac" */
--1014, /* "grasshopper-ofb" */
--1036, /* "hkdf" */
--855, /* "hmac" */
--780, /* "hmac-md5" */
--781, /* "hmac-sha1" */
--797, /* "hmacWithMD5" */
--163, /* "hmacWithSHA1" */
--798, /* "hmacWithSHA224" */
--799, /* "hmacWithSHA256" */
--800, /* "hmacWithSHA384" */
--801, /* "hmacWithSHA512" */
--486, /* "homePostalAddress" */
--473, /* "homeTelephoneNumber" */
--466, /* "host" */
--889, /* "houseIdentifier" */
--442, /* "iA5StringSyntax" */
--381, /* "iana" */
--824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
--825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
--826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
--827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
--819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
--829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
--828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
--830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
--820, /* "id-Gost28147-89-None-KeyMeshing" */
--823, /* "id-Gost28147-89-TestParamSet" */
--840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
--841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
--842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
--843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
--844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
--839, /* "id-GostR3410-2001-TestParamSet" */
--832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
--833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
--834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
--835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
--836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
--837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
--838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
--831, /* "id-GostR3410-94-TestParamSet" */
--845, /* "id-GostR3410-94-a" */
--846, /* "id-GostR3410-94-aBis" */
--847, /* "id-GostR3410-94-b" */
--848, /* "id-GostR3410-94-bBis" */
--822, /* "id-GostR3411-94-CryptoProParamSet" */
--821, /* "id-GostR3411-94-TestParamSet" */
--266, /* "id-aca" */
--355, /* "id-aca-accessIdentity" */
--354, /* "id-aca-authenticationInfo" */
--356, /* "id-aca-chargingIdentity" */
--399, /* "id-aca-encAttrs" */
--357, /* "id-aca-group" */
--358, /* "id-aca-role" */
--176, /* "id-ad" */
--788, /* "id-aes128-wrap" */
--897, /* "id-aes128-wrap-pad" */
--789, /* "id-aes192-wrap" */
--900, /* "id-aes192-wrap-pad" */
--790, /* "id-aes256-wrap" */
--903, /* "id-aes256-wrap-pad" */
--262, /* "id-alg" */
--893, /* "id-alg-PWRI-KEK" */
--323, /* "id-alg-des40" */
--326, /* "id-alg-dh-pop" */
--325, /* "id-alg-dh-sig-hmac-sha1" */
--324, /* "id-alg-noSignature" */
--907, /* "id-camellia128-wrap" */
--908, /* "id-camellia192-wrap" */
--909, /* "id-camellia256-wrap" */
--268, /* "id-cct" */
--361, /* "id-cct-PKIData" */
--362, /* "id-cct-PKIResponse" */
--360, /* "id-cct-crs" */
--81, /* "id-ce" */
--680, /* "id-characteristic-two-basis" */
--263, /* "id-cmc" */
--334, /* "id-cmc-addExtensions" */
--346, /* "id-cmc-confirmCertAcceptance" */
--330, /* "id-cmc-dataReturn" */
--336, /* "id-cmc-decryptedPOP" */
--335, /* "id-cmc-encryptedPOP" */
--339, /* "id-cmc-getCRL" */
--338, /* "id-cmc-getCert" */
--328, /* "id-cmc-identification" */
--329, /* "id-cmc-identityProof" */
--337, /* "id-cmc-lraPOPWitness" */
--344, /* "id-cmc-popLinkRandom" */
--345, /* "id-cmc-popLinkWitness" */
--343, /* "id-cmc-queryPending" */
--333, /* "id-cmc-recipientNonce" */
--341, /* "id-cmc-regInfo" */
--342, /* "id-cmc-responseInfo" */
--340, /* "id-cmc-revokeRequest" */
--332, /* "id-cmc-senderNonce" */
--327, /* "id-cmc-statusInfo" */
--331, /* "id-cmc-transactionId" */
--787, /* "id-ct-asciiTextWithCRLF" */
--408, /* "id-ecPublicKey" */
--508, /* "id-hex-multipart-message" */
--507, /* "id-hex-partial-message" */
--260, /* "id-it" */
--302, /* "id-it-caKeyUpdateInfo" */
--298, /* "id-it-caProtEncCert" */
--311, /* "id-it-confirmWaitTime" */
--303, /* "id-it-currentCRL" */
--300, /* "id-it-encKeyPairTypes" */
--310, /* "id-it-implicitConfirm" */
--308, /* "id-it-keyPairParamRep" */
--307, /* "id-it-keyPairParamReq" */
--312, /* "id-it-origPKIMessage" */
--301, /* "id-it-preferredSymmAlg" */
--309, /* "id-it-revPassphrase" */
--299, /* "id-it-signKeyPairTypes" */
--305, /* "id-it-subscriptionRequest" */
--306, /* "id-it-subscriptionResponse" */
--784, /* "id-it-suppLangTags" */
--304, /* "id-it-unsupportedOIDs" */
--128, /* "id-kp" */
--280, /* "id-mod-attribute-cert" */
--274, /* "id-mod-cmc" */
--277, /* "id-mod-cmp" */
--284, /* "id-mod-cmp2000" */
--273, /* "id-mod-crmf" */
--283, /* "id-mod-dvcs" */
--275, /* "id-mod-kea-profile-88" */
--276, /* "id-mod-kea-profile-93" */
--282, /* "id-mod-ocsp" */
--278, /* "id-mod-qualified-cert-88" */
--279, /* "id-mod-qualified-cert-93" */
--281, /* "id-mod-timestamp-protocol" */
--264, /* "id-on" */
--347, /* "id-on-personalData" */
--265, /* "id-pda" */
--352, /* "id-pda-countryOfCitizenship" */
--353, /* "id-pda-countryOfResidence" */
--348, /* "id-pda-dateOfBirth" */
--351, /* "id-pda-gender" */
--349, /* "id-pda-placeOfBirth" */
--175, /* "id-pe" */
--1031, /* "id-pkinit" */
--261, /* "id-pkip" */
--258, /* "id-pkix-mod" */
--269, /* "id-pkix1-explicit-88" */
--271, /* "id-pkix1-explicit-93" */
--270, /* "id-pkix1-implicit-88" */
--272, /* "id-pkix1-implicit-93" */
--662, /* "id-ppl" */
--267, /* "id-qcs" */
--359, /* "id-qcs-pkixQCSyntax-v1" */
--259, /* "id-qt" */
--313, /* "id-regCtrl" */
--316, /* "id-regCtrl-authenticator" */
--319, /* "id-regCtrl-oldCertID" */
--318, /* "id-regCtrl-pkiArchiveOptions" */
--317, /* "id-regCtrl-pkiPublicationInfo" */
--320, /* "id-regCtrl-protocolEncrKey" */
--315, /* "id-regCtrl-regToken" */
--314, /* "id-regInfo" */
--322, /* "id-regInfo-certReq" */
--321, /* "id-regInfo-utf8Pairs" */
--973, /* "id-scrypt" */
--191, /* "id-smime-aa" */
--215, /* "id-smime-aa-contentHint" */
--218, /* "id-smime-aa-contentIdentifier" */
--221, /* "id-smime-aa-contentReference" */
--240, /* "id-smime-aa-dvcs-dvc" */
--217, /* "id-smime-aa-encapContentType" */
--222, /* "id-smime-aa-encrypKeyPref" */
--220, /* "id-smime-aa-equivalentLabels" */
--232, /* "id-smime-aa-ets-CertificateRefs" */
--233, /* "id-smime-aa-ets-RevocationRefs" */
--238, /* "id-smime-aa-ets-archiveTimeStamp" */
--237, /* "id-smime-aa-ets-certCRLTimestamp" */
--234, /* "id-smime-aa-ets-certValues" */
--227, /* "id-smime-aa-ets-commitmentType" */
--231, /* "id-smime-aa-ets-contentTimestamp" */
--236, /* "id-smime-aa-ets-escTimeStamp" */
--230, /* "id-smime-aa-ets-otherSigCert" */
--235, /* "id-smime-aa-ets-revocationValues" */
--226, /* "id-smime-aa-ets-sigPolicyId" */
--229, /* "id-smime-aa-ets-signerAttr" */
--228, /* "id-smime-aa-ets-signerLocation" */
--219, /* "id-smime-aa-macValue" */
--214, /* "id-smime-aa-mlExpandHistory" */
--216, /* "id-smime-aa-msgSigDigest" */
--212, /* "id-smime-aa-receiptRequest" */
--213, /* "id-smime-aa-securityLabel" */
--239, /* "id-smime-aa-signatureType" */
--223, /* "id-smime-aa-signingCertificate" */
--224, /* "id-smime-aa-smimeEncryptCerts" */
--225, /* "id-smime-aa-timeStampToken" */
--192, /* "id-smime-alg" */
--243, /* "id-smime-alg-3DESwrap" */
--246, /* "id-smime-alg-CMS3DESwrap" */
--247, /* "id-smime-alg-CMSRC2wrap" */
--245, /* "id-smime-alg-ESDH" */
--241, /* "id-smime-alg-ESDHwith3DES" */
--242, /* "id-smime-alg-ESDHwithRC2" */
--244, /* "id-smime-alg-RC2wrap" */
--193, /* "id-smime-cd" */
--248, /* "id-smime-cd-ldap" */
--190, /* "id-smime-ct" */
--210, /* "id-smime-ct-DVCSRequestData" */
--211, /* "id-smime-ct-DVCSResponseData" */
--208, /* "id-smime-ct-TDTInfo" */
--207, /* "id-smime-ct-TSTInfo" */
--205, /* "id-smime-ct-authData" */
--786, /* "id-smime-ct-compressedData" */
--209, /* "id-smime-ct-contentInfo" */
--206, /* "id-smime-ct-publishCert" */
--204, /* "id-smime-ct-receipt" */
--195, /* "id-smime-cti" */
--255, /* "id-smime-cti-ets-proofOfApproval" */
--256, /* "id-smime-cti-ets-proofOfCreation" */
--253, /* "id-smime-cti-ets-proofOfDelivery" */
--251, /* "id-smime-cti-ets-proofOfOrigin" */
--252, /* "id-smime-cti-ets-proofOfReceipt" */
--254, /* "id-smime-cti-ets-proofOfSender" */
--189, /* "id-smime-mod" */
--196, /* "id-smime-mod-cms" */
--197, /* "id-smime-mod-ess" */
--202, /* "id-smime-mod-ets-eSigPolicy-88" */
--203, /* "id-smime-mod-ets-eSigPolicy-97" */
--200, /* "id-smime-mod-ets-eSignature-88" */
--201, /* "id-smime-mod-ets-eSignature-97" */
--199, /* "id-smime-mod-msg-v3" */
--198, /* "id-smime-mod-oid" */
--194, /* "id-smime-spq" */
--250, /* "id-smime-spq-ets-sqt-unotice" */
--249, /* "id-smime-spq-ets-sqt-uri" */
--974, /* "id-tc26" */
--991, /* "id-tc26-agreement" */
--992, /* "id-tc26-agreement-gost-3410-2012-256" */
--993, /* "id-tc26-agreement-gost-3410-2012-512" */
--977, /* "id-tc26-algorithms" */
--990, /* "id-tc26-cipher" */
--1001, /* "id-tc26-cipher-constants" */
--994, /* "id-tc26-constants" */
--981, /* "id-tc26-digest" */
--1000, /* "id-tc26-digest-constants" */
--1002, /* "id-tc26-gost-28147-constants" */
--996, /* "id-tc26-gost-3410-2012-512-constants" */
--987, /* "id-tc26-mac" */
--978, /* "id-tc26-sign" */
--995, /* "id-tc26-sign-constants" */
--984, /* "id-tc26-signwithdigest" */
--34, /* "idea-cbc" */
--35, /* "idea-cfb" */
--36, /* "idea-ecb" */
--46, /* "idea-ofb" */
--676, /* "identified-organization" */
--461, /* "info" */
--101, /* "initials" */
--869, /* "internationaliSDNNumber" */
--1022, /* "ipsec Internet Key Exchange" */
--749, /* "ipsec3" */
--750, /* "ipsec4" */
--181, /* "iso" */
--623, /* "issuer capabilities" */
--645, /* "itu-t" */
--492, /* "janetMailbox" */
--646, /* "joint-iso-itu-t" */
--957, /* "jurisdictionCountryName" */
--955, /* "jurisdictionLocalityName" */
--956, /* "jurisdictionStateOrProvinceName" */
--150, /* "keyBag" */
--773, /* "kisa" */
--1039, /* "kx-dhe" */
--1041, /* "kx-dhe-psk" */
--1038, /* "kx-ecdhe" */
--1040, /* "kx-ecdhe-psk" */
--1045, /* "kx-gost" */
--1043, /* "kx-psk" */
--1037, /* "kx-rsa" */
--1042, /* "kx-rsa-psk" */
--1044, /* "kx-srp" */
--477, /* "lastModifiedBy" */
--476, /* "lastModifiedTime" */
--157, /* "localKeyID" */
--15, /* "localityName" */
--480, /* "mXRecord" */
--493, /* "mailPreferenceOption" */
--467, /* "manager" */
-- 3, /* "md2" */
-- 7, /* "md2WithRSAEncryption" */
--257, /* "md4" */
--396, /* "md4WithRSAEncryption" */
-- 4, /* "md5" */
--114, /* "md5-sha1" */
--104, /* "md5WithRSA" */
-- 8, /* "md5WithRSAEncryption" */
--95, /* "mdc2" */
--96, /* "mdc2WithRSA" */
--875, /* "member" */
--602, /* "merchant initiated auth" */
--514, /* "message extensions" */
--51, /* "messageDigest" */
--911, /* "mgf1" */
--506, /* "mime-mhs-bodies" */
--505, /* "mime-mhs-headings" */
--488, /* "mobileTelephoneNumber" */
--481, /* "nSRecord" */
--173, /* "name" */
--681, /* "onBasis" */
--379, /* "org" */
--17, /* "organizationName" */
--491, /* "organizationalStatus" */
--18, /* "organizationalUnitName" */
--475, /* "otherMailbox" */
--876, /* "owner" */
--935, /* "pSpecified" */
--489, /* "pagerTelephoneNumber" */
--782, /* "password based MAC" */
--374, /* "path" */
--621, /* "payment gateway capabilities" */
-- 9, /* "pbeWithMD2AndDES-CBC" */
--168, /* "pbeWithMD2AndRC2-CBC" */
--112, /* "pbeWithMD5AndCast5CBC" */
--10, /* "pbeWithMD5AndDES-CBC" */
--169, /* "pbeWithMD5AndRC2-CBC" */
--148, /* "pbeWithSHA1And128BitRC2-CBC" */
--144, /* "pbeWithSHA1And128BitRC4" */
--147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
--146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
--149, /* "pbeWithSHA1And40BitRC2-CBC" */
--145, /* "pbeWithSHA1And40BitRC4" */
--170, /* "pbeWithSHA1AndDES-CBC" */
--68, /* "pbeWithSHA1AndRC2-CBC" */
--499, /* "personalSignature" */
--487, /* "personalTitle" */
--464, /* "photo" */
--863, /* "physicalDeliveryOfficeName" */
--437, /* "pilot" */
--439, /* "pilotAttributeSyntax" */
--438, /* "pilotAttributeType" */
--479, /* "pilotAttributeType27" */
--456, /* "pilotDSA" */
--441, /* "pilotGroups" */
--444, /* "pilotObject" */
--440, /* "pilotObjectClass" */
--455, /* "pilotOrganization" */
--445, /* "pilotPerson" */
--186, /* "pkcs1" */
--27, /* "pkcs3" */
--187, /* "pkcs5" */
--20, /* "pkcs7" */
--21, /* "pkcs7-data" */
--25, /* "pkcs7-digestData" */
--26, /* "pkcs7-encryptedData" */
--23, /* "pkcs7-envelopedData" */
--24, /* "pkcs7-signedAndEnvelopedData" */
--22, /* "pkcs7-signedData" */
--151, /* "pkcs8ShroudedKeyBag" */
--47, /* "pkcs9" */
--862, /* "postOfficeBox" */
--861, /* "postalAddress" */
--661, /* "postalCode" */
--683, /* "ppBasis" */
--872, /* "preferredDeliveryMethod" */
--873, /* "presentationAddress" */
--406, /* "prime-field" */
--409, /* "prime192v1" */
--410, /* "prime192v2" */
--411, /* "prime192v3" */
--412, /* "prime239v1" */
--413, /* "prime239v2" */
--414, /* "prime239v3" */
--415, /* "prime256v1" */
--886, /* "protocolInformation" */
--510, /* "pseudonym" */
--435, /* "pss" */
--286, /* "qcStatements" */
--457, /* "qualityLabelledData" */
--450, /* "rFC822localPart" */
--98, /* "rc2-40-cbc" */
--166, /* "rc2-64-cbc" */
--37, /* "rc2-cbc" */
--39, /* "rc2-cfb" */
--38, /* "rc2-ecb" */
--40, /* "rc2-ofb" */
-- 5, /* "rc4" */
--97, /* "rc4-40" */
--915, /* "rc4-hmac-md5" */
--120, /* "rc5-cbc" */
--122, /* "rc5-cfb" */
--121, /* "rc5-ecb" */
--123, /* "rc5-ofb" */
--870, /* "registeredAddress" */
--460, /* "rfc822Mailbox" */
--117, /* "ripemd160" */
--119, /* "ripemd160WithRSA" */
--400, /* "role" */
--877, /* "roleOccupant" */
--448, /* "room" */
--463, /* "roomNumber" */
--19, /* "rsa" */
-- 6, /* "rsaEncryption" */
--644, /* "rsaOAEPEncryptionSET" */
--377, /* "rsaSignature" */
--919, /* "rsaesOaep" */
--912, /* "rsassaPss" */
--482, /* "sOARecord" */
--155, /* "safeContentsBag" */
--291, /* "sbgp-autonomousSysNum" */
--290, /* "sbgp-ipAddrBlock" */
--292, /* "sbgp-routerIdentifier" */
--159, /* "sdsiCertificate" */
--859, /* "searchGuide" */
--704, /* "secp112r1" */
--705, /* "secp112r2" */
--706, /* "secp128r1" */
--707, /* "secp128r2" */
--708, /* "secp160k1" */
--709, /* "secp160r1" */
--710, /* "secp160r2" */
--711, /* "secp192k1" */
--712, /* "secp224k1" */
--713, /* "secp224r1" */
--714, /* "secp256k1" */
--715, /* "secp384r1" */
--716, /* "secp521r1" */
--154, /* "secretBag" */
--474, /* "secretary" */
--717, /* "sect113r1" */
--718, /* "sect113r2" */
--719, /* "sect131r1" */
--720, /* "sect131r2" */
--721, /* "sect163k1" */
--722, /* "sect163r1" */
--723, /* "sect163r2" */
--724, /* "sect193r1" */
--725, /* "sect193r2" */
--726, /* "sect233k1" */
--727, /* "sect233r1" */
--728, /* "sect239k1" */
--729, /* "sect283k1" */
--730, /* "sect283r1" */
--731, /* "sect409k1" */
--732, /* "sect409r1" */
--733, /* "sect571k1" */
--734, /* "sect571r1" */
--635, /* "secure device signature" */
--878, /* "seeAlso" */
--777, /* "seed-cbc" */
--779, /* "seed-cfb" */
--776, /* "seed-ecb" */
--778, /* "seed-ofb" */
--105, /* "serialNumber" */
--625, /* "set-addPolicy" */
--515, /* "set-attr" */
--518, /* "set-brand" */
--638, /* "set-brand-AmericanExpress" */
--637, /* "set-brand-Diners" */
--636, /* "set-brand-IATA-ATA" */
--639, /* "set-brand-JCB" */
--641, /* "set-brand-MasterCard" */
--642, /* "set-brand-Novus" */
--640, /* "set-brand-Visa" */
--516, /* "set-policy" */
--607, /* "set-policy-root" */
--624, /* "set-rootKeyThumb" */
--620, /* "setAttr-Cert" */
--628, /* "setAttr-IssCap-CVM" */
--630, /* "setAttr-IssCap-Sig" */
--629, /* "setAttr-IssCap-T2" */
--627, /* "setAttr-Token-B0Prime" */
--626, /* "setAttr-Token-EMV" */
--622, /* "setAttr-TokenType" */
--619, /* "setCext-IssuerCapabilities" */
--615, /* "setCext-PGWYcapabilities" */
--616, /* "setCext-TokenIdentifier" */
--618, /* "setCext-TokenType" */
--617, /* "setCext-Track2Data" */
--611, /* "setCext-cCertRequired" */
--609, /* "setCext-certType" */
--608, /* "setCext-hashedRoot" */
--610, /* "setCext-merchData" */
--613, /* "setCext-setExt" */
--614, /* "setCext-setQualf" */
--612, /* "setCext-tunneling" */
--540, /* "setct-AcqCardCodeMsg" */
--576, /* "setct-AcqCardCodeMsgTBE" */
--570, /* "setct-AuthReqTBE" */
--534, /* "setct-AuthReqTBS" */
--527, /* "setct-AuthResBaggage" */
--571, /* "setct-AuthResTBE" */
--572, /* "setct-AuthResTBEX" */
--535, /* "setct-AuthResTBS" */
--536, /* "setct-AuthResTBSX" */
--528, /* "setct-AuthRevReqBaggage" */
--577, /* "setct-AuthRevReqTBE" */
--541, /* "setct-AuthRevReqTBS" */
--529, /* "setct-AuthRevResBaggage" */
--542, /* "setct-AuthRevResData" */
--578, /* "setct-AuthRevResTBE" */
--579, /* "setct-AuthRevResTBEB" */
--543, /* "setct-AuthRevResTBS" */
--573, /* "setct-AuthTokenTBE" */
--537, /* "setct-AuthTokenTBS" */
--600, /* "setct-BCIDistributionTBS" */
--558, /* "setct-BatchAdminReqData" */
--592, /* "setct-BatchAdminReqTBE" */
--559, /* "setct-BatchAdminResData" */
--593, /* "setct-BatchAdminResTBE" */
--599, /* "setct-CRLNotificationResTBS" */
--598, /* "setct-CRLNotificationTBS" */
--580, /* "setct-CapReqTBE" */
--581, /* "setct-CapReqTBEX" */
--544, /* "setct-CapReqTBS" */
--545, /* "setct-CapReqTBSX" */
--546, /* "setct-CapResData" */
--582, /* "setct-CapResTBE" */
--583, /* "setct-CapRevReqTBE" */
--584, /* "setct-CapRevReqTBEX" */
--547, /* "setct-CapRevReqTBS" */
--548, /* "setct-CapRevReqTBSX" */
--549, /* "setct-CapRevResData" */
--585, /* "setct-CapRevResTBE" */
--538, /* "setct-CapTokenData" */
--530, /* "setct-CapTokenSeq" */
--574, /* "setct-CapTokenTBE" */
--575, /* "setct-CapTokenTBEX" */
--539, /* "setct-CapTokenTBS" */
--560, /* "setct-CardCInitResTBS" */
--566, /* "setct-CertInqReqTBS" */
--563, /* "setct-CertReqData" */
--595, /* "setct-CertReqTBE" */
--596, /* "setct-CertReqTBEX" */
--564, /* "setct-CertReqTBS" */
--565, /* "setct-CertResData" */
--597, /* "setct-CertResTBE" */
--586, /* "setct-CredReqTBE" */
--587, /* "setct-CredReqTBEX" */
--550, /* "setct-CredReqTBS" */
--551, /* "setct-CredReqTBSX" */
--552, /* "setct-CredResData" */
--588, /* "setct-CredResTBE" */
--589, /* "setct-CredRevReqTBE" */
--590, /* "setct-CredRevReqTBEX" */
--553, /* "setct-CredRevReqTBS" */
--554, /* "setct-CredRevReqTBSX" */
--555, /* "setct-CredRevResData" */
--591, /* "setct-CredRevResTBE" */
--567, /* "setct-ErrorTBS" */
--526, /* "setct-HODInput" */
--561, /* "setct-MeAqCInitResTBS" */
--522, /* "setct-OIData" */
--519, /* "setct-PANData" */
--521, /* "setct-PANOnly" */
--520, /* "setct-PANToken" */
--556, /* "setct-PCertReqData" */
--557, /* "setct-PCertResTBS" */
--523, /* "setct-PI" */
--532, /* "setct-PI-TBS" */
--524, /* "setct-PIData" */
--525, /* "setct-PIDataUnsigned" */
--568, /* "setct-PIDualSignedTBE" */
--569, /* "setct-PIUnsignedTBE" */
--531, /* "setct-PInitResData" */
--533, /* "setct-PResData" */
--594, /* "setct-RegFormReqTBE" */
--562, /* "setct-RegFormResTBS" */
--604, /* "setext-pinAny" */
--603, /* "setext-pinSecure" */
--605, /* "setext-track2" */
--41, /* "sha" */
--64, /* "sha1" */
--115, /* "sha1WithRSA" */
--65, /* "sha1WithRSAEncryption" */
--675, /* "sha224" */
--671, /* "sha224WithRSAEncryption" */
--672, /* "sha256" */
--668, /* "sha256WithRSAEncryption" */
--673, /* "sha384" */
--669, /* "sha384WithRSAEncryption" */
--674, /* "sha512" */
--670, /* "sha512WithRSAEncryption" */
--42, /* "shaWithRSAEncryption" */
--52, /* "signingTime" */
--454, /* "simpleSecurityObject" */
--496, /* "singleLevelQuality" */
--16, /* "stateOrProvinceName" */
--660, /* "streetAddress" */
--498, /* "subtreeMaximumQuality" */
--497, /* "subtreeMinimumQuality" */
--890, /* "supportedAlgorithms" */
--874, /* "supportedApplicationContext" */
--100, /* "surname" */
--864, /* "telephoneNumber" */
--866, /* "teletexTerminalIdentifier" */
--865, /* "telexNumber" */
--459, /* "textEncodedORAddress" */
--293, /* "textNotice" */
--106, /* "title" */
--1021, /* "tls1-prf" */
--682, /* "tpBasis" */
--436, /* "ucl" */
-- 0, /* "undefined" */
--102, /* "uniqueIdentifier" */
--888, /* "uniqueMember" */
--55, /* "unstructuredAddress" */
--49, /* "unstructuredName" */
--880, /* "userCertificate" */
--465, /* "userClass" */
--458, /* "userId" */
--879, /* "userPassword" */
--373, /* "valid" */
--678, /* "wap" */
--679, /* "wap-wsg" */
--735, /* "wap-wsg-idm-ecid-wtls1" */
--743, /* "wap-wsg-idm-ecid-wtls10" */
--744, /* "wap-wsg-idm-ecid-wtls11" */
--745, /* "wap-wsg-idm-ecid-wtls12" */
--736, /* "wap-wsg-idm-ecid-wtls3" */
--737, /* "wap-wsg-idm-ecid-wtls4" */
--738, /* "wap-wsg-idm-ecid-wtls5" */
--739, /* "wap-wsg-idm-ecid-wtls6" */
--740, /* "wap-wsg-idm-ecid-wtls7" */
--741, /* "wap-wsg-idm-ecid-wtls8" */
--742, /* "wap-wsg-idm-ecid-wtls9" */
--804, /* "whirlpool" */
--868, /* "x121Address" */
--503, /* "x500UniqueIdentifier" */
--158, /* "x509Certificate" */
--160, /* "x509Crl" */
--125, /* "zlib compression" */
-+#define NUM_LN 1052
-+static const unsigned int ln_objs[NUM_LN] = {
-+ 363, /* "AD Time Stamping" */
-+ 405, /* "ANSI X9.62" */
-+ 368, /* "Acceptable OCSP Responses" */
-+ 910, /* "Any Extended Key Usage" */
-+ 664, /* "Any language" */
-+ 177, /* "Authority Information Access" */
-+ 365, /* "Basic OCSP Response" */
-+ 285, /* "Biometric Info" */
-+ 179, /* "CA Issuers" */
-+ 785, /* "CA Repository" */
-+ 954, /* "CT Certificate SCTs" */
-+ 952, /* "CT Precertificate Poison" */
-+ 951, /* "CT Precertificate SCTs" */
-+ 953, /* "CT Precertificate Signer" */
-+ 131, /* "Code Signing" */
-+ 1024, /* "Ctrl/Provision WAP Termination" */
-+ 1023, /* "Ctrl/provision WAP Access" */
-+ 783, /* "Diffie-Hellman based MAC" */
-+ 382, /* "Directory" */
-+ 392, /* "Domain" */
-+ 132, /* "E-mail Protection" */
-+ 389, /* "Enterprises" */
-+ 384, /* "Experimental" */
-+ 372, /* "Extended OCSP Status" */
-+ 172, /* "Extension Request" */
-+ 813, /* "GOST 28147-89" */
-+ 849, /* "GOST 28147-89 Cryptocom ParamSet" */
-+ 815, /* "GOST 28147-89 MAC" */
-+ 1003, /* "GOST 28147-89 TC26 parameter set" */
-+ 851, /* "GOST 34.10-2001 Cryptocom" */
-+ 850, /* "GOST 34.10-94 Cryptocom" */
-+ 811, /* "GOST R 34.10-2001" */
-+ 817, /* "GOST R 34.10-2001 DH" */
-+ 998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
-+ 999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
-+ 997, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
-+ 979, /* "GOST R 34.10-2012 with 256 bit modulus" */
-+ 980, /* "GOST R 34.10-2012 with 512 bit modulus" */
-+ 985, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
-+ 986, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
-+ 812, /* "GOST R 34.10-94" */
-+ 818, /* "GOST R 34.10-94 DH" */
-+ 982, /* "GOST R 34.11-2012 with 256 bit hash" */
-+ 983, /* "GOST R 34.11-2012 with 512 bit hash" */
-+ 809, /* "GOST R 34.11-94" */
-+ 816, /* "GOST R 34.11-94 PRF" */
-+ 807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */
-+ 853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
-+ 808, /* "GOST R 34.11-94 with GOST R 34.10-94" */
-+ 852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
-+ 854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */
-+ 988, /* "HMAC GOST 34.11-2012 256 bit" */
-+ 989, /* "HMAC GOST 34.11-2012 512 bit" */
-+ 810, /* "HMAC GOST 34.11-94" */
-+ 432, /* "Hold Instruction Call Issuer" */
-+ 430, /* "Hold Instruction Code" */
-+ 431, /* "Hold Instruction None" */
-+ 433, /* "Hold Instruction Reject" */
-+ 634, /* "ICC or token signature" */
-+ 1004, /* "INN" */
-+ 294, /* "IPSec End System" */
-+ 295, /* "IPSec Tunnel" */
-+ 296, /* "IPSec User" */
-+ 182, /* "ISO Member Body" */
-+ 183, /* "ISO US Member Body" */
-+ 667, /* "Independent" */
-+ 665, /* "Inherit all" */
-+ 647, /* "International Organizations" */
-+ 142, /* "Invalidity Date" */
-+ 504, /* "MIME MHS" */
-+ 388, /* "Mail" */
-+ 383, /* "Management" */
-+ 417, /* "Microsoft CSP Name" */
-+ 135, /* "Microsoft Commercial Code Signing" */
-+ 138, /* "Microsoft Encrypted File System" */
-+ 171, /* "Microsoft Extension Request" */
-+ 134, /* "Microsoft Individual Code Signing" */
-+ 856, /* "Microsoft Local Key set" */
-+ 137, /* "Microsoft Server Gated Crypto" */
-+ 648, /* "Microsoft Smartcardlogin" */
-+ 136, /* "Microsoft Trust List Signing" */
-+ 649, /* "Microsoft Universal Principal Name" */
-+ 393, /* "NULL" */
-+ 404, /* "NULL" */
-+ 72, /* "Netscape Base Url" */
-+ 76, /* "Netscape CA Policy Url" */
-+ 74, /* "Netscape CA Revocation Url" */
-+ 71, /* "Netscape Cert Type" */
-+ 58, /* "Netscape Certificate Extension" */
-+ 79, /* "Netscape Certificate Sequence" */
-+ 78, /* "Netscape Comment" */
-+ 57, /* "Netscape Communications Corp." */
-+ 59, /* "Netscape Data Type" */
-+ 75, /* "Netscape Renewal Url" */
-+ 73, /* "Netscape Revocation Url" */
-+ 77, /* "Netscape SSL Server Name" */
-+ 139, /* "Netscape Server Gated Crypto" */
-+ 178, /* "OCSP" */
-+ 370, /* "OCSP Archive Cutoff" */
-+ 367, /* "OCSP CRL ID" */
-+ 369, /* "OCSP No Check" */
-+ 366, /* "OCSP Nonce" */
-+ 371, /* "OCSP Service Locator" */
-+ 180, /* "OCSP Signing" */
-+ 1005, /* "OGRN" */
-+ 161, /* "PBES2" */
-+ 69, /* "PBKDF2" */
-+ 162, /* "PBMAC1" */
-+ 1032, /* "PKINIT Client Auth" */
-+ 127, /* "PKIX" */
-+ 858, /* "Permanent Identifier" */
-+ 164, /* "Policy Qualifier CPS" */
-+ 165, /* "Policy Qualifier User Notice" */
-+ 385, /* "Private" */
-+ 663, /* "Proxy Certificate Information" */
-+ 1, /* "RSA Data Security, Inc." */
-+ 2, /* "RSA Data Security, Inc. PKCS" */
-+ 188, /* "S/MIME" */
-+ 167, /* "S/MIME Capabilities" */
-+ 1006, /* "SNILS" */
-+ 387, /* "SNMPv2" */
-+ 1025, /* "SSH Client" */
-+ 1026, /* "SSH Server" */
-+ 512, /* "Secure Electronic Transactions" */
-+ 386, /* "Security" */
-+ 394, /* "Selected Attribute Types" */
-+ 1029, /* "Send Owner" */
-+ 1030, /* "Send Proxied Owner" */
-+ 1028, /* "Send Proxied Router" */
-+ 1027, /* "Send Router" */
-+ 1033, /* "Signing KDC Response" */
-+ 1008, /* "Signing Tool of Issuer" */
-+ 1007, /* "Signing Tool of Subject" */
-+ 143, /* "Strong Extranet ID" */
-+ 398, /* "Subject Information Access" */
-+ 1020, /* "TLS Feature" */
-+ 130, /* "TLS Web Client Authentication" */
-+ 129, /* "TLS Web Server Authentication" */
-+ 133, /* "Time Stamping" */
-+ 375, /* "Trust Root" */
-+ 1034, /* "X25519" */
-+ 1035, /* "X448" */
-+ 12, /* "X509" */
-+ 402, /* "X509v3 AC Targeting" */
-+ 746, /* "X509v3 Any Policy" */
-+ 90, /* "X509v3 Authority Key Identifier" */
-+ 87, /* "X509v3 Basic Constraints" */
-+ 103, /* "X509v3 CRL Distribution Points" */
-+ 88, /* "X509v3 CRL Number" */
-+ 141, /* "X509v3 CRL Reason Code" */
-+ 771, /* "X509v3 Certificate Issuer" */
-+ 89, /* "X509v3 Certificate Policies" */
-+ 140, /* "X509v3 Delta CRL Indicator" */
-+ 126, /* "X509v3 Extended Key Usage" */
-+ 857, /* "X509v3 Freshest CRL" */
-+ 748, /* "X509v3 Inhibit Any Policy" */
-+ 86, /* "X509v3 Issuer Alternative Name" */
-+ 770, /* "X509v3 Issuing Distribution Point" */
-+ 83, /* "X509v3 Key Usage" */
-+ 666, /* "X509v3 Name Constraints" */
-+ 403, /* "X509v3 No Revocation Available" */
-+ 401, /* "X509v3 Policy Constraints" */
-+ 747, /* "X509v3 Policy Mappings" */
-+ 84, /* "X509v3 Private Key Usage Period" */
-+ 85, /* "X509v3 Subject Alternative Name" */
-+ 769, /* "X509v3 Subject Directory Attributes" */
-+ 82, /* "X509v3 Subject Key Identifier" */
-+ 920, /* "X9.42 DH" */
-+ 184, /* "X9.57" */
-+ 185, /* "X9.57 CM ?" */
-+ 478, /* "aRecord" */
-+ 289, /* "aaControls" */
-+ 287, /* "ac-auditEntity" */
-+ 397, /* "ac-proxying" */
-+ 288, /* "ac-targeting" */
-+ 446, /* "account" */
-+ 364, /* "ad dvcs" */
-+ 606, /* "additional verification" */
-+ 419, /* "aes-128-cbc" */
-+ 916, /* "aes-128-cbc-hmac-sha1" */
-+ 948, /* "aes-128-cbc-hmac-sha256" */
-+ 896, /* "aes-128-ccm" */
-+ 421, /* "aes-128-cfb" */
-+ 650, /* "aes-128-cfb1" */
-+ 653, /* "aes-128-cfb8" */
-+ 904, /* "aes-128-ctr" */
-+ 418, /* "aes-128-ecb" */
-+ 895, /* "aes-128-gcm" */
-+ 958, /* "aes-128-ocb" */
-+ 420, /* "aes-128-ofb" */
-+ 913, /* "aes-128-xts" */
-+ 423, /* "aes-192-cbc" */
-+ 917, /* "aes-192-cbc-hmac-sha1" */
-+ 949, /* "aes-192-cbc-hmac-sha256" */
-+ 899, /* "aes-192-ccm" */
-+ 425, /* "aes-192-cfb" */
-+ 651, /* "aes-192-cfb1" */
-+ 654, /* "aes-192-cfb8" */
-+ 905, /* "aes-192-ctr" */
-+ 422, /* "aes-192-ecb" */
-+ 898, /* "aes-192-gcm" */
-+ 959, /* "aes-192-ocb" */
-+ 424, /* "aes-192-ofb" */
-+ 427, /* "aes-256-cbc" */
-+ 918, /* "aes-256-cbc-hmac-sha1" */
-+ 950, /* "aes-256-cbc-hmac-sha256" */
-+ 902, /* "aes-256-ccm" */
-+ 429, /* "aes-256-cfb" */
-+ 652, /* "aes-256-cfb1" */
-+ 655, /* "aes-256-cfb8" */
-+ 906, /* "aes-256-ctr" */
-+ 426, /* "aes-256-ecb" */
-+ 901, /* "aes-256-gcm" */
-+ 960, /* "aes-256-ocb" */
-+ 428, /* "aes-256-ofb" */
-+ 914, /* "aes-256-xts" */
-+ 376, /* "algorithm" */
-+ 484, /* "associatedDomain" */
-+ 485, /* "associatedName" */
-+ 501, /* "audio" */
-+ 1049, /* "auth-dss" */
-+ 1047, /* "auth-ecdsa" */
-+ 1050, /* "auth-gost01" */
-+ 1051, /* "auth-gost12" */
-+ 1053, /* "auth-null" */
-+ 1048, /* "auth-psk" */
-+ 1046, /* "auth-rsa" */
-+ 1052, /* "auth-srp" */
-+ 882, /* "authorityRevocationList" */
-+ 91, /* "bf-cbc" */
-+ 93, /* "bf-cfb" */
-+ 92, /* "bf-ecb" */
-+ 94, /* "bf-ofb" */
-+ 1056, /* "blake2b512" */
-+ 1057, /* "blake2s256" */
-+ 921, /* "brainpoolP160r1" */
-+ 922, /* "brainpoolP160t1" */
-+ 923, /* "brainpoolP192r1" */
-+ 924, /* "brainpoolP192t1" */
-+ 925, /* "brainpoolP224r1" */
-+ 926, /* "brainpoolP224t1" */
-+ 927, /* "brainpoolP256r1" */
-+ 928, /* "brainpoolP256t1" */
-+ 929, /* "brainpoolP320r1" */
-+ 930, /* "brainpoolP320t1" */
-+ 931, /* "brainpoolP384r1" */
-+ 932, /* "brainpoolP384t1" */
-+ 933, /* "brainpoolP512r1" */
-+ 934, /* "brainpoolP512t1" */
-+ 494, /* "buildingName" */
-+ 860, /* "businessCategory" */
-+ 691, /* "c2onb191v4" */
-+ 692, /* "c2onb191v5" */
-+ 697, /* "c2onb239v4" */
-+ 698, /* "c2onb239v5" */
-+ 684, /* "c2pnb163v1" */
-+ 685, /* "c2pnb163v2" */
-+ 686, /* "c2pnb163v3" */
-+ 687, /* "c2pnb176v1" */
-+ 693, /* "c2pnb208w1" */
-+ 699, /* "c2pnb272w1" */
-+ 700, /* "c2pnb304w1" */
-+ 702, /* "c2pnb368w1" */
-+ 688, /* "c2tnb191v1" */
-+ 689, /* "c2tnb191v2" */
-+ 690, /* "c2tnb191v3" */
-+ 694, /* "c2tnb239v1" */
-+ 695, /* "c2tnb239v2" */
-+ 696, /* "c2tnb239v3" */
-+ 701, /* "c2tnb359v1" */
-+ 703, /* "c2tnb431r1" */
-+ 881, /* "cACertificate" */
-+ 483, /* "cNAMERecord" */
-+ 751, /* "camellia-128-cbc" */
-+ 962, /* "camellia-128-ccm" */
-+ 757, /* "camellia-128-cfb" */
-+ 760, /* "camellia-128-cfb1" */
-+ 763, /* "camellia-128-cfb8" */
-+ 964, /* "camellia-128-cmac" */
-+ 963, /* "camellia-128-ctr" */
-+ 754, /* "camellia-128-ecb" */
-+ 961, /* "camellia-128-gcm" */
-+ 766, /* "camellia-128-ofb" */
-+ 752, /* "camellia-192-cbc" */
-+ 966, /* "camellia-192-ccm" */
-+ 758, /* "camellia-192-cfb" */
-+ 761, /* "camellia-192-cfb1" */
-+ 764, /* "camellia-192-cfb8" */
-+ 968, /* "camellia-192-cmac" */
-+ 967, /* "camellia-192-ctr" */
-+ 755, /* "camellia-192-ecb" */
-+ 965, /* "camellia-192-gcm" */
-+ 767, /* "camellia-192-ofb" */
-+ 753, /* "camellia-256-cbc" */
-+ 970, /* "camellia-256-ccm" */
-+ 759, /* "camellia-256-cfb" */
-+ 762, /* "camellia-256-cfb1" */
-+ 765, /* "camellia-256-cfb8" */
-+ 972, /* "camellia-256-cmac" */
-+ 971, /* "camellia-256-ctr" */
-+ 756, /* "camellia-256-ecb" */
-+ 969, /* "camellia-256-gcm" */
-+ 768, /* "camellia-256-ofb" */
-+ 443, /* "caseIgnoreIA5StringSyntax" */
-+ 108, /* "cast5-cbc" */
-+ 110, /* "cast5-cfb" */
-+ 109, /* "cast5-ecb" */
-+ 111, /* "cast5-ofb" */
-+ 152, /* "certBag" */
-+ 677, /* "certicom-arc" */
-+ 517, /* "certificate extensions" */
-+ 883, /* "certificateRevocationList" */
-+ 1019, /* "chacha20" */
-+ 1018, /* "chacha20-poly1305" */
-+ 54, /* "challengePassword" */
-+ 407, /* "characteristic-two-field" */
-+ 395, /* "clearance" */
-+ 633, /* "cleartext track 2" */
-+ 894, /* "cmac" */
-+ 13, /* "commonName" */
-+ 513, /* "content types" */
-+ 50, /* "contentType" */
-+ 53, /* "countersignature" */
-+ 14, /* "countryName" */
-+ 153, /* "crlBag" */
-+ 884, /* "crossCertificatePair" */
-+ 806, /* "cryptocom" */
-+ 805, /* "cryptopro" */
-+ 500, /* "dITRedirect" */
-+ 451, /* "dNSDomain" */
-+ 495, /* "dSAQuality" */
-+ 434, /* "data" */
-+ 390, /* "dcObject" */
-+ 891, /* "deltaRevocationList" */
-+ 31, /* "des-cbc" */
-+ 643, /* "des-cdmf" */
-+ 30, /* "des-cfb" */
-+ 656, /* "des-cfb1" */
-+ 657, /* "des-cfb8" */
-+ 29, /* "des-ecb" */
-+ 32, /* "des-ede" */
-+ 43, /* "des-ede-cbc" */
-+ 60, /* "des-ede-cfb" */
-+ 62, /* "des-ede-ofb" */
-+ 33, /* "des-ede3" */
-+ 44, /* "des-ede3-cbc" */
-+ 61, /* "des-ede3-cfb" */
-+ 658, /* "des-ede3-cfb1" */
-+ 659, /* "des-ede3-cfb8" */
-+ 63, /* "des-ede3-ofb" */
-+ 45, /* "des-ofb" */
-+ 107, /* "description" */
-+ 871, /* "destinationIndicator" */
-+ 80, /* "desx-cbc" */
-+ 947, /* "dh-cofactor-kdf" */
-+ 946, /* "dh-std-kdf" */
-+ 28, /* "dhKeyAgreement" */
-+ 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
-+ 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
-+ 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
-+ 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
-+ 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
-+ 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */
-+ 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */
-+ 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */
-+ 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */
-+ 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */
-+ 11, /* "directory services (X.500)" */
-+ 378, /* "directory services - algorithms" */
-+ 887, /* "distinguishedName" */
-+ 892, /* "dmdName" */
-+ 174, /* "dnQualifier" */
-+ 447, /* "document" */
-+ 471, /* "documentAuthor" */
-+ 468, /* "documentIdentifier" */
-+ 472, /* "documentLocation" */
-+ 502, /* "documentPublisher" */
-+ 449, /* "documentSeries" */
-+ 469, /* "documentTitle" */
-+ 470, /* "documentVersion" */
-+ 380, /* "dod" */
-+ 391, /* "domainComponent" */
-+ 452, /* "domainRelatedObject" */
-+ 116, /* "dsaEncryption" */
-+ 67, /* "dsaEncryption-old" */
-+ 66, /* "dsaWithSHA" */
-+ 113, /* "dsaWithSHA1" */
-+ 70, /* "dsaWithSHA1-old" */
-+ 802, /* "dsa_with_SHA224" */
-+ 803, /* "dsa_with_SHA256" */
-+ 297, /* "dvcs" */
-+ 791, /* "ecdsa-with-Recommended" */
-+ 416, /* "ecdsa-with-SHA1" */
-+ 793, /* "ecdsa-with-SHA224" */
-+ 794, /* "ecdsa-with-SHA256" */
-+ 795, /* "ecdsa-with-SHA384" */
-+ 796, /* "ecdsa-with-SHA512" */
-+ 792, /* "ecdsa-with-Specified" */
-+ 48, /* "emailAddress" */
-+ 632, /* "encrypted track 2" */
-+ 885, /* "enhancedSearchGuide" */
-+ 56, /* "extendedCertificateAttributes" */
-+ 867, /* "facsimileTelephoneNumber" */
-+ 462, /* "favouriteDrink" */
-+ 453, /* "friendlyCountry" */
-+ 490, /* "friendlyCountryName" */
-+ 156, /* "friendlyName" */
-+ 631, /* "generate cryptogram" */
-+ 509, /* "generationQualifier" */
-+ 601, /* "generic cryptogram" */
-+ 99, /* "givenName" */
-+ 976, /* "gost-mac-12" */
-+ 1009, /* "gost89-cbc" */
-+ 814, /* "gost89-cnt" */
-+ 975, /* "gost89-cnt-12" */
-+ 1011, /* "gost89-ctr" */
-+ 1010, /* "gost89-ecb" */
-+ 1015, /* "grasshopper-cbc" */
-+ 1016, /* "grasshopper-cfb" */
-+ 1013, /* "grasshopper-ctr" */
-+ 1012, /* "grasshopper-ecb" */
-+ 1017, /* "grasshopper-mac" */
-+ 1014, /* "grasshopper-ofb" */
-+ 1036, /* "hkdf" */
-+ 855, /* "hmac" */
-+ 780, /* "hmac-md5" */
-+ 781, /* "hmac-sha1" */
-+ 797, /* "hmacWithMD5" */
-+ 163, /* "hmacWithSHA1" */
-+ 798, /* "hmacWithSHA224" */
-+ 799, /* "hmacWithSHA256" */
-+ 800, /* "hmacWithSHA384" */
-+ 801, /* "hmacWithSHA512" */
-+ 486, /* "homePostalAddress" */
-+ 473, /* "homeTelephoneNumber" */
-+ 466, /* "host" */
-+ 889, /* "houseIdentifier" */
-+ 442, /* "iA5StringSyntax" */
-+ 381, /* "iana" */
-+ 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-+ 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-+ 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-+ 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-+ 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-+ 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-+ 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-+ 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-+ 820, /* "id-Gost28147-89-None-KeyMeshing" */
-+ 823, /* "id-Gost28147-89-TestParamSet" */
-+ 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-+ 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-+ 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-+ 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-+ 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-+ 839, /* "id-GostR3410-2001-TestParamSet" */
-+ 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-+ 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-+ 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-+ 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-+ 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-+ 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-+ 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-+ 831, /* "id-GostR3410-94-TestParamSet" */
-+ 845, /* "id-GostR3410-94-a" */
-+ 846, /* "id-GostR3410-94-aBis" */
-+ 847, /* "id-GostR3410-94-b" */
-+ 848, /* "id-GostR3410-94-bBis" */
-+ 822, /* "id-GostR3411-94-CryptoProParamSet" */
-+ 821, /* "id-GostR3411-94-TestParamSet" */
-+ 266, /* "id-aca" */
-+ 355, /* "id-aca-accessIdentity" */
-+ 354, /* "id-aca-authenticationInfo" */
-+ 356, /* "id-aca-chargingIdentity" */
-+ 399, /* "id-aca-encAttrs" */
-+ 357, /* "id-aca-group" */
-+ 358, /* "id-aca-role" */
-+ 176, /* "id-ad" */
-+ 788, /* "id-aes128-wrap" */
-+ 897, /* "id-aes128-wrap-pad" */
-+ 789, /* "id-aes192-wrap" */
-+ 900, /* "id-aes192-wrap-pad" */
-+ 790, /* "id-aes256-wrap" */
-+ 903, /* "id-aes256-wrap-pad" */
-+ 262, /* "id-alg" */
-+ 893, /* "id-alg-PWRI-KEK" */
-+ 323, /* "id-alg-des40" */
-+ 326, /* "id-alg-dh-pop" */
-+ 325, /* "id-alg-dh-sig-hmac-sha1" */
-+ 324, /* "id-alg-noSignature" */
-+ 907, /* "id-camellia128-wrap" */
-+ 908, /* "id-camellia192-wrap" */
-+ 909, /* "id-camellia256-wrap" */
-+ 268, /* "id-cct" */
-+ 361, /* "id-cct-PKIData" */
-+ 362, /* "id-cct-PKIResponse" */
-+ 360, /* "id-cct-crs" */
-+ 81, /* "id-ce" */
-+ 680, /* "id-characteristic-two-basis" */
-+ 263, /* "id-cmc" */
-+ 334, /* "id-cmc-addExtensions" */
-+ 346, /* "id-cmc-confirmCertAcceptance" */
-+ 330, /* "id-cmc-dataReturn" */
-+ 336, /* "id-cmc-decryptedPOP" */
-+ 335, /* "id-cmc-encryptedPOP" */
-+ 339, /* "id-cmc-getCRL" */
-+ 338, /* "id-cmc-getCert" */
-+ 328, /* "id-cmc-identification" */
-+ 329, /* "id-cmc-identityProof" */
-+ 337, /* "id-cmc-lraPOPWitness" */
-+ 344, /* "id-cmc-popLinkRandom" */
-+ 345, /* "id-cmc-popLinkWitness" */
-+ 343, /* "id-cmc-queryPending" */
-+ 333, /* "id-cmc-recipientNonce" */
-+ 341, /* "id-cmc-regInfo" */
-+ 342, /* "id-cmc-responseInfo" */
-+ 340, /* "id-cmc-revokeRequest" */
-+ 332, /* "id-cmc-senderNonce" */
-+ 327, /* "id-cmc-statusInfo" */
-+ 331, /* "id-cmc-transactionId" */
-+ 787, /* "id-ct-asciiTextWithCRLF" */
-+ 1060, /* "id-ct-xml" */
-+ 408, /* "id-ecPublicKey" */
-+ 508, /* "id-hex-multipart-message" */
-+ 507, /* "id-hex-partial-message" */
-+ 260, /* "id-it" */
-+ 302, /* "id-it-caKeyUpdateInfo" */
-+ 298, /* "id-it-caProtEncCert" */
-+ 311, /* "id-it-confirmWaitTime" */
-+ 303, /* "id-it-currentCRL" */
-+ 300, /* "id-it-encKeyPairTypes" */
-+ 310, /* "id-it-implicitConfirm" */
-+ 308, /* "id-it-keyPairParamRep" */
-+ 307, /* "id-it-keyPairParamReq" */
-+ 312, /* "id-it-origPKIMessage" */
-+ 301, /* "id-it-preferredSymmAlg" */
-+ 309, /* "id-it-revPassphrase" */
-+ 299, /* "id-it-signKeyPairTypes" */
-+ 305, /* "id-it-subscriptionRequest" */
-+ 306, /* "id-it-subscriptionResponse" */
-+ 784, /* "id-it-suppLangTags" */
-+ 304, /* "id-it-unsupportedOIDs" */
-+ 128, /* "id-kp" */
-+ 280, /* "id-mod-attribute-cert" */
-+ 274, /* "id-mod-cmc" */
-+ 277, /* "id-mod-cmp" */
-+ 284, /* "id-mod-cmp2000" */
-+ 273, /* "id-mod-crmf" */
-+ 283, /* "id-mod-dvcs" */
-+ 275, /* "id-mod-kea-profile-88" */
-+ 276, /* "id-mod-kea-profile-93" */
-+ 282, /* "id-mod-ocsp" */
-+ 278, /* "id-mod-qualified-cert-88" */
-+ 279, /* "id-mod-qualified-cert-93" */
-+ 281, /* "id-mod-timestamp-protocol" */
-+ 264, /* "id-on" */
-+ 347, /* "id-on-personalData" */
-+ 265, /* "id-pda" */
-+ 352, /* "id-pda-countryOfCitizenship" */
-+ 353, /* "id-pda-countryOfResidence" */
-+ 348, /* "id-pda-dateOfBirth" */
-+ 351, /* "id-pda-gender" */
-+ 349, /* "id-pda-placeOfBirth" */
-+ 175, /* "id-pe" */
-+ 1031, /* "id-pkinit" */
-+ 261, /* "id-pkip" */
-+ 258, /* "id-pkix-mod" */
-+ 269, /* "id-pkix1-explicit-88" */
-+ 271, /* "id-pkix1-explicit-93" */
-+ 270, /* "id-pkix1-implicit-88" */
-+ 272, /* "id-pkix1-implicit-93" */
-+ 662, /* "id-ppl" */
-+ 267, /* "id-qcs" */
-+ 359, /* "id-qcs-pkixQCSyntax-v1" */
-+ 259, /* "id-qt" */
-+ 313, /* "id-regCtrl" */
-+ 316, /* "id-regCtrl-authenticator" */
-+ 319, /* "id-regCtrl-oldCertID" */
-+ 318, /* "id-regCtrl-pkiArchiveOptions" */
-+ 317, /* "id-regCtrl-pkiPublicationInfo" */
-+ 320, /* "id-regCtrl-protocolEncrKey" */
-+ 315, /* "id-regCtrl-regToken" */
-+ 314, /* "id-regInfo" */
-+ 322, /* "id-regInfo-certReq" */
-+ 321, /* "id-regInfo-utf8Pairs" */
-+ 973, /* "id-scrypt" */
-+ 191, /* "id-smime-aa" */
-+ 215, /* "id-smime-aa-contentHint" */
-+ 218, /* "id-smime-aa-contentIdentifier" */
-+ 221, /* "id-smime-aa-contentReference" */
-+ 240, /* "id-smime-aa-dvcs-dvc" */
-+ 217, /* "id-smime-aa-encapContentType" */
-+ 222, /* "id-smime-aa-encrypKeyPref" */
-+ 220, /* "id-smime-aa-equivalentLabels" */
-+ 232, /* "id-smime-aa-ets-CertificateRefs" */
-+ 233, /* "id-smime-aa-ets-RevocationRefs" */
-+ 238, /* "id-smime-aa-ets-archiveTimeStamp" */
-+ 237, /* "id-smime-aa-ets-certCRLTimestamp" */
-+ 234, /* "id-smime-aa-ets-certValues" */
-+ 227, /* "id-smime-aa-ets-commitmentType" */
-+ 231, /* "id-smime-aa-ets-contentTimestamp" */
-+ 236, /* "id-smime-aa-ets-escTimeStamp" */
-+ 230, /* "id-smime-aa-ets-otherSigCert" */
-+ 235, /* "id-smime-aa-ets-revocationValues" */
-+ 226, /* "id-smime-aa-ets-sigPolicyId" */
-+ 229, /* "id-smime-aa-ets-signerAttr" */
-+ 228, /* "id-smime-aa-ets-signerLocation" */
-+ 219, /* "id-smime-aa-macValue" */
-+ 214, /* "id-smime-aa-mlExpandHistory" */
-+ 216, /* "id-smime-aa-msgSigDigest" */
-+ 212, /* "id-smime-aa-receiptRequest" */
-+ 213, /* "id-smime-aa-securityLabel" */
-+ 239, /* "id-smime-aa-signatureType" */
-+ 223, /* "id-smime-aa-signingCertificate" */
-+ 224, /* "id-smime-aa-smimeEncryptCerts" */
-+ 225, /* "id-smime-aa-timeStampToken" */
-+ 192, /* "id-smime-alg" */
-+ 243, /* "id-smime-alg-3DESwrap" */
-+ 246, /* "id-smime-alg-CMS3DESwrap" */
-+ 247, /* "id-smime-alg-CMSRC2wrap" */
-+ 245, /* "id-smime-alg-ESDH" */
-+ 241, /* "id-smime-alg-ESDHwith3DES" */
-+ 242, /* "id-smime-alg-ESDHwithRC2" */
-+ 244, /* "id-smime-alg-RC2wrap" */
-+ 193, /* "id-smime-cd" */
-+ 248, /* "id-smime-cd-ldap" */
-+ 190, /* "id-smime-ct" */
-+ 210, /* "id-smime-ct-DVCSRequestData" */
-+ 211, /* "id-smime-ct-DVCSResponseData" */
-+ 208, /* "id-smime-ct-TDTInfo" */
-+ 207, /* "id-smime-ct-TSTInfo" */
-+ 205, /* "id-smime-ct-authData" */
-+ 1059, /* "id-smime-ct-authEnvelopedData" */
-+ 786, /* "id-smime-ct-compressedData" */
-+ 1058, /* "id-smime-ct-contentCollection" */
-+ 209, /* "id-smime-ct-contentInfo" */
-+ 206, /* "id-smime-ct-publishCert" */
-+ 204, /* "id-smime-ct-receipt" */
-+ 195, /* "id-smime-cti" */
-+ 255, /* "id-smime-cti-ets-proofOfApproval" */
-+ 256, /* "id-smime-cti-ets-proofOfCreation" */
-+ 253, /* "id-smime-cti-ets-proofOfDelivery" */
-+ 251, /* "id-smime-cti-ets-proofOfOrigin" */
-+ 252, /* "id-smime-cti-ets-proofOfReceipt" */
-+ 254, /* "id-smime-cti-ets-proofOfSender" */
-+ 189, /* "id-smime-mod" */
-+ 196, /* "id-smime-mod-cms" */
-+ 197, /* "id-smime-mod-ess" */
-+ 202, /* "id-smime-mod-ets-eSigPolicy-88" */
-+ 203, /* "id-smime-mod-ets-eSigPolicy-97" */
-+ 200, /* "id-smime-mod-ets-eSignature-88" */
-+ 201, /* "id-smime-mod-ets-eSignature-97" */
-+ 199, /* "id-smime-mod-msg-v3" */
-+ 198, /* "id-smime-mod-oid" */
-+ 194, /* "id-smime-spq" */
-+ 250, /* "id-smime-spq-ets-sqt-unotice" */
-+ 249, /* "id-smime-spq-ets-sqt-uri" */
-+ 974, /* "id-tc26" */
-+ 991, /* "id-tc26-agreement" */
-+ 992, /* "id-tc26-agreement-gost-3410-2012-256" */
-+ 993, /* "id-tc26-agreement-gost-3410-2012-512" */
-+ 977, /* "id-tc26-algorithms" */
-+ 990, /* "id-tc26-cipher" */
-+ 1001, /* "id-tc26-cipher-constants" */
-+ 994, /* "id-tc26-constants" */
-+ 981, /* "id-tc26-digest" */
-+ 1000, /* "id-tc26-digest-constants" */
-+ 1002, /* "id-tc26-gost-28147-constants" */
-+ 996, /* "id-tc26-gost-3410-2012-512-constants" */
-+ 987, /* "id-tc26-mac" */
-+ 978, /* "id-tc26-sign" */
-+ 995, /* "id-tc26-sign-constants" */
-+ 984, /* "id-tc26-signwithdigest" */
-+ 34, /* "idea-cbc" */
-+ 35, /* "idea-cfb" */
-+ 36, /* "idea-ecb" */
-+ 46, /* "idea-ofb" */
-+ 676, /* "identified-organization" */
-+ 461, /* "info" */
-+ 101, /* "initials" */
-+ 869, /* "internationaliSDNNumber" */
-+ 1022, /* "ipsec Internet Key Exchange" */
-+ 749, /* "ipsec3" */
-+ 750, /* "ipsec4" */
-+ 181, /* "iso" */
-+ 623, /* "issuer capabilities" */
-+ 645, /* "itu-t" */
-+ 492, /* "janetMailbox" */
-+ 646, /* "joint-iso-itu-t" */
-+ 957, /* "jurisdictionCountryName" */
-+ 955, /* "jurisdictionLocalityName" */
-+ 956, /* "jurisdictionStateOrProvinceName" */
-+ 150, /* "keyBag" */
-+ 773, /* "kisa" */
-+ 1039, /* "kx-dhe" */
-+ 1041, /* "kx-dhe-psk" */
-+ 1038, /* "kx-ecdhe" */
-+ 1040, /* "kx-ecdhe-psk" */
-+ 1045, /* "kx-gost" */
-+ 1043, /* "kx-psk" */
-+ 1037, /* "kx-rsa" */
-+ 1042, /* "kx-rsa-psk" */
-+ 1044, /* "kx-srp" */
-+ 477, /* "lastModifiedBy" */
-+ 476, /* "lastModifiedTime" */
-+ 157, /* "localKeyID" */
-+ 15, /* "localityName" */
-+ 480, /* "mXRecord" */
-+ 493, /* "mailPreferenceOption" */
-+ 467, /* "manager" */
-+ 3, /* "md2" */
-+ 7, /* "md2WithRSAEncryption" */
-+ 257, /* "md4" */
-+ 396, /* "md4WithRSAEncryption" */
-+ 4, /* "md5" */
-+ 114, /* "md5-sha1" */
-+ 104, /* "md5WithRSA" */
-+ 8, /* "md5WithRSAEncryption" */
-+ 95, /* "mdc2" */
-+ 96, /* "mdc2WithRSA" */
-+ 875, /* "member" */
-+ 602, /* "merchant initiated auth" */
-+ 514, /* "message extensions" */
-+ 51, /* "messageDigest" */
-+ 911, /* "mgf1" */
-+ 506, /* "mime-mhs-bodies" */
-+ 505, /* "mime-mhs-headings" */
-+ 488, /* "mobileTelephoneNumber" */
-+ 481, /* "nSRecord" */
-+ 173, /* "name" */
-+ 681, /* "onBasis" */
-+ 379, /* "org" */
-+ 17, /* "organizationName" */
-+ 491, /* "organizationalStatus" */
-+ 18, /* "organizationalUnitName" */
-+ 475, /* "otherMailbox" */
-+ 876, /* "owner" */
-+ 935, /* "pSpecified" */
-+ 489, /* "pagerTelephoneNumber" */
-+ 782, /* "password based MAC" */
-+ 374, /* "path" */
-+ 621, /* "payment gateway capabilities" */
-+ 9, /* "pbeWithMD2AndDES-CBC" */
-+ 168, /* "pbeWithMD2AndRC2-CBC" */
-+ 112, /* "pbeWithMD5AndCast5CBC" */
-+ 10, /* "pbeWithMD5AndDES-CBC" */
-+ 169, /* "pbeWithMD5AndRC2-CBC" */
-+ 148, /* "pbeWithSHA1And128BitRC2-CBC" */
-+ 144, /* "pbeWithSHA1And128BitRC4" */
-+ 147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-+ 146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-+ 149, /* "pbeWithSHA1And40BitRC2-CBC" */
-+ 145, /* "pbeWithSHA1And40BitRC4" */
-+ 170, /* "pbeWithSHA1AndDES-CBC" */
-+ 68, /* "pbeWithSHA1AndRC2-CBC" */
-+ 499, /* "personalSignature" */
-+ 487, /* "personalTitle" */
-+ 464, /* "photo" */
-+ 863, /* "physicalDeliveryOfficeName" */
-+ 437, /* "pilot" */
-+ 439, /* "pilotAttributeSyntax" */
-+ 438, /* "pilotAttributeType" */
-+ 479, /* "pilotAttributeType27" */
-+ 456, /* "pilotDSA" */
-+ 441, /* "pilotGroups" */
-+ 444, /* "pilotObject" */
-+ 440, /* "pilotObjectClass" */
-+ 455, /* "pilotOrganization" */
-+ 445, /* "pilotPerson" */
-+ 186, /* "pkcs1" */
-+ 27, /* "pkcs3" */
-+ 187, /* "pkcs5" */
-+ 20, /* "pkcs7" */
-+ 21, /* "pkcs7-data" */
-+ 25, /* "pkcs7-digestData" */
-+ 26, /* "pkcs7-encryptedData" */
-+ 23, /* "pkcs7-envelopedData" */
-+ 24, /* "pkcs7-signedAndEnvelopedData" */
-+ 22, /* "pkcs7-signedData" */
-+ 151, /* "pkcs8ShroudedKeyBag" */
-+ 47, /* "pkcs9" */
-+ 862, /* "postOfficeBox" */
-+ 861, /* "postalAddress" */
-+ 661, /* "postalCode" */
-+ 683, /* "ppBasis" */
-+ 872, /* "preferredDeliveryMethod" */
-+ 873, /* "presentationAddress" */
-+ 406, /* "prime-field" */
-+ 409, /* "prime192v1" */
-+ 410, /* "prime192v2" */
-+ 411, /* "prime192v3" */
-+ 412, /* "prime239v1" */
-+ 413, /* "prime239v2" */
-+ 414, /* "prime239v3" */
-+ 415, /* "prime256v1" */
-+ 886, /* "protocolInformation" */
-+ 510, /* "pseudonym" */
-+ 435, /* "pss" */
-+ 286, /* "qcStatements" */
-+ 457, /* "qualityLabelledData" */
-+ 450, /* "rFC822localPart" */
-+ 98, /* "rc2-40-cbc" */
-+ 166, /* "rc2-64-cbc" */
-+ 37, /* "rc2-cbc" */
-+ 39, /* "rc2-cfb" */
-+ 38, /* "rc2-ecb" */
-+ 40, /* "rc2-ofb" */
-+ 5, /* "rc4" */
-+ 97, /* "rc4-40" */
-+ 915, /* "rc4-hmac-md5" */
-+ 120, /* "rc5-cbc" */
-+ 122, /* "rc5-cfb" */
-+ 121, /* "rc5-ecb" */
-+ 123, /* "rc5-ofb" */
-+ 870, /* "registeredAddress" */
-+ 460, /* "rfc822Mailbox" */
-+ 117, /* "ripemd160" */
-+ 119, /* "ripemd160WithRSA" */
-+ 400, /* "role" */
-+ 877, /* "roleOccupant" */
-+ 448, /* "room" */
-+ 463, /* "roomNumber" */
-+ 19, /* "rsa" */
-+ 6, /* "rsaEncryption" */
-+ 644, /* "rsaOAEPEncryptionSET" */
-+ 377, /* "rsaSignature" */
-+ 919, /* "rsaesOaep" */
-+ 912, /* "rsassaPss" */
-+ 482, /* "sOARecord" */
-+ 155, /* "safeContentsBag" */
-+ 291, /* "sbgp-autonomousSysNum" */
-+ 290, /* "sbgp-ipAddrBlock" */
-+ 292, /* "sbgp-routerIdentifier" */
-+ 159, /* "sdsiCertificate" */
-+ 859, /* "searchGuide" */
-+ 704, /* "secp112r1" */
-+ 705, /* "secp112r2" */
-+ 706, /* "secp128r1" */
-+ 707, /* "secp128r2" */
-+ 708, /* "secp160k1" */
-+ 709, /* "secp160r1" */
-+ 710, /* "secp160r2" */
-+ 711, /* "secp192k1" */
-+ 712, /* "secp224k1" */
-+ 713, /* "secp224r1" */
-+ 714, /* "secp256k1" */
-+ 715, /* "secp384r1" */
-+ 716, /* "secp521r1" */
-+ 154, /* "secretBag" */
-+ 474, /* "secretary" */
-+ 717, /* "sect113r1" */
-+ 718, /* "sect113r2" */
-+ 719, /* "sect131r1" */
-+ 720, /* "sect131r2" */
-+ 721, /* "sect163k1" */
-+ 722, /* "sect163r1" */
-+ 723, /* "sect163r2" */
-+ 724, /* "sect193r1" */
-+ 725, /* "sect193r2" */
-+ 726, /* "sect233k1" */
-+ 727, /* "sect233r1" */
-+ 728, /* "sect239k1" */
-+ 729, /* "sect283k1" */
-+ 730, /* "sect283r1" */
-+ 731, /* "sect409k1" */
-+ 732, /* "sect409r1" */
-+ 733, /* "sect571k1" */
-+ 734, /* "sect571r1" */
-+ 635, /* "secure device signature" */
-+ 878, /* "seeAlso" */
-+ 777, /* "seed-cbc" */
-+ 779, /* "seed-cfb" */
-+ 776, /* "seed-ecb" */
-+ 778, /* "seed-ofb" */
-+ 105, /* "serialNumber" */
-+ 625, /* "set-addPolicy" */
-+ 515, /* "set-attr" */
-+ 518, /* "set-brand" */
-+ 638, /* "set-brand-AmericanExpress" */
-+ 637, /* "set-brand-Diners" */
-+ 636, /* "set-brand-IATA-ATA" */
-+ 639, /* "set-brand-JCB" */
-+ 641, /* "set-brand-MasterCard" */
-+ 642, /* "set-brand-Novus" */
-+ 640, /* "set-brand-Visa" */
-+ 516, /* "set-policy" */
-+ 607, /* "set-policy-root" */
-+ 624, /* "set-rootKeyThumb" */
-+ 620, /* "setAttr-Cert" */
-+ 628, /* "setAttr-IssCap-CVM" */
-+ 630, /* "setAttr-IssCap-Sig" */
-+ 629, /* "setAttr-IssCap-T2" */
-+ 627, /* "setAttr-Token-B0Prime" */
-+ 626, /* "setAttr-Token-EMV" */
-+ 622, /* "setAttr-TokenType" */
-+ 619, /* "setCext-IssuerCapabilities" */
-+ 615, /* "setCext-PGWYcapabilities" */
-+ 616, /* "setCext-TokenIdentifier" */
-+ 618, /* "setCext-TokenType" */
-+ 617, /* "setCext-Track2Data" */
-+ 611, /* "setCext-cCertRequired" */
-+ 609, /* "setCext-certType" */
-+ 608, /* "setCext-hashedRoot" */
-+ 610, /* "setCext-merchData" */
-+ 613, /* "setCext-setExt" */
-+ 614, /* "setCext-setQualf" */
-+ 612, /* "setCext-tunneling" */
-+ 540, /* "setct-AcqCardCodeMsg" */
-+ 576, /* "setct-AcqCardCodeMsgTBE" */
-+ 570, /* "setct-AuthReqTBE" */
-+ 534, /* "setct-AuthReqTBS" */
-+ 527, /* "setct-AuthResBaggage" */
-+ 571, /* "setct-AuthResTBE" */
-+ 572, /* "setct-AuthResTBEX" */
-+ 535, /* "setct-AuthResTBS" */
-+ 536, /* "setct-AuthResTBSX" */
-+ 528, /* "setct-AuthRevReqBaggage" */
-+ 577, /* "setct-AuthRevReqTBE" */
-+ 541, /* "setct-AuthRevReqTBS" */
-+ 529, /* "setct-AuthRevResBaggage" */
-+ 542, /* "setct-AuthRevResData" */
-+ 578, /* "setct-AuthRevResTBE" */
-+ 579, /* "setct-AuthRevResTBEB" */
-+ 543, /* "setct-AuthRevResTBS" */
-+ 573, /* "setct-AuthTokenTBE" */
-+ 537, /* "setct-AuthTokenTBS" */
-+ 600, /* "setct-BCIDistributionTBS" */
-+ 558, /* "setct-BatchAdminReqData" */
-+ 592, /* "setct-BatchAdminReqTBE" */
-+ 559, /* "setct-BatchAdminResData" */
-+ 593, /* "setct-BatchAdminResTBE" */
-+ 599, /* "setct-CRLNotificationResTBS" */
-+ 598, /* "setct-CRLNotificationTBS" */
-+ 580, /* "setct-CapReqTBE" */
-+ 581, /* "setct-CapReqTBEX" */
-+ 544, /* "setct-CapReqTBS" */
-+ 545, /* "setct-CapReqTBSX" */
-+ 546, /* "setct-CapResData" */
-+ 582, /* "setct-CapResTBE" */
-+ 583, /* "setct-CapRevReqTBE" */
-+ 584, /* "setct-CapRevReqTBEX" */
-+ 547, /* "setct-CapRevReqTBS" */
-+ 548, /* "setct-CapRevReqTBSX" */
-+ 549, /* "setct-CapRevResData" */
-+ 585, /* "setct-CapRevResTBE" */
-+ 538, /* "setct-CapTokenData" */
-+ 530, /* "setct-CapTokenSeq" */
-+ 574, /* "setct-CapTokenTBE" */
-+ 575, /* "setct-CapTokenTBEX" */
-+ 539, /* "setct-CapTokenTBS" */
-+ 560, /* "setct-CardCInitResTBS" */
-+ 566, /* "setct-CertInqReqTBS" */
-+ 563, /* "setct-CertReqData" */
-+ 595, /* "setct-CertReqTBE" */
-+ 596, /* "setct-CertReqTBEX" */
-+ 564, /* "setct-CertReqTBS" */
-+ 565, /* "setct-CertResData" */
-+ 597, /* "setct-CertResTBE" */
-+ 586, /* "setct-CredReqTBE" */
-+ 587, /* "setct-CredReqTBEX" */
-+ 550, /* "setct-CredReqTBS" */
-+ 551, /* "setct-CredReqTBSX" */
-+ 552, /* "setct-CredResData" */
-+ 588, /* "setct-CredResTBE" */
-+ 589, /* "setct-CredRevReqTBE" */
-+ 590, /* "setct-CredRevReqTBEX" */
-+ 553, /* "setct-CredRevReqTBS" */
-+ 554, /* "setct-CredRevReqTBSX" */
-+ 555, /* "setct-CredRevResData" */
-+ 591, /* "setct-CredRevResTBE" */
-+ 567, /* "setct-ErrorTBS" */
-+ 526, /* "setct-HODInput" */
-+ 561, /* "setct-MeAqCInitResTBS" */
-+ 522, /* "setct-OIData" */
-+ 519, /* "setct-PANData" */
-+ 521, /* "setct-PANOnly" */
-+ 520, /* "setct-PANToken" */
-+ 556, /* "setct-PCertReqData" */
-+ 557, /* "setct-PCertResTBS" */
-+ 523, /* "setct-PI" */
-+ 532, /* "setct-PI-TBS" */
-+ 524, /* "setct-PIData" */
-+ 525, /* "setct-PIDataUnsigned" */
-+ 568, /* "setct-PIDualSignedTBE" */
-+ 569, /* "setct-PIUnsignedTBE" */
-+ 531, /* "setct-PInitResData" */
-+ 533, /* "setct-PResData" */
-+ 594, /* "setct-RegFormReqTBE" */
-+ 562, /* "setct-RegFormResTBS" */
-+ 604, /* "setext-pinAny" */
-+ 603, /* "setext-pinSecure" */
-+ 605, /* "setext-track2" */
-+ 41, /* "sha" */
-+ 64, /* "sha1" */
-+ 115, /* "sha1WithRSA" */
-+ 65, /* "sha1WithRSAEncryption" */
-+ 675, /* "sha224" */
-+ 671, /* "sha224WithRSAEncryption" */
-+ 672, /* "sha256" */
-+ 668, /* "sha256WithRSAEncryption" */
-+ 673, /* "sha384" */
-+ 669, /* "sha384WithRSAEncryption" */
-+ 674, /* "sha512" */
-+ 670, /* "sha512WithRSAEncryption" */
-+ 42, /* "shaWithRSAEncryption" */
-+ 52, /* "signingTime" */
-+ 454, /* "simpleSecurityObject" */
-+ 496, /* "singleLevelQuality" */
-+ 16, /* "stateOrProvinceName" */
-+ 660, /* "streetAddress" */
-+ 498, /* "subtreeMaximumQuality" */
-+ 497, /* "subtreeMinimumQuality" */
-+ 890, /* "supportedAlgorithms" */
-+ 874, /* "supportedApplicationContext" */
-+ 100, /* "surname" */
-+ 864, /* "telephoneNumber" */
-+ 866, /* "teletexTerminalIdentifier" */
-+ 865, /* "telexNumber" */
-+ 459, /* "textEncodedORAddress" */
-+ 293, /* "textNotice" */
-+ 106, /* "title" */
-+ 1021, /* "tls1-prf" */
-+ 682, /* "tpBasis" */
-+ 436, /* "ucl" */
-+ 0, /* "undefined" */
-+ 102, /* "uniqueIdentifier" */
-+ 888, /* "uniqueMember" */
-+ 55, /* "unstructuredAddress" */
-+ 49, /* "unstructuredName" */
-+ 880, /* "userCertificate" */
-+ 465, /* "userClass" */
-+ 458, /* "userId" */
-+ 879, /* "userPassword" */
-+ 373, /* "valid" */
-+ 678, /* "wap" */
-+ 679, /* "wap-wsg" */
-+ 735, /* "wap-wsg-idm-ecid-wtls1" */
-+ 743, /* "wap-wsg-idm-ecid-wtls10" */
-+ 744, /* "wap-wsg-idm-ecid-wtls11" */
-+ 745, /* "wap-wsg-idm-ecid-wtls12" */
-+ 736, /* "wap-wsg-idm-ecid-wtls3" */
-+ 737, /* "wap-wsg-idm-ecid-wtls4" */
-+ 738, /* "wap-wsg-idm-ecid-wtls5" */
-+ 739, /* "wap-wsg-idm-ecid-wtls6" */
-+ 740, /* "wap-wsg-idm-ecid-wtls7" */
-+ 741, /* "wap-wsg-idm-ecid-wtls8" */
-+ 742, /* "wap-wsg-idm-ecid-wtls9" */
-+ 804, /* "whirlpool" */
-+ 868, /* "x121Address" */
-+ 503, /* "x500UniqueIdentifier" */
-+ 158, /* "x509Certificate" */
-+ 160, /* "x509Crl" */
-+ 125, /* "zlib compression" */
- };
-
--static const unsigned int obj_objs[NUM_OBJ]={
-- 0, /* OBJ_undef 0 */
--181, /* OBJ_iso 1 */
--393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */
--404, /* OBJ_ccitt OBJ_itu_t */
--645, /* OBJ_itu_t 0 */
--646, /* OBJ_joint_iso_itu_t 2 */
--434, /* OBJ_data 0 9 */
--182, /* OBJ_member_body 1 2 */
--379, /* OBJ_org 1 3 */
--676, /* OBJ_identified_organization 1 3 */
--11, /* OBJ_X500 2 5 */
--647, /* OBJ_international_organizations 2 23 */
--380, /* OBJ_dod 1 3 6 */
--12, /* OBJ_X509 2 5 4 */
--378, /* OBJ_X500algorithms 2 5 8 */
--81, /* OBJ_id_ce 2 5 29 */
--512, /* OBJ_id_set 2 23 42 */
--678, /* OBJ_wap 2 23 43 */
--435, /* OBJ_pss 0 9 2342 */
--183, /* OBJ_ISO_US 1 2 840 */
--381, /* OBJ_iana 1 3 6 1 */
--677, /* OBJ_certicom_arc 1 3 132 */
--394, /* OBJ_selected_attribute_types 2 5 1 5 */
--13, /* OBJ_commonName 2 5 4 3 */
--100, /* OBJ_surname 2 5 4 4 */
--105, /* OBJ_serialNumber 2 5 4 5 */
--14, /* OBJ_countryName 2 5 4 6 */
--15, /* OBJ_localityName 2 5 4 7 */
--16, /* OBJ_stateOrProvinceName 2 5 4 8 */
--660, /* OBJ_streetAddress 2 5 4 9 */
--17, /* OBJ_organizationName 2 5 4 10 */
--18, /* OBJ_organizationalUnitName 2 5 4 11 */
--106, /* OBJ_title 2 5 4 12 */
--107, /* OBJ_description 2 5 4 13 */
--859, /* OBJ_searchGuide 2 5 4 14 */
--860, /* OBJ_businessCategory 2 5 4 15 */
--861, /* OBJ_postalAddress 2 5 4 16 */
--661, /* OBJ_postalCode 2 5 4 17 */
--862, /* OBJ_postOfficeBox 2 5 4 18 */
--863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */
--864, /* OBJ_telephoneNumber 2 5 4 20 */
--865, /* OBJ_telexNumber 2 5 4 21 */
--866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */
--867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */
--868, /* OBJ_x121Address 2 5 4 24 */
--869, /* OBJ_internationaliSDNNumber 2 5 4 25 */
--870, /* OBJ_registeredAddress 2 5 4 26 */
--871, /* OBJ_destinationIndicator 2 5 4 27 */
--872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */
--873, /* OBJ_presentationAddress 2 5 4 29 */
--874, /* OBJ_supportedApplicationContext 2 5 4 30 */
--875, /* OBJ_member 2 5 4 31 */
--876, /* OBJ_owner 2 5 4 32 */
--877, /* OBJ_roleOccupant 2 5 4 33 */
--878, /* OBJ_seeAlso 2 5 4 34 */
--879, /* OBJ_userPassword 2 5 4 35 */
--880, /* OBJ_userCertificate 2 5 4 36 */
--881, /* OBJ_cACertificate 2 5 4 37 */
--882, /* OBJ_authorityRevocationList 2 5 4 38 */
--883, /* OBJ_certificateRevocationList 2 5 4 39 */
--884, /* OBJ_crossCertificatePair 2 5 4 40 */
--173, /* OBJ_name 2 5 4 41 */
--99, /* OBJ_givenName 2 5 4 42 */
--101, /* OBJ_initials 2 5 4 43 */
--509, /* OBJ_generationQualifier 2 5 4 44 */
--503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */
--174, /* OBJ_dnQualifier 2 5 4 46 */
--885, /* OBJ_enhancedSearchGuide 2 5 4 47 */
--886, /* OBJ_protocolInformation 2 5 4 48 */
--887, /* OBJ_distinguishedName 2 5 4 49 */
--888, /* OBJ_uniqueMember 2 5 4 50 */
--889, /* OBJ_houseIdentifier 2 5 4 51 */
--890, /* OBJ_supportedAlgorithms 2 5 4 52 */
--891, /* OBJ_deltaRevocationList 2 5 4 53 */
--892, /* OBJ_dmdName 2 5 4 54 */
--510, /* OBJ_pseudonym 2 5 4 65 */
--400, /* OBJ_role 2 5 4 72 */
--769, /* OBJ_subject_directory_attributes 2 5 29 9 */
--82, /* OBJ_subject_key_identifier 2 5 29 14 */
--83, /* OBJ_key_usage 2 5 29 15 */
--84, /* OBJ_private_key_usage_period 2 5 29 16 */
--85, /* OBJ_subject_alt_name 2 5 29 17 */
--86, /* OBJ_issuer_alt_name 2 5 29 18 */
--87, /* OBJ_basic_constraints 2 5 29 19 */
--88, /* OBJ_crl_number 2 5 29 20 */
--141, /* OBJ_crl_reason 2 5 29 21 */
--430, /* OBJ_hold_instruction_code 2 5 29 23 */
--142, /* OBJ_invalidity_date 2 5 29 24 */
--140, /* OBJ_delta_crl 2 5 29 27 */
--770, /* OBJ_issuing_distribution_point 2 5 29 28 */
--771, /* OBJ_certificate_issuer 2 5 29 29 */
--666, /* OBJ_name_constraints 2 5 29 30 */
--103, /* OBJ_crl_distribution_points 2 5 29 31 */
--89, /* OBJ_certificate_policies 2 5 29 32 */
--747, /* OBJ_policy_mappings 2 5 29 33 */
--90, /* OBJ_authority_key_identifier 2 5 29 35 */
--401, /* OBJ_policy_constraints 2 5 29 36 */
--126, /* OBJ_ext_key_usage 2 5 29 37 */
--857, /* OBJ_freshest_crl 2 5 29 46 */
--748, /* OBJ_inhibit_any_policy 2 5 29 54 */
--402, /* OBJ_target_information 2 5 29 55 */
--403, /* OBJ_no_rev_avail 2 5 29 56 */
--513, /* OBJ_set_ctype 2 23 42 0 */
--514, /* OBJ_set_msgExt 2 23 42 1 */
--515, /* OBJ_set_attr 2 23 42 3 */
--516, /* OBJ_set_policy 2 23 42 5 */
--517, /* OBJ_set_certExt 2 23 42 7 */
--518, /* OBJ_set_brand 2 23 42 8 */
--679, /* OBJ_wap_wsg 2 23 43 1 */
--382, /* OBJ_Directory 1 3 6 1 1 */
--383, /* OBJ_Management 1 3 6 1 2 */
--384, /* OBJ_Experimental 1 3 6 1 3 */
--385, /* OBJ_Private 1 3 6 1 4 */
--386, /* OBJ_Security 1 3 6 1 5 */
--387, /* OBJ_SNMPv2 1 3 6 1 6 */
--388, /* OBJ_Mail 1 3 6 1 7 */
--376, /* OBJ_algorithm 1 3 14 3 2 */
--395, /* OBJ_clearance 2 5 1 5 55 */
--19, /* OBJ_rsa 2 5 8 1 1 */
--96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */
--95, /* OBJ_mdc2 2 5 8 3 101 */
--746, /* OBJ_any_policy 2 5 29 32 0 */
--910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */
--519, /* OBJ_setct_PANData 2 23 42 0 0 */
--520, /* OBJ_setct_PANToken 2 23 42 0 1 */
--521, /* OBJ_setct_PANOnly 2 23 42 0 2 */
--522, /* OBJ_setct_OIData 2 23 42 0 3 */
--523, /* OBJ_setct_PI 2 23 42 0 4 */
--524, /* OBJ_setct_PIData 2 23 42 0 5 */
--525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */
--526, /* OBJ_setct_HODInput 2 23 42 0 7 */
--527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */
--528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */
--529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */
--530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */
--531, /* OBJ_setct_PInitResData 2 23 42 0 12 */
--532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */
--533, /* OBJ_setct_PResData 2 23 42 0 14 */
--534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */
--535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */
--536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */
--537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */
--538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */
--539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */
--540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */
--541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */
--542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */
--543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */
--544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */
--545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */
--546, /* OBJ_setct_CapResData 2 23 42 0 28 */
--547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */
--548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */
--549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */
--550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */
--551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */
--552, /* OBJ_setct_CredResData 2 23 42 0 34 */
--553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */
--554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */
--555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */
--556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */
--557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */
--558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */
--559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */
--560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */
--561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */
--562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */
--563, /* OBJ_setct_CertReqData 2 23 42 0 45 */
--564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */
--565, /* OBJ_setct_CertResData 2 23 42 0 47 */
--566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */
--567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */
--568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */
--569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */
--570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */
--571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */
--572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */
--573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */
--574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */
--575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */
--576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */
--577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */
--578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */
--579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */
--580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */
--581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */
--582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */
--583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */
--584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */
--585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */
--586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */
--587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */
--588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */
--589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */
--590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */
--591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */
--592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */
--593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */
--594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */
--595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */
--596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */
--597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */
--598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */
--599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */
--600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */
--601, /* OBJ_setext_genCrypt 2 23 42 1 1 */
--602, /* OBJ_setext_miAuth 2 23 42 1 3 */
--603, /* OBJ_setext_pinSecure 2 23 42 1 4 */
--604, /* OBJ_setext_pinAny 2 23 42 1 5 */
--605, /* OBJ_setext_track2 2 23 42 1 7 */
--606, /* OBJ_setext_cv 2 23 42 1 8 */
--620, /* OBJ_setAttr_Cert 2 23 42 3 0 */
--621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */
--622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */
--623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */
--607, /* OBJ_set_policy_root 2 23 42 5 0 */
--608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */
--609, /* OBJ_setCext_certType 2 23 42 7 1 */
--610, /* OBJ_setCext_merchData 2 23 42 7 2 */
--611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */
--612, /* OBJ_setCext_tunneling 2 23 42 7 4 */
--613, /* OBJ_setCext_setExt 2 23 42 7 5 */
--614, /* OBJ_setCext_setQualf 2 23 42 7 6 */
--615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */
--616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */
--617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */
--618, /* OBJ_setCext_TokenType 2 23 42 7 10 */
--619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */
--636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */
--640, /* OBJ_set_brand_Visa 2 23 42 8 4 */
--641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */
--637, /* OBJ_set_brand_Diners 2 23 42 8 30 */
--638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */
--639, /* OBJ_set_brand_JCB 2 23 42 8 35 */
--805, /* OBJ_cryptopro 1 2 643 2 2 */
--806, /* OBJ_cryptocom 1 2 643 2 9 */
--974, /* OBJ_id_tc26 1 2 643 7 1 */
--1005, /* OBJ_OGRN 1 2 643 100 1 */
--1006, /* OBJ_SNILS 1 2 643 100 3 */
--1007, /* OBJ_subjectSignTool 1 2 643 100 111 */
--1008, /* OBJ_issuerSignTool 1 2 643 100 112 */
--184, /* OBJ_X9_57 1 2 840 10040 */
--405, /* OBJ_ansi_X9_62 1 2 840 10045 */
--389, /* OBJ_Enterprises 1 3 6 1 4 1 */
--504, /* OBJ_mime_mhs 1 3 6 1 7 1 */
--104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */
--29, /* OBJ_des_ecb 1 3 14 3 2 6 */
--31, /* OBJ_des_cbc 1 3 14 3 2 7 */
--45, /* OBJ_des_ofb64 1 3 14 3 2 8 */
--30, /* OBJ_des_cfb64 1 3 14 3 2 9 */
--377, /* OBJ_rsaSignature 1 3 14 3 2 11 */
--67, /* OBJ_dsa_2 1 3 14 3 2 12 */
--66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */
--42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */
--32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */
--41, /* OBJ_sha 1 3 14 3 2 18 */
--64, /* OBJ_sha1 1 3 14 3 2 26 */
--70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */
--115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */
--117, /* OBJ_ripemd160 1 3 36 3 2 1 */
--143, /* OBJ_sxnet 1 3 101 1 4 1 */
--721, /* OBJ_sect163k1 1 3 132 0 1 */
--722, /* OBJ_sect163r1 1 3 132 0 2 */
--728, /* OBJ_sect239k1 1 3 132 0 3 */
--717, /* OBJ_sect113r1 1 3 132 0 4 */
--718, /* OBJ_sect113r2 1 3 132 0 5 */
--704, /* OBJ_secp112r1 1 3 132 0 6 */
--705, /* OBJ_secp112r2 1 3 132 0 7 */
--709, /* OBJ_secp160r1 1 3 132 0 8 */
--708, /* OBJ_secp160k1 1 3 132 0 9 */
--714, /* OBJ_secp256k1 1 3 132 0 10 */
--723, /* OBJ_sect163r2 1 3 132 0 15 */
--729, /* OBJ_sect283k1 1 3 132 0 16 */
--730, /* OBJ_sect283r1 1 3 132 0 17 */
--719, /* OBJ_sect131r1 1 3 132 0 22 */
--720, /* OBJ_sect131r2 1 3 132 0 23 */
--724, /* OBJ_sect193r1 1 3 132 0 24 */
--725, /* OBJ_sect193r2 1 3 132 0 25 */
--726, /* OBJ_sect233k1 1 3 132 0 26 */
--727, /* OBJ_sect233r1 1 3 132 0 27 */
--706, /* OBJ_secp128r1 1 3 132 0 28 */
--707, /* OBJ_secp128r2 1 3 132 0 29 */
--710, /* OBJ_secp160r2 1 3 132 0 30 */
--711, /* OBJ_secp192k1 1 3 132 0 31 */
--712, /* OBJ_secp224k1 1 3 132 0 32 */
--713, /* OBJ_secp224r1 1 3 132 0 33 */
--715, /* OBJ_secp384r1 1 3 132 0 34 */
--716, /* OBJ_secp521r1 1 3 132 0 35 */
--731, /* OBJ_sect409k1 1 3 132 0 36 */
--732, /* OBJ_sect409r1 1 3 132 0 37 */
--733, /* OBJ_sect571k1 1 3 132 0 38 */
--734, /* OBJ_sect571r1 1 3 132 0 39 */
--624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */
--625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */
--626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */
--627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */
--628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */
--629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */
--630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */
--642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */
--735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */
--736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */
--737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */
--738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */
--739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */
--740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */
--741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */
--742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */
--743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */
--744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */
--745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */
--804, /* OBJ_whirlpool 1 0 10118 3 0 55 */
--773, /* OBJ_kisa 1 2 410 200004 */
--807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
--808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
--809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */
--810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */
--811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */
--812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */
--813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */
--815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */
--816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */
--817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */
--818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */
--977, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */
--994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */
-- 1, /* OBJ_rsadsi 1 2 840 113549 */
--185, /* OBJ_X9cm 1 2 840 10040 4 */
--1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */
--127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */
--505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */
--506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */
--119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */
--937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
--938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
--939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
--940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
--942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
--943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
--944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
--945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
--631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */
--632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */
--633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */
--634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */
--635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */
--436, /* OBJ_ucl 0 9 2342 19200300 */
--820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
--819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
--845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */
--846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */
--847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */
--848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */
--821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
--822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
--823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
--824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
--825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
--826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
--827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
--828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
--829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
--830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
--831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
--832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
--833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
--834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
--835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
--836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
--837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
--838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
--839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
--840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
--841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
--842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
--843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
--844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
--978, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */
--981, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */
--984, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */
--987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */
--990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */
--991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */
--995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */
--1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */
--1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */
-- 2, /* OBJ_pkcs 1 2 840 113549 1 */
--431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */
--432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
--433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */
--116, /* OBJ_dsa 1 2 840 10040 4 1 */
--113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */
--406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */
--407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
--408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */
--416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */
--791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */
--792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */
--920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */
--1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */
--1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */
--258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */
--175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */
--259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */
--128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */
--260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */
--261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */
--262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */
--263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */
--264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */
--265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */
--266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */
--267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */
--268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */
--662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */
--176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */
--507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */
--508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */
--57, /* OBJ_netscape 2 16 840 1 113730 */
--754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */
--766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */
--757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */
--961, /* OBJ_camellia_128_gcm 0 3 4401 5 3 1 9 6 */
--962, /* OBJ_camellia_128_ccm 0 3 4401 5 3 1 9 7 */
--963, /* OBJ_camellia_128_ctr 0 3 4401 5 3 1 9 9 */
--964, /* OBJ_camellia_128_cmac 0 3 4401 5 3 1 9 10 */
--755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */
--767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */
--758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */
--965, /* OBJ_camellia_192_gcm 0 3 4401 5 3 1 9 26 */
--966, /* OBJ_camellia_192_ccm 0 3 4401 5 3 1 9 27 */
--967, /* OBJ_camellia_192_ctr 0 3 4401 5 3 1 9 29 */
--968, /* OBJ_camellia_192_cmac 0 3 4401 5 3 1 9 30 */
--756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */
--768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */
--759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */
--969, /* OBJ_camellia_256_gcm 0 3 4401 5 3 1 9 46 */
--970, /* OBJ_camellia_256_ccm 0 3 4401 5 3 1 9 47 */
--971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */
--972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */
--437, /* OBJ_pilot 0 9 2342 19200300 100 */
--776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */
--777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */
--779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */
--778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */
--852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
--853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
--850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */
--851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */
--849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */
--854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
--1004, /* OBJ_INN 1 2 643 3 131 1 1 */
--979, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */
--980, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */
--982, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */
--983, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */
--985, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
--986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
--988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
--989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
--992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
--993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
--996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
--1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
--186, /* OBJ_pkcs1 1 2 840 113549 1 1 */
--27, /* OBJ_pkcs3 1 2 840 113549 1 3 */
--187, /* OBJ_pkcs5 1 2 840 113549 1 5 */
--20, /* OBJ_pkcs7 1 2 840 113549 1 7 */
--47, /* OBJ_pkcs9 1 2 840 113549 1 9 */
-- 3, /* OBJ_md2 1 2 840 113549 2 2 */
--257, /* OBJ_md4 1 2 840 113549 2 4 */
-- 4, /* OBJ_md5 1 2 840 113549 2 5 */
--797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */
--163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */
--798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */
--799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */
--800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */
--801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */
--37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */
-- 5, /* OBJ_rc4 1 2 840 113549 3 4 */
--44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */
--120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */
--643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */
--680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
--684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */
--685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */
--686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */
--687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */
--688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */
--689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */
--690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */
--691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */
--692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */
--693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */
--694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */
--695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */
--696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */
--697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */
--698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */
--699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */
--700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */
--701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */
--702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */
--703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */
--409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */
--410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */
--411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */
--412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */
--413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */
--414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */
--415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */
--793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */
--794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */
--795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */
--796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */
--269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */
--270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */
--271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */
--272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */
--273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */
--274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */
--275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */
--276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */
--277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */
--278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */
--279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */
--280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */
--281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */
--282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */
--283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */
--284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */
--177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */
--285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */
--286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */
--287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */
--288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */
--289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */
--290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
--291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
--292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
--397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
--398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
--663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */
--1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */
--164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */
--165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */
--293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */
--129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */
--130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */
--131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */
--132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */
--294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */
--295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */
--296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */
--133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */
--180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */
--297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */
--1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */
--1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */
--1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */
--1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */
--1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */
--1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */
--1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */
--1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */
--1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */
--298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */
--299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */
--300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */
--301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */
--302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */
--303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */
--304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */
--305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */
--306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */
--307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */
--308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */
--309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */
--310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */
--311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */
--312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */
--784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */
--313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */
--314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */
--323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */
--324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */
--325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */
--326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */
--327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */
--328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */
--329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */
--330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */
--331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */
--332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */
--333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */
--334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */
--335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */
--336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */
--337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */
--338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */
--339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */
--340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */
--341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */
--342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */
--343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */
--344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */
--345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */
--346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
--347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */
--858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */
--348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */
--349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */
--351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */
--352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */
--353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */
--354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */
--355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */
--356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */
--357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */
--358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */
--399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */
--359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */
--360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */
--361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */
--362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */
--664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */
--665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */
--667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */
--178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */
--179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */
--363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */
--364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */
--785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */
--780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */
--781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */
--58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */
--59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */
--438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */
--439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */
--440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */
--441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */
--997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
--998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
--999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
--1003, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */
--108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */
--112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
--782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */
--783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */
-- 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */
-- 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */
--396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */
-- 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
--65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
--644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */
--919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */
--911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */
--935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */
--912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */
--668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */
--669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */
--670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */
--671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */
--28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */
-- 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */
--10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */
--168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */
--169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */
--170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */
--68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */
--69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */
--161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */
--162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */
--21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */
--22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */
--23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */
--24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */
--25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */
--26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */
--48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */
--49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */
--50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */
--51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */
--52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */
--53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */
--54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */
--55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */
--56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */
--172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */
--167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */
--188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */
--156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */
--157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */
--681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */
--682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */
--683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */
--417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */
--856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */
--390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */
--91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */
--973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */
--1034, /* OBJ_X25519 1 3 6 1 4 1 11591 15 1 */
--1035, /* OBJ_X448 1 3 6 1 4 1 11591 15 2 */
--315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */
--316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */
--317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
--318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
--319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */
--320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */
--321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */
--322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */
--365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */
--366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */
--367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */
--368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
--369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */
--370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */
--371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */
--372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */
--373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */
--374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */
--375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */
--921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */
--922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */
--923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */
--924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */
--925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */
--926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */
--927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */
--928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */
--929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */
--930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */
--931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */
--932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */
--933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */
--934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */
--936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
--941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
--418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */
--419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */
--420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */
--421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */
--788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */
--895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */
--896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */
--897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */
--422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */
--423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */
--424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */
--425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */
--789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */
--898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */
--899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */
--900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */
--426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */
--427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */
--428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */
--429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */
--790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */
--901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */
--902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */
--903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */
--672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */
--673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
--674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
--675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */
--802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */
--803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */
--71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */
--72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */
--73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */
--74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */
--75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */
--76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */
--77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */
--78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */
--79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */
--139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */
--458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */
--459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */
--460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */
--461, /* OBJ_info 0 9 2342 19200300 100 1 4 */
--462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */
--463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */
--464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */
--465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */
--466, /* OBJ_host 0 9 2342 19200300 100 1 9 */
--467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */
--468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */
--469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */
--470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */
--471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */
--472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */
--473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */
--474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */
--475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */
--476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */
--477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */
--391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */
--478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */
--479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */
--480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */
--481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */
--482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */
--483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */
--484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */
--485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */
--486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */
--487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */
--488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */
--489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */
--490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */
--102, /* OBJ_uniqueIdentifier 0 9 2342 19200300 100 1 44 */
--491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */
--492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */
--493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */
--494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */
--495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */
--496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */
--497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */
--498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */
--499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */
--500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */
--501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */
--502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */
--442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */
--443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */
--444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */
--445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */
--446, /* OBJ_account 0 9 2342 19200300 100 4 5 */
--447, /* OBJ_document 0 9 2342 19200300 100 4 6 */
--448, /* OBJ_room 0 9 2342 19200300 100 4 7 */
--449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */
--392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */
--450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */
--451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */
--452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */
--453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */
--454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */
--455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */
--456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */
--457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */
--189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */
--190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */
--191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */
--192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */
--193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */
--194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */
--195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */
--158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */
--159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */
--160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */
--144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */
--145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */
--146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
--147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
--148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
--149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */
--171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */
--134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */
--135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */
--136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */
--137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */
--138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */
--648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */
--649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */
--951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */
--952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */
--953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */
--954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */
--751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */
--752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */
--753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */
--907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */
--908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */
--909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */
--196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */
--197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */
--198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */
--199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */
--200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
--201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
--202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
--203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
--204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */
--205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */
--206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */
--207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */
--208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */
--209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */
--210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */
--211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
--786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */
--787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */
--212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */
--213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */
--214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */
--215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */
--216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */
--217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
--218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
--219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */
--220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
--221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
--222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */
--223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
--224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
--225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */
--226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */
--227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
--228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
--229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */
--230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
--231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
--232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
--233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
--234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */
--235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
--236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
--237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
--238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
--239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */
--240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */
--241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */
--242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */
--243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */
--244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */
--245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */
--246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */
--247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */
--125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */
--893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */
--248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */
--249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */
--250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
--251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
--252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
--253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
--254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
--255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
--256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
--150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */
--151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */
--152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */
--153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */
--154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */
--155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */
--34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */
--955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */
--956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
--957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
--1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */
--1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */
-+#define NUM_OBJ 956
-+static const unsigned int obj_objs[NUM_OBJ] = {
-+ 0, /* OBJ_undef 0 */
-+ 181, /* OBJ_iso 1 */
-+ 393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */
-+ 404, /* OBJ_ccitt OBJ_itu_t */
-+ 645, /* OBJ_itu_t 0 */
-+ 646, /* OBJ_joint_iso_itu_t 2 */
-+ 434, /* OBJ_data 0 9 */
-+ 182, /* OBJ_member_body 1 2 */
-+ 379, /* OBJ_org 1 3 */
-+ 676, /* OBJ_identified_organization 1 3 */
-+ 11, /* OBJ_X500 2 5 */
-+ 647, /* OBJ_international_organizations 2 23 */
-+ 380, /* OBJ_dod 1 3 6 */
-+ 12, /* OBJ_X509 2 5 4 */
-+ 378, /* OBJ_X500algorithms 2 5 8 */
-+ 81, /* OBJ_id_ce 2 5 29 */
-+ 512, /* OBJ_id_set 2 23 42 */
-+ 678, /* OBJ_wap 2 23 43 */
-+ 435, /* OBJ_pss 0 9 2342 */
-+ 183, /* OBJ_ISO_US 1 2 840 */
-+ 381, /* OBJ_iana 1 3 6 1 */
-+ 677, /* OBJ_certicom_arc 1 3 132 */
-+ 394, /* OBJ_selected_attribute_types 2 5 1 5 */
-+ 13, /* OBJ_commonName 2 5 4 3 */
-+ 100, /* OBJ_surname 2 5 4 4 */
-+ 105, /* OBJ_serialNumber 2 5 4 5 */
-+ 14, /* OBJ_countryName 2 5 4 6 */
-+ 15, /* OBJ_localityName 2 5 4 7 */
-+ 16, /* OBJ_stateOrProvinceName 2 5 4 8 */
-+ 660, /* OBJ_streetAddress 2 5 4 9 */
-+ 17, /* OBJ_organizationName 2 5 4 10 */
-+ 18, /* OBJ_organizationalUnitName 2 5 4 11 */
-+ 106, /* OBJ_title 2 5 4 12 */
-+ 107, /* OBJ_description 2 5 4 13 */
-+ 859, /* OBJ_searchGuide 2 5 4 14 */
-+ 860, /* OBJ_businessCategory 2 5 4 15 */
-+ 861, /* OBJ_postalAddress 2 5 4 16 */
-+ 661, /* OBJ_postalCode 2 5 4 17 */
-+ 862, /* OBJ_postOfficeBox 2 5 4 18 */
-+ 863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */
-+ 864, /* OBJ_telephoneNumber 2 5 4 20 */
-+ 865, /* OBJ_telexNumber 2 5 4 21 */
-+ 866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */
-+ 867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */
-+ 868, /* OBJ_x121Address 2 5 4 24 */
-+ 869, /* OBJ_internationaliSDNNumber 2 5 4 25 */
-+ 870, /* OBJ_registeredAddress 2 5 4 26 */
-+ 871, /* OBJ_destinationIndicator 2 5 4 27 */
-+ 872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */
-+ 873, /* OBJ_presentationAddress 2 5 4 29 */
-+ 874, /* OBJ_supportedApplicationContext 2 5 4 30 */
-+ 875, /* OBJ_member 2 5 4 31 */
-+ 876, /* OBJ_owner 2 5 4 32 */
-+ 877, /* OBJ_roleOccupant 2 5 4 33 */
-+ 878, /* OBJ_seeAlso 2 5 4 34 */
-+ 879, /* OBJ_userPassword 2 5 4 35 */
-+ 880, /* OBJ_userCertificate 2 5 4 36 */
-+ 881, /* OBJ_cACertificate 2 5 4 37 */
-+ 882, /* OBJ_authorityRevocationList 2 5 4 38 */
-+ 883, /* OBJ_certificateRevocationList 2 5 4 39 */
-+ 884, /* OBJ_crossCertificatePair 2 5 4 40 */
-+ 173, /* OBJ_name 2 5 4 41 */
-+ 99, /* OBJ_givenName 2 5 4 42 */
-+ 101, /* OBJ_initials 2 5 4 43 */
-+ 509, /* OBJ_generationQualifier 2 5 4 44 */
-+ 503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */
-+ 174, /* OBJ_dnQualifier 2 5 4 46 */
-+ 885, /* OBJ_enhancedSearchGuide 2 5 4 47 */
-+ 886, /* OBJ_protocolInformation 2 5 4 48 */
-+ 887, /* OBJ_distinguishedName 2 5 4 49 */
-+ 888, /* OBJ_uniqueMember 2 5 4 50 */
-+ 889, /* OBJ_houseIdentifier 2 5 4 51 */
-+ 890, /* OBJ_supportedAlgorithms 2 5 4 52 */
-+ 891, /* OBJ_deltaRevocationList 2 5 4 53 */
-+ 892, /* OBJ_dmdName 2 5 4 54 */
-+ 510, /* OBJ_pseudonym 2 5 4 65 */
-+ 400, /* OBJ_role 2 5 4 72 */
-+ 769, /* OBJ_subject_directory_attributes 2 5 29 9 */
-+ 82, /* OBJ_subject_key_identifier 2 5 29 14 */
-+ 83, /* OBJ_key_usage 2 5 29 15 */
-+ 84, /* OBJ_private_key_usage_period 2 5 29 16 */
-+ 85, /* OBJ_subject_alt_name 2 5 29 17 */
-+ 86, /* OBJ_issuer_alt_name 2 5 29 18 */
-+ 87, /* OBJ_basic_constraints 2 5 29 19 */
-+ 88, /* OBJ_crl_number 2 5 29 20 */
-+ 141, /* OBJ_crl_reason 2 5 29 21 */
-+ 430, /* OBJ_hold_instruction_code 2 5 29 23 */
-+ 142, /* OBJ_invalidity_date 2 5 29 24 */
-+ 140, /* OBJ_delta_crl 2 5 29 27 */
-+ 770, /* OBJ_issuing_distribution_point 2 5 29 28 */
-+ 771, /* OBJ_certificate_issuer 2 5 29 29 */
-+ 666, /* OBJ_name_constraints 2 5 29 30 */
-+ 103, /* OBJ_crl_distribution_points 2 5 29 31 */
-+ 89, /* OBJ_certificate_policies 2 5 29 32 */
-+ 747, /* OBJ_policy_mappings 2 5 29 33 */
-+ 90, /* OBJ_authority_key_identifier 2 5 29 35 */
-+ 401, /* OBJ_policy_constraints 2 5 29 36 */
-+ 126, /* OBJ_ext_key_usage 2 5 29 37 */
-+ 857, /* OBJ_freshest_crl 2 5 29 46 */
-+ 748, /* OBJ_inhibit_any_policy 2 5 29 54 */
-+ 402, /* OBJ_target_information 2 5 29 55 */
-+ 403, /* OBJ_no_rev_avail 2 5 29 56 */
-+ 513, /* OBJ_set_ctype 2 23 42 0 */
-+ 514, /* OBJ_set_msgExt 2 23 42 1 */
-+ 515, /* OBJ_set_attr 2 23 42 3 */
-+ 516, /* OBJ_set_policy 2 23 42 5 */
-+ 517, /* OBJ_set_certExt 2 23 42 7 */
-+ 518, /* OBJ_set_brand 2 23 42 8 */
-+ 679, /* OBJ_wap_wsg 2 23 43 1 */
-+ 382, /* OBJ_Directory 1 3 6 1 1 */
-+ 383, /* OBJ_Management 1 3 6 1 2 */
-+ 384, /* OBJ_Experimental 1 3 6 1 3 */
-+ 385, /* OBJ_Private 1 3 6 1 4 */
-+ 386, /* OBJ_Security 1 3 6 1 5 */
-+ 387, /* OBJ_SNMPv2 1 3 6 1 6 */
-+ 388, /* OBJ_Mail 1 3 6 1 7 */
-+ 376, /* OBJ_algorithm 1 3 14 3 2 */
-+ 395, /* OBJ_clearance 2 5 1 5 55 */
-+ 19, /* OBJ_rsa 2 5 8 1 1 */
-+ 96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */
-+ 95, /* OBJ_mdc2 2 5 8 3 101 */
-+ 746, /* OBJ_any_policy 2 5 29 32 0 */
-+ 910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */
-+ 519, /* OBJ_setct_PANData 2 23 42 0 0 */
-+ 520, /* OBJ_setct_PANToken 2 23 42 0 1 */
-+ 521, /* OBJ_setct_PANOnly 2 23 42 0 2 */
-+ 522, /* OBJ_setct_OIData 2 23 42 0 3 */
-+ 523, /* OBJ_setct_PI 2 23 42 0 4 */
-+ 524, /* OBJ_setct_PIData 2 23 42 0 5 */
-+ 525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */
-+ 526, /* OBJ_setct_HODInput 2 23 42 0 7 */
-+ 527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */
-+ 528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */
-+ 529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */
-+ 530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */
-+ 531, /* OBJ_setct_PInitResData 2 23 42 0 12 */
-+ 532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */
-+ 533, /* OBJ_setct_PResData 2 23 42 0 14 */
-+ 534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */
-+ 535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */
-+ 536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */
-+ 537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */
-+ 538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */
-+ 539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */
-+ 540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */
-+ 541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */
-+ 542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */
-+ 543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */
-+ 544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */
-+ 545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */
-+ 546, /* OBJ_setct_CapResData 2 23 42 0 28 */
-+ 547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */
-+ 548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */
-+ 549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */
-+ 550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */
-+ 551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */
-+ 552, /* OBJ_setct_CredResData 2 23 42 0 34 */
-+ 553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */
-+ 554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */
-+ 555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */
-+ 556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */
-+ 557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */
-+ 558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */
-+ 559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */
-+ 560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */
-+ 561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */
-+ 562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */
-+ 563, /* OBJ_setct_CertReqData 2 23 42 0 45 */
-+ 564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */
-+ 565, /* OBJ_setct_CertResData 2 23 42 0 47 */
-+ 566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */
-+ 567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */
-+ 568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */
-+ 569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */
-+ 570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */
-+ 571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */
-+ 572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */
-+ 573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */
-+ 574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */
-+ 575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */
-+ 576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */
-+ 577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */
-+ 578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */
-+ 579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */
-+ 580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */
-+ 581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */
-+ 582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */
-+ 583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */
-+ 584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */
-+ 585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */
-+ 586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */
-+ 587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */
-+ 588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */
-+ 589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */
-+ 590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */
-+ 591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */
-+ 592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */
-+ 593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */
-+ 594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */
-+ 595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */
-+ 596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */
-+ 597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */
-+ 598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */
-+ 599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */
-+ 600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */
-+ 601, /* OBJ_setext_genCrypt 2 23 42 1 1 */
-+ 602, /* OBJ_setext_miAuth 2 23 42 1 3 */
-+ 603, /* OBJ_setext_pinSecure 2 23 42 1 4 */
-+ 604, /* OBJ_setext_pinAny 2 23 42 1 5 */
-+ 605, /* OBJ_setext_track2 2 23 42 1 7 */
-+ 606, /* OBJ_setext_cv 2 23 42 1 8 */
-+ 620, /* OBJ_setAttr_Cert 2 23 42 3 0 */
-+ 621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */
-+ 622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */
-+ 623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */
-+ 607, /* OBJ_set_policy_root 2 23 42 5 0 */
-+ 608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */
-+ 609, /* OBJ_setCext_certType 2 23 42 7 1 */
-+ 610, /* OBJ_setCext_merchData 2 23 42 7 2 */
-+ 611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */
-+ 612, /* OBJ_setCext_tunneling 2 23 42 7 4 */
-+ 613, /* OBJ_setCext_setExt 2 23 42 7 5 */
-+ 614, /* OBJ_setCext_setQualf 2 23 42 7 6 */
-+ 615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */
-+ 616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */
-+ 617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */
-+ 618, /* OBJ_setCext_TokenType 2 23 42 7 10 */
-+ 619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */
-+ 636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */
-+ 640, /* OBJ_set_brand_Visa 2 23 42 8 4 */
-+ 641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */
-+ 637, /* OBJ_set_brand_Diners 2 23 42 8 30 */
-+ 638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */
-+ 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */
-+ 805, /* OBJ_cryptopro 1 2 643 2 2 */
-+ 806, /* OBJ_cryptocom 1 2 643 2 9 */
-+ 974, /* OBJ_id_tc26 1 2 643 7 1 */
-+ 1005, /* OBJ_OGRN 1 2 643 100 1 */
-+ 1006, /* OBJ_SNILS 1 2 643 100 3 */
-+ 1007, /* OBJ_subjectSignTool 1 2 643 100 111 */
-+ 1008, /* OBJ_issuerSignTool 1 2 643 100 112 */
-+ 184, /* OBJ_X9_57 1 2 840 10040 */
-+ 405, /* OBJ_ansi_X9_62 1 2 840 10045 */
-+ 389, /* OBJ_Enterprises 1 3 6 1 4 1 */
-+ 504, /* OBJ_mime_mhs 1 3 6 1 7 1 */
-+ 104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */
-+ 29, /* OBJ_des_ecb 1 3 14 3 2 6 */
-+ 31, /* OBJ_des_cbc 1 3 14 3 2 7 */
-+ 45, /* OBJ_des_ofb64 1 3 14 3 2 8 */
-+ 30, /* OBJ_des_cfb64 1 3 14 3 2 9 */
-+ 377, /* OBJ_rsaSignature 1 3 14 3 2 11 */
-+ 67, /* OBJ_dsa_2 1 3 14 3 2 12 */
-+ 66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */
-+ 42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */
-+ 32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */
-+ 41, /* OBJ_sha 1 3 14 3 2 18 */
-+ 64, /* OBJ_sha1 1 3 14 3 2 26 */
-+ 70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */
-+ 115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */
-+ 117, /* OBJ_ripemd160 1 3 36 3 2 1 */
-+ 143, /* OBJ_sxnet 1 3 101 1 4 1 */
-+ 721, /* OBJ_sect163k1 1 3 132 0 1 */
-+ 722, /* OBJ_sect163r1 1 3 132 0 2 */
-+ 728, /* OBJ_sect239k1 1 3 132 0 3 */
-+ 717, /* OBJ_sect113r1 1 3 132 0 4 */
-+ 718, /* OBJ_sect113r2 1 3 132 0 5 */
-+ 704, /* OBJ_secp112r1 1 3 132 0 6 */
-+ 705, /* OBJ_secp112r2 1 3 132 0 7 */
-+ 709, /* OBJ_secp160r1 1 3 132 0 8 */
-+ 708, /* OBJ_secp160k1 1 3 132 0 9 */
-+ 714, /* OBJ_secp256k1 1 3 132 0 10 */
-+ 723, /* OBJ_sect163r2 1 3 132 0 15 */
-+ 729, /* OBJ_sect283k1 1 3 132 0 16 */
-+ 730, /* OBJ_sect283r1 1 3 132 0 17 */
-+ 719, /* OBJ_sect131r1 1 3 132 0 22 */
-+ 720, /* OBJ_sect131r2 1 3 132 0 23 */
-+ 724, /* OBJ_sect193r1 1 3 132 0 24 */
-+ 725, /* OBJ_sect193r2 1 3 132 0 25 */
-+ 726, /* OBJ_sect233k1 1 3 132 0 26 */
-+ 727, /* OBJ_sect233r1 1 3 132 0 27 */
-+ 706, /* OBJ_secp128r1 1 3 132 0 28 */
-+ 707, /* OBJ_secp128r2 1 3 132 0 29 */
-+ 710, /* OBJ_secp160r2 1 3 132 0 30 */
-+ 711, /* OBJ_secp192k1 1 3 132 0 31 */
-+ 712, /* OBJ_secp224k1 1 3 132 0 32 */
-+ 713, /* OBJ_secp224r1 1 3 132 0 33 */
-+ 715, /* OBJ_secp384r1 1 3 132 0 34 */
-+ 716, /* OBJ_secp521r1 1 3 132 0 35 */
-+ 731, /* OBJ_sect409k1 1 3 132 0 36 */
-+ 732, /* OBJ_sect409r1 1 3 132 0 37 */
-+ 733, /* OBJ_sect571k1 1 3 132 0 38 */
-+ 734, /* OBJ_sect571r1 1 3 132 0 39 */
-+ 624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */
-+ 625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */
-+ 626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */
-+ 627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */
-+ 628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */
-+ 629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */
-+ 630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */
-+ 642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */
-+ 735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */
-+ 736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */
-+ 737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */
-+ 738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */
-+ 739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */
-+ 740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */
-+ 741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */
-+ 742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */
-+ 743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */
-+ 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */
-+ 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */
-+ 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */
-+ 773, /* OBJ_kisa 1 2 410 200004 */
-+ 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
-+ 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
-+ 809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */
-+ 810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */
-+ 811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */
-+ 812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */
-+ 813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */
-+ 815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */
-+ 816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */
-+ 817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */
-+ 818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */
-+ 977, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */
-+ 994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */
-+ 1, /* OBJ_rsadsi 1 2 840 113549 */
-+ 185, /* OBJ_X9cm 1 2 840 10040 4 */
-+ 1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */
-+ 127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */
-+ 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */
-+ 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */
-+ 119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */
-+ 937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
-+ 938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
-+ 939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
-+ 940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
-+ 942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
-+ 943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
-+ 944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
-+ 945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
-+ 631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */
-+ 632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */
-+ 633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */
-+ 634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */
-+ 635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */
-+ 436, /* OBJ_ucl 0 9 2342 19200300 */
-+ 820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
-+ 819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
-+ 845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */
-+ 846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */
-+ 847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */
-+ 848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */
-+ 821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
-+ 822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
-+ 823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
-+ 824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
-+ 825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
-+ 826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
-+ 827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
-+ 828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
-+ 829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
-+ 830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
-+ 831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
-+ 832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
-+ 833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
-+ 834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
-+ 835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
-+ 836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
-+ 837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
-+ 838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
-+ 839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
-+ 840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
-+ 841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
-+ 842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
-+ 843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
-+ 844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
-+ 978, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */
-+ 981, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */
-+ 984, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */
-+ 987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */
-+ 990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */
-+ 991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */
-+ 995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */
-+ 1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */
-+ 1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */
-+ 2, /* OBJ_pkcs 1 2 840 113549 1 */
-+ 431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */
-+ 432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-+ 433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */
-+ 116, /* OBJ_dsa 1 2 840 10040 4 1 */
-+ 113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */
-+ 406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */
-+ 407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-+ 408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */
-+ 416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */
-+ 791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */
-+ 792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */
-+ 920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */
-+ 1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */
-+ 1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */
-+ 258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */
-+ 175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */
-+ 259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */
-+ 128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */
-+ 260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */
-+ 261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */
-+ 262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */
-+ 263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */
-+ 264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */
-+ 265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */
-+ 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */
-+ 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */
-+ 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */
-+ 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */
-+ 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */
-+ 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */
-+ 508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */
-+ 57, /* OBJ_netscape 2 16 840 1 113730 */
-+ 754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */
-+ 766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */
-+ 757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */
-+ 961, /* OBJ_camellia_128_gcm 0 3 4401 5 3 1 9 6 */
-+ 962, /* OBJ_camellia_128_ccm 0 3 4401 5 3 1 9 7 */
-+ 963, /* OBJ_camellia_128_ctr 0 3 4401 5 3 1 9 9 */
-+ 964, /* OBJ_camellia_128_cmac 0 3 4401 5 3 1 9 10 */
-+ 755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */
-+ 767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */
-+ 758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */
-+ 965, /* OBJ_camellia_192_gcm 0 3 4401 5 3 1 9 26 */
-+ 966, /* OBJ_camellia_192_ccm 0 3 4401 5 3 1 9 27 */
-+ 967, /* OBJ_camellia_192_ctr 0 3 4401 5 3 1 9 29 */
-+ 968, /* OBJ_camellia_192_cmac 0 3 4401 5 3 1 9 30 */
-+ 756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */
-+ 768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */
-+ 759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */
-+ 969, /* OBJ_camellia_256_gcm 0 3 4401 5 3 1 9 46 */
-+ 970, /* OBJ_camellia_256_ccm 0 3 4401 5 3 1 9 47 */
-+ 971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */
-+ 972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */
-+ 437, /* OBJ_pilot 0 9 2342 19200300 100 */
-+ 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */
-+ 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */
-+ 779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */
-+ 778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */
-+ 852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
-+ 853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
-+ 850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */
-+ 851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */
-+ 849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */
-+ 854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
-+ 1004, /* OBJ_INN 1 2 643 3 131 1 1 */
-+ 979, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */
-+ 980, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */
-+ 982, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */
-+ 983, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */
-+ 985, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
-+ 986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
-+ 988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
-+ 989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
-+ 992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
-+ 993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
-+ 996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
-+ 1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
-+ 186, /* OBJ_pkcs1 1 2 840 113549 1 1 */
-+ 27, /* OBJ_pkcs3 1 2 840 113549 1 3 */
-+ 187, /* OBJ_pkcs5 1 2 840 113549 1 5 */
-+ 20, /* OBJ_pkcs7 1 2 840 113549 1 7 */
-+ 47, /* OBJ_pkcs9 1 2 840 113549 1 9 */
-+ 3, /* OBJ_md2 1 2 840 113549 2 2 */
-+ 257, /* OBJ_md4 1 2 840 113549 2 4 */
-+ 4, /* OBJ_md5 1 2 840 113549 2 5 */
-+ 797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */
-+ 163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */
-+ 798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */
-+ 799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */
-+ 800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */
-+ 801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */
-+ 37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */
-+ 5, /* OBJ_rc4 1 2 840 113549 3 4 */
-+ 44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */
-+ 120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */
-+ 643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */
-+ 680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
-+ 684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */
-+ 685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */
-+ 686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */
-+ 687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */
-+ 688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */
-+ 689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */
-+ 690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */
-+ 691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */
-+ 692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */
-+ 693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */
-+ 694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */
-+ 695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */
-+ 696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */
-+ 697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */
-+ 698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */
-+ 699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */
-+ 700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */
-+ 701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */
-+ 702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */
-+ 703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */
-+ 409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */
-+ 410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */
-+ 411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */
-+ 412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */
-+ 413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */
-+ 414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */
-+ 415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */
-+ 793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */
-+ 794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */
-+ 795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */
-+ 796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */
-+ 269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */
-+ 270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */
-+ 271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */
-+ 272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */
-+ 273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */
-+ 274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */
-+ 275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */
-+ 276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */
-+ 277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */
-+ 278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */
-+ 279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */
-+ 280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */
-+ 281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */
-+ 282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */
-+ 283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */
-+ 284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */
-+ 177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */
-+ 285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */
-+ 286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */
-+ 287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */
-+ 288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */
-+ 289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */
-+ 290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
-+ 291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
-+ 292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
-+ 397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
-+ 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
-+ 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */
-+ 1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */
-+ 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */
-+ 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */
-+ 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */
-+ 129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */
-+ 130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */
-+ 131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */
-+ 132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */
-+ 294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */
-+ 295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */
-+ 296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */
-+ 133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */
-+ 180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */
-+ 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */
-+ 1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */
-+ 1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */
-+ 1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */
-+ 1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */
-+ 1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */
-+ 1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */
-+ 1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */
-+ 1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */
-+ 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */
-+ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */
-+ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */
-+ 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */
-+ 301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */
-+ 302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */
-+ 303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */
-+ 304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */
-+ 305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */
-+ 306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */
-+ 307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */
-+ 308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */
-+ 309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */
-+ 310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */
-+ 311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */
-+ 312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */
-+ 784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */
-+ 313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */
-+ 314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */
-+ 323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */
-+ 324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */
-+ 325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */
-+ 326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */
-+ 327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */
-+ 328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */
-+ 329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */
-+ 330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */
-+ 331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */
-+ 332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */
-+ 333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */
-+ 334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */
-+ 335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */
-+ 336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */
-+ 337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */
-+ 338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */
-+ 339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */
-+ 340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */
-+ 341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */
-+ 342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */
-+ 343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */
-+ 344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */
-+ 345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */
-+ 346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-+ 347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */
-+ 858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */
-+ 348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */
-+ 349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */
-+ 351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */
-+ 352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */
-+ 353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */
-+ 354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */
-+ 355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */
-+ 356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */
-+ 357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */
-+ 358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */
-+ 399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */
-+ 359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */
-+ 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */
-+ 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */
-+ 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */
-+ 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */
-+ 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */
-+ 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */
-+ 178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */
-+ 179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */
-+ 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */
-+ 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */
-+ 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */
-+ 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */
-+ 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */
-+ 58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */
-+ 59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */
-+ 438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */
-+ 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */
-+ 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */
-+ 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */
-+ 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
-+ 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
-+ 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
-+ 1003, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */
-+ 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */
-+ 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
-+ 782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */
-+ 783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */
-+ 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */
-+ 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */
-+ 396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */
-+ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
-+ 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
-+ 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */
-+ 919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */
-+ 911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */
-+ 935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */
-+ 912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */
-+ 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */
-+ 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */
-+ 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */
-+ 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */
-+ 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */
-+ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */
-+ 10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */
-+ 168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */
-+ 169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */
-+ 170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */
-+ 68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */
-+ 69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */
-+ 161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */
-+ 162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */
-+ 21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */
-+ 22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */
-+ 23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */
-+ 24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */
-+ 25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */
-+ 26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */
-+ 48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */
-+ 49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */
-+ 50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */
-+ 51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */
-+ 52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */
-+ 53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */
-+ 54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */
-+ 55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */
-+ 56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */
-+ 172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */
-+ 167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */
-+ 188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */
-+ 156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */
-+ 157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */
-+ 681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */
-+ 682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */
-+ 683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */
-+ 417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */
-+ 856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */
-+ 390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */
-+ 91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */
-+ 973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */
-+ 1034, /* OBJ_X25519 1 3 6 1 4 1 11591 15 1 */
-+ 1035, /* OBJ_X448 1 3 6 1 4 1 11591 15 2 */
-+ 315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */
-+ 316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */
-+ 317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-+ 318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-+ 319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */
-+ 320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */
-+ 321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */
-+ 322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */
-+ 365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */
-+ 366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */
-+ 367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */
-+ 368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-+ 369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */
-+ 370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */
-+ 371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */
-+ 372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */
-+ 373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */
-+ 374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */
-+ 375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */
-+ 921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */
-+ 922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */
-+ 923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */
-+ 924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */
-+ 925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */
-+ 926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */
-+ 927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */
-+ 928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */
-+ 929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */
-+ 930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */
-+ 931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */
-+ 932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */
-+ 933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */
-+ 934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */
-+ 936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
-+ 941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
-+ 418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */
-+ 419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */
-+ 420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */
-+ 421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */
-+ 788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */
-+ 895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */
-+ 896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */
-+ 897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */
-+ 422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */
-+ 423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */
-+ 424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */
-+ 425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */
-+ 789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */
-+ 898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */
-+ 899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */
-+ 900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */
-+ 426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */
-+ 427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */
-+ 428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */
-+ 429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */
-+ 790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */
-+ 901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */
-+ 902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */
-+ 903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */
-+ 672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */
-+ 673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
-+ 674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
-+ 675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */
-+ 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */
-+ 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */
-+ 71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */
-+ 72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */
-+ 73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */
-+ 74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */
-+ 75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */
-+ 76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */
-+ 77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */
-+ 78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */
-+ 79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */
-+ 139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */
-+ 458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */
-+ 459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */
-+ 460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */
-+ 461, /* OBJ_info 0 9 2342 19200300 100 1 4 */
-+ 462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */
-+ 463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */
-+ 464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */
-+ 465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */
-+ 466, /* OBJ_host 0 9 2342 19200300 100 1 9 */
-+ 467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */
-+ 468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */
-+ 469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */
-+ 470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */
-+ 471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */
-+ 472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */
-+ 473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */
-+ 474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */
-+ 475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */
-+ 476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */
-+ 477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */
-+ 391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */
-+ 478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */
-+ 479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */
-+ 480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */
-+ 481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */
-+ 482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */
-+ 483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */
-+ 484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */
-+ 485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */
-+ 486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */
-+ 487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */
-+ 488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */
-+ 489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */
-+ 490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */
-+ 102, /* OBJ_uniqueIdentifier 0 9 2342 19200300 100 1 44 */
-+ 491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */
-+ 492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */
-+ 493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */
-+ 494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */
-+ 495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */
-+ 496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */
-+ 497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */
-+ 498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */
-+ 499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */
-+ 500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */
-+ 501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */
-+ 502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */
-+ 442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */
-+ 443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */
-+ 444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */
-+ 445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */
-+ 446, /* OBJ_account 0 9 2342 19200300 100 4 5 */
-+ 447, /* OBJ_document 0 9 2342 19200300 100 4 6 */
-+ 448, /* OBJ_room 0 9 2342 19200300 100 4 7 */
-+ 449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */
-+ 392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */
-+ 450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */
-+ 451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */
-+ 452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */
-+ 453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */
-+ 454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */
-+ 455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */
-+ 456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */
-+ 457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */
-+ 189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */
-+ 190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */
-+ 191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */
-+ 192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */
-+ 193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */
-+ 194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */
-+ 195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */
-+ 158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */
-+ 159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */
-+ 160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */
-+ 144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */
-+ 145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */
-+ 146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-+ 147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-+ 148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-+ 149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */
-+ 171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */
-+ 134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */
-+ 135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */
-+ 136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */
-+ 137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */
-+ 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */
-+ 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */
-+ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */
-+ 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */
-+ 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */
-+ 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */
-+ 954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */
-+ 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */
-+ 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */
-+ 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */
-+ 907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */
-+ 908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */
-+ 909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */
-+ 196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */
-+ 197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */
-+ 198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */
-+ 199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */
-+ 200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-+ 201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-+ 202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-+ 203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-+ 204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */
-+ 205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */
-+ 206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */
-+ 207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */
-+ 208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */
-+ 209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */
-+ 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */
-+ 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-+ 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */
-+ 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */
-+ 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */
-+ 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */
-+ 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */
-+ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */
-+ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */
-+ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */
-+ 215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */
-+ 216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */
-+ 217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-+ 218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-+ 219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */
-+ 220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-+ 221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-+ 222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */
-+ 223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-+ 224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-+ 225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */
-+ 226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */
-+ 227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-+ 228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-+ 229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */
-+ 230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
-+ 231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
-+ 232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
-+ 233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
-+ 234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */
-+ 235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
-+ 236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
-+ 237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
-+ 238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
-+ 239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */
-+ 240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */
-+ 241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */
-+ 242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */
-+ 243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */
-+ 244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */
-+ 245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */
-+ 246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */
-+ 247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */
-+ 125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */
-+ 893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */
-+ 248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */
-+ 249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */
-+ 250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
-+ 251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
-+ 252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
-+ 253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
-+ 254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
-+ 255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
-+ 256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
-+ 150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */
-+ 151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */
-+ 152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */
-+ 153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */
-+ 154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */
-+ 155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */
-+ 34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */
-+ 955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */
-+ 956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
-+ 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
-+ 1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */
-+ 1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */
- };
--
---- a/crypto/objects/obj_dat.pl
-+++ b/crypto/objects/obj_dat.pl
-@@ -1,305 +1,227 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
--# fixes bug in floating point emulation on sparc64 when
--# this script produces off-by-one output on sparc64
- use integer;
-+use strict;
-+use warnings;
-
--sub obj_cmp
-- {
-- local(@a, at b,$_,$r);
--
-- $A=$obj_len{$obj{$nid{$a}}};
-- $B=$obj_len{$obj{$nid{$b}}};
--
-- $r=($A-$B);
-- return($r) if $r != 0;
--
-- $A=$obj_der{$obj{$nid{$a}}};
-- $B=$obj_der{$obj{$nid{$b}}};
--
-- return($A cmp $B);
-- }
--
--sub expand_obj
-- {
-- local(*v)=@_;
-- local($k,$d);
-- local($i);
--
-- do {
-- $i=0;
-- foreach $k (keys %v)
-- {
-- if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/))
-- { $i++; }
-- }
-- } while($i);
-- foreach $k (keys %v)
-- {
-- @a=split(/,/,$v{$k});
-- $objn{$k}=$#a+1;
-- }
-- return(%objn);
-- }
--
--open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
--open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
--
--while (<IN>)
-- {
-- next unless /^\#define\s+(\S+)\s+(.*)$/;
-- $v=$1;
-- $d=$2;
-- $d =~ s/^\"//;
-- $d =~ s/\"$//;
-- if ($v =~ /^SN_(.*)$/)
-- {
-- if(defined $snames{$d})
-- {
-- print "WARNING: Duplicate short name \"$d\"\n";
-- }
-- else
-- { $snames{$d} = "X"; }
-- $sn{$1}=$d;
-- }
-- elsif ($v =~ /^LN_(.*)$/)
-- {
-- if(defined $lnames{$d})
-- {
-- print "WARNING: Duplicate long name \"$d\"\n";
-- }
-- else
-- { $lnames{$d} = "X"; }
-- $ln{$1}=$d;
-- }
-- elsif ($v =~ /^NID_(.*)$/)
-- { $nid{$d}=$1; }
-- elsif ($v =~ /^OBJ_(.*)$/)
-- {
-- $obj{$1}=$v;
-- $objd{$v}=$d;
-- }
-- }
-+# Generate the DER encoding for the given OID.
-+sub der_it
-+{
-+ # Prologue
-+ my ($v) = @_;
-+ my @a = split(/\s+/, $v);
-+ my $ret = pack("C*", $a[0] * 40 + $a[1]);
-+ shift @a;
-+ shift @a;
-+
-+ # Loop over rest of bytes; or in 0x80 for multi-byte numbers.
-+ my $t;
-+ foreach (@a) {
-+ my @r = ();
-+ $t = 0;
-+ while ($_ >= 128) {
-+ my $x = $_ % 128;
-+ $_ /= 128;
-+ push(@r, ($t++ ? 0x80 : 0) | $x);
-+ }
-+ push(@r, ($t++ ? 0x80 : 0) | $_);
-+ $ret .= pack("C*", reverse(@r));
-+ }
-+ return $ret;
-+}
-+
-+
-+# Read input, parse all #define's into OID name and value.
-+# Populate %ln and %sn with long and short names (%dupln and %dupsn)
-+# are used to watch for duplicates. Also %nid and %obj get the
-+# NID and OBJ entries.
-+my %ln;
-+my %sn;
-+my %dupln;
-+my %dupsn;
-+my %nid;
-+my %obj;
-+my %objd;
-+open(IN, "$ARGV[0]") || die "Can't open input file $ARGV[0], $!";
-+while (<IN>) {
-+ next unless /^\#define\s+(\S+)\s+(.*)$/;
-+ my $v = $1;
-+ my $d = $2;
-+ $d =~ s/^\"//;
-+ $d =~ s/\"$//;
-+ if ($v =~ /^SN_(.*)$/) {
-+ if (defined $dupsn{$d}) {
-+ print "WARNING: Duplicate short name \"$d\"\n";
-+ } else {
-+ $dupsn{$d} = 1;
-+ }
-+ $sn{$1} = $d;
-+ }
-+ elsif ($v =~ /^LN_(.*)$/) {
-+ if (defined $dupln{$d}) {
-+ print "WARNING: Duplicate long name \"$d\"\n";
-+ } else {
-+ $dupln{$d} = 1;
-+ }
-+ $ln{$1} = $d;
-+ }
-+ elsif ($v =~ /^NID_(.*)$/) {
-+ $nid{$d} = $1;
-+ }
-+ elsif ($v =~ /^OBJ_(.*)$/) {
-+ $obj{$1} = $v;
-+ $objd{$v} = $d;
-+ }
-+}
- close IN;
-
--%ob=&expand_obj(*objd);
--
-- at a=sort { $a <=> $b } keys %nid;
--$n=$a[$#a]+1;
--
-- at lvalues=();
--$lvalues=0;
--
--for ($i=0; $i<$n; $i++)
-- {
-- if (!defined($nid{$i}))
-- {
-- push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n");
-- }
-- else
-- {
-- $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
-- $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
--
-- if ($sn eq "NULL") {
-- $sn=$ln;
-- $sn{$nid{$i}} = $ln;
-- }
--
-- if ($ln eq "NULL") {
-- $ln=$sn;
-- $ln{$nid{$i}} = $sn;
-- }
--
-- $out ="{";
-- $out.="\"$sn\"";
-- $out.=","."\"$ln\"";
-- $out.=",NID_$nid{$i},";
-- if (defined($obj{$nid{$i}}) && $objd{$obj{$nid{$i}}} =~ /,/)
-- {
-- $v=$objd{$obj{$nid{$i}}};
-- $v =~ s/L//g;
-- $v =~ s/,/ /g;
-- $r=&der_it($v);
-- $z="";
-- $length=0;
-- foreach (unpack("C*",$r))
-- {
-- $z.=sprintf("0x%02X,",$_);
-- $length++;
-- }
-- $obj_der{$obj{$nid{$i}}}=$z;
-- $obj_len{$obj{$nid{$i}}}=$length;
--
-- push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",
-- $z,$lvalues,$obj{$nid{$i}}));
-- $out.="$length,&(lvalues[$lvalues]),0";
-- $lvalues+=$length;
-- }
-- else
-- {
-- $out.="0,NULL,0";
-- }
-- $out.="},\n";
-- push(@out,$out);
-- }
-- }
--
-- at a=grep(defined($sn{$nid{$_}}),0 .. $n);
--foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
-- {
-- push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_));
-- }
--
-- at a=grep(defined($ln{$nid{$_}}),0 .. $n);
--foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
-- {
-- push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_));
-- }
--
-- at a=grep(defined($obj{$nid{$_}}),0 .. $n);
--foreach (sort obj_cmp @a)
-- {
-- $m=$obj{$nid{$_}};
-- $v=$objd{$m};
-- $v =~ s/L//g;
-- $v =~ s/,/ /g;
-- push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v));
-- }
-+# For every value in %obj, recursively expand OBJ_xxx values. That is:
-+# #define OBJ_iso 1L
-+# #define OBJ_identified_organization OBJ_iso,3L
-+# Modify %objd values in-place. Create an %objn array that has
-+my $changed;
-+do {
-+ $changed = 0;
-+ foreach my $k (keys %objd) {
-+ $changed = 1 if $objd{$k} =~ s/(OBJ_[^,]+),/$objd{$1},/;
-+ }
-+} while ($changed);
-+
-+my @a = sort { $a <=> $b } keys %nid;
-+my $n = $a[$#a] + 1;
-+my @lvalues = ();
-+my $lvalues = 0;
-+
-+# Scan all defined objects, building up the @out array.
-+# %obj_der holds the DER encoding as an array of bytes, and %obj_len
-+# holds the length in bytes.
-+my @out;
-+my %obj_der;
-+my %obj_len;
-+for (my $i = 0; $i < $n; $i++) {
-+ if (!defined $nid{$i}) {
-+ push(@out, " { NULL, NULL, NID_undef },\n");
-+ next;
-+ }
-+
-+ my $sn = defined $sn{$nid{$i}} ? "$sn{$nid{$i}}" : "NULL";
-+ my $ln = defined $ln{$nid{$i}} ? "$ln{$nid{$i}}" : "NULL";
-+ if ($sn eq "NULL") {
-+ $sn = $ln;
-+ $sn{$nid{$i}} = $ln;
-+ }
-+ if ($ln eq "NULL") {
-+ $ln = $sn;
-+ $ln{$nid{$i}} = $sn;
-+ }
-+
-+ my $out = " {\"$sn\", \"$ln\", NID_$nid{$i}";
-+ if (defined $obj{$nid{$i}} && $objd{$obj{$nid{$i}}} =~ /,/) {
-+ my $v = $objd{$obj{$nid{$i}}};
-+ $v =~ s/L//g;
-+ $v =~ s/,/ /g;
-+ my $r = &der_it($v);
-+ my $z = "";
-+ my $length = 0;
-+ # Format using fixed-with because we use strcmp later.
-+ foreach (unpack("C*",$r)) {
-+ $z .= sprintf("0x%02X,", $_);
-+ $length++;
-+ }
-+ $obj_der{$obj{$nid{$i}}} = $z;
-+ $obj_len{$obj{$nid{$i}}} = $length;
-+
-+ push(@lvalues,
-+ sprintf(" %-45s /* [%5d] %s */\n",
-+ $z, $lvalues, $obj{$nid{$i}}));
-+ $out .= ", $length, &so[$lvalues]";
-+ $lvalues += $length;
-+ }
-+ $out .= "},\n";
-+ push(@out, $out);
-+}
-
-+# Finally ready to generate the output.
-+open(OUT, ">$ARGV[1]") || die "Can't open output file $ARGV[1], $!";
- print OUT <<'EOF';
--/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
-- * following command:
-- * perl obj_dat.pl obj_mac.h obj_dat.h
-- */
--
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/obj_dat.pl
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- EOF
-
--printf OUT "#define NUM_NID %d\n",$n;
--printf OUT "#define NUM_SN %d\n",$#sn+1;
--printf OUT "#define NUM_LN %d\n",$#ln+1;
--printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
--
--printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1;
-+print OUT "/* Serialized OID's */\n";
-+printf OUT "static const unsigned char so[%d] = {\n", $lvalues + 1;
- print OUT @lvalues;
- print OUT "};\n\n";
-
--printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID]={\n";
--foreach (@out)
-- {
-- if (length($_) > 75)
-- {
-- $out="";
-- foreach (split(/,/))
-- {
-- $t=$out.$_.",";
-- if (length($t) > 70)
-- {
-- print OUT "$out\n";
-- $t="\t$_,";
-- }
-- $out=$t;
-- }
-- chop $out; # Get rid of the last comma
-- print OUT "$out";
-- }
-- else
-- { print OUT $_; }
-- }
-+printf OUT "#define NUM_NID %d\n", $n;
-+printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n";
-+print OUT @out;
- print OUT "};\n\n";
-
--printf OUT "static const unsigned int sn_objs[NUM_SN]={\n";
--print OUT @sn;
-+{
-+ no warnings "uninitialized";
-+ @a = grep(defined $sn{$nid{$_}}, 0 .. $n);
-+}
-+printf OUT "#define NUM_SN %d\n", $#a + 1;
-+printf OUT "static const unsigned int sn_objs[NUM_SN] = {\n";
-+foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) {
-+ printf OUT " %4d, /* \"$sn{$nid{$_}}\" */\n", $_;
-+}
- print OUT "};\n\n";
-
--printf OUT "static const unsigned int ln_objs[NUM_LN]={\n";
--print OUT @ln;
-+{
-+ no warnings "uninitialized";
-+ @a = grep(defined $ln{$nid{$_}}, 0 .. $n);
-+}
-+printf OUT "#define NUM_LN %d\n", $#a + 1;
-+printf OUT "static const unsigned int ln_objs[NUM_LN] = {\n";
-+foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) {
-+ printf OUT " %4d, /* \"$ln{$nid{$_}}\" */\n", $_;
-+}
- print OUT "};\n\n";
-
--printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n";
--print OUT @ob;
--print OUT "};\n\n";
-+{
-+ no warnings "uninitialized";
-+ @a = grep(defined $obj{$nid{$_}}, 0 .. $n);
-+}
-+printf OUT "#define NUM_OBJ %d\n", $#a + 1;
-+printf OUT "static const unsigned int obj_objs[NUM_OBJ] = {\n";
-
--close OUT;
-+# Compare DER; prefer shorter; if some length, use the "smaller" encoding.
-+sub obj_cmp
-+{
-+ no warnings "uninitialized";
-+ my $A = $obj_len{$obj{$nid{$a}}};
-+ my $B = $obj_len{$obj{$nid{$b}}};
-+ my $r = $A - $B;
-+ return $r if $r != 0;
-+
-+ $A = $obj_der{$obj{$nid{$a}}};
-+ $B = $obj_der{$obj{$nid{$b}}};
-+ return $A cmp $B;
-+}
-+foreach (sort obj_cmp @a) {
-+ my $m = $obj{$nid{$_}};
-+ my $v = $objd{$m};
-+ $v =~ s/L//g;
-+ $v =~ s/,/ /g;
-+ printf OUT " %4d, /* %-32s %s */\n", $_, $m, $v;
-+}
-+print OUT "};\n";
-
--sub der_it
-- {
-- local($v)=@_;
-- local(@a,$i,$ret, at r);
--
-- @a=split(/\s+/,$v);
-- $ret.=pack("C*",$a[0]*40+$a[1]);
-- shift @a;
-- shift @a;
-- foreach (@a)
-- {
-- @r=();
-- $t=0;
-- while ($_ >= 128)
-- {
-- $x=$_%128;
-- $_/=128;
-- push(@r,((($t++)?0x80:0)|$x));
-- }
-- push(@r,((($t++)?0x80:0)|$_));
-- $ret.=pack("C*",reverse(@r));
-- }
-- return($ret);
-- }
-+close OUT;
---- a/crypto/objects/obj_err.c
-+++ b/crypto/objects/obj_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -80,14 +30,14 @@ static ERR_STRING_DATA OBJ_str_functs[]
- };
-
- static ERR_STRING_DATA OBJ_str_reasons[] = {
-- {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"},
-+ {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"},
- {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
- {0, NULL}
- };
-
- #endif
-
--void ERR_load_OBJ_strings(void)
-+int ERR_load_OBJ_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -96,4 +46,5 @@ void ERR_load_OBJ_strings(void)
- ERR_load_strings(0, OBJ_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/objects/obj_lcl.h
-+++ b/crypto/objects/obj_lcl.h
-@@ -1,4 +1,11 @@
--
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- typedef struct name_funcs_st NAME_FUNCS;
- DEFINE_STACK_OF(NAME_FUNCS)
---- a/crypto/objects/obj_lib.c
-+++ b/crypto/objects/obj_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -65,59 +17,42 @@
- ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
- {
- ASN1_OBJECT *r;
-- int i;
-- char *ln = NULL, *sn = NULL;
-- unsigned char *data = NULL;
-
- if (o == NULL)
-- return (NULL);
-+ return NULL;
-+ /* If object isn't dynamic it's an internal OID which is never freed */
- if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-- return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication
-- * is this??? */
-+ return ((ASN1_OBJECT *)o);
-
- r = ASN1_OBJECT_new();
- if (r == NULL) {
- OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
- return (NULL);
- }
-- data = OPENSSL_malloc(o->length);
-- if (data == NULL)
-- goto err;
-- if (o->data != NULL)
-- memcpy(data, o->data, o->length);
-- /* once data attached to object it remains const */
-- r->data = data;
-- r->length = o->length;
-- r->nid = o->nid;
-- r->ln = r->sn = NULL;
-- if (o->ln != NULL) {
-- i = strlen(o->ln) + 1;
-- ln = OPENSSL_malloc(i);
-- if (ln == NULL)
-- goto err;
-- memcpy(ln, o->ln, i);
-- r->ln = ln;
-- }
-
-- if (o->sn != NULL) {
-- i = strlen(o->sn) + 1;
-- sn = OPENSSL_malloc(i);
-- if (sn == NULL)
-- goto err;
-- memcpy(sn, o->sn, i);
-- r->sn = sn;
-- }
-+ /* Set dynamic flags so everything gets freed up on error */
-+
- r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
- ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-- return (r);
-+
-+ if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL)
-+ goto err;
-+
-+ r->length = o->length;
-+ r->nid = o->nid;
-+
-+ if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL)
-+ goto err;
-+
-+ if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL)
-+ goto err;
-+
-+ return r;
- err:
-+ ASN1_OBJECT_free(r);
- OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
-- OPENSSL_free(ln);
-- OPENSSL_free(sn);
-- OPENSSL_free(data);
-- OPENSSL_free(r);
-- return (NULL);
-+ return NULL;
- }
-
- int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -1055,3 +1055,6 @@ fips_none 1054
- fips_140_2 1055
- blake2b512 1056
- blake2s256 1057
-+id_smime_ct_contentCollection 1058
-+id_smime_ct_authEnvelopedData 1059
-+id_ct_xml 1060
---- a/crypto/objects/obj_xref.c
-+++ b/crypto/objects/obj_xref.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/objects.h>
---- a/crypto/objects/obj_xref.h
-+++ b/crypto/objects/obj_xref.h
-@@ -1,4 +1,15 @@
--/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
-+/*
-+ * WARNING: do not edit!
-+ * Generated by objxref.pl
-+ *
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-
- typedef struct {
- int sign_id;
---- a/crypto/objects/objects.README
-+++ /dev/null
-@@ -1,44 +0,0 @@
--objects.txt syntax
--------------------
--
--To cover all the naming hacks that were previously in objects.h needed some
--kind of hacks in objects.txt.
--
--The basic syntax for adding an object is as follows:
--
-- 1 2 3 4 : shortName : Long Name
--
-- If Long Name contains only word characters and hyphen-minus
-- (0x2D) or full stop (0x2E) then Long Name is used as basis
-- for the base name in C. Otherwise, the shortName is used.
--
-- The base name (let's call it 'base') will then be used to
-- create the C macros SN_base, LN_base, NID_base and OBJ_base.
--
-- Note that if the base name contains spaces, dashes or periods,
-- those will be converte to underscore.
--
--Then there are some extra commands:
--
-- !Alias foo 1 2 3 4
--
-- This just makes a name foo for an OID. The C macro
-- OBJ_foo will be created as a result.
--
-- !Cname foo
--
-- This makes sure that the name foo will be used as base name
-- in C.
--
-- !module foo
-- 1 2 3 4 : shortName : Long Name
-- !global
--
-- The !module command was meant to define a kind of modularity.
-- What it does is to make sure the module name is prepended
-- to the base name. !global turns this off. This construction
-- is not recursive.
--
--Lines starting with # are treated as comments, as well as any line starting
--with ! and not matching the commands above.
--
---- a/crypto/objects/objects.pl
-+++ b/crypto/objects/objects.pl
-@@ -1,4 +1,10 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
- $max_nid=0;
-@@ -120,65 +126,14 @@ close NUMOUT;
- open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
- print OUT <<'EOF';
- /*
-- * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
-- * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
-- */
--
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/objects.pl
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define SN_undef "UNDEF"
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -257,7 +257,10 @@ id-smime-ct 6 : id-smime-ct-contentInfo
- id-smime-ct 7 : id-smime-ct-DVCSRequestData
- id-smime-ct 8 : id-smime-ct-DVCSResponseData
- id-smime-ct 9 : id-smime-ct-compressedData
-+id-smime-ct 19 : id-smime-ct-contentCollection
-+id-smime-ct 23 : id-smime-ct-authEnvelopedData
- id-smime-ct 27 : id-ct-asciiTextWithCRLF
-+id-smime-ct 28 : id-ct-xml
-
- # S/MIME Attributes
- id-smime-aa 1 : id-smime-aa-receiptRequest
---- a/crypto/objects/objxref.pl
-+++ b/crypto/objects/objxref.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
-
-@@ -60,7 +67,18 @@ my $pname = $0;
- $pname =~ s|.*/||;
-
- print <<EOF;
--/* AUTOGENERATED BY $pname, DO NOT EDIT */
-+/*
-+ * WARNING: do not edit!
-+ * Generated by $pname
-+ *
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-
- typedef struct {
- int sign_id;
---- a/crypto/ocsp/Makefile.in
-+++ /dev/null
-@@ -1,46 +0,0 @@
--#
--# OpenSSL/ocsp/Makefile
--#
--
--DIR= ocsp
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
-- ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c v3_ocsp.c
--
--LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
-- ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o v3_ocsp.o
--
--SRC= $(LIBSRC)
--
--HEADER= ocsp_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/ocsp/ocsp_asn.c
-+++ b/crypto/ocsp/ocsp_asn.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <openssl/asn1.h>
- #include <openssl/asn1t.h>
- #include <openssl/ocsp.h>
---- a/crypto/ocsp/ocsp_cl.c
-+++ b/crypto/ocsp/ocsp_cl.c
-@@ -1,73 +1,16 @@
- /*
-- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
-- * project.
-- */
--
--/*
-- * History: This file was transferred to Richard Levitte from CertCo by Kathy
-- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
-- * patch kit.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <time.h>
- #include "internal/cryptlib.h"
- #include <openssl/objects.h>
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/pem.h>
- #include <openssl/x509v3.h>
-@@ -89,11 +32,13 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_R
- OCSP_ONEREQ *one = NULL;
-
- if ((one = OCSP_ONEREQ_new()) == NULL)
-- goto err;
-+ return NULL;
- OCSP_CERTID_free(one->reqCert);
- one->reqCert = cid;
-- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
-+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
-+ one->reqCert = NULL; /* do not free on error */
- goto err;
-+ }
- return one;
- err:
- OCSP_ONEREQ_free(one);
-@@ -248,6 +193,29 @@ ASN1_GENERALIZEDTIME *OCSP_resp_get0_pro
- return bs->tbsResponseData.producedAt;
- }
-
-+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
-+{
-+ return bs->certs;
-+}
-+
-+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
-+ const ASN1_OCTET_STRING **pid,
-+ const X509_NAME **pname)
-+
-+{
-+ const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
-+ if (rid->type == V_OCSP_RESPID_NAME) {
-+ *pname = rid->value.byName;
-+ *pid = NULL;
-+ } else if (rid->type == V_OCSP_RESPID_KEY) {
-+ *pid = rid->value.byKey;
-+ *pname = NULL;
-+ } else {
-+ return 0;
-+ }
-+ return 1;
-+}
-+
- /* Look single response matching a given certificate ID */
-
- int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
---- a/crypto/ocsp/ocsp_err.c
-+++ b/crypto/ocsp/ocsp_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,7 +19,6 @@
- # define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-
- static ERR_STRING_DATA OCSP_str_functs[] = {
-- {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
- {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"},
- {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
- {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-@@ -84,15 +33,11 @@ static ERR_STRING_DATA OCSP_str_functs[]
- {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
- {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
- {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
-- {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
-- {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
- {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"},
-- {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
- {0, NULL}
- };
-
- static ERR_STRING_DATA OCSP_str_reasons[] = {
-- {ERR_REASON(OCSP_R_BAD_DATA), "bad data"},
- {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
- {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
- {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
-@@ -106,8 +51,6 @@ static ERR_STRING_DATA OCSP_str_reasons[
- "nextupdate before thisupdate"},
- {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
- {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
-- {ERR_REASON(OCSP_R_NO_CONTENT), "no content"},
-- {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"},
- {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
- {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
- {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"},
-@@ -117,11 +60,9 @@ static ERR_STRING_DATA OCSP_str_reasons[
- {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
- "response contains no revocation data"},
- {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
-- {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"},
- {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
- {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
- "server response parse error"},
-- {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"},
- {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
- {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
- "signer certificate not found"},
-@@ -137,7 +78,7 @@ static ERR_STRING_DATA OCSP_str_reasons[
-
- #endif
-
--void ERR_load_OCSP_strings(void)
-+int ERR_load_OCSP_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -146,4 +87,5 @@ void ERR_load_OCSP_strings(void)
- ERR_load_strings(0, OCSP_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/ocsp/ocsp_ext.c
-+++ b/crypto/ocsp/ocsp_ext.c
-@@ -1,66 +1,10 @@
- /*
-- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
-- * project.
-- */
--
--/*
-- * History: This file was transferred to Richard Levitte from CertCo by Kathy
-- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
-- * patch kit.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -509,12 +453,16 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509
- goto err;
- ad->location->type = GEN_URI;
- ad->location->d.ia5 = ia5;
-+ ia5 = NULL;
- if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
- goto err;
-+ ad = NULL;
- urls++;
- }
- x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
- err:
-+ ASN1_IA5STRING_free(ia5);
-+ ACCESS_DESCRIPTION_free(ad);
- OCSP_SERVICELOC_free(sloc);
- return x;
- }
---- a/crypto/ocsp/ocsp_ht.c
-+++ b/crypto/ocsp/ocsp_ht.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ocsp/ocsp_lcl.h
-+++ b/crypto/ocsp/ocsp_lcl.h
-@@ -1,66 +1,10 @@
- /*
-- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
-- * project.
-- */
--
--/*
-- * History: This file was transferred to Richard Levitte from CertCo by Kathy
-- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
-- * patch kit.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*- CertID ::= SEQUENCE {
---- a/crypto/ocsp/ocsp_lib.c
-+++ b/crypto/ocsp/ocsp_lib.c
-@@ -1,72 +1,15 @@
- /*
-- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
-- * project.
-- */
--
--/*
-- * History: This file was transferred to Richard Levitte from CertCo by Kathy
-- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
-- * patch kit.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/objects.h>
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/pem.h>
- #include <openssl/x509v3.h>
---- a/crypto/ocsp/ocsp_prn.c
-+++ b/crypto/ocsp/ocsp_prn.c
-@@ -1,72 +1,17 @@
- /*
-- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
-- * project.
-- */
--
--/*
-- * History: This file was originally part of ocsp.c and was transferred to
-- * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
-- * included in OpenSSL or released as a patch kit.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/bio.h>
- #include <openssl/err.h>
- #include <openssl/ocsp.h>
- #include "ocsp_lcl.h"
-+#include "internal/cryptlib.h"
- #include <openssl/pem.h>
-
- static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
-@@ -90,15 +35,17 @@ typedef struct {
- const char *m;
- } OCSP_TBLSTR;
-
--static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
-+static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
- {
-- const OCSP_TBLSTR *p;
-- for (p = ts; p < ts + len; p++)
-- if (p->t == s)
-- return p->m;
-+ size_t i;
-+ for (i = 0; i < len; i++, ts++)
-+ if (ts->t == s)
-+ return ts->m;
- return "(UNKNOWN)";
- }
-
-+#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
-+
- const char *OCSP_response_status_str(long s)
- {
- static const OCSP_TBLSTR rstat_tbl[] = {
-@@ -109,7 +56,7 @@ const char *OCSP_response_status_str(lon
- {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
- {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
- };
-- return table2string(s, rstat_tbl, 6);
-+ return table2string(s, rstat_tbl);
- }
-
- const char *OCSP_cert_status_str(long s)
-@@ -119,7 +66,7 @@ const char *OCSP_cert_status_str(long s)
- {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
- {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
- };
-- return table2string(s, cstat_tbl, 3);
-+ return table2string(s, cstat_tbl);
- }
-
- const char *OCSP_crl_reason_str(long s)
-@@ -134,7 +81,7 @@ const char *OCSP_crl_reason_str(long s)
- {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
- {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
- };
-- return table2string(s, reason_tbl, 8);
-+ return table2string(s, reason_tbl);
- }
-
- int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
---- a/crypto/ocsp/ocsp_srv.c
-+++ b/crypto/ocsp/ocsp_srv.c
-@@ -1,65 +1,15 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/objects.h>
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/pem.h>
- #include <openssl/x509v3.h>
---- a/crypto/ocsp/ocsp_vfy.c
-+++ b/crypto/ocsp/ocsp_vfy.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/ocsp.h>
-@@ -176,7 +127,6 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
- if (bs->certs && certs)
- sk_X509_free(untrusted);
- return ret;
-- goto end;
-
- err:
- ret = 0;
---- a/crypto/ocsp/v3_ocsp.c
-+++ b/crypto/ocsp/v3_ocsp.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- # include <stdio.h>
---- a/crypto/pariscid.pl
-+++ b/crypto/pariscid.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $flavour = shift;
- $output = shift;
-@@ -127,6 +134,37 @@ L\$done
- bv ($rp)
- .EXIT
- nop
-+ .PROCEND
-+___
-+}
-+{
-+my ($in1,$in2,$len)=("%r26","%r25","%r24");
-+
-+$code.=<<___;
-+ .EXPORT CRYPTO_memcmp,ENTRY,ARGW0=GR,ARGW1=GR,ARGW1=GR
-+ .ALIGN 8
-+CRYPTO_memcmp
-+ .PROC
-+ .CALLINFO NO_CALLS
-+ .ENTRY
-+ cmpib,*= 0,$len,L\$no_data
-+ xor $rv,$rv,$rv
-+
-+L\$oop_cmp
-+ ldb 0($in1),%r19
-+ ldb 0($in2),%r20
-+ ldo 1($in1),$in1
-+ ldo 1($in2),$in2
-+ xor %r19,%r20,%r29
-+ addib,*<> -1,$len,L\$oop_cmp
-+ or %r29,$rv,$rv
-+
-+ sub %r0,$rv,%r29
-+ extru %r29,31,1,$rv
-+L\$no_data
-+ bv ($rp)
-+ .EXIT
-+ nop
- .PROCEND
- ___
- }
---- a/crypto/pem/Makefile.in
-+++ /dev/null
-@@ -1,46 +0,0 @@
--#
--# OpenSSL/crypto/pem/Makefile
--#
--
--DIR= pem
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= pem_sign.c pem_info.c pem_lib.c pem_all.c pem_err.c \
-- pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
--
--LIBOBJ= pem_sign.o pem_info.o pem_lib.o pem_all.o pem_err.o \
-- pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/pem/message
-+++ /dev/null
-@@ -1,16 +0,0 @@
-------BEGIN PRIVACY-ENHANCED MESSAGE-----
--Proc-Type: 4,ENCRYPTED
--Proc-Type: 4,MIC-ONLY
--Proc-Type: 4,MIC-CLEAR
--Content-Domain: RFC822
--DEK-Info: DES-CBC,0123456789abcdef
--Originator-Certificate
-- xxxx
--Issuer-Certificate
-- xxxx
--MIC-Info: RSA-MD5,RSA,
-- xxxx
--
--
-------END PRIVACY-ENHANCED MESSAGE-----
--
---- a/crypto/pem/pem_all.c
-+++ b/crypto/pem/pem_all.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pem/pem_err.c
-+++ b/crypto/pem/pem_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -92,10 +42,7 @@ static ERR_STRING_DATA PEM_str_functs[]
- {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
- {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
- {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-- {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),
-- "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
- {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
-- {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
- {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
- {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
- {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"},
-@@ -129,21 +76,23 @@ static ERR_STRING_DATA PEM_str_reasons[]
- "expecting private key blob"},
- {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
- "expecting public key blob"},
-+ {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"},
- {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
- {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
- "keyblob header parse error"},
- {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
-+ {ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"},
- {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
- {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
- {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
- {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
- {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
- "problems getting password"},
-- {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
- {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
- {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
- {ERR_REASON(PEM_R_READ_KEY), "read key"},
- {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
-+ {ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
- {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
- {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
- {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
-@@ -153,7 +102,7 @@ static ERR_STRING_DATA PEM_str_reasons[]
-
- #endif
-
--void ERR_load_PEM_strings(void)
-+int ERR_load_PEM_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -162,4 +111,5 @@ void ERR_load_PEM_strings(void)
- ERR_load_strings(0, PEM_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/pem/pem_info.c
-+++ b/crypto/pem/pem_info.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pem/pem_lib.c
-+++ b/crypto/pem/pem_lib.c
-@@ -1,62 +1,15 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <ctype.h>
-+#include <string.h>
- #include "internal/cryptlib.h"
- #include <openssl/buffer.h>
- #include <openssl/objects.h>
-@@ -78,41 +31,49 @@ int pem_check_suffix(const char *pem_str
- int PEM_def_callback(char *buf, int num, int w, void *key)
- {
- #if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
-- /*
-- * We should not ever call the default callback routine from windows.
-- */
-- PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-- return (-1);
-+ int i;
- #else
- int i, j;
- const char *prompt;
-+#endif
-+
- if (key) {
- i = strlen(key);
- i = (i > num) ? num : i;
- memcpy(buf, key, i);
-- return (i);
-+ return i;
- }
-
-+#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
-+ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-+ return -1;
-+#else
- prompt = EVP_get_pw_prompt();
- if (prompt == NULL)
- prompt = "Enter PEM pass phrase:";
-
- for (;;) {
-- i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
-+ /*
-+ * We assume that w == 0 means decryption,
-+ * while w == 1 means encryption
-+ */
-+ int min_len = w ? MIN_LENGTH : 0;
-+
-+ i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
- if (i != 0) {
- PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
- memset(buf, 0, (unsigned int)num);
-- return (-1);
-+ return -1;
- }
- j = strlen(buf);
-- if (j < MIN_LENGTH) {
-+ if (min_len && j < min_len) {
- fprintf(stderr,
- "phrase is too short, needs to be at least %d chars\n",
-- MIN_LENGTH);
-+ min_len);
- } else
- break;
- }
-- return (j);
-+ return j;
- #endif
- }
-
-@@ -344,7 +305,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d,
-
- if (enc != NULL) {
- objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-- if (objstr == NULL) {
-+ if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
- goto err;
- }
-@@ -431,115 +392,153 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d,
- int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
- pem_password_cb *callback, void *u)
- {
-- int i = 0, j, o, klen;
-- long len;
-+ int ok;
-+ int keylen;
-+ long len = *plen;
-+ int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */
- EVP_CIPHER_CTX *ctx;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- char buf[PEM_BUFSIZE];
-
-- len = *plen;
-+#if LONG_MAX > INT_MAX
-+ /* Check that we did not truncate the length */
-+ if (len > INT_MAX) {
-+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
-+ return 0;
-+ }
-+#endif
-
- if (cipher->cipher == NULL)
-- return (1);
-+ return 1;
- if (callback == NULL)
-- klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
-+ keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
- else
-- klen = callback(buf, PEM_BUFSIZE, 0, u);
-- if (klen <= 0) {
-+ keylen = callback(buf, PEM_BUFSIZE, 0, u);
-+ if (keylen <= 0) {
- PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
-- return (0);
-+ return 0;
- }
- #ifdef CHARSET_EBCDIC
- /* Convert the pass phrase from EBCDIC */
-- ebcdic2ascii(buf, buf, klen);
-+ ebcdic2ascii(buf, buf, keylen);
- #endif
-
- if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
-- (unsigned char *)buf, klen, 1, key, NULL))
-+ (unsigned char *)buf, keylen, 1, key, NULL))
- return 0;
-
-- j = (int)len;
- ctx = EVP_CIPHER_CTX_new();
- if (ctx == NULL)
- return 0;
-- o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
-- if (o)
-- o = EVP_DecryptUpdate(ctx, data, &i, data, j);
-- if (o)
-- o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j);
-+
-+ ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
-+ if (ok)
-+ ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen);
-+ if (ok) {
-+ /* Squirrel away the length of data decrypted so far. */
-+ *plen = ilen;
-+ ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen);
-+ }
-+ if (ok)
-+ *plen += ilen;
-+ else
-+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
-+
- EVP_CIPHER_CTX_free(ctx);
- OPENSSL_cleanse((char *)buf, sizeof(buf));
- OPENSSL_cleanse((char *)key, sizeof(key));
-- if (o)
-- j += i;
-- else {
-- PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
-- return (0);
-- }
-- *plen = j;
-- return (1);
-+ return ok;
- }
-
-+/*
-+ * This implements a very limited PEM header parser that does not support the
-+ * full grammar of rfc1421. In particular, folded headers are not supported,
-+ * nor is additional whitespace.
-+ *
-+ * A robust implementation would make use of a library that turns the headers
-+ * into a BIO from which one folded line is read at a time, and is then split
-+ * into a header label and content. We would then parse the content of the
-+ * headers we care about. This is overkill for just this limited use-case, but
-+ * presumably we also parse rfc822-style headers for S/MIME, so a common
-+ * abstraction might well be more generally useful.
-+ */
- int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
- {
-+ static const char ProcType[] = "Proc-Type:";
-+ static const char ENCRYPTED[] = "ENCRYPTED";
-+ static const char DEKInfo[] = "DEK-Info:";
- const EVP_CIPHER *enc = NULL;
-+ int ivlen;
- char *dekinfostart, c;
-
- cipher->cipher = NULL;
- if ((header == NULL) || (*header == '\0') || (*header == '\n'))
-- return (1);
-- if (strncmp(header, "Proc-Type: ", 11) != 0) {
-+ return 1;
-+
-+ if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
-- return (0);
-+ return 0;
- }
-- header += 11;
-- if (*header != '4')
-- return (0);
-- header++;
-- if (*header != ',')
-- return (0);
-- header++;
-- if (strncmp(header, "ENCRYPTED", 9) != 0) {
-+ header += sizeof(ProcType)-1;
-+ header += strspn(header, " \t");
-+
-+ if (*header++ != '4' || *header++ != ',')
-+ return 0;
-+ header += strspn(header, " \t");
-+
-+ /* We expect "ENCRYPTED" followed by optional white-space + line break */
-+ if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
-+ strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
-- return (0);
-+ return 0;
- }
-- for (; (*header != '\n') && (*header != '\0'); header++) ;
-- if (*header == '\0') {
-+ header += sizeof(ENCRYPTED)-1;
-+ header += strspn(header, " \t\r");
-+ if (*header++ != '\n') {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
-- return (0);
-+ return 0;
- }
-- header++;
-- if (strncmp(header, "DEK-Info: ", 10) != 0) {
-+
-+ /*-
-+ * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
-+ * We expect "DEK-Info: algo[,hex-parameters]"
-+ */
-+ if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
-- return (0);
-+ return 0;
- }
-- header += 10;
-+ header += sizeof(DEKInfo)-1;
-+ header += strspn(header, " \t");
-
-+ /*
-+ * DEK-INFO is a comma-separated combination of algorithm name and optional
-+ * parameters.
-+ */
- dekinfostart = header;
-- for (;;) {
-- c = *header;
--#ifndef CHARSET_EBCDIC
-- if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-- ((c >= '0') && (c <= '9'))))
-- break;
--#else
-- if (!(isupper(c) || (c == '-') || isdigit(c)))
-- break;
--#endif
-- header++;
-- }
-+ header += strcspn(header, " \t,");
-+ c = *header;
- *header = '\0';
- cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
-- *header++ = c;
-+ *header = c;
-+ header += strspn(header, " \t");
-
- if (enc == NULL) {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
-- return (0);
-+ return 0;
- }
-+ ivlen = EVP_CIPHER_iv_length(enc);
-+ if (ivlen > 0 && *header++ != ',') {
-+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
-+ return 0;
-+ } else if (ivlen == 0 && *header == ',') {
-+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
-+ return 0;
-+ }
-+
- if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
-- return (0);
-+ return 0;
-
-- return (1);
-+ return 1;
- }
-
- static int load_iv(char **fromp, unsigned char *to, int num)
-@@ -552,13 +551,8 @@ static int load_iv(char **fromp, unsigne
- to[i] = 0;
- num *= 2;
- for (i = 0; i < num; i++) {
-- if ((*from >= '0') && (*from <= '9'))
-- v = *from - '0';
-- else if ((*from >= 'A') && (*from <= 'F'))
-- v = *from - 'A' + 10;
-- else if ((*from >= 'a') && (*from <= 'f'))
-- v = *from - 'a' + 10;
-- else {
-+ v = OPENSSL_hexchar2int(*from);
-+ if (v < 0) {
- PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
- return (0);
- }
-@@ -624,7 +618,8 @@ int PEM_write_bio(BIO *bp, const char *n
- i = j = 0;
- while (len > 0) {
- n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
-- EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n);
-+ if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
-+ goto err;
- if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
- goto err;
- i += outl;
---- a/crypto/pem/pem_oth.c
-+++ b/crypto/pem/pem_oth.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -60,7 +12,6 @@
- #include <openssl/buffer.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/pem.h>
-
---- a/crypto/pem/pem_pk8.c
-+++ b/crypto/pem/pem_pk8.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -60,7 +12,6 @@
- #include <openssl/buffer.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/pkcs12.h>
- #include <openssl/pem.h>
---- a/crypto/pem/pem_pkey.c
-+++ b/crypto/pem/pem_pkey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -60,7 +12,6 @@
- #include <openssl/buffer.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/pkcs12.h>
- #include <openssl/pem.h>
-@@ -143,11 +94,18 @@ int PEM_write_bio_PrivateKey(BIO *bp, EV
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
- {
-- char pem_str[80];
-- if (!x->ameth || x->ameth->priv_encode)
-+ if (x->ameth == NULL || x->ameth->priv_encode != NULL)
- return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
- (char *)kstr, klen, cb, u);
-+ return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
-+}
-
-+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
-+ const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u)
-+{
-+ char pem_str[80];
- BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
- return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
- pem_str, bp, x, enc, kstr, klen, cb, u);
---- a/crypto/pem/pem_sign.c
-+++ b/crypto/pem/pem_sign.c
-@@ -1,63 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
--#include <openssl/rand.h>
- #include <openssl/evp.h>
- #include <openssl/objects.h>
- #include <openssl/x509.h>
---- a/crypto/pem/pem_x509.c
-+++ b/crypto/pem/pem_x509.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pem/pem_xaux.c
-+++ b/crypto/pem/pem_xaux.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pem/pkcs7.lis
-+++ /dev/null
-@@ -1,22 +0,0 @@
--21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
-- 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
-- 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
-- 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
-- 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
-- 20 20:d=0 hl=2 l= 0 cons: univ: SET
-- 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
-- 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
-- 00 35:d=0 hl=2 l= 0 prim: univ: EOC
-- 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
-- 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
-- 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
-- 00 1116:d=0 hl=2 l= 0 prim: univ: EOC
-- 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
-- 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
-- 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
-- 00 2066:d=0 hl=2 l= 0 prim: univ: EOC
-- 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
-- 00 2070:d=0 hl=2 l= 0 prim: univ: EOC
-- 00 2072:d=0 hl=2 l= 0 prim: univ: EOC
-- 00 2074:d=0 hl=2 l= 0 prim: univ: EOC
--00 2076:d=0 hl=2 l= 0 prim: univ: EOC
---- a/crypto/pem/pvkfmt.c
-+++ b/crypto/pem/pvkfmt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -356,6 +307,7 @@ static EVP_PKEY *b2i_rsa(const unsigned
- const unsigned char *pin = *in;
- EVP_PKEY *ret = NULL;
- BIGNUM *e = NULL, *n = NULL, *d = NULL;
-+ BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
- RSA *rsa = NULL;
- unsigned int nbyte, hnbyte;
- nbyte = (bitlen + 7) >> 3;
-@@ -372,7 +324,6 @@ static EVP_PKEY *b2i_rsa(const unsigned
- if (!read_lebn(&pin, nbyte, &n))
- goto memerr;
- if (!ispub) {
-- BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
- if (!read_lebn(&pin, hnbyte, &p))
- goto memerr;
- if (!read_lebn(&pin, hnbyte, &q))
-@@ -388,7 +339,7 @@ static EVP_PKEY *b2i_rsa(const unsigned
- RSA_set0_factors(rsa, p, q);
- RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
- }
-- RSA_set0_key(rsa, e, n, d);
-+ RSA_set0_key(rsa, n, e, d);
-
- EVP_PKEY_set1_RSA(ret, rsa);
- RSA_free(rsa);
-@@ -396,6 +347,14 @@ static EVP_PKEY *b2i_rsa(const unsigned
- return ret;
- memerr:
- PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
-+ BN_free(e);
-+ BN_free(n);
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(dmp1);
-+ BN_free(dmq1);
-+ BN_free(iqmp);
-+ BN_free(d);
- RSA_free(rsa);
- EVP_PKEY_free(ret);
- return NULL;
-@@ -508,7 +467,8 @@ static int do_i2b_bio(BIO *out, EVP_PKEY
- static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
- {
- int bitlen;
-- BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
-+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
-+ const BIGNUM *pub_key = NULL, *priv_key = NULL;
-
- DSA_get0_pqg(dsa, &p, &q, &g);
- DSA_get0_key(dsa, &pub_key, &priv_key);
-@@ -535,9 +495,9 @@ static int check_bitlen_dsa(DSA *dsa, in
- static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
- {
- int nbyte, hnbyte, bitlen;
-- BIGNUM *e;
-+ const BIGNUM *e;
-
-- RSA_get0_key(rsa, &e, NULL, NULL);
-+ RSA_get0_key(rsa, NULL, &e, NULL);
- if (BN_num_bits(e) > 32)
- goto badkey;
- bitlen = RSA_bits(rsa);
-@@ -547,7 +507,7 @@ static int check_bitlen_rsa(RSA *rsa, in
- *pmagic = MS_RSA1MAGIC;
- return bitlen;
- } else {
-- BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
-+ const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
-
- *pmagic = MS_RSA2MAGIC;
-
-@@ -575,11 +535,11 @@ static int check_bitlen_rsa(RSA *rsa, in
- static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
- {
- int nbyte, hnbyte;
-- BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
-+ const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
-
- nbyte = RSA_size(rsa);
- hnbyte = (RSA_bits(rsa) + 15) >> 4;
-- RSA_get0_key(rsa, &e, &n, &d);
-+ RSA_get0_key(rsa, &n, &e, &d);
- write_lebn(out, e, 4);
- write_lebn(out, n, -1);
- if (ispub)
-@@ -597,7 +557,8 @@ static void write_rsa(unsigned char **ou
- static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
- {
- int nbyte;
-- BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
-+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
-+ const BIGNUM *pub_key = NULL, *priv_key = NULL;
-
- DSA_get0_pqg(dsa, &p, &q, &g);
- DSA_get0_key(dsa, &pub_key, &priv_key);
-@@ -798,27 +759,30 @@ static int i2b_PVK(unsigned char **out,
- pem_password_cb *cb, void *u)
- {
- int outlen = 24, pklen;
-- unsigned char *p, *salt = NULL;
-- EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
-+ unsigned char *p = NULL, *start = NULL, *salt = NULL;
-+ EVP_CIPHER_CTX *cctx = NULL;
- if (enclevel)
- outlen += PVK_SALTLEN;
- pklen = do_i2b(NULL, pk, 0);
- if (pklen < 0)
- return -1;
- outlen += pklen;
-- if (!out)
-+ if (out == NULL)
- return outlen;
-- if (*out)
-+ if (*out != NULL) {
- p = *out;
-- else {
-- p = OPENSSL_malloc(outlen);
-+ } else {
-+ start = p = OPENSSL_malloc(outlen);
- if (p == NULL) {
- PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
- return -1;
- }
-- *out = p;
- }
-
-+ cctx = EVP_CIPHER_CTX_new();
-+ if (cctx == NULL)
-+ goto error;
-+
- write_ledword(&p, MS_PVKMAGIC);
- write_ledword(&p, 0);
- if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
-@@ -835,9 +799,7 @@ static int i2b_PVK(unsigned char **out,
- p += PVK_SALTLEN;
- }
- do_i2b(&p, pk, 0);
-- if (enclevel == 0)
-- return outlen;
-- else {
-+ if (enclevel != 0) {
- char psbuf[PEM_BUFSIZE];
- unsigned char keybuf[20];
- int enctmplen, inlen;
-@@ -863,11 +825,18 @@ static int i2b_PVK(unsigned char **out,
- if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
- goto error;
- }
-+
- EVP_CIPHER_CTX_free(cctx);
-+
-+ if (*out == NULL)
-+ *out = start;
-+
- return outlen;
-
- error:
- EVP_CIPHER_CTX_free(cctx);
-+ if (*out == NULL)
-+ OPENSSL_free(start);
- return -1;
- }
-
---- /dev/null
-+++ b/crypto/perlasm/README
-@@ -0,0 +1,124 @@
-+The perl scripts in this directory are my 'hack' to generate
-+multiple different assembler formats via the one original script.
-+
-+The way to use this library is to start with adding the path to this directory
-+and then include it.
-+
-+push(@INC,"perlasm","../../perlasm");
-+require "x86asm.pl";
-+
-+The first thing we do is setup the file and type of assember
-+
-+&asm_init($ARGV[0],$0);
-+
-+The first argument is the 'type'. Currently
-+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
-+Argument 2 is the file name.
-+
-+The reciprocal function is
-+&asm_finish() which should be called at the end.
-+
-+There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
-+and x86unix.pl which is the unix (gas) version.
-+
-+Functions of interest are:
-+&external_label("des_SPtrans"); declare and external variable
-+&LB(reg); Low byte for a register
-+&HB(reg); High byte for a register
-+&BP(off,base,index,scale) Byte pointer addressing
-+&DWP(off,base,index,scale) Word pointer addressing
-+&stack_push(num) Basically a 'sub esp, num*4' with extra
-+&stack_pop(num) inverse of stack_push
-+&function_begin(name,extra) Start a function with pushing of
-+ edi, esi, ebx and ebp. extra is extra win32
-+ external info that may be required.
-+&function_begin_B(name,extra) Same as norma function_begin but no pushing.
-+&function_end(name) Call at end of function.
-+&function_end_A(name) Standard pop and ret, for use inside functions
-+&function_end_B(name) Call at end but with poping or 'ret'.
-+&swtmp(num) Address on stack temp word.
-+&wparam(num) Parameter number num, that was push
-+ in C convention. This all works over pushes
-+ and pops.
-+&comment("hello there") Put in a comment.
-+&label("loop") Refer to a label, normally a jmp target.
-+&set_label("loop") Set a label at this point.
-+&data_word(word) Put in a word of data.
-+
-+So how does this all hold together? Given
-+
-+int calc(int len, int *data)
-+ {
-+ int i,j=0;
-+
-+ for (i=0; i<len; i++)
-+ {
-+ j+=other(data[i]);
-+ }
-+ }
-+
-+So a very simple version of this function could be coded as
-+
-+ push(@INC,"perlasm","../../perlasm");
-+ require "x86asm.pl";
-+
-+ &asm_init($ARGV[0],"cacl.pl");
-+
-+ &external_label("other");
-+
-+ $tmp1= "eax";
-+ $j= "edi";
-+ $data= "esi";
-+ $i= "ebp";
-+
-+ &comment("a simple function");
-+ &function_begin("calc");
-+ &mov( $data, &wparam(1)); # data
-+ &xor( $j, $j);
-+ &xor( $i, $i);
-+
-+ &set_label("loop");
-+ &cmp( $i, &wparam(0));
-+ &jge( &label("end"));
-+
-+ &mov( $tmp1, &DWP(0,$data,$i,4));
-+ &push( $tmp1);
-+ &call( "other");
-+ &add( $j, "eax");
-+ &pop( $tmp1);
-+ &inc( $i);
-+ &jmp( &label("loop"));
-+
-+ &set_label("end");
-+ &mov( "eax", $j);
-+
-+ &function_end("calc");
-+
-+ &asm_finish();
-+
-+The above example is very very unoptimised but gives an idea of how
-+things work.
-+
-+There is also a cbc mode function generator in cbc.pl
-+
-+&cbc( $name,
-+ $encrypt_function_name,
-+ $decrypt_function_name,
-+ $true_if_byte_swap_needed,
-+ $parameter_number_for_iv,
-+ $parameter_number_for_encrypt_flag,
-+ $first_parameter_to_pass,
-+ $second_parameter_to_pass,
-+ $third_parameter_to_pass);
-+
-+So for example, given
-+void BF_encrypt(BF_LONG *data,BF_KEY *key);
-+void BF_decrypt(BF_LONG *data,BF_KEY *key);
-+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-+ BF_KEY *ks, unsigned char *iv, int enc);
-+
-+&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
-+
-+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
-+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
-+
---- a/crypto/perlasm/arm-xlate.pl
-+++ b/crypto/perlasm/arm-xlate.pl
-@@ -1,6 +1,12 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
--# ARM assembler distiller by <appro>.
-+use strict;
-
- my $flavour = shift;
- my $output = shift;
-@@ -122,7 +128,7 @@ sub expand_line {
- return $line;
- }
-
--while($line=<>) {
-+while(my $line=<>) {
-
- if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; }
-
---- a/crypto/perlasm/cbc.pl
-+++ b/crypto/perlasm/cbc.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
- # des_cblock (*input);
---- a/crypto/perlasm/ppc-xlate.pl
-+++ b/crypto/perlasm/ppc-xlate.pl
-@@ -1,6 +1,10 @@
--#!/usr/bin/env perl
--
--# PowerPC assembler distiller by <appro>.
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- my $flavour = shift;
- my $output = shift;
---- a/crypto/perlasm/readme
-+++ /dev/null
-@@ -1,124 +0,0 @@
--The perl scripts in this directory are my 'hack' to generate
--multiple different assembler formats via the one original script.
--
--The way to use this library is to start with adding the path to this directory
--and then include it.
--
--push(@INC,"perlasm","../../perlasm");
--require "x86asm.pl";
--
--The first thing we do is setup the file and type of assember
--
--&asm_init($ARGV[0],$0);
--
--The first argument is the 'type'. Currently
--'cpp', 'sol', 'a.out', 'elf' or 'win32'.
--Argument 2 is the file name.
--
--The reciprocal function is
--&asm_finish() which should be called at the end.
--
--There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
--and x86unix.pl which is the unix (gas) version.
--
--Functions of interest are:
--&external_label("des_SPtrans"); declare and external variable
--&LB(reg); Low byte for a register
--&HB(reg); High byte for a register
--&BP(off,base,index,scale) Byte pointer addressing
--&DWP(off,base,index,scale) Word pointer addressing
--&stack_push(num) Basically a 'sub esp, num*4' with extra
--&stack_pop(num) inverse of stack_push
--&function_begin(name,extra) Start a function with pushing of
-- edi, esi, ebx and ebp. extra is extra win32
-- external info that may be required.
--&function_begin_B(name,extra) Same as norma function_begin but no pushing.
--&function_end(name) Call at end of function.
--&function_end_A(name) Standard pop and ret, for use inside functions
--&function_end_B(name) Call at end but with poping or 'ret'.
--&swtmp(num) Address on stack temp word.
--&wparam(num) Parameter number num, that was push
-- in C convention. This all works over pushes
-- and pops.
--&comment("hello there") Put in a comment.
--&label("loop") Refer to a label, normally a jmp target.
--&set_label("loop") Set a label at this point.
--&data_word(word) Put in a word of data.
--
--So how does this all hold together? Given
--
--int calc(int len, int *data)
-- {
-- int i,j=0;
--
-- for (i=0; i<len; i++)
-- {
-- j+=other(data[i]);
-- }
-- }
--
--So a very simple version of this function could be coded as
--
-- push(@INC,"perlasm","../../perlasm");
-- require "x86asm.pl";
--
-- &asm_init($ARGV[0],"cacl.pl");
--
-- &external_label("other");
--
-- $tmp1= "eax";
-- $j= "edi";
-- $data= "esi";
-- $i= "ebp";
--
-- &comment("a simple function");
-- &function_begin("calc");
-- &mov( $data, &wparam(1)); # data
-- &xor( $j, $j);
-- &xor( $i, $i);
--
-- &set_label("loop");
-- &cmp( $i, &wparam(0));
-- &jge( &label("end"));
--
-- &mov( $tmp1, &DWP(0,$data,$i,4));
-- &push( $tmp1);
-- &call( "other");
-- &add( $j, "eax");
-- &pop( $tmp1);
-- &inc( $i);
-- &jmp( &label("loop"));
--
-- &set_label("end");
-- &mov( "eax", $j);
--
-- &function_end("calc");
--
-- &asm_finish();
--
--The above example is very very unoptimised but gives an idea of how
--things work.
--
--There is also a cbc mode function generator in cbc.pl
--
--&cbc( $name,
-- $encrypt_function_name,
-- $decrypt_function_name,
-- $true_if_byte_swap_needed,
-- $parameter_number_for_iv,
-- $parameter_number_for_encrypt_flag,
-- $first_parameter_to_pass,
-- $second_parameter_to_pass,
-- $third_parameter_to_pass);
--
--So for example, given
--void BF_encrypt(BF_LONG *data,BF_KEY *key);
--void BF_decrypt(BF_LONG *data,BF_KEY *key);
--void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-- BF_KEY *ks, unsigned char *iv, int enc);
--
--&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
--
--&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
--&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
--
---- a/crypto/perlasm/sparcv9_modes.pl
-+++ b/crypto/perlasm/sparcv9_modes.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # Specific modes implementations for SPARC Architecture 2011. There
- # is T4 dependency though, an ASI value that is not specified in the
-@@ -41,6 +48,7 @@ my ($alg,$bits) = @_;
- save %sp, -$::frame, %sp
- cmp $len, 0
- be,pn $::size_t_cc, .L${bits}_cbc_enc_abort
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- sub $inp, $out, $blk_init ! $inp!=$out
- ___
- $::code.=<<___ if (!$::evp);
-@@ -258,6 +266,7 @@ my ($alg,$bits) = @_;
- save %sp, -$::frame, %sp
- cmp $len, 0
- be,pn $::size_t_cc, .L${bits}_cbc_dec_abort
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
- sub $inp, $out, $blk_init ! $inp!=$out
- ___
- $::code.=<<___ if (!$::evp);
-@@ -617,6 +626,7 @@ my ($alg,$bits) = @_;
- .align 32
- ${alg}${bits}_t4_ctr32_encrypt:
- save %sp, -$::frame, %sp
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
-
- prefetch [$inp], 20
- prefetch [$inp + 63], 20
-@@ -920,6 +930,7 @@ my $rem=$ivec;
- .align 32
- ${alg}${bits}_t4_xts_${dir}crypt:
- save %sp, -$::frame-16, %sp
-+ srln $len, 0, $len ! needed on v8+, "nop" on v9
-
- mov $ivec, %o0
- add %fp, $::bias-16, %o1
---- a/crypto/perlasm/x86_64-xlate.pl
-+++ b/crypto/perlasm/x86_64-xlate.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
- #
-@@ -58,6 +65,9 @@
- # a. If function accepts more than 4 arguments *and* >4th argument
- # is declared as non 64-bit value, do clear its upper part.
-
-+
-+use strict;
-+
- my $flavour = shift;
- my $output = shift;
- if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-@@ -102,14 +112,15 @@ my %globals;
-
- { package opcode; # pick up opcodes
- sub re {
-- my $self = shift; # single instance in enough...
-- local *line = shift;
-- undef $ret;
-+ my ($class, $line) = @_;
-+ my $self = {};
-+ my $ret;
-
-- if ($line =~ /^([a-z][a-z0-9]*)/i) {
-+ if ($$line =~ /^([a-z][a-z0-9]*)/i) {
-+ bless $self,$class;
- $self->{op} = $1;
- $ret = $self;
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
-
- undef $self->{sz};
- if ($self->{op} =~ /^(movz)x?([bw]).*/) { # movz is pain...
-@@ -121,7 +132,7 @@ my %globals;
- $self->{sz} = "";
- } elsif ($self->{op} =~ /^v/) { # VEX
- $self->{sz} = "";
-- } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) {
-+ } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) {
- $self->{sz} = "";
- } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
- $self->{op} = $1;
-@@ -131,8 +142,7 @@ my %globals;
- $ret;
- }
- sub size {
-- my $self = shift;
-- my $sz = shift;
-+ my ($self, $sz) = @_;
- $self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
- $self->{sz};
- }
-@@ -160,8 +170,8 @@ my %globals;
- if ($self->{op} eq "ret") {
- $self->{op} = "";
- if ($win64 && $current_function->{abi} eq "svr4") {
-- $self->{op} = "mov rdi,QWORD${PTR}[8+rsp]\t;WIN64 epilogue\n\t".
-- "mov rsi,QWORD${PTR}[16+rsp]\n\t";
-+ $self->{op} = "mov rdi,QWORD$PTR\[8+rsp\]\t;WIN64 epilogue\n\t".
-+ "mov rsi,QWORD$PTR\[16+rsp\]\n\t";
- }
- $self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
- } elsif ($self->{op} =~ /^(pop|push)f/) {
-@@ -173,22 +183,22 @@ my %globals;
- }
- }
- sub mnemonic {
-- my $self=shift;
-- my $op=shift;
-+ my ($self, $op) = @_;
- $self->{op}=$op if (defined($op));
- $self->{op};
- }
- }
- { package const; # pick up constants, which start with $
- sub re {
-- my $self = shift; # single instance in enough...
-- local *line = shift;
-- undef $ret;
-+ my ($class, $line) = @_;
-+ my $self = {};
-+ my $ret;
-
-- if ($line =~ /^\$([^,]+)/) {
-+ if ($$line =~ /^\$([^,]+)/) {
-+ bless $self, $class;
- $self->{value} = $1;
- $ret = $self;
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
- }
- $ret;
- }
-@@ -200,6 +210,7 @@ my %globals;
- # Solaris /usr/ccs/bin/as can't handle multiplications
- # in $self->{value}
- my $value = $self->{value};
-+ no warnings; # oct might complain about overflow, ignore here...
- $value =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
- if ($value =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg) {
- $self->{value} = $value;
-@@ -213,32 +224,33 @@ my %globals;
- }
- { package ea; # pick up effective addresses: expr(%reg,%reg,scale)
- sub re {
-- my $self = shift; # single instance in enough...
-- local *line = shift;
-- undef $ret;
-+ my ($class, $line, $opcode) = @_;
-+ my $self = {};
-+ my $ret;
-
-- # optional * ---vvv--- appears in indirect jmp/call
-- if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
-+ # optional * ----vvv--- appears in indirect jmp/call
-+ if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
-+ bless $self, $class;
- $self->{asterisk} = $1;
- $self->{label} = $2;
- ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
- $self->{scale} = 1 if (!defined($self->{scale}));
- $ret = $self;
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
-
- if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
-- die if (opcode->mnemonic() ne "mov");
-- opcode->mnemonic("lea");
-+ die if ($opcode->mnemonic() ne "mov");
-+ $opcode->mnemonic("lea");
- }
- $self->{base} =~ s/^%//;
- $self->{index} =~ s/^%// if (defined($self->{index}));
-+ $self->{opcode} = $opcode;
- }
- $ret;
- }
- sub size {}
- sub out {
-- my $self = shift;
-- my $sz = shift;
-+ my ($self, $sz) = @_;
-
- $self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
- $self->{label} =~ s/\.L/$decor/g;
-@@ -273,7 +285,7 @@ my %globals;
- sprintf "%s%s(%%%s)", $self->{asterisk},$self->{label},$self->{base};
- }
- } else {
-- %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR",
-+ my %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR",
- l=>"DWORD$PTR", d=>"DWORD$PTR",
- q=>"QWORD$PTR", o=>"OWORD$PTR",
- x=>"XMMWORD$PTR", y=>"YMMWORD$PTR", z=>"ZMMWORD$PTR" );
-@@ -282,11 +294,12 @@ my %globals;
- $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
- $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
-
-- ($self->{asterisk}) && ($sz="q") ||
-- (opcode->mnemonic() =~ /^v?mov([qd])$/) && ($sz=$1) ||
-- (opcode->mnemonic() =~ /^v?pinsr([qdwb])$/) && ($sz=$1) ||
-- (opcode->mnemonic() =~ /^vpbroadcast([qdwb])$/) && ($sz=$1) ||
-- (opcode->mnemonic() =~ /^vinsert[fi]128$/) && ($sz="x");
-+ my $mnemonic = $self->{opcode}->mnemonic();
-+ ($self->{asterisk}) && ($sz="q") ||
-+ ($mnemonic =~ /^v?mov([qd])$/) && ($sz=$1) ||
-+ ($mnemonic =~ /^v?pinsr([qdwb])$/) && ($sz=$1) ||
-+ ($mnemonic =~ /^vpbroadcast([qdwb])$/) && ($sz=$1) ||
-+ ($mnemonic =~ /^v(?!perm)[a-z]+[fi]128$/) && ($sz="x");
-
- if (defined($self->{index})) {
- sprintf "%s[%s%s*%d%s]",$szmap{$sz},
-@@ -305,24 +318,24 @@ my %globals;
- }
- { package register; # pick up registers, which start with %.
- sub re {
-- my $class = shift; # multiple instances...
-+ my ($class, $line, $opcode) = @_;
- my $self = {};
-- local *line = shift;
-- undef $ret;
-+ my $ret;
-
-- # optional * ---vvv--- appears in indirect jmp/call
-- if ($line =~ /^(\*?)%(\w+)/) {
-+ # optional * ----vvv--- appears in indirect jmp/call
-+ if ($$line =~ /^(\*?)%(\w+)/) {
- bless $self,$class;
- $self->{asterisk} = $1;
- $self->{value} = $2;
-+ $opcode->size($self->size());
- $ret = $self;
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
- }
- $ret;
- }
- sub size {
- my $self = shift;
-- undef $ret;
-+ my $ret;
-
- if ($self->{value} =~ /^r[\d]+b$/i) { $ret="b"; }
- elsif ($self->{value} =~ /^r[\d]+w$/i) { $ret="w"; }
-@@ -343,14 +356,15 @@ my %globals;
- }
- { package label; # pick up labels, which end with :
- sub re {
-- my $self = shift; # single instance is enough...
-- local *line = shift;
-- undef $ret;
-+ my ($class, $line) = @_;
-+ my $self = {};
-+ my $ret;
-
-- if ($line =~ /(^[\.\w]+)\:/) {
-+ if ($$line =~ /(^[\.\w]+)\:/) {
-+ bless $self,$class;
- $self->{value} = $1;
- $ret = $self;
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
-
- $self->{value} =~ s/^\.L/$decor/;
- }
-@@ -380,14 +394,15 @@ my %globals;
- }
- $func;
- } elsif ($self->{value} ne "$current_function->{name}") {
-- $self->{value} .= ":" if ($masm && $ret!~m/^\$/);
-+ # Make all labels in masm global.
-+ $self->{value} .= ":" if ($masm);
- $self->{value} . ":";
- } elsif ($win64 && $current_function->{abi} eq "svr4") {
- my $func = "$current_function->{name}" .
- ($nasm ? ":" : "\tPROC $current_function->{scope}") .
- "\n";
-- $func .= " mov QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n";
-- $func .= " mov QWORD${PTR}[16+rsp],rsi\n";
-+ $func .= " mov QWORD$PTR\[8+rsp\],rdi\t;WIN64 prologue\n";
-+ $func .= " mov QWORD$PTR\[16+rsp\],rsi\n";
- $func .= " mov rax,rsp\n";
- $func .= "${decor}SEH_begin_$current_function->{name}:";
- $func .= ":" if ($masm);
-@@ -398,8 +413,8 @@ my %globals;
- $func .= " mov rsi,rdx\n" if ($narg>1);
- $func .= " mov rdx,r8\n" if ($narg>2);
- $func .= " mov rcx,r9\n" if ($narg>3);
-- $func .= " mov r8,QWORD${PTR}[40+rsp]\n" if ($narg>4);
-- $func .= " mov r9,QWORD${PTR}[48+rsp]\n" if ($narg>5);
-+ $func .= " mov r8,QWORD$PTR\[40+rsp\]\n" if ($narg>4);
-+ $func .= " mov r9,QWORD$PTR\[48+rsp\]\n" if ($narg>5);
- $func .= "\n";
- } else {
- "$current_function->{name}".
-@@ -409,24 +424,26 @@ my %globals;
- }
- { package expr; # pick up expressioins
- sub re {
-- my $self = shift; # single instance is enough...
-- local *line = shift;
-- undef $ret;
-+ my ($class, $line, $opcode) = @_;
-+ my $self = {};
-+ my $ret;
-
-- if ($line =~ /(^[^,]+)/) {
-+ if ($$line =~ /(^[^,]+)/) {
-+ bless $self,$class;
- $self->{value} = $1;
- $ret = $self;
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
-
- $self->{value} =~ s/\@PLT// if (!$elf);
- $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
- $self->{value} =~ s/\.L/$decor/g;
-+ $self->{opcode} = $opcode;
- }
- $ret;
- }
- sub out {
- my $self = shift;
-- if ($nasm && opcode->mnemonic()=~m/^j(?![re]cxz)/) {
-+ if ($nasm && $self->{opcode}->mnemonic()=~m/^j(?![re]cxz)/) {
- "NEAR ".$self->{value};
- } else {
- $self->{value};
-@@ -435,9 +452,9 @@ my %globals;
- }
- { package directive; # pick up directives, which start with .
- sub re {
-- my $self = shift; # single instance is enough...
-- local *line = shift;
-- undef $ret;
-+ my ($class, $line) = @_;
-+ my $self = {};
-+ my $ret;
- my $dir;
- my %opcode = # lea 2f-1f(%rip),%dst; 1: nop; 2:
- ( "%rax"=>0x01058d48, "%rcx"=>0x010d8d48,
-@@ -449,25 +466,26 @@ my %globals;
- "%r12"=>0x01258d4c, "%r13"=>0x012d8d4c,
- "%r14"=>0x01358d4c, "%r15"=>0x013d8d4c );
-
-- if ($line =~ /^\s*(\.\w+)/) {
-+ if ($$line =~ /^\s*(\.\w+)/) {
-+ bless $self,$class;
- $dir = $1;
- $ret = $self;
- undef $self->{value};
-- $line = substr($line, at +[0]); $line =~ s/^\s+//;
-+ $$line = substr($$line, at +[0]); $$line =~ s/^\s+//;
-
- SWITCH: for ($dir) {
-- /\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) {
-+ /\.picmeup/ && do { if ($$line =~ /(%r[\w]+)/i) {
- $dir="\t.long";
-- $line=sprintf "0x%x,0x90000000",$opcode{$1};
-+ $$line=sprintf "0x%x,0x90000000",$opcode{$1};
- }
- last;
- };
- /\.global|\.globl|\.extern/
-- && do { $globals{$line} = $prefix . $line;
-- $line = $globals{$line} if ($prefix);
-+ && do { $globals{$$line} = $prefix . $$line;
-+ $$line = $globals{$$line} if ($prefix);
- last;
- };
-- /\.type/ && do { ($sym,$type,$narg) = split(',',$line);
-+ /\.type/ && do { my ($sym,$type,$narg) = split(',',$$line);
- if ($type eq "\@function") {
- undef $current_function;
- $current_function->{name} = $sym;
-@@ -479,25 +497,25 @@ my %globals;
- $current_function->{name} = $sym;
- $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
- }
-- $line =~ s/\@abi\-omnipotent/\@function/;
-- $line =~ s/\@function.*/\@function/;
-+ $$line =~ s/\@abi\-omnipotent/\@function/;
-+ $$line =~ s/\@function.*/\@function/;
- last;
- };
-- /\.asciz/ && do { if ($line =~ /^"(.*)"$/) {
-+ /\.asciz/ && do { if ($$line =~ /^"(.*)"$/) {
- $dir = ".byte";
-- $line = join(",",unpack("C*",$1),0);
-+ $$line = join(",",unpack("C*",$1),0);
- }
- last;
- };
- /\.rva|\.long|\.quad/
-- && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-- $line =~ s/\.L/$decor/g;
-+ && do { $$line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-+ $$line =~ s/\.L/$decor/g;
- last;
- };
- }
-
- if ($gas) {
-- $self->{value} = $dir . "\t" . $line;
-+ $self->{value} = $dir . "\t" . $$line;
-
- if ($dir =~ /\.extern/) {
- $self->{value} = ""; # swallow extern
-@@ -506,7 +524,7 @@ my %globals;
- $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
- (defined($globals{$1})?".scl 2;":".scl 3;") .
- "\t.type 32;\t.endef"
-- if ($win64 && $line =~ /([^,]+),\@function/);
-+ if ($win64 && $$line =~ /([^,]+),\@function/);
- } elsif (!$elf && $dir =~ /\.size/) {
- $self->{value} = "";
- if (defined($current_function)) {
-@@ -515,9 +533,9 @@ my %globals;
- undef $current_function;
- }
- } elsif (!$elf && $dir =~ /\.align/) {
-- $self->{value} = ".p2align\t" . (log($line)/log(2));
-+ $self->{value} = ".p2align\t" . (log($$line)/log(2));
- } elsif ($dir eq ".section") {
-- $current_segment=$line;
-+ $current_segment=$$line;
- if (!$elf && $current_segment eq ".init") {
- if ($flavour eq "macosx") { $self->{value} = ".mod_init_func"; }
- elsif ($flavour eq "mingw64") { $self->{value} = ".section\t.ctors"; }
-@@ -525,13 +543,13 @@ my %globals;
- } elsif ($dir =~ /\.(text|data)/) {
- $current_segment=".$1";
- } elsif ($dir =~ /\.hidden/) {
-- if ($flavour eq "macosx") { $self->{value} = ".private_extern\t$prefix$line"; }
-+ if ($flavour eq "macosx") { $self->{value} = ".private_extern\t$prefix$$line"; }
- elsif ($flavour eq "mingw64") { $self->{value} = ""; }
- } elsif ($dir =~ /\.comm/) {
-- $self->{value} = "$dir\t$prefix$line";
-+ $self->{value} = "$dir\t$prefix$$line";
- $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
- }
-- $line = "";
-+ $$line = "";
- return $self;
- }
-
-@@ -562,38 +580,38 @@ my %globals;
- last;
- };
- /\.section/ && do { my $v=undef;
-- $line =~ s/([^,]*).*/$1/;
-- $line = ".CRT\$XCU" if ($line eq ".init");
-+ $$line =~ s/([^,]*).*/$1/;
-+ $$line = ".CRT\$XCU" if ($$line eq ".init");
- if ($nasm) {
-- $v="section $line";
-- if ($line=~/\.([px])data/) {
-+ $v="section $$line";
-+ if ($$line=~/\.([px])data/) {
- $v.=" rdata align=";
- $v.=$1 eq "p"? 4 : 8;
-- } elsif ($line=~/\.CRT\$/i) {
-+ } elsif ($$line=~/\.CRT\$/i) {
- $v.=" rdata align=8";
- }
- } else {
- $v="$current_segment\tENDS\n" if ($current_segment);
-- $v.="$line\tSEGMENT";
-- if ($line=~/\.([px])data/) {
-+ $v.="$$line\tSEGMENT";
-+ if ($$line=~/\.([px])data/) {
- $v.=" READONLY";
- $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
-- } elsif ($line=~/\.CRT\$/i) {
-+ } elsif ($$line=~/\.CRT\$/i) {
- $v.=" READONLY ";
- $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
- }
- }
-- $current_segment = $line;
-+ $current_segment = $$line;
- $self->{value} = $v;
- last;
- };
-- /\.extern/ && do { $self->{value} = "EXTERN\t".$line;
-+ /\.extern/ && do { $self->{value} = "EXTERN\t".$$line;
- $self->{value} .= ":NEAR" if ($masm);
- last;
- };
- /\.globl|.global/
- && do { $self->{value} = $masm?"PUBLIC":"global";
-- $self->{value} .= "\t".$line;
-+ $self->{value} .= "\t".$$line;
- last;
- };
- /\.size/ && do { if (defined($current_function)) {
-@@ -607,10 +625,13 @@ my %globals;
- }
- last;
- };
-- /\.align/ && do { $self->{value} = "ALIGN\t".$line; last; };
-+ /\.align/ && do { my $max = ($masm && $masm>=$masmref) ? 256 : 4096;
-+ $self->{value} = "ALIGN\t".($$line>$max?$max:$$line);
-+ last;
-+ };
- /\.(value|long|rva|quad)/
- && do { my $sz = substr($1,0,1);
-- my @arr = split(/,\s*/,$line);
-+ my @arr = split(/,\s*/,$$line);
- my $last = pop(@arr);
- my $conv = sub { my $var=shift;
- $var=~s/^(0b[0-1]+)/oct($1)/eig;
-@@ -626,7 +647,7 @@ my %globals;
- $self->{value} .= &$conv($last);
- last;
- };
-- /\.byte/ && do { my @str=split(/,\s*/,$line);
-+ /\.byte/ && do { my @str=split(/,\s*/,$$line);
- map(s/(0b[0-1]+)/oct($1)/eig, at str);
- map(s/0x([0-9a-f]+)/0$1h/ig, at str) if ($masm);
- while ($#str>15) {
-@@ -638,7 +659,7 @@ my %globals;
- .join(",", at str) if (@str);
- last;
- };
-- /\.comm/ && do { my @str=split(/,\s*/,$line);
-+ /\.comm/ && do { my @str=split(/,\s*/,$$line);
- my $v=undef;
- if ($nasm) {
- $v.="common $prefix at str[0] @str[1]";
-@@ -652,7 +673,7 @@ my %globals;
- last;
- };
- }
-- $line = "";
-+ $$line = "";
- }
-
- $ret;
-@@ -664,15 +685,21 @@ my %globals;
- }
-
- sub rex {
-- local *opcode=shift;
-+ my $opcode=shift;
- my ($dst,$src,$rex)=@_;
-
- $rex|=0x04 if($dst>=8);
- $rex|=0x01 if($src>=8);
-- push @opcode,($rex|0x40) if ($rex);
-+ push @$opcode,($rex|0x40) if ($rex);
- }
-
--# older gas and ml64 don't handle SSE>2 instructions
-+# Upon initial x86_64 introduction SSE>2 extensions were not introduced
-+# yet. In order not to be bothered by tracing exact assembler versions,
-+# but at the same time to provide a bare security minimum of AES-NI, we
-+# hard-code some instructions. Extensions past AES-NI on the other hand
-+# are traced by examining assembler version in individual perlasm
-+# modules...
-+
- my %regrm = ( "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
- "%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7 );
-
-@@ -701,9 +728,9 @@ my $movq = sub { # elderly gas can't han
- my $pextrd = sub {
- if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
- my @opcode=(0x66);
-- $imm=$1;
-- $src=$2;
-- $dst=$3;
-+ my $imm=$1;
-+ my $src=$2;
-+ my $dst=$3;
- if ($dst =~ /%r([0-9]+)d/) { $dst = $1; }
- elsif ($dst =~ /%e/) { $dst = $regrm{$dst}; }
- rex(\@opcode,$src,$dst);
-@@ -719,9 +746,9 @@ my $pextrd = sub {
- my $pinsrd = sub {
- if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
- my @opcode=(0x66);
-- $imm=$1;
-- $src=$2;
-- $dst=$3;
-+ my $imm=$1;
-+ my $src=$2;
-+ my $dst=$3;
- if ($src =~ /%r([0-9]+)/) { $src = $1; }
- elsif ($src =~ /%e/) { $src = $regrm{$src}; }
- rex(\@opcode,$dst,$src);
-@@ -778,7 +805,7 @@ my $rdrand = sub {
- my @opcode=();
- my $dst=$1;
- if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
-- rex(\@opcode,0,$1,8);
-+ rex(\@opcode,0,$dst,8);
- push @opcode,0x0f,0xc7,0xf0|($dst&7);
- @opcode;
- } else {
-@@ -791,7 +818,7 @@ my $rdseed = sub {
- my @opcode=();
- my $dst=$1;
- if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
-- rex(\@opcode,0,$1,8);
-+ rex(\@opcode,0,$dst,8);
- push @opcode,0x0f,0xc7,0xf8|($dst&7);
- @opcode;
- } else {
-@@ -800,14 +827,14 @@ my $rdseed = sub {
- };
-
- sub rxb {
-- local *opcode=shift;
-+ my $opcode=shift;
- my ($dst,$src1,$src2,$rxb)=@_;
-
- $rxb|=0x7<<5;
- $rxb&=~(0x04<<5) if($dst>=8);
- $rxb&=~(0x01<<5) if($src1>=8);
- $rxb&=~(0x02<<5) if($src2>=8);
-- push @opcode,$rxb;
-+ push @$opcode,$rxb;
- }
-
- my $vprotd = sub {
-@@ -838,6 +865,10 @@ my $vprotq = sub {
- }
- };
-
-+my $endbranch = sub {
-+ (0xf3,0x0f,0x1e,0xfa);
-+};
-+
- if ($nasm) {
- print <<___;
- default rel
-@@ -850,7 +881,7 @@ default rel
- OPTION DOTNAME
- ___
- }
--while(defined($line=<>)) {
-+while(defined(my $line=<>)) {
-
- $line =~ s|\R$||; # Better chomp
-
-@@ -859,42 +890,38 @@ while(defined($line=<>)) {
- $line =~ s|^\s+||; # ... and skip white spaces in beginning
- $line =~ s|\s+$||; # ... and at the end
-
-- undef $label;
-- undef $opcode;
-- undef @args;
--
-- if ($label=label->re(\$line)) { print $label->out(); }
--
-- if (directive->re(\$line)) {
-- printf "%s",directive->out();
-- } elsif ($opcode=opcode->re(\$line)) {
-+ if (my $label=label->re(\$line)) { print $label->out(); }
-+
-+ if (my $directive=directive->re(\$line)) {
-+ printf "%s",$directive->out();
-+ } elsif (my $opcode=opcode->re(\$line)) {
- my $asm = eval("\$".$opcode->mnemonic());
-- undef @bytes;
-
-- if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) {
-+ if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) {
- print $gas?".byte\t":"DB\t",join(',', at bytes),"\n";
- next;
- }
-
-+ my @args;
- ARGUMENT: while (1) {
-- my $arg;
-+ my $arg;
-
-- if ($arg=register->re(\$line)) { opcode->size($arg->size()); }
-- elsif ($arg=const->re(\$line)) { }
-- elsif ($arg=ea->re(\$line)) { }
-- elsif ($arg=expr->re(\$line)) { }
-- else { last ARGUMENT; }
-+ ($arg=register->re(\$line, $opcode))||
-+ ($arg=const->re(\$line)) ||
-+ ($arg=ea->re(\$line, $opcode)) ||
-+ ($arg=expr->re(\$line, $opcode)) ||
-+ last ARGUMENT;
-
-- push @args,$arg;
-+ push @args,$arg;
-
-- last ARGUMENT if ($line !~ /^,/);
-+ last ARGUMENT if ($line !~ /^,/);
-
-- $line =~ s/^,\s*//;
-+ $line =~ s/^,\s*//;
- } # ARGUMENT:
-
- if ($#args>=0) {
- my $insn;
-- my $sz=opcode->size();
-+ my $sz=$opcode->size();
-
- if ($gas) {
- $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
---- a/crypto/perlasm/x86asm.pl
-+++ b/crypto/perlasm/x86asm.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # require 'x86asm.pl';
- # &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-@@ -165,6 +172,11 @@ sub ::vprotd
- { &::generic("vprotd", at _); }
- }
-
-+sub ::endbranch
-+{
-+ &::data_byte(0xf3,0x0f,0x1e,0xfb);
-+}
-+
- # label management
- $lbdecor="L"; # local label decoration, set by package
- $label="000";
---- a/crypto/perlasm/x86gas.pl
-+++ b/crypto/perlasm/x86gas.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- package x86gas;
-
---- a/crypto/perlasm/x86masm.pl
-+++ b/crypto/perlasm/x86masm.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- package x86masm;
-
---- a/crypto/perlasm/x86nasm.pl
-+++ b/crypto/perlasm/x86nasm.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- package x86nasm;
-
---- a/crypto/pkcs12/Makefile.in
-+++ /dev/null
-@@ -1,49 +0,0 @@
--#
--# OpenSSL/crypto/pkcs12/Makefile
--#
--
--DIR= pkcs12
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
-- p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_sbag.c \
-- p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
--LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
-- p12_init.o p12_key.o p12_kiss.o p12_mutl.o p12_sbag.o \
-- p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
--
--SRC= $(LIBSRC)
--
--HEADER= p12_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--test:
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/pkcs12/p12_add.c
-+++ b/crypto/pkcs12/p12_add.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_asn.c
-+++ b/crypto/pkcs12/p12_asn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_attr.c
-+++ b/crypto/pkcs12/p12_attr.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_crpt.c
-+++ b/crypto/pkcs12/p12_crpt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_crt.c
-+++ b/crypto/pkcs12/p12_crt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -77,7 +28,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG
- return 1;
- }
-
--PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
- int mac_iter, int keytype)
- {
-@@ -219,7 +170,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF
-
- PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
- EVP_PKEY *key, int key_usage, int iter,
-- int nid_key, char *pass)
-+ int nid_key, const char *pass)
- {
-
- PKCS12_SAFEBAG *bag = NULL;
-@@ -252,7 +203,7 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(
- }
-
- int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-- int nid_safe, int iter, char *pass)
-+ int nid_safe, int iter, const char *pass)
- {
- PKCS7 *p7 = NULL;
- int free_safes = 0;
---- a/crypto/pkcs12/p12_decr.c
-+++ b/crypto/pkcs12/p12_decr.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_init.c
-+++ b/crypto/pkcs12/p12_init.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_key.c
-+++ b/crypto/pkcs12/p12_key.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -128,8 +79,8 @@ int PKCS12_key_gen_uni(unsigned char *pa
- #endif
- v = EVP_MD_block_size(md_type);
- u = EVP_MD_size(md_type);
-- if (u < 0)
-- return 0;
-+ if (u < 0 || v <= 0)
-+ goto err;
- D = OPENSSL_malloc(v);
- Ai = OPENSSL_malloc(u);
- B = OPENSSL_malloc(v + 1);
---- a/crypto/pkcs12/p12_kiss.c
-+++ b/crypto/pkcs12/p12_kiss.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_lcl.h
-+++ b/crypto/pkcs12/p12_lcl.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2016.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- struct PKCS12_MAC_DATA_st {
---- a/crypto/pkcs12/p12_mutl.c
-+++ b/crypto/pkcs12/p12_mutl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- # include <stdio.h>
---- a/crypto/pkcs12/p12_npas.c
-+++ b/crypto/pkcs12/p12_npas.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -66,17 +17,18 @@
-
- /* PKCS#12 password change routine */
-
--static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
--static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-- char *newpass);
--static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
-+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
-+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
-+ const char *newpass);
-+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
-+ const char *newpass);
- static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
-
- /*
- * Change the password on a PKCS#12 structure.
- */
-
--int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
-+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
- {
- /* Check for NULL PKCS12 structure */
-
-@@ -103,20 +55,21 @@ int PKCS12_newpass(PKCS12 *p12, char *ol
-
- /* Parse the outer PKCS#12 structure */
-
--static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
-+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
- {
-- STACK_OF(PKCS7) *asafes, *newsafes;
-- STACK_OF(PKCS12_SAFEBAG) *bags;
-+ STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
-+ STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
- int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
- PKCS7 *p7, *p7new;
- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
- unsigned char mac[EVP_MAX_MD_SIZE];
- unsigned int maclen;
-+ int rv = 0;
-
- if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
-- return 0;
-+ goto err;
- if ((newsafes = sk_PKCS7_new_null()) == NULL)
-- return 0;
-+ goto err;
- for (i = 0; i < sk_PKCS7_num(asafes); i++) {
- p7 = sk_PKCS7_value(asafes, i);
- bagnid = OBJ_obj2nid(p7->type);
-@@ -125,63 +78,59 @@ static int newpass_p12(PKCS12 *p12, char
- } else if (bagnid == NID_pkcs7_encrypted) {
- bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
- if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-- &pbe_nid, &pbe_iter, &pbe_saltlen)) {
-- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-- bags = NULL;
-- }
-- } else
-+ &pbe_nid, &pbe_iter, &pbe_saltlen))
-+ goto err;
-+ } else {
- continue;
-- if (!bags) {
-- sk_PKCS7_pop_free(asafes, PKCS7_free);
-- return 0;
-- }
-- if (!newpass_bags(bags, oldpass, newpass)) {
-- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-- sk_PKCS7_pop_free(asafes, PKCS7_free);
-- return 0;
- }
-+ if (bags == NULL)
-+ goto err;
-+ if (!newpass_bags(bags, oldpass, newpass))
-+ goto err;
- /* Repack bag in same form with new password */
- if (bagnid == NID_pkcs7_data)
- p7new = PKCS12_pack_p7data(bags);
- else
- p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
- pbe_saltlen, pbe_iter, bags);
-+ if (!p7new || !sk_PKCS7_push(newsafes, p7new))
-+ goto err;
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-- if (!p7new) {
-- sk_PKCS7_pop_free(asafes, PKCS7_free);
-- return 0;
-- }
-- sk_PKCS7_push(newsafes, p7new);
-+ bags = NULL;
- }
-- sk_PKCS7_pop_free(asafes, PKCS7_free);
-
- /* Repack safe: save old safe in case of error */
-
- p12_data_tmp = p12->authsafes->d.data;
- if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
-- goto saferr;
-+ goto err;
- if (!PKCS12_pack_authsafes(p12, newsafes))
-- goto saferr;
-+ goto err;
-
- if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
-- goto saferr;
-+ goto err;
- X509_SIG_get0(NULL, &macoct, p12->mac->dinfo);
- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
-- goto saferr;
-- ASN1_OCTET_STRING_free(p12_data_tmp);
--
-- return 1;
-+ goto err;
-
-- saferr:
-- /* Restore old safe */
-- ASN1_OCTET_STRING_free(p12->authsafes->d.data);
-- p12->authsafes->d.data = p12_data_tmp;
-- return 0;
-+ rv = 1;
-
-+err:
-+ /* Restore old safe if necessary */
-+ if (rv == 1) {
-+ ASN1_OCTET_STRING_free(p12_data_tmp);
-+ } else if (p12_data_tmp != NULL) {
-+ ASN1_OCTET_STRING_free(p12->authsafes->d.data);
-+ p12->authsafes->d.data = p12_data_tmp;
-+ }
-+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-+ sk_PKCS7_pop_free(asafes, PKCS7_free);
-+ sk_PKCS7_pop_free(newsafes, PKCS7_free);
-+ return rv;
- }
-
--static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-- char *newpass)
-+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
-+ const char *newpass)
- {
- int i;
- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-@@ -193,7 +142,8 @@ static int newpass_bags(STACK_OF(PKCS12_
-
- /* Change password of safebag: only needs handle shrouded keybags */
-
--static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
-+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
-+ const char *newpass)
- {
- PKCS8_PRIV_KEY_INFO *p8;
- X509_SIG *p8new;
-@@ -208,8 +158,10 @@ static int newpass_bag(PKCS12_SAFEBAG *b
- X509_SIG_get0(&shalg, NULL, bag->value.shkeybag);
- if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
- return 0;
-- if ((p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
-- p8_iter, p8)) == NULL)
-+ p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
-+ p8_iter, p8);
-+ PKCS8_PRIV_KEY_INFO_free(p8);
-+ if (p8new == NULL)
- return 0;
- X509_SIG_free(bag->value.shkeybag);
- bag->value.shkeybag = p8new;
---- a/crypto/pkcs12/p12_p8d.c
-+++ b/crypto/pkcs12/p12_p8d.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_p8e.c
-+++ b/crypto/pkcs12/p12_p8e.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_sbag.c
-+++ b/crypto/pkcs12/p12_sbag.c
-@@ -1,60 +1,10 @@
--/* p12_sbag.c */
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999-2015.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/p12_utl.c
-+++ b/crypto/pkcs12/p12_utl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs12/pk12err.c
-+++ b/crypto/pkcs12/pk12err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,14 +19,6 @@
- # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
-
- static ERR_STRING_DATA PKCS12_str_functs[] = {
-- {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
-- {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
-- {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
-- {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),
-- "PKCS12_add_friendlyname_asc"},
-- {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),
-- "PKCS12_add_friendlyname_uni"},
-- {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
- {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
- {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
- {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
-@@ -102,7 +44,6 @@ static ERR_STRING_DATA PKCS12_str_functs
- {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
- {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
- {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
-- {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
- {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
- {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"},
- {0, NULL}
-@@ -125,7 +66,6 @@ static ERR_STRING_DATA PKCS12_str_reason
- {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
- {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
- {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
-- {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"},
- {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
- {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
- {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
-@@ -141,7 +81,7 @@ static ERR_STRING_DATA PKCS12_str_reason
-
- #endif
-
--void ERR_load_PKCS12_strings(void)
-+int ERR_load_PKCS12_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -150,4 +90,5 @@ void ERR_load_PKCS12_strings(void)
- ERR_load_strings(0, PKCS12_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/pkcs7/Makefile.in
-+++ /dev/null
-@@ -1,50 +0,0 @@
--#
--# OpenSSL/crypto/pkcs7/Makefile
--#
--
--DIR= pkcs7
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--PLIB_LDFLAG=
--EX_LIBS=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
-- pk7_mime.c bio_pk7.c
--LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
-- pk7_mime.o bio_pk7.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--test:
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/pkcs7/bio_pk7.c
-+++ b/crypto/pkcs7/bio_pk7.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1.h>
---- a/crypto/pkcs7/pk7_asn1.c
-+++ b/crypto/pkcs7/pk7_asn1.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs7/pk7_attr.c
-+++ b/crypto/pkcs7/pk7_attr.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -98,6 +49,7 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap
- /* Basic smime-capabilities OID and optional integer arg */
- int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
- {
-+ ASN1_INTEGER *nbit = NULL;
- X509_ALGOR *alg;
-
- if ((alg = X509_ALGOR_new()) == NULL) {
-@@ -107,24 +59,28 @@ int PKCS7_simple_smimecap(STACK_OF(X509_
- ASN1_OBJECT_free(alg->algorithm);
- alg->algorithm = OBJ_nid2obj(nid);
- if (arg > 0) {
-- ASN1_INTEGER *nbit;
- if ((alg->parameter = ASN1_TYPE_new()) == NULL) {
-- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- if ((nbit = ASN1_INTEGER_new()) == NULL) {
-- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- if (!ASN1_INTEGER_set(nbit, arg)) {
-- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- alg->parameter->value.integer = nbit;
- alg->parameter->type = V_ASN1_INTEGER;
-+ nbit = NULL;
-+ }
-+ if (!sk_X509_ALGOR_push(sk, alg)) {
-+ goto err;
- }
-- sk_X509_ALGOR_push(sk, alg);
- return 1;
-+err:
-+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
-+ ASN1_INTEGER_free(nbit);
-+ X509_ALGOR_free(alg);
-+ return 0;
- }
-
- int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
---- a/crypto/pkcs7/pk7_dgst.c
-+++ b/crypto/pkcs7/pk7_dgst.c
-@@ -1,64 +1,15 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/evp.h>
--#include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/x509.h>
- #include <openssl/pkcs7.h>
---- a/crypto/pkcs7/pk7_doit.c
-+++ b/crypto/pkcs7/pk7_doit.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -630,7 +582,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
- BIO_free_all(btmp);
- BIO_free_all(etmp);
- BIO_free_all(bio);
-- return NULL;
-+ return NULL;
- }
-
- static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
-@@ -808,6 +760,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
- goto err;
-
- if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
-+ OPENSSL_free(abuf);
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
- goto err;
- }
-@@ -822,7 +775,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
- goto err;
- if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
- goto err;
-- ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-+ if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
-+ goto err;
- }
-
- if (!PKCS7_is_detached(p7)) {
---- a/crypto/pkcs7/pk7_enc.c
-+++ b/crypto/pkcs7/pk7_enc.c
-@@ -1,64 +1,15 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/evp.h>
--#include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/x509.h>
- #include <openssl/pkcs7.h>
---- a/crypto/pkcs7/pk7_lib.c
-+++ b/crypto/pkcs7/pk7_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/pkcs7/pk7_mime.c
-+++ b/crypto/pkcs7/pk7_mime.c
-@@ -1,61 +1,15 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include <ctype.h>
- #include "internal/cryptlib.h"
--#include <openssl/rand.h>
- #include <openssl/x509.h>
- #include <openssl/asn1.h>
-
---- a/crypto/pkcs7/pk7_smime.c
-+++ b/crypto/pkcs7/pk7_smime.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Simple PKCS#7 processing functions */
---- a/crypto/pkcs7/pkcs7err.c
-+++ b/crypto/pkcs7/pkcs7err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,13 +19,11 @@
- # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
-
- static ERR_STRING_DATA PKCS7_str_functs[] = {
-- {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
-- {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
- {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"},
-- {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"},
- {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),
- "PKCS7_add0_attrib_signing_time"},
-- {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
-+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),
-+ "PKCS7_add_attrib_smimecap"},
- {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
- {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
- {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
-@@ -88,7 +36,6 @@ static ERR_STRING_DATA PKCS7_str_functs[
- {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
- {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
- {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
-- {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
- {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
- {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
- {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"},
-@@ -109,21 +56,18 @@ static ERR_STRING_DATA PKCS7_str_functs[
- {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
- {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
- {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
-- {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
-- {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
- {0, NULL}
- };
-
- static ERR_STRING_DATA PKCS7_str_reasons[] = {
-- {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
-+ {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),
-+ "certificate verify error"},
- {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
- "cipher has no object identifier"},
- {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
-- {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"},
-+ {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),
-+ "content and data present"},
- {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"},
-- {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"},
-- {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),
-- "decrypted key is wrong length"},
- {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
- {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
- {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
-@@ -131,37 +75,23 @@ static ERR_STRING_DATA PKCS7_str_reasons
- "encryption not supported for this key type"},
- {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
- {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
-- {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"},
- {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
-- {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), "invalid signed data type"},
-- {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
-- {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"},
-- {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
-- {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
-+ {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),
-+ "invalid signed data type"},
- {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"},
-- {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"},
- {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"},
- {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
- "no matching digest type found"},
-- {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),
-- "no multipart body failure"},
-- {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
- {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
- "no recipient matches certificate"},
-- {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"},
- {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
- {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"},
-- {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
- {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
- "operation not supported on this type"},
- {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
- "pkcs7 add signature error"},
- {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
-- {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"},
-- {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
- {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
-- {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"},
-- {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
- {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
- "private key does not match certificate"},
- {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
-@@ -170,7 +100,6 @@ static ERR_STRING_DATA PKCS7_str_reasons
- {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
- {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
- "signing not supported for this key type"},
-- {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
- {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
- {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
- "unable to find certificate"},
-@@ -180,7 +109,8 @@ static ERR_STRING_DATA PKCS7_str_reasons
- {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
- {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
- {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
-- {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
-+ {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
-+ "unsupported content type"},
- {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
- {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
- {0, NULL}
-@@ -188,7 +118,7 @@ static ERR_STRING_DATA PKCS7_str_reasons
-
- #endif
-
--void ERR_load_PKCS7_strings(void)
-+int ERR_load_PKCS7_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -197,4 +127,5 @@ void ERR_load_PKCS7_strings(void)
- ERR_load_strings(0, PKCS7_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/poly1305/Makefile.in
-+++ /dev/null
-@@ -1,61 +0,0 @@
--#
--# OpenSSL/crypto/poly1305/Makefile
--#
--
--DIR= poly1305
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--AR= ar r
--
--POLY1305_ASM_OBJ=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=poly1305.c
--LIBOBJ=poly1305.o $(POLY1305_ASM_OBJ)
--
--SRC= $(LIBSRC)
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--poly1305-sparcv9.S: asm/poly1305-sparcv9.pl
-- $(PERL) asm/poly1305-sparcv9.pl $(PERLASM_SCHEME) $@
--poly1305-x86.s: asm/poly1305-x86.pl
-- $(PERL) asm/poly1305-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--poly1305-x86_64.s: asm/poly1305-x86_64.pl
-- $(PERL) asm/poly1305-x86_64.pl $(PERLASM_SCHEME) $@
--poly1305-ppc.s: asm/poly1305-ppc.pl
-- $(PERL) asm/poly1305-ppc.pl $(PERLASM_SCHEME) $@
--poly1305-ppcfp.s: asm/poly1305-ppcfp.pl
-- $(PERL) asm/poly1305-ppcfp.pl $(PERLASM_SCHEME) $@
--
--poly1305-%.S: asm/poly1305-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--
--poly1305-armv4.o: poly1305-armv4.S
--poly1305-armv8.o: poly1305-armv8.S
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/poly1305/asm/poly1305-armv4.pl
-+++ b/crypto/poly1305/asm/poly1305-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -10,7 +17,7 @@
- # IALU(*)/gcc-4.4 NEON
- #
- # ARM11xx(ARMv6) 7.78/+100% -
--# Cortex-A5 6.35/+130% 2.96
-+# Cortex-A5 6.35/+130% 3.00
- # Cortex-A8 6.25/+115% 2.36
- # Cortex-A9 5.10/+95% 2.55
- # Cortex-A15 3.85/+85% 1.25(**)
-@@ -523,6 +530,51 @@ my ($in2,$zeros,$tbl0,$tbl1) = map("r$_"
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- @ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
- @ and P. Schwabe
-+ @
-+ @ H0>>+H1>>+H2>>+H3>>+H4
-+ @ H3>>+H4>>*5+H0>>+H1
-+ @
-+ @ Trivia.
-+ @
-+ @ Result of multiplication of n-bit number by m-bit number is
-+ @ n+m bits wide. However! Even though 2^n is a n+1-bit number,
-+ @ m-bit number multiplied by 2^n is still n+m bits wide.
-+ @
-+ @ Sum of two n-bit numbers is n+1 bits wide, sum of three - n+2,
-+ @ and so is sum of four. Sum of 2^m n-m-bit numbers and n-bit
-+ @ one is n+1 bits wide.
-+ @
-+ @ >>+ denotes Hnext += Hn>>26, Hn &= 0x3ffffff. This means that
-+ @ H0, H2, H3 are guaranteed to be 26 bits wide, while H1 and H4
-+ @ can be 27. However! In cases when their width exceeds 26 bits
-+ @ they are limited by 2^26+2^6. This in turn means that *sum*
-+ @ of the products with these values can still be viewed as sum
-+ @ of 52-bit numbers as long as the amount of addends is not a
-+ @ power of 2. For example,
-+ @
-+ @ H4 = H4*R0 + H3*R1 + H2*R2 + H1*R3 + H0 * R4,
-+ @
-+ @ which can't be larger than 5 * (2^26 + 2^6) * (2^26 + 2^6), or
-+ @ 5 * (2^52 + 2*2^32 + 2^12), which in turn is smaller than
-+ @ 8 * (2^52) or 2^55. However, the value is then multiplied by
-+ @ by 5, so we should be looking at 5 * 5 * (2^52 + 2^33 + 2^12),
-+ @ which is less than 32 * (2^52) or 2^57. And when processing
-+ @ data we are looking at triple as many addends...
-+ @
-+ @ In key setup procedure pre-reduced H0 is limited by 5*4+1 and
-+ @ 5*H4 - by 5*5 52-bit addends, or 57 bits. But when hashing the
-+ @ input H0 is limited by (5*4+1)*3 addends, or 58 bits, while
-+ @ 5*H4 by 5*5*3, or 59[!] bits. How is this relevant? vmlal.u32
-+ @ instruction accepts 2x32-bit input and writes 2x64-bit result.
-+ @ This means that result of reduction have to be compressed upon
-+ @ loop wrap-around. This can be done in the process of reduction
-+ @ to minimize amount of instructions [as well as amount of
-+ @ 128-bit instructions, which benefits low-end processors], but
-+ @ one has to watch for H2 (which is narrower than H0) and 5*H4
-+ @ not being wider than 58 bits, so that result of right shift
-+ @ by 26 bits fits in 32 bits. This is also useful on x86,
-+ @ because it allows to use paddd in place for paddq, which
-+ @ benefits Atom, where paddq is ridiculously slow.
-
- vshr.u64 $T0,$D3,#26
- vmovn.i64 $D3#lo,$D3
-@@ -887,7 +939,8 @@ my ($in2,$zeros,$tbl0,$tbl1) = map("r$_"
- # endif
-
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-- @ lazy reduction interleaved with base 2^32 -> base 2^26
-+ @ lazy reduction interleaved with base 2^32 -> base 2^26 of
-+ @ inp[0:3] previously loaded to $H0-$H3 and smashed to $H0-$H4.
-
- vshr.u64 $T0,$D3,#26
- vmovn.i64 $D3#lo,$D3
-@@ -915,19 +968,20 @@ my ($in2,$zeros,$tbl0,$tbl1) = map("r$_"
- vbic.i32 $H3,#0xfc000000
- vshrn.u64 $T1#lo,$D2,#26
- vmovn.i64 $D2#lo,$D2
-- vadd.i32 $D0#lo,$D0#lo,$T0#lo @ h4 -> h0
-+ vaddl.u32 $D0,$D0#lo,$T0#lo @ h4 -> h0 [widen for a sec]
- vsri.u32 $H2,$H1,#20
- vadd.i32 $D3#lo,$D3#lo,$T1#lo @ h2 -> h3
- vshl.u32 $H1,$H1,#6
- vbic.i32 $D2#lo,#0xfc000000
- vbic.i32 $H2,#0xfc000000
-
-- vshr.u32 $T0#lo,$D0#lo,#26
-- vbic.i32 $D0#lo,#0xfc000000
-+ vshrn.u64 $T0#lo,$D0,#26 @ re-narrow
-+ vmovn.i64 $D0#lo,$D0
- vsri.u32 $H1,$H0,#26
- vbic.i32 $H0,#0xfc000000
- vshr.u32 $T1#lo,$D3#lo,#26
- vbic.i32 $D3#lo,#0xfc000000
-+ vbic.i32 $D0#lo,#0xfc000000
- vadd.i32 $D1#lo,$D1#lo,$T0#lo @ h0 -> h1
- vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4
- vbic.i32 $H1,#0xfc000000
---- a/crypto/poly1305/asm/poly1305-armv8.pl
-+++ b/crypto/poly1305/asm/poly1305-armv8.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -19,7 +26,7 @@
- # Cortex-A53 2.69/+58% 1.47
- # Cortex-A57 2.70/+7% 1.14
- # Denver 1.64/+50% 1.18(*)
--# X-Gene 2.13/+68% 2.19
-+# X-Gene 2.13/+68% 2.27
- #
- # (*) estimate based on resources availability is less than 1.0,
- # i.e. measured result is worse than expected, presumably binary
-@@ -507,9 +514,11 @@ my $is_base2_26 = $zeros; # borrow
- fmov $IN01_1,x6
- add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32
- add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32
-+ movi $MASK.2d,#-1
- fmov $IN01_2,x8
- fmov $IN01_3,x10
- fmov $IN01_4,x12
-+ ushr $MASK.2d,$MASK.2d,#38
-
- b.ls .Lskip_loop
-
-@@ -660,41 +669,43 @@ my $is_base2_26 = $zeros; # borrow
- fmov $IN01_2,x8
- umlal $ACC2,$IN01_4,${S3}[0]
- fmov $IN01_3,x10
-+ fmov $IN01_4,x12
-
- /////////////////////////////////////////////////////////////////
- // lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
-- // and P. Schwabe
-+ // and P. Schwabe
-+ //
-+ // [see discussion in poly1305-armv4 module]
-
- ushr $T0.2d,$ACC3,#26
-- fmov $IN01_4,x12
- xtn $H3,$ACC3
- ushr $T1.2d,$ACC0,#26
-- xtn $H0,$ACC0
-+ and $ACC0,$ACC0,$MASK.2d
- add $ACC4,$ACC4,$T0.2d // h3 -> h4
- bic $H3,#0xfc,lsl#24 // &=0x03ffffff
- add $ACC1,$ACC1,$T1.2d // h0 -> h1
-- bic $H0,#0xfc,lsl#24
-
-- shrn $T0.2s,$ACC4,#26
-+ ushr $T0.2d,$ACC4,#26
- xtn $H4,$ACC4
- ushr $T1.2d,$ACC1,#26
- xtn $H1,$ACC1
-- add $ACC2,$ACC2,$T1.2d // h1 -> h2
- bic $H4,#0xfc,lsl#24
-- bic $H1,#0xfc,lsl#24
-+ add $ACC2,$ACC2,$T1.2d // h1 -> h2
-
-- add $H0,$H0,$T0.2s
-- shl $T0.2s,$T0.2s,#2
-+ add $ACC0,$ACC0,$T0.2d
-+ shl $T0.2d,$T0.2d,#2
- shrn $T1.2s,$ACC2,#26
- xtn $H2,$ACC2
-- add $H0,$H0,$T0.2s // h4 -> h0
-+ add $ACC0,$ACC0,$T0.2d // h4 -> h0
-+ bic $H1,#0xfc,lsl#24
- add $H3,$H3,$T1.2s // h2 -> h3
- bic $H2,#0xfc,lsl#24
-
-- ushr $T0.2s,$H0,#26
-- bic $H0,#0xfc,lsl#24
-+ shrn $T0.2s,$ACC0,#26
-+ xtn $H0,$ACC0
- ushr $T1.2s,$H3,#26
- bic $H3,#0xfc,lsl#24
-+ bic $H0,#0xfc,lsl#24
- add $H1,$H1,$T0.2s // h0 -> h1
- add $H4,$H4,$T1.2s // h3 -> h4
-
-@@ -702,9 +713,7 @@ my $is_base2_26 = $zeros; # borrow
-
- .Lskip_loop:
- dup $IN23_2,${IN23_2}[0]
-- movi $MASK.2d,#-1
- add $IN01_2,$IN01_2,$H2
-- ushr $MASK.2d,$MASK.2d,#38
-
- ////////////////////////////////////////////////////////////////
- // multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
---- a/crypto/poly1305/asm/poly1305-c64xplus.pl
-+++ b/crypto/poly1305/asm/poly1305-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- /dev/null
-+++ b/crypto/poly1305/asm/poly1305-mips.pl
-@@ -0,0 +1,425 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+# ====================================================================
-+# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+
-+# Poly1305 hash for MIPS64.
-+#
-+# May 2016
-+#
-+# Numbers are cycles per processed byte with poly1305_blocks alone.
-+#
-+# IALU/gcc
-+# R1x000 5.64/+120% (big-endian)
-+# Octeon II 3.80/+280% (little-endian)
-+
-+######################################################################
-+# There is a number of MIPS ABI in use, O32 and N32/64 are most
-+# widely used. Then there is a new contender: NUBI. It appears that if
-+# one picks the latter, it's possible to arrange code in ABI neutral
-+# manner. Therefore let's stick to NUBI register layout:
-+#
-+($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
-+($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-+($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
-+($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
-+#
-+# The return value is placed in $a0. Following coding rules facilitate
-+# interoperability:
-+#
-+# - never ever touch $tp, "thread pointer", former $gp [o32 can be
-+# excluded from the rule, because it's specified volatile];
-+# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
-+# old code];
-+# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
-+#
-+# For reference here is register layout for N32/64 MIPS ABIs:
-+#
-+# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
-+# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-+# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
-+# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
-+# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
-+#
-+# <appro at openssl.org>
-+#
-+######################################################################
-+
-+$flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
-+
-+die "MIPS64 only" unless ($flavour =~ /64|n32/i);
-+
-+$v0 = ($flavour =~ /nubi/i) ? $a0 : $t0;
-+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0x0003f000" : "0x00030000";
-+
-+($ctx,$inp,$len,$padbit) = ($a0,$a1,$a2,$a3);
-+($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1);
-+
-+$code.=<<___;
-+#ifdef MIPSEB
-+# define MSB 0
-+# define LSB 7
-+#else
-+# define MSB 7
-+# define LSB 0
-+#endif
-+
-+.text
-+.set noat
-+.set noreorder
-+
-+.align 5
-+.globl poly1305_init
-+.ent poly1305_init
-+poly1305_init:
-+ .frame $sp,0,$ra
-+ .set reorder
-+
-+ sd $zero,0($ctx)
-+ sd $zero,8($ctx)
-+ sd $zero,16($ctx)
-+
-+ beqz $inp,.Lno_key
-+
-+ ldl $in0,0+MSB($inp)
-+ ldl $in1,8+MSB($inp)
-+ ldr $in0,0+LSB($inp)
-+ ldr $in1,8+LSB($inp)
-+#ifdef MIPSEB
-+# if defined(_MIPS_ARCH_MIPS64R2)
-+ dsbh $in0,$in0 # byte swap
-+ dsbh $in1,$in1
-+ dshd $in0,$in0
-+ dshd $in1,$in1
-+# else
-+ ori $tmp0,$zero,0xFF
-+ dsll $tmp2,$tmp0,32
-+ or $tmp0,$tmp2 # 0x000000FF000000FF
-+
-+ and $tmp1,$in0,$tmp0 # byte swap
-+ and $tmp3,$in1,$tmp0
-+ dsrl $tmp2,$in0,24
-+ dsrl $tmp4,$in1,24
-+ dsll $tmp1,24
-+ dsll $tmp3,24
-+ and $tmp2,$tmp0
-+ and $tmp4,$tmp0
-+ dsll $tmp0,8 # 0x0000FF000000FF00
-+ or $tmp1,$tmp2
-+ or $tmp3,$tmp4
-+ and $tmp2,$in0,$tmp0
-+ and $tmp4,$in1,$tmp0
-+ dsrl $in0,8
-+ dsrl $in1,8
-+ dsll $tmp2,8
-+ dsll $tmp4,8
-+ and $in0,$tmp0
-+ and $in1,$tmp0
-+ or $tmp1,$tmp2
-+ or $tmp3,$tmp4
-+ or $in0,$tmp1
-+ or $in1,$tmp3
-+ dsrl $tmp1,$in0,32
-+ dsrl $tmp3,$in1,32
-+ dsll $in0,32
-+ dsll $in1,32
-+ or $in0,$tmp1
-+ or $in1,$tmp3
-+# endif
-+#endif
-+ li $tmp0,1
-+ dsll $tmp0,32
-+ daddiu $tmp0,-63
-+ dsll $tmp0,28
-+ daddiu $tmp0,-1 # 0ffffffc0fffffff
-+
-+ and $in0,$tmp0
-+ daddiu $tmp0,-3 # 0ffffffc0ffffffc
-+ and $in1,$tmp0
-+
-+ sd $in0,24($ctx)
-+ dsrl $tmp0,$in1,2
-+ sd $in1,32($ctx)
-+ daddu $tmp0,$in1 # s1 = r1 + (r1 >> 2)
-+ sd $tmp0,40($ctx)
-+
-+.Lno_key:
-+ li $v0,0 # return 0
-+ jr $ra
-+.end poly1305_init
-+___
-+{
-+my ($h0,$h1,$h2,$r0,$r1,$s1,$d0,$d1,$d2) =
-+ ($s0,$s1,$s2,$s3,$s4,$s5,$in0,$in1,$t2);
-+
-+$code.=<<___;
-+.align 5
-+.globl poly1305_blocks
-+.ent poly1305_blocks
-+poly1305_blocks:
-+ .set noreorder
-+ dsrl $len,4 # number of complete blocks
-+ bnez $len,poly1305_blocks_internal
-+ nop
-+ jr $ra
-+ nop
-+.end poly1305_blocks
-+
-+.align 5
-+.ent poly1305_blocks_internal
-+poly1305_blocks_internal:
-+ .frame $sp,6*8,$ra
-+ .mask $SAVED_REGS_MASK,-8
-+ .set noreorder
-+ dsub $sp,6*8
-+ sd $s5,40($sp)
-+ sd $s4,32($sp)
-+___
-+$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
-+ sd $s3,24($sp)
-+ sd $s2,16($sp)
-+ sd $s1,8($sp)
-+ sd $s0,0($sp)
-+___
-+$code.=<<___;
-+ .set reorder
-+
-+ ld $h0,0($ctx) # load hash value
-+ ld $h1,8($ctx)
-+ ld $h2,16($ctx)
-+
-+ ld $r0,24($ctx) # load key
-+ ld $r1,32($ctx)
-+ ld $s1,40($ctx)
-+
-+.Loop:
-+ ldl $in0,0+MSB($inp) # load input
-+ ldl $in1,8+MSB($inp)
-+ ldr $in0,0+LSB($inp)
-+ daddiu $len,-1
-+ ldr $in1,8+LSB($inp)
-+ daddiu $inp,16
-+#ifdef MIPSEB
-+# if defined(_MIPS_ARCH_MIPS64R2)
-+ dsbh $in0,$in0 # byte swap
-+ dsbh $in1,$in1
-+ dshd $in0,$in0
-+ dshd $in1,$in1
-+# else
-+ ori $tmp0,$zero,0xFF
-+ dsll $tmp2,$tmp0,32
-+ or $tmp0,$tmp2 # 0x000000FF000000FF
-+
-+ and $tmp1,$in0,$tmp0 # byte swap
-+ and $tmp3,$in1,$tmp0
-+ dsrl $tmp2,$in0,24
-+ dsrl $tmp4,$in1,24
-+ dsll $tmp1,24
-+ dsll $tmp3,24
-+ and $tmp2,$tmp0
-+ and $tmp4,$tmp0
-+ dsll $tmp0,8 # 0x0000FF000000FF00
-+ or $tmp1,$tmp2
-+ or $tmp3,$tmp4
-+ and $tmp2,$in0,$tmp0
-+ and $tmp4,$in1,$tmp0
-+ dsrl $in0,8
-+ dsrl $in1,8
-+ dsll $tmp2,8
-+ dsll $tmp4,8
-+ and $in0,$tmp0
-+ and $in1,$tmp0
-+ or $tmp1,$tmp2
-+ or $tmp3,$tmp4
-+ or $in0,$tmp1
-+ or $in1,$tmp3
-+ dsrl $tmp1,$in0,32
-+ dsrl $tmp3,$in1,32
-+ dsll $in0,32
-+ dsll $in1,32
-+ or $in0,$tmp1
-+ or $in1,$tmp3
-+# endif
-+#endif
-+ daddu $h0,$in0 # accumulate input
-+ daddu $h1,$in1
-+ sltu $tmp0,$h0,$in0
-+ sltu $tmp1,$h1,$in1
-+ daddu $h1,$tmp0
-+
-+ dmultu $r0,$h0 # h0*r0
-+ daddu $h2,$padbit
-+ sltu $tmp0,$h1,$tmp0
-+ mflo $d0
-+ mfhi $d1
-+
-+ dmultu $s1,$h1 # h1*5*r1
-+ daddu $tmp0,$tmp1
-+ daddu $h2,$tmp0
-+ mflo $tmp0
-+ mfhi $tmp1
-+
-+ dmultu $r1,$h0 # h0*r1
-+ daddu $d0,$tmp0
-+ daddu $d1,$tmp1
-+ mflo $tmp2
-+ mfhi $d2
-+ sltu $tmp0,$d0,$tmp0
-+ daddu $d1,$tmp0
-+
-+ dmultu $r0,$h1 # h1*r0
-+ daddu $d1,$tmp2
-+ sltu $tmp2,$d1,$tmp2
-+ mflo $tmp0
-+ mfhi $tmp1
-+ daddu $d2,$tmp2
-+
-+ dmultu $s1,$h2 # h2*5*r1
-+ daddu $d1,$tmp0
-+ daddu $d2,$tmp1
-+ mflo $tmp2
-+
-+ dmultu $r0,$h2 # h2*r0
-+ sltu $tmp0,$d1,$tmp0
-+ daddu $d2,$tmp0
-+ mflo $tmp3
-+
-+ daddu $d1,$tmp2
-+ daddu $d2,$tmp3
-+ sltu $tmp2,$d1,$tmp2
-+ daddu $d2,$tmp2
-+
-+ li $tmp0,-4 # final reduction
-+ and $tmp0,$d2
-+ dsrl $tmp1,$d2,2
-+ andi $h2,$d2,3
-+ daddu $tmp0,$tmp1
-+ daddu $h0,$d0,$tmp0
-+ sltu $tmp0,$h0,$tmp0
-+ daddu $h1,$d1,$tmp0
-+ sltu $tmp0,$h1,$tmp0
-+ daddu $h2,$h2,$tmp0
-+
-+ bnez $len,.Loop
-+
-+ sd $h0,0($ctx) # store hash value
-+ sd $h1,8($ctx)
-+ sd $h2,16($ctx)
-+
-+ .set noreorder
-+ ld $s5,40($sp) # epilogue
-+ ld $s4,32($sp)
-+___
-+$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi epilogue
-+ ld $s3,24($sp)
-+ ld $s2,16($sp)
-+ ld $s1,8($sp)
-+ ld $s0,0($sp)
-+___
-+$code.=<<___;
-+ jr $ra
-+ dadd $sp,6*8
-+.end poly1305_blocks_internal
-+___
-+}
-+{
-+my ($ctx,$mac,$nonce) = ($a0,$a1,$a2);
-+
-+$code.=<<___;
-+.align 5
-+.globl poly1305_emit
-+.ent poly1305_emit
-+poly1305_emit:
-+ .frame $sp,0,$ra
-+ .set reorder
-+
-+ ld $tmp0,0($ctx)
-+ ld $tmp1,8($ctx)
-+ ld $tmp2,16($ctx)
-+
-+ daddiu $in0,$tmp0,5 # compare to modulus
-+ sltiu $tmp3,$in0,5
-+ daddu $in1,$tmp1,$tmp3
-+ sltu $tmp3,$in1,$tmp3
-+ daddu $tmp2,$tmp2,$tmp3
-+
-+ dsrl $tmp2,2 # see if it carried/borrowed
-+ dsubu $tmp2,$zero,$tmp2
-+ nor $tmp3,$zero,$tmp2
-+
-+ and $in0,$tmp2
-+ and $tmp0,$tmp3
-+ and $in1,$tmp2
-+ and $tmp1,$tmp3
-+ or $in0,$tmp0
-+ or $in1,$tmp1
-+
-+ lwu $tmp0,0($nonce) # load nonce
-+ lwu $tmp1,4($nonce)
-+ lwu $tmp2,8($nonce)
-+ lwu $tmp3,12($nonce)
-+ dsll $tmp1,32
-+ dsll $tmp3,32
-+ or $tmp0,$tmp1
-+ or $tmp2,$tmp3
-+
-+ daddu $in0,$tmp0 # accumulate nonce
-+ daddu $in1,$tmp2
-+ sltu $tmp0,$in0,$tmp0
-+ daddu $in1,$tmp0
-+
-+ dsrl $tmp0,$in0,8 # write mac value
-+ dsrl $tmp1,$in0,16
-+ dsrl $tmp2,$in0,24
-+ sb $in0,0($mac)
-+ dsrl $tmp3,$in0,32
-+ sb $tmp0,1($mac)
-+ dsrl $tmp0,$in0,40
-+ sb $tmp1,2($mac)
-+ dsrl $tmp1,$in0,48
-+ sb $tmp2,3($mac)
-+ dsrl $tmp2,$in0,56
-+ sb $tmp3,4($mac)
-+ dsrl $tmp3,$in1,8
-+ sb $tmp0,5($mac)
-+ dsrl $tmp0,$in1,16
-+ sb $tmp1,6($mac)
-+ dsrl $tmp1,$in1,24
-+ sb $tmp2,7($mac)
-+
-+ sb $in1,8($mac)
-+ dsrl $tmp2,$in1,32
-+ sb $tmp3,9($mac)
-+ dsrl $tmp3,$in1,40
-+ sb $tmp0,10($mac)
-+ dsrl $tmp0,$in1,48
-+ sb $tmp1,11($mac)
-+ dsrl $tmp1,$in1,56
-+ sb $tmp2,12($mac)
-+ sb $tmp3,13($mac)
-+ sb $tmp0,14($mac)
-+ sb $tmp1,15($mac)
-+
-+ jr $ra
-+.end poly1305_emit
-+.rdata
-+.asciiz "Poly1305 for MIPS64, CRYPTOGAMS by <appro\@openssl.org>"
-+.align 2
-+___
-+}
-+
-+$output=pop and open STDOUT,">$output";
-+print $code;
-+close STDOUT;
-+
---- a/crypto/poly1305/asm/poly1305-ppc.pl
-+++ b/crypto/poly1305/asm/poly1305-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/poly1305/asm/poly1305-ppcfp.pl
-+++ b/crypto/poly1305/asm/poly1305-ppcfp.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/poly1305/asm/poly1305-s390x.pl
-+++ b/crypto/poly1305/asm/poly1305-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/poly1305/asm/poly1305-sparcv9.pl
-+++ b/crypto/poly1305/asm/poly1305-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -74,8 +81,8 @@ SPARC_PIC_THUNK(%g1)
- SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1)
- ld [%g1],%g1
-
-- and %g1,SPARCV9_FMADD|SPARCV9_PREFER_FPU|SPARCV9_VIS3,%g1
-- cmp %g1,SPARCV9_FMADD|SPARCV9_PREFER_FPU
-+ and %g1,SPARCV9_FMADD|SPARCV9_VIS3,%g1
-+ cmp %g1,SPARCV9_FMADD
- be .Lpoly1305_init_fma
- nop
-
-@@ -132,13 +139,14 @@ SPARC_PIC_THUNK(%g1)
- .Lno_key:
- ret
- restore %g0,%g0,%o0 ! return 0
-+.type poly1305_init,#function
- .size poly1305_init,.-poly1305_init
-
- .globl poly1305_blocks
- .align 32
- poly1305_blocks:
- save %sp,-STACK_FRAME,%sp
-- andn $len,15,$len
-+ srln $len,4,$len
-
- brz,pn $len,.Lno_data
- nop
-@@ -194,7 +202,7 @@ SPARC_PIC_THUNK(%g1)
- umul $r1,$h0,$d1
- umul $r2,$h0,$d2
- umul $r3,$h0,$d3
-- sub $len,16,$len
-+ sub $len,1,$len
- add $inp,16,$inp
-
- umul $s3,$h1,$t0
-@@ -264,6 +272,7 @@ SPARC_PIC_THUNK(%g1)
- .Lno_data:
- ret
- restore
-+.type poly1305_blocks,#function
- .size poly1305_blocks,.-poly1305_blocks
- ___
- ########################################################################
-@@ -276,7 +285,7 @@ my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)
- .align 32
- poly1305_blocks_vis3:
- save %sp,-STACK_FRAME,%sp
-- andn $len,15,$len
-+ srln $len,4,$len
-
- brz,pn $len,.Lno_data
- nop
-@@ -314,7 +323,7 @@ my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)
-
- .Linp_aligned_vis3:
- addcc $D0,$H0,$H0 ! accumulate input
-- sub $len,16,$len
-+ sub $len,1,$len
- addxccc $D1,$H1,$H1
- add $inp,16,$inp
-
-@@ -354,6 +363,7 @@ my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)
-
- ret
- restore
-+.type poly1305_blocks_vis3,#function
- .size poly1305_blocks_vis3,.-poly1305_blocks_vis3
- ___
- }
-@@ -426,6 +436,7 @@ my ($mac,$nonce) = ($inp,$len);
-
- ret
- restore
-+.type poly1305_emit,#function
- .size poly1305_emit,.-poly1305_emit
- ___
-
-@@ -591,12 +602,13 @@ my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3h
- .Lno_key_fma:
- ret
- restore %g0,%g0,%o0 ! return 0
-+.type poly1305_init_fma,#function
- .size poly1305_init_fma,.-poly1305_init_fma
-
- .align 32
- poly1305_blocks_fma:
- save %sp,-STACK_FRAME-48,%sp
-- srlx $len,4,$len
-+ srln $len,4,$len
-
- brz,pn $len,.Labort
- sub $len,1,$len
-@@ -898,6 +910,7 @@ my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3h
- .Labort:
- ret
- restore
-+.type poly1305_blocks_fma,#function
- .size poly1305_blocks_fma,.-poly1305_blocks_fma
- ___
- {
-@@ -1004,6 +1017,7 @@ my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3
-
- ret
- restore
-+.type poly1305_emit_fma,#function
- .size poly1305_emit_fma,.-poly1305_emit_fma
- ___
- }
---- a/crypto/poly1305/asm/poly1305-x86.pl
-+++ b/crypto/poly1305/asm/poly1305-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -541,11 +548,12 @@ my $base = shift; $base = "esp" if (!def
-
- sub lazy_reduction {
- my $extra = shift;
--my $paddx = defined($extra) ? paddq : paddd;
-
- ################################################################
- # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
- # and P. Schwabe
-+ #
-+ # [(*) see discussion in poly1305-armv4 module]
-
- &movdqa ($T0,$D3);
- &pand ($D3,$MASK);
-@@ -567,7 +575,7 @@ my $paddx = defined($extra) ? paddq : pa
- # on Atom
- &psllq ($T0,2);
- &paddq ($T1,$D2); # h1 -> h2
-- &$paddx ($T0,$D0); # h4 -> h0
-+ &paddq ($T0,$D0); # h4 -> h0 (*)
- &pand ($D1,$MASK);
- &movdqa ($D2,$T1);
- &psrlq ($T1,26);
---- a/crypto/poly1305/asm/poly1305-x86_64.pl
-+++ b/crypto/poly1305/asm/poly1305-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -65,7 +72,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx");
-@@ -130,8 +137,12 @@ sub poly1305_iteration {
- .extern OPENSSL_ia32cap_P
-
- .globl poly1305_init
-+.hidden poly1305_init
- .globl poly1305_blocks
-+.hidden poly1305_blocks
- .globl poly1305_emit
-+.hidden poly1305_emit
-+
- .type poly1305_init,\@function,3
- .align 32
- poly1305_init:
-@@ -495,10 +506,10 @@ my ($H0,$H1,$H2,$H3,$H4, $T0,$T1,$T2,$T3
-
- ################################# base 2^26 -> base 2^64
- mov $d1#d,$h0#d
-- and \$-1<<31,$d1
-+ and \$`-1*(1<<31)`,$d1
- mov $d2,$r1 # borrow $r1
- mov $d2#d,$h1#d
-- and \$-1<<31,$d2
-+ and \$`-1*(1<<31)`,$d2
-
- shr \$6,$d1
- shl \$52,$r1
-@@ -1383,10 +1394,10 @@ my $S4=$MASK;
-
- ################################# base 2^26 -> base 2^64
- mov $d1#d,$h0#d
-- and \$-1<<31,$d1
-+ and \$`-1*(1<<31)`,$d1
- mov $d2,$r1 # borrow $r1
- mov $d2#d,$h1#d
-- and \$-1<<31,$d2
-+ and \$`-1*(1<<31)`,$d2
-
- shr \$6,$d1
- shl \$52,$r1
-@@ -1991,7 +2002,7 @@ my $S4=$MASK;
- .Lmask24:
- .long 0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0
- .L129:
--.long 1<<24,0,1<<24,0,1<<24,0,1<<24,0
-+.long `1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0
- .Lmask26:
- .long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
- .Lfive:
---- a/crypto/poly1305/build.info
-+++ b/crypto/poly1305/build.info
-@@ -12,6 +12,7 @@ GENERATE[poly1305-armv4.S]=asm/poly1305-
- INCLUDE[poly1305-armv4.o]=..
- GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
- INCLUDE[poly1305-armv8.o]=..
-+GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
-
- BEGINRAW[Makefile(unix)]
- {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl
---- a/crypto/poly1305/poly1305.c
-+++ b/crypto/poly1305/poly1305.c
-@@ -1,12 +1,15 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Rights for redistribution and usage in source and binary
-- * forms are granted according to the OpenSSL license.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
- #include <string.h>
-+#include <openssl/crypto.h>
-
- #include "internal/poly1305.h"
-
-@@ -94,7 +97,7 @@ typedef unsigned int u32;
- * POLY1305_BLOCK_SIZE and |padbit| to 0. In all other cases |padbit|
- * should be set to 1 to perform implicit padding with 128th bit.
- * poly1305_blocks does not actually check for this constraint though,
-- * it's caller(*)'s resposibility to comply.
-+ * it's caller(*)'s responsibility to comply.
- *
- * (*) In the context "caller" is not application code, but higher
- * level Poly1305_* from this very module, so that quirks are
-@@ -185,9 +188,9 @@ poly1305_blocks(void *ctx, const unsigne
- h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0));
- h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8));
- /*
-- * padbit can be zero only when original len was
-- * POLY1306_BLOCK_SIZE, but we don't check
-- */
-+ * padbit can be zero only when original len was
-+ * POLY1306_BLOCK_SIZE, but we don't check
-+ */
- h2 += (u64)(d1 >> 64) + padbit;
-
- /* h *= r "%" p, where "%" stands for "partial remainder" */
-@@ -195,7 +198,7 @@ poly1305_blocks(void *ctx, const unsigne
- ((u128)h1 * s1);
- d1 = ((u128)h0 * r1) +
- ((u128)h1 * r0) +
-- (h2 * s1);
-+ (h2 * s1);
- h2 = (h2 * r0);
-
- /* last reduction step: */
-@@ -543,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsig
- poly1305_emit(ctx->opaque, mac, ctx->nonce);
-
- /* zero out the state */
-- memset(ctx, 0, sizeof(*ctx));
-+ OPENSSL_cleanse(ctx, sizeof(*ctx));
- }
-
- #ifdef SELFTEST
-@@ -590,7 +593,8 @@ static const struct poly1305_test poly13
- "5154ad0d2cb26e01274fc51148491f1b"
- },
- /*
-- * self-generated
-+ * self-generated vectors exercise "significant" lengths, such that
-+ * are handled by different code paths
- */
- {
- "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0"
-@@ -672,6 +676,21 @@ static const struct poly1305_test poly13
- "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57",
- "b846d44e9bbd53cedffbfbb6b7fa4933"
- },
-+ /*
-+ * 4th power of the key spills to 131th bit in SIMD key setup
-+ */
-+ {
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-+ "ad628107e8351d0f2c231a05dc4a4106""00000000000000000000000000000000",
-+ "07145a4c02fe5fa32036de68fabe9066"
-+ },
- {
- /*
- * poly1305_ieee754.c failed this in final stage
-@@ -855,14 +874,11 @@ static const struct poly1305_test poly13
-
- static unsigned char hex_digit(char h)
- {
-- if (h >= '0' && h <= '9')
-- return h - '0';
-- else if (h >= 'a' && h <= 'f')
-- return h - 'a' + 10;
-- else if (h >= 'A' && h <= 'F')
-- return h - 'A' + 10;
-- else
-+ int i = OPENSSL_hexchar2int(h);
-+
-+ if (i < 0)
- abort();
-+ return i;
- }
-
- static void hex_decode(unsigned char *out, const char *hex)
-@@ -996,14 +1012,14 @@ int main()
- Poly1305_Init(&poly1305, key);
-
- for (i=0;i<100000;i++)
-- Poly1305_Update(&poly1305,buf,sizeof(buf));
-+ Poly1305_Update(&poly1305,buf,sizeof(buf));
-
-- stopwatch = OPENSSL_rdtsc();
-+ stopwatch = OPENSSL_rdtsc();
- for (i=0;i<10000;i++)
-- Poly1305_Update(&poly1305,buf,sizeof(buf));
-- stopwatch = OPENSSL_rdtsc() - stopwatch;
-+ Poly1305_Update(&poly1305,buf,sizeof(buf));
-+ stopwatch = OPENSSL_rdtsc() - stopwatch;
-
-- printf("%g\n",stopwatch/(double)(i*sizeof(buf)));
-+ printf("%g\n",stopwatch/(double)(i*sizeof(buf)));
-
- stopwatch = OPENSSL_rdtsc();
- for (i=0;i<10000;i++) {
---- a/crypto/poly1305/poly1305_ieee754.c
-+++ b/crypto/poly1305/poly1305_ieee754.c
-@@ -1,8 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Rights for redistribution and usage in source and binary
-- * forms are granted according to the OpenSSL license.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/ppc_arch.h
-+++ b/crypto/ppc_arch.h
-@@ -1,5 +1,14 @@
--#ifndef __PPC_ARCH_H__
--# define __PPC_ARCH_H__
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef HEADER_PPC_ARCH_H
-+# define HEADER_PPC_ARCH_H
-
- extern unsigned int OPENSSL_ppccap_P;
-
---- a/crypto/ppccap.c
-+++ b/crypto/ppccap.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -79,6 +88,7 @@ void sha512_block_data_order(void *ctx,
- sha512_block_ppc(ctx, inp, len);
- }
-
-+#ifndef OPENSSL_NO_CHACHA
- void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
- size_t len, const unsigned int key[8],
- const unsigned int counter[4]);
-@@ -93,7 +103,9 @@ void ChaCha20_ctr32(unsigned char *out,
- ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
- : ChaCha20_ctr32_int(out, inp, len, key, counter);
- }
-+#endif
-
-+#ifndef OPENSSL_NO_POLY1305
- void poly1305_init_int(void *ctx, const unsigned char key[16]);
- void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
- unsigned int padbit);
-@@ -107,16 +119,17 @@ void poly1305_emit_fpu(void *ctx, unsign
- int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
- {
- if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) {
-- poly1305_init_fpu(ctx,key);
-+ poly1305_init_fpu(ctx, key);
- func[0] = poly1305_blocks_fpu;
- func[1] = poly1305_emit_fpu;
- } else {
-- poly1305_init_int(ctx,key);
-+ poly1305_init_int(ctx, key);
- func[0] = poly1305_blocks;
- func[1] = poly1305_emit;
- }
- return 1;
- }
-+#endif
-
- static sigjmp_buf ill_jmp;
- static void ill_handler(int sig)
-@@ -128,6 +141,7 @@ void OPENSSL_fpu_probe(void);
- void OPENSSL_ppc64_probe(void);
- void OPENSSL_altivec_probe(void);
- void OPENSSL_crypto207_probe(void);
-+void OPENSSL_madd300_probe(void);
-
- /*
- * Use a weak reference to getauxval() so we can use it if it is available
-@@ -220,7 +234,7 @@ void OPENSSL_cpuid_setup(void)
- unsigned long hwcap = getauxval(HWCAP);
-
- if (hwcap & HWCAP_FPU) {
-- OPENSSL_ppccap_P |= PPC_FPU;
-+ OPENSSL_ppccap_P |= PPC_FPU;
-
- if (sizeof(size_t) == 4) {
- /* In 32-bit case PPC_FPU64 is always fastest [if option] */
---- a/crypto/ppccpuid.pl
-+++ b/crypto/ppccpuid.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $flavour = shift;
-
-@@ -170,6 +177,32 @@ Lot: andi. r5,r3,3
- .byte 0,12,0x14,0,0,0,2,0
- .long 0
- .size .OPENSSL_cleanse,.-.OPENSSL_cleanse
-+
-+globl .CRYPTO_memcmp
-+.align 4
-+.CRYPTO_memcmp:
-+ $CMPLI r5,0
-+ li r0,0
-+ beq Lno_data
-+ mtctr r5
-+Loop_cmp:
-+ lbz r6,0(r3)
-+ addi r3,r3,1
-+ lbz r7,0(r4)
-+ addi r4,r4,1
-+ xor r6,r6,r7
-+ or r0,r0,r6
-+ bdnz Loop_cmp
-+
-+Lno_data:
-+ li r3,0
-+ sub r3,r3,r0
-+ extrwi r3,r3,1,0
-+ blr
-+ .long 0
-+ .byte 0,12,0x14,0,0,0,3,0
-+ .long 0
-+.size .CRYPTO_memcmp,.-.CRYPTO_memcmp
- ___
- {
- my ($out,$cnt,$max)=("r3","r4","r5");
---- a/crypto/rand/Makefile.in
-+++ /dev/null
-@@ -1,45 +0,0 @@
--#
--# OpenSSL/crypto/rand/Makefile
--#
--
--DIR= rand
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
-- rand_win.c rand_unix.c
--LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
-- rand_win.o rand_unix.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/rand/md_rand.c
-+++ b/crypto/rand/md_rand.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -125,10 +24,11 @@
- #include <openssl/rand.h>
- #include <openssl/async.h>
- #include "rand_lcl.h"
--#include "internal/threads.h"
-
- #include <openssl/err.h>
-
-+#include <internal/thread_once.h>
-+
- #ifdef OPENSSL_FIPS
- # include <openssl/fips.h>
- #endif
-@@ -140,7 +40,7 @@
- /* #define PREDICT 1 */
-
- #define STATE_SIZE 1023
--static int state_num = 0, state_index = 0;
-+static size_t state_num = 0, state_index = 0;
- static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
- static unsigned char md[MD_DIGEST_LENGTH];
- static long md_count[2] = { 0, 0 };
-@@ -162,7 +62,7 @@ static CRYPTO_THREAD_ID locking_threadid
- int rand_predictable = 0;
- #endif
-
--static void rand_hw_seed(EVP_MD_CTX *ctx);
-+static int rand_hw_seed(EVP_MD_CTX *ctx);
-
- static void rand_cleanup(void);
- static int rand_seed(const void *buf, int num);
-@@ -187,10 +87,11 @@ static RAND_METHOD rand_meth = {
- rand_status
- };
-
--static void do_rand_lock_init(void)
-+DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
- {
- rand_lock = CRYPTO_THREAD_lock_new();
- rand_tmp_lock = CRYPTO_THREAD_lock_new();
-+ return rand_lock != NULL && rand_tmp_lock != NULL;
- }
-
- RAND_METHOD *RAND_OpenSSL(void)
-@@ -243,7 +144,8 @@ static int rand_add(const void *buf, int
- if (m == NULL)
- goto err;
-
-- CRYPTO_THREAD_run_once(&rand_lock_init, do_rand_lock_init);
-+ if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
-+ goto err;
-
- /* check if we already have the lock */
- if (crypto_lock_rand) {
-@@ -370,8 +272,8 @@ static int rand_seed(const void *buf, in
- static int rand_bytes(unsigned char *buf, int num, int pseudo)
- {
- static volatile int stirred_pool = 0;
-- int i, j, k, st_num, st_idx;
-- int num_ceil;
-+ int i, j, k;
-+ size_t num_ceil, st_idx, st_num;
- int ok;
- long md_c[2];
- unsigned char local_md[MD_DIGEST_LENGTH];
-@@ -441,7 +343,9 @@ static int rand_bytes(unsigned char *buf
- * global 'md'.
- */
-
-- CRYPTO_THREAD_run_once(&rand_lock_init, do_rand_lock_init);
-+ if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
-+ goto err_mem;
-+
- CRYPTO_THREAD_write_lock(rand_lock);
- /*
- * We could end up in an async engine while holding this lock so ensure
-@@ -548,7 +452,8 @@ static int rand_bytes(unsigned char *buf
- if (!MD_Update(m, (unsigned char *)&tv, sizeof tv))
- goto err;
- curr_time = 0;
-- rand_hw_seed(m);
-+ if (!rand_hw_seed(m))
-+ goto err;
- }
- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
- goto err;
-@@ -635,7 +540,9 @@ static int rand_status(void)
- int ret;
- int do_not_lock;
-
-- CRYPTO_THREAD_run_once(&rand_lock_init, do_rand_lock_init);
-+ if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
-+ return 0;
-+
- cur = CRYPTO_THREAD_get_current_id();
- /*
- * check if we already have the lock (could happen if a RAND_poll()
-@@ -699,18 +606,20 @@ static int rand_status(void)
- size_t OPENSSL_ia32_rdrand(void);
- extern unsigned int OPENSSL_ia32cap_P[];
-
--static void rand_hw_seed(EVP_MD_CTX *ctx)
-+static int rand_hw_seed(EVP_MD_CTX *ctx)
- {
- int i;
- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32))))
-- return;
-+ return 1;
- for (i = 0; i < RDRAND_CALLS; i++) {
- size_t rnd;
- rnd = OPENSSL_ia32_rdrand();
- if (rnd == 0)
-- return;
-- MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t));
-+ return 1;
-+ if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t)))
-+ return 0;
- }
-+ return 1;
- }
-
- /* XOR an existing buffer with random data */
-@@ -743,9 +652,9 @@ void rand_hw_xor(unsigned char *buf, siz
-
- #else
-
--static void rand_hw_seed(EVP_MD_CTX *ctx)
-+static int rand_hw_seed(EVP_MD_CTX *ctx)
- {
-- return;
-+ return 1;
- }
-
- void rand_hw_xor(unsigned char *buf, size_t num)
---- a/crypto/rand/rand_egd.c
-+++ b/crypto/rand/rand_egd.c
-@@ -1,56 +1,10 @@
--/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/opensslconf.h>
---- a/crypto/rand/rand_err.c
-+++ b/crypto/rand/rand_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,31 +19,18 @@
- # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
-
- static ERR_STRING_DATA RAND_str_functs[] = {
-- {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
-- {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
-- {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
-- {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
-- {ERR_FUNC(RAND_F_FIPS_X931_SET_DT), "FIPS_x931_set_dt"},
- {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"},
-- {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
- {0, NULL}
- };
-
- static ERR_STRING_DATA RAND_str_reasons[] = {
-- {ERR_REASON(RAND_R_NOT_IN_TEST_MODE), "not in test mode"},
-- {ERR_REASON(RAND_R_NO_KEY_SET), "no key set"},
-- {ERR_REASON(RAND_R_PRNG_ERROR), "prng error"},
-- {ERR_REASON(RAND_R_PRNG_KEYED), "prng keyed"},
- {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
-- {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),
-- "prng seed must not match key"},
-- {ERR_REASON(RAND_R_PRNG_STUCK), "prng stuck"},
- {0, NULL}
- };
-
- #endif
-
--void ERR_load_RAND_strings(void)
-+int ERR_load_RAND_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -102,4 +39,5 @@ void ERR_load_RAND_strings(void)
- ERR_load_strings(0, RAND_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/rand/rand_lcl.h
-+++ b/crypto/rand/rand_lcl.h
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RAND_LCL_H
---- a/crypto/rand/rand_lib.c
-+++ b/crypto/rand/rand_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rand/rand_unix.c
-+++ b/crypto/rand/rand_unix.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
-
- #define USE_SOCKETS
-@@ -234,7 +134,7 @@ int RAND_poll(void)
- rnd >>= 8;
- }
- RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-- memset(buf, 0, sizeof(buf));
-+ OPENSSL_cleanse(buf, sizeof(buf));
-
- return 1;
- }
---- a/crypto/rand/rand_vms.c
-+++ b/crypto/rand/rand_vms.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rand.h>
---- a/crypto/rand/rand_win.c
-+++ b/crypto/rand/rand_win.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -114,444 +13,60 @@
-
- #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
- # include <windows.h>
--# ifndef _WIN32_WINNT
--# define _WIN32_WINNT 0x0400
-+/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
-+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
-+# define RAND_WINDOWS_USE_BCRYPT
- # endif
--# include <wincrypt.h>
--# include <tlhelp32.h>
--
--/*
-- * Limit the time spent walking through the heap, processes, threads and
-- * modules to a maximum of 1000 milliseconds each, unless CryptoGenRandom
-- * failed
-- */
--# define MAXDELAY 1000
-
-+# ifdef RAND_WINDOWS_USE_BCRYPT
-+# include <bcrypt.h>
-+# pragma comment(lib, "bcrypt.lib")
-+# ifndef STATUS_SUCCESS
-+# define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
-+# endif
-+# else
-+# include <wincrypt.h>
- /*
- * Intel hardware RNG CSP -- available from
- * http://developer.intel.com/design/security/rng/redist_license.htm
- */
--# define PROV_INTEL_SEC 22
--# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
-+# define PROV_INTEL_SEC 22
-+# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
-+# endif
-
- static void readtimer(void);
--static void readscreen(void);
--
--/*
-- * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
-- * when WINVER is 0x0500 and up, which currently only happens on Win2000.
-- * Unfortunately, those are typedefs, so they're a little bit difficult to
-- * detect properly. On the other hand, the macro CURSOR_SHOWING is defined
-- * within the same conditional, so it can be use to detect the absence of
-- * said typedefs.
-- */
--
--# ifndef CURSOR_SHOWING
--/*
-- * Information about the global cursor.
-- */
--typedef struct tagCURSORINFO {
-- DWORD cbSize;
-- DWORD flags;
-- HCURSOR hCursor;
-- POINT ptScreenPos;
--} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
--
--# define CURSOR_SHOWING 0x00000001
--# endif /* CURSOR_SHOWING */
--
--# if !defined(OPENSSL_SYS_WINCE)
--typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
-- DWORD, DWORD);
--typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
--typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD);
--
--typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID);
--typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO);
--typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT);
--
--typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
--typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
--typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t);
--typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32);
--typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32);
--typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32);
--typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32);
--typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32);
--
--# include <lmcons.h>
--# include <lmstats.h>
--/*
-- * The NET API is Unicode only. It requires the use of the UNICODE macro.
-- * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the
-- * Platform SDK to allow the NET API to be used in non-Unicode applications
-- * provided that Unicode strings were still used for input. LMSTR is defined
-- * as LPWSTR.
-- */
--typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET)
-- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *);
--typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
--# endif /* !OPENSSL_SYS_WINCE */
-
- int RAND_poll(void)
- {
- MEMORYSTATUS mst;
-- HCRYPTPROV hProvider = 0;
-+# ifndef RAND_WINDOWS_USE_BCRYPT
-+ HCRYPTPROV hProvider;
-+# endif
- DWORD w;
-- int good = 0;
-+ BYTE buf[64];
-
--# if defined(OPENSSL_SYS_WINCE)
--# if defined(_WIN32_WCE) && _WIN32_WCE>=300
-- /*
-- * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
-- * in commonly available implementations prior 300...
-- */
-- {
-- BYTE buf[64];
-- /* poll the CryptoAPI PRNG */
-- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
-- CRYPT_VERIFYCONTEXT)) {
-- if (CryptGenRandom(hProvider, sizeof(buf), buf))
-- RAND_add(buf, sizeof(buf), sizeof(buf));
-- CryptReleaseContext(hProvider, 0);
-- }
-+# ifdef RAND_WINDOWS_USE_BCRYPT
-+ if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
-+ RAND_add(buf, sizeof(buf), sizeof(buf));
- }
--# endif
--# else /* OPENSSL_SYS_WINCE */
-- /*
-- * None of below libraries are present on Windows CE, which is
-- * why we #ifndef the whole section. This also excuses us from
-- * handling the GetProcAddress issue. The trouble is that in
-- * real Win32 API GetProcAddress is available in ANSI flavor
-- * only. In WinCE on the other hand GetProcAddress is a macro
-- * most commonly defined as GetProcAddressW, which accepts
-- * Unicode argument. If we were to call GetProcAddress under
-- * WinCE, I'd recommend to either redefine GetProcAddress as
-- * GetProcAddressA (there seem to be one in common CE spec) or
-- * implement own shim routine, which would accept ANSI argument
-- * and expand it to Unicode.
-- */
-- {
-- /* load functions dynamically - not available on all systems */
-- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
-- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
-- HMODULE user = NULL;
-- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
-- CRYPTACQUIRECONTEXTW acquire = NULL;
-- CRYPTGENRANDOM gen = NULL;
-- CRYPTRELEASECONTEXT release = NULL;
-- NETSTATGET netstatget = NULL;
-- NETFREE netfree = NULL;
-- BYTE buf[64];
--
-- if (netapi) {
-- netstatget =
-- (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet");
-- netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree");
-- }
--
-- if (netstatget && netfree) {
-- LPBYTE outbuf;
-- /*
-- * NetStatisticsGet() is a Unicode only function
-- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
-- * contains 17 fields. We treat each field as a source of one
-- * byte of entropy.
-- */
--
-- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) {
-- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
-- netfree(outbuf);
-- }
-- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) {
-- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
-- netfree(outbuf);
-- }
-- }
--
-- if (netapi)
-- FreeLibrary(netapi);
--
-- /*
-- * It appears like this can cause an exception deep within
-- * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey
-- * Altman. Only use it on NT.
-- */
--
-- if (advapi) {
-- /*
-- * If it's available, then it's available in both ANSI
-- * and UNICODE flavors even in Win9x, documentation says.
-- * We favor Unicode...
-- */
-- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
-- "CryptAcquireContextW");
-- gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom");
-- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-- "CryptReleaseContext");
-- }
--
-- if (acquire && gen && release) {
-- /* poll the CryptoAPI PRNG */
-- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
-- CRYPT_VERIFYCONTEXT)) {
-- if (gen(hProvider, sizeof(buf), buf) != 0) {
-- RAND_add(buf, sizeof(buf), 0);
-- good = 1;
-- }
-- release(hProvider, 0);
-- }
--
-- /* poll the Pentium PRG with CryptoAPI */
-- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) {
-- if (gen(hProvider, sizeof(buf), buf) != 0) {
-- RAND_add(buf, sizeof(buf), sizeof(buf));
-- good = 1;
-- }
-- release(hProvider, 0);
-- }
-- }
--
-- if (advapi)
-- FreeLibrary(advapi);
--
-- if ((!check_winnt() ||
-- !OPENSSL_isservice()) &&
-- (user = LoadLibrary(TEXT("USER32.DLL")))) {
-- GETCURSORINFO cursor;
-- GETFOREGROUNDWINDOW win;
-- GETQUEUESTATUS queue;
--
-- win =
-- (GETFOREGROUNDWINDOW) GetProcAddress(user,
-- "GetForegroundWindow");
-- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
--
-- if (win) {
-- /* window handle */
-- HWND h = win();
-- RAND_add(&h, sizeof(h), 0);
-- }
-- if (cursor) {
-- /*
-- * unfortunately, its not safe to call GetCursorInfo() on NT4
-- * even though it exists in SP3 (or SP6) and higher.
-- */
-- if (check_winnt() && !check_win_minplat(5))
-- cursor = 0;
-- }
-- if (cursor) {
-- /* cursor position */
-- /* assume 2 bytes of entropy */
-- CURSORINFO ci;
-- ci.cbSize = sizeof(CURSORINFO);
-- if (cursor(&ci))
-- RAND_add(&ci, ci.cbSize, 2);
-- }
--
-- if (queue) {
-- /* message queue status */
-- /* assume 1 byte of entropy */
-- w = queue(QS_ALLEVENTS);
-- RAND_add(&w, sizeof(w), 1);
-- }
--
-- FreeLibrary(user);
-+# else
-+ /* poll the CryptoAPI PRNG */
-+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-+ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-+ if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
-+ RAND_add(buf, sizeof(buf), sizeof(buf));
- }
-+ CryptReleaseContext(hProvider, 0);
-+ }
-
-- /*-
-- * Toolhelp32 snapshot: enumerate processes, threads, modules and heap
-- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
-- * (Win 9x and 2000 only, not available on NT)
-- *
-- * This seeding method was proposed in Peter Gutmann, Software
-- * Generation of Practically Strong Random Numbers,
-- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
-- * (The assignment of entropy estimates below is arbitrary, but based
-- * on Peter's analysis the full poll appears to be safe. Additional
-- * interactive seeding is encouraged.)
-- */
--
-- if (kernel) {
-- CREATETOOLHELP32SNAPSHOT snap;
-- CLOSETOOLHELP32SNAPSHOT close_snap;
-- HANDLE handle;
--
-- HEAP32FIRST heap_first;
-- HEAP32NEXT heap_next;
-- HEAP32LIST heaplist_first, heaplist_next;
-- PROCESS32 process_first, process_next;
-- THREAD32 thread_first, thread_next;
-- MODULE32 module_first, module_next;
--
-- HEAPLIST32 hlist;
-- HEAPENTRY32 hentry;
-- PROCESSENTRY32 p;
-- THREADENTRY32 t;
-- MODULEENTRY32 m;
-- DWORD starttime = 0;
--
-- snap = (CREATETOOLHELP32SNAPSHOT)
-- GetProcAddress(kernel, "CreateToolhelp32Snapshot");
-- close_snap = (CLOSETOOLHELP32SNAPSHOT)
-- GetProcAddress(kernel, "CloseToolhelp32Snapshot");
-- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-- heaplist_first =
-- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-- heaplist_next =
-- (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-- process_first =
-- (PROCESS32) GetProcAddress(kernel, "Process32First");
-- process_next =
-- (PROCESS32) GetProcAddress(kernel, "Process32Next");
-- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-- module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
--
-- if (snap && heap_first && heap_next && heaplist_first &&
-- heaplist_next && process_first && process_next &&
-- thread_first && thread_next && module_first &&
-- module_next && (handle = snap(TH32CS_SNAPALL, 0))
-- != INVALID_HANDLE_VALUE) {
-- /* heap list and heap walking */
-- /*
-- * HEAPLIST32 contains 3 fields that will change with each
-- * entry. Consider each field a source of 1 byte of entropy.
-- * HEAPENTRY32 contains 5 fields that will change with each
-- * entry. Consider each field a source of 1 byte of entropy.
-- */
-- ZeroMemory(&hlist, sizeof(HEAPLIST32));
-- hlist.dwSize = sizeof(HEAPLIST32);
-- if (good)
-- starttime = GetTickCount();
--# ifdef _MSC_VER
-- if (heaplist_first(handle, &hlist)) {
-- /*
-- * following discussion on dev ML, exception on WinCE (or
-- * other Win platform) is theoretically of unknown
-- * origin; prevent infinite loop here when this
-- * theoretical case occurs; otherwise cope with the
-- * expected (MSDN documented) exception-throwing
-- * behaviour of Heap32Next() on WinCE.
-- *
-- * based on patch in original message by Tanguy Fautré
-- * (2009/03/02) Subject: RAND_poll() and
-- * CreateToolhelp32Snapshot() stability
-- */
-- int ex_cnt_limit = 42;
-- do {
-- RAND_add(&hlist, hlist.dwSize, 3);
-- __try {
-- ZeroMemory(&hentry, sizeof(HEAPENTRY32));
-- hentry.dwSize = sizeof(HEAPENTRY32);
-- if (heap_first(&hentry,
-- hlist.th32ProcessID,
-- hlist.th32HeapID)) {
-- int entrycnt = 80;
-- do
-- RAND_add(&hentry, hentry.dwSize, 5);
-- while (heap_next(&hentry)
-- && (!good
-- || (GetTickCount() - starttime) <
-- MAXDELAY)
-- && --entrycnt > 0);
-- }
-- }
-- __except(EXCEPTION_EXECUTE_HANDLER) {
-- /*
-- * ignore access violations when walking the heap
-- * list
-- */
-- ex_cnt_limit--;
-- }
-- } while (heaplist_next(handle, &hlist)
-- && (!good
-- || (GetTickCount() - starttime) < MAXDELAY)
-- && ex_cnt_limit > 0);
-- }
--# else
-- if (heaplist_first(handle, &hlist)) {
-- do {
-- RAND_add(&hlist, hlist.dwSize, 3);
-- hentry.dwSize = sizeof(HEAPENTRY32);
-- if (heap_first(&hentry,
-- hlist.th32ProcessID,
-- hlist.th32HeapID)) {
-- int entrycnt = 80;
-- do
-- RAND_add(&hentry, hentry.dwSize, 5);
-- while (heap_next(&hentry)
-- && --entrycnt > 0);
-- }
-- } while (heaplist_next(handle, &hlist)
-- && (!good
-- || (GetTickCount() - starttime) < MAXDELAY));
-- }
--# endif
--
-- /* process walking */
-- /*
-- * PROCESSENTRY32 contains 9 fields that will change with
-- * each entry. Consider each field a source of 1 byte of
-- * entropy.
-- */
-- p.dwSize = sizeof(PROCESSENTRY32);
--
-- if (good)
-- starttime = GetTickCount();
-- if (process_first(handle, &p))
-- do
-- RAND_add(&p, p.dwSize, 9);
-- while (process_next(handle, &p)
-- && (!good
-- || (GetTickCount() - starttime) < MAXDELAY));
--
-- /* thread walking */
-- /*
-- * THREADENTRY32 contains 6 fields that will change with each
-- * entry. Consider each field a source of 1 byte of entropy.
-- */
-- t.dwSize = sizeof(THREADENTRY32);
-- if (good)
-- starttime = GetTickCount();
-- if (thread_first(handle, &t))
-- do
-- RAND_add(&t, t.dwSize, 6);
-- while (thread_next(handle, &t)
-- && (!good
-- || (GetTickCount() - starttime) < MAXDELAY));
--
-- /* module walking */
-- /*
-- * MODULEENTRY32 contains 9 fields that will change with each
-- * entry. Consider each field a source of 1 byte of entropy.
-- */
-- m.dwSize = sizeof(MODULEENTRY32);
-- if (good)
-- starttime = GetTickCount();
-- if (module_first(handle, &m))
-- do
-- RAND_add(&m, m.dwSize, 9);
-- while (module_next(handle, &m)
-- && (!good
-- || (GetTickCount() - starttime) < MAXDELAY));
-- if (close_snap)
-- close_snap(handle);
-- else
-- CloseHandle(handle);
--
-- }
--
-- FreeLibrary(kernel);
-+ /* poll the Pentium PRG with CryptoAPI */
-+ if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-+ if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
-+ RAND_add(buf, sizeof(buf), sizeof(buf));
- }
-+ CryptReleaseContext(hProvider, 0);
- }
--# endif /* !OPENSSL_SYS_WINCE */
-+# endif
-
- /* timer data */
- readtimer();
-@@ -567,50 +82,18 @@ int RAND_poll(void)
- return (1);
- }
-
-+#if OPENSSL_API_COMPAT < 0x10100000L
- int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
- {
-- double add_entropy = 0;
--
-- switch (iMsg) {
-- case WM_KEYDOWN:
-- {
-- static WPARAM key;
-- if (key != wParam)
-- add_entropy = 0.05;
-- key = wParam;
-- }
-- break;
-- case WM_MOUSEMOVE:
-- {
-- static int lastx, lasty, lastdx, lastdy;
-- int x, y, dx, dy;
--
-- x = LOWORD(lParam);
-- y = HIWORD(lParam);
-- dx = lastx - x;
-- dy = lasty - y;
-- if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0)
-- add_entropy = .2;
-- lastx = x, lasty = y;
-- lastdx = dx, lastdy = dy;
-- }
-- break;
-- }
--
-- readtimer();
-- RAND_add(&iMsg, sizeof(iMsg), add_entropy);
-- RAND_add(&wParam, sizeof(wParam), 0);
-- RAND_add(&lParam, sizeof(lParam), 0);
--
-- return (RAND_status());
-+ RAND_poll();
-+ return RAND_status();
- }
-
- void RAND_screen(void)
--{ /* function available for backward
-- * compatibility */
-+{
- RAND_poll();
-- readscreen();
- }
-+#endif
-
- /* feed timing information to the PRNG */
- static void readtimer(void)
-@@ -649,91 +132,4 @@ static void readtimer(void)
- }
- }
-
--/* feed screen contents to PRNG */
--/*****************************************************************************
-- *
-- * Created 960901 by Gertjan van Oosten, gertjan at West.NL, West Consulting B.V.
-- *
-- * Code adapted from
-- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
-- * the original copyright message is:
-- *
-- * (C) Copyright Microsoft Corp. 1993. All rights reserved.
-- *
-- * You have a royalty-free right to use, modify, reproduce and
-- * distribute the Sample Files (and/or any modified version) in
-- * any way you find useful, provided that you agree that
-- * Microsoft has no warranty obligations or liability for any
-- * Sample Application Files which are modified.
-- */
--
--static void readscreen(void)
--{
--# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
-- HDC hScrDC; /* screen DC */
-- HBITMAP hBitmap; /* handle for our bitmap */
-- BITMAP bm; /* bitmap properties */
-- unsigned int size; /* size of bitmap */
-- char *bmbits; /* contents of bitmap */
-- int w; /* screen width */
-- int h; /* screen height */
-- int y; /* y-coordinate of screen lines to grab */
-- int n = 16; /* number of screen lines to grab at a time */
-- BITMAPINFOHEADER bi; /* info about the bitmap */
--
-- if (check_winnt() && OPENSSL_isservice() > 0)
-- return;
--
-- /* Get a reference to the screen DC */
-- hScrDC = GetDC(NULL);
--
-- /* Get screen resolution */
-- w = GetDeviceCaps(hScrDC, HORZRES);
-- h = GetDeviceCaps(hScrDC, VERTRES);
--
-- /* Create a bitmap compatible with the screen DC */
-- hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
--
-- /* Get bitmap properties */
-- GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
-- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
--
-- bi.biSize = sizeof(BITMAPINFOHEADER);
-- bi.biWidth = bm.bmWidth;
-- bi.biHeight = bm.bmHeight;
-- bi.biPlanes = bm.bmPlanes;
-- bi.biBitCount = bm.bmBitsPixel;
-- bi.biCompression = BI_RGB;
-- bi.biSizeImage = 0;
-- bi.biXPelsPerMeter = 0;
-- bi.biYPelsPerMeter = 0;
-- bi.biClrUsed = 0;
-- bi.biClrImportant = 0;
--
-- bmbits = OPENSSL_malloc(size);
-- if (bmbits != NULL) {
-- /* Now go through the whole screen, repeatedly grabbing n lines */
-- for (y = 0; y < h - n; y += n) {
-- unsigned char md[MD_DIGEST_LENGTH];
--
-- /* Copy the bits of the current line range into the buffer */
-- GetDIBits(hScrDC, hBitmap, y, n,
-- bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS);
--
-- /* Get the hash of the bitmap */
-- MD(bmbits, size, md);
--
-- /* Seed the random generator with the hash value */
-- RAND_add(md, MD_DIGEST_LENGTH, 0);
-- }
--
-- OPENSSL_free(bmbits);
-- }
--
-- /* Clean up */
-- DeleteObject(hBitmap);
-- ReleaseDC(NULL, hScrDC);
--# endif /* !OPENSSL_SYS_WINCE */
--}
--
- #endif
---- a/crypto/rand/randfile.c
-+++ b/crypto/rand/randfile.c
-@@ -1,66 +1,13 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--#include "e_os.h"
--
--/* We need to define this to get macros like S_IFBLK and S_IFCHR */
--#if !defined(OPENSSL_SYS_VXWORKS)
--# define _XOPEN_SOURCE 500
--#endif
-+#include "internal/cryptlib.h"
-
- #include <errno.h>
- #include <stdio.h>
-@@ -80,6 +27,29 @@
- #ifndef OPENSSL_NO_POSIX_IO
- # include <sys/stat.h>
- # include <fcntl.h>
-+/*
-+ * Following should not be needed, and we could have been stricter
-+ * and demand S_IS*. But some systems just don't comply... Formally
-+ * below macros are "anatomically incorrect", because normally they
-+ * would look like ((m) & MASK == TYPE), but since MASK availability
-+ * is as questionable, we settle for this poor-man fallback...
-+ */
-+# if !defined(S_ISBLK)
-+# if defined(_S_IFBLK)
-+# define S_ISBLK(m) ((m) & _S_IFBLK)
-+# elif defined(S_IFBLK)
-+# define S_ISBLK(m) ((m) & S_IFBLK)
-+# elif defined(_WIN32)
-+# define S_ISBLK(m) 0 /* no concept of block devices on Windows */
-+# endif
-+# endif
-+# if !defined(S_ISCHR)
-+# if defined(_S_IFCHR)
-+# define S_ISCHR(m) ((m) & _S_IFCHR)
-+# elif defined(S_IFCHR)
-+# define S_ISCHR(m) ((m) & S_IFCHR)
-+# endif
-+# endif
- #endif
-
- #ifdef _WIN32
-@@ -87,6 +57,8 @@
- # define chmod _chmod
- # define open _open
- # define fdopen _fdopen
-+# define fstat _fstat
-+# define fileno _fileno
- #endif
-
- #undef BUFSIZE
-@@ -95,12 +67,39 @@
-
- #ifdef OPENSSL_SYS_VMS
- /*
-+ * Misc hacks needed for specific cases.
-+ *
-+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
-+ * to make sure the FILE* is a 32-bit pointer no matter what. We know that
-+ * stdio function return this type (a study of stdio.h proves it).
-+ * Additionally, we create a similar char pointer type for the sake of
-+ * vms_setbuf below.
-+ */
-+# if __INITIAL_POINTER_SIZE == 64
-+# pragma pointer_size save
-+# pragma pointer_size 32
-+typedef char *char_ptr32;
-+# pragma pointer_size restore
-+/*
-+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
-+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
-+ * Since we know that the FILE* really is a 32-bit pointer expanded to
-+ * 64 bits, we also know it's safe to convert it back to a 32-bit pointer.
-+ * As for the buffer parameter, we only use NULL here, so that passes as
-+ * well...
-+ */
-+# define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf))
-+# endif
-+
-+/*
- * This declaration is a nasty hack to get around vms' extension to fopen for
-- * passing in sharing options being disabled by our /STANDARD=ANSI89
-+ * passing in sharing options being disabled by /STANDARD=ANSI89
- */
--static FILE *(*const vms_fopen)(const char *, const char *, ...) =
-- (FILE *(*)(const char *, const char *, ...))fopen;
-+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
-+ (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
- # define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
-+
-+# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
- #endif
-
- #define RFILE ".rnd"
-@@ -122,10 +121,17 @@ int RAND_load_file(const char *file, lon
- struct stat sb;
- #endif
- int i, ret = 0, n;
-- FILE *in;
-+ FILE *in = NULL;
-
- if (file == NULL)
-- return (0);
-+ return 0;
-+
-+ if (bytes == 0)
-+ return ret;
-+
-+ in = openssl_fopen(file, "rb");
-+ if (in == NULL)
-+ goto err;
-
- #ifndef OPENSSL_NO_POSIX_IO
- /*
-@@ -135,30 +141,21 @@ int RAND_load_file(const char *file, lon
- * applications such as Valgrind.
- */
- memset(&sb, 0, sizeof(sb));
-- if (stat(file, &sb) < 0)
-- return (0);
-+ if (fstat(fileno(in), &sb) < 0)
-+ goto err;
- RAND_add(&sb, sizeof(sb), 0.0);
--#endif
-- if (bytes == 0)
-- return (ret);
-
--#ifdef OPENSSL_SYS_VMS
-- in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
--#else
-- in = fopen(file, "rb");
--#endif
-- if (in == NULL)
-- goto err;
--#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
-- if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
-+# if defined(S_ISBLK) && defined(S_ISCHR)
-+ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /*
- * this file is a device. we don't want read an infinite number of
- * bytes from a random device, nor do we want to use buffered I/O
- * because we will waste system entropy.
- */
- bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-- setbuf(stdin, NULL); /* don't do buffered reads */
-+ setbuf(in, NULL); /* don't do buffered reads */
- }
-+# endif
- #endif
- for (;;) {
- if (bytes > 0)
-@@ -177,10 +174,11 @@ int RAND_load_file(const char *file, lon
- break;
- }
- }
-- fclose(in);
- OPENSSL_cleanse(buf, BUFSIZE);
- err:
-- return (ret);
-+ if (in != NULL)
-+ fclose(in);
-+ return ret;
- }
-
- int RAND_write_file(const char *file)
-@@ -192,9 +190,15 @@ int RAND_write_file(const char *file)
- #ifndef OPENSSL_NO_POSIX_IO
- struct stat sb;
-
-+# if defined(S_ISBLK) && defined(S_ISCHR)
-+# ifdef _WIN32
-+ /*
-+ * Check for |file| being a driver as "ASCII-safe" on Windows,
-+ * because driver paths are always ASCII.
-+ */
-+# endif
- i = stat(file, &sb);
- if (i != -1) {
--# if defined(S_ISBLK) && defined(S_ISCHR)
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /*
- * this file is a device. we don't write back to it. we
-@@ -202,13 +206,14 @@ int RAND_write_file(const char *file)
- * device. Otherwise attempting to write to and chmod the device
- * causes problems.
- */
-- return (1);
-+ return 1;
- }
- # endif
- }
- #endif
-
--#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
-+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
-+ !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
- {
- # ifndef O_BINARY
- # define O_BINARY 0
-@@ -242,14 +247,11 @@ int RAND_write_file(const char *file)
- * rand file in a concurrent use situation.
- */
-
-- out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
-- if (out == NULL)
-- out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
--#else
-- if (out == NULL)
-- out = fopen(file, "wb");
-+ out = openssl_fopen(file, "rb+");
- #endif
- if (out == NULL)
-+ out = openssl_fopen(file, "wb");
-+ if (out == NULL)
- goto err;
-
- #if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
-@@ -280,31 +282,68 @@ int RAND_write_file(const char *file)
- const char *RAND_file_name(char *buf, size_t size)
- {
- char *s = NULL;
-+ int use_randfile = 1;
- #ifdef __OpenBSD__
- struct stat sb;
- #endif
-
-- if (OPENSSL_issetugid() == 0)
-+#if defined(_WIN32) && defined(CP_UTF8)
-+ DWORD len;
-+ WCHAR *var, *val;
-+
-+ if ((var = L"RANDFILE",
-+ len = GetEnvironmentVariableW(var, NULL, 0)) == 0
-+ && (var = L"HOME", use_randfile = 0,
-+ len = GetEnvironmentVariableW(var, NULL, 0)) == 0
-+ && (var = L"USERPROFILE",
-+ len = GetEnvironmentVariableW(var, NULL, 0)) == 0) {
-+ var = L"SYSTEMROOT",
-+ len = GetEnvironmentVariableW(var, NULL, 0);
-+ }
-+
-+ if (len != 0) {
-+ int sz;
-+
-+ val = _alloca(len * sizeof(WCHAR));
-+
-+ if (GetEnvironmentVariableW(var, val, len) < len
-+ && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
-+ NULL, NULL)) != 0) {
-+ s = _alloca(sz);
-+ if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
-+ NULL, NULL) == 0)
-+ s = NULL;
-+ }
-+ }
-+#else
-+ if (OPENSSL_issetugid() == 0) {
- s = getenv("RANDFILE");
-- if (s != NULL && *s && strlen(s) + 1 < size) {
-- if (OPENSSL_strlcpy(buf, s, size) >= size)
-- return NULL;
- } else {
-+ use_randfile = 0;
- if (OPENSSL_issetugid() == 0)
- s = getenv("HOME");
-+ }
-+#endif
- #ifdef DEFAULT_HOME
-- if (s == NULL) {
-- s = DEFAULT_HOME;
-- }
-+ if (!use_randfile && s == NULL) {
-+ s = DEFAULT_HOME;
-+ }
- #endif
-- if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) {
-+ if (s != NULL && *s) {
-+ size_t len = strlen(s);
-+
-+ if (use_randfile && len + 1 < size) {
-+ if (OPENSSL_strlcpy(buf, s, size) >= size)
-+ return NULL;
-+ } else if (len + strlen(RFILE) + 2 < size) {
- OPENSSL_strlcpy(buf, s, size);
- #ifndef OPENSSL_SYS_VMS
- OPENSSL_strlcat(buf, "/", size);
- #endif
- OPENSSL_strlcat(buf, RFILE, size);
-- } else
-- buf[0] = '\0'; /* no file name */
-+ }
-+ } else {
-+ buf[0] = '\0'; /* no file name */
- }
-
- #ifdef __OpenBSD__
-@@ -318,12 +357,12 @@ const char *RAND_file_name(char *buf, si
-
- if (!buf[0])
- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
-- return (NULL);
-+ return NULL;
- }
- if (stat(buf, &sb) == -1)
- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
-- return (NULL);
-+ return NULL;
- }
- #endif
-- return (buf);
-+ return buf;
- }
---- a/crypto/rc2/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/rc2/Makefile
--#
--
--DIR= rc2
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
--LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
--
--SRC= $(LIBSRC)
--
--HEADER= rc2_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/rc2/rc2_cbc.c
-+++ b/crypto/rc2/rc2_cbc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc2.h>
---- a/crypto/rc2/rc2_ecb.c
-+++ b/crypto/rc2/rc2_ecb.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc2.h>
---- a/crypto/rc2/rc2_locl.h
-+++ b/crypto/rc2/rc2_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #undef c2l
---- a/crypto/rc2/rc2_skey.c
-+++ b/crypto/rc2/rc2_skey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc2.h>
---- a/crypto/rc2/rc2cfb64.c
-+++ b/crypto/rc2/rc2cfb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc2.h>
---- a/crypto/rc2/rc2ofb64.c
-+++ b/crypto/rc2/rc2ofb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc2.h>
---- a/crypto/rc2/rrc2.doc
-+++ /dev/null
-@@ -1,219 +0,0 @@
-->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
--Article 23601 of sci.crypt:
--Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
-->From: pgut01 at cs.auckland.ac.nz (Peter Gutmann)
--Newsgroups: sci.crypt
--Subject: Specification for Ron Rivests Cipher No.2
--Date: 11 Feb 1996 06:45:03 GMT
--Organization: University of Auckland
--Lines: 203
--Sender: pgut01 at cs.auckland.ac.nz (Peter Gutmann)
--Message-ID: <4fk39f$f70 at net.auckland.ac.nz>
--NNTP-Posting-Host: cs26.cs.auckland.ac.nz
--X-Newsreader: NN version 6.5.0 #3 (NOV)
--
--
--
--
-- Ron Rivest's Cipher No.2
-- ------------------------
--
--Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
--refer to it by other names) is word oriented, operating on a block of 64 bits
--divided into four 16-bit words, with a key table of 64 words. All data units
--are little-endian. This functional description of the algorithm is based in
--the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
--the same general layout, terminology, and pseudocode style.
--
--
--Notation and RRC.2 Primitive Operations
--
--RRC.2 uses the following primitive operations:
--
--1. Two's-complement addition of words, denoted by "+". The inverse operation,
-- subtraction, is denoted by "-".
--2. Bitwise exclusive OR, denoted by "^".
--3. Bitwise AND, denoted by "&".
--4. Bitwise NOT, denoted by "~".
--5. A left-rotation of words; the rotation of word x left by y is denoted
-- x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
--
--These operations are directly and efficiently supported by most processors.
--
--
--The RRC.2 Algorithm
--
--RRC.2 consists of three components, a *key expansion* algorithm, an
--*encryption* algorithm, and a *decryption* algorithm.
--
--
--Key Expansion
--
--The purpose of the key-expansion routine is to expand the user's key K to fill
--the expanded key array S, so S resembles an array of random binary words
--determined by the user's secret key K.
--
--Initialising the S-box
--
--RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
--Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
--cryptography by enough time that there should be no concerns about trapdoors
--hidden in the data. They have been published widely, and the S-box can be
--easily recreated from the one-time pad values and the Beale Cipher data taken
--from a standard source. To initialise the S-box:
--
-- for i = 0 to 255 do
-- sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
--
--The contents of Beale Cipher No.1 and the necessary one-time pad are given as
--an appendix at the end of this document. For efficiency, implementors may wish
--to skip the Beale Cipher expansion and store the sBox table directly.
--
--Expanding the Secret Key to 128 Bytes
--
--The secret key is first expanded to fill 128 bytes (64 words). The expansion
--consists of taking the sum of the first and last bytes in the user key, looking
--up the sum (modulo 256) in the S-box, and appending the result to the key. The
--operation is repeated with the second byte and new last byte of the key until
--all 128 bytes have been generated. Note that the following pseudocode treats
--the S array as an array of 128 bytes rather than 64 words.
--
-- for j = 0 to length-1 do
-- S[ j ] = K[ j ]
-- for j = length to 127 do
-- s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
--
--At this point it is possible to perform a truncation of the effective key
--length to ease the creation of espionage-enabled software products. However
--since the author cannot conceive why anyone would want to do this, it will not
--be considered further.
--
--The final phase of the key expansion involves replacing the first byte of S
--with the entry selected from the S-box:
--
-- S[ 0 ] = sBox[ S[ 0 ] ]
--
--
--Encryption
--
--The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
--rounds perform an additional transformation on the data. Note that the
--following pseudocode treats the S array as an array of 64 words rather than 128
--bytes.
--
-- for i = 0 to 15 do
-- j = i * 4;
-- word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
-- word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
-- word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
-- word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
--
--In addition the fifth and eleventh rounds add the contents of the S-box indexed
--by one of the data words to another of the data words following the four
--subrounds as follows:
--
-- word0 = word0 + S[ word3 & 63 ];
-- word1 = word1 + S[ word0 & 63 ];
-- word2 = word2 + S[ word1 & 63 ];
-- word3 = word3 + S[ word2 & 63 ];
--
--
--Decryption
--
--The decryption operation is simply the inverse of the encryption operation.
--Note that the following pseudocode treats the S array as an array of 64 words
--rather than 128 bytes.
--
-- for i = 15 downto 0 do
-- j = i * 4;
-- word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
-- word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
-- word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
-- word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
--
--In addition the fifth and eleventh rounds subtract the contents of the S-box
--indexed by one of the data words from another one of the data words following
--the four subrounds as follows:
--
-- word3 = word3 - S[ word2 & 63 ]
-- word2 = word2 - S[ word1 & 63 ]
-- word1 = word1 - S[ word0 & 63 ]
-- word0 = word0 - S[ word3 & 63 ]
--
--
--Test Vectors
--
--The following test vectors may be used to test the correctness of an RRC.2
--implementation:
--
-- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-- Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
--
-- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-- Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
--
-- Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-- Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-- Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
--
-- Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-- Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-- Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
--
--
--Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
-- Creating the S-Box
--
--Beale Cipher No.1.
--
-- 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
-- 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
-- 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
-- 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
-- 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
-- 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
-- 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
-- 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
-- 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
-- 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
-- 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
-- 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
-- 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
-- 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
-- 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
-- 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
--
--One-time Pad.
--
-- 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
-- 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
-- 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
-- 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
-- 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
-- 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
-- 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
-- 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
-- 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
-- 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
-- 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
-- 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
-- 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
-- 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
-- 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
-- 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
--
--
--Implementation
--
--A non-US based programmer who has never seen any encryption code before will
--shortly be implementing RRC.2 based solely on this specification and not on
--knowledge of any other encryption algorithms. Stand by.
--
--
--
---- a/crypto/rc2/tab.c
-+++ b/crypto/rc2/tab.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <stdio.h>
-
- unsigned char ebits_to_num[256] = {
---- a/crypto/rc2/version
-+++ /dev/null
-@@ -1,22 +0,0 @@
--1.1 23/08/96 - eay
-- Changed RC2_set_key() so it now takes another argument. Many
-- thanks to Peter Gutmann <pgut01 at cs.auckland.ac.nz> for the
-- clarification and original specification of RC2. BSAFE uses
-- this last parameter, 'bits'. It the key is 128 bits, BSAFE
-- also sets this parameter to 128. The old behaviour can be
-- duplicated by setting this parameter to 1024.
--
--1.0 08/04/96 - eay
-- First version of SSLeay with rc2. This has been written from the spec
-- posted sci.crypt. It is in this directory under rrc2.doc
-- I have no test values for any mode other than ecb, my wrappers for the
-- other modes should be ok since they are basically the same as
-- the ones taken from idea and des :-). I have implemented them as
-- little-endian operators.
-- While rc2 is included because it is used with SSL, I don't know how
-- far I trust it. It is about the same speed as IDEA and DES.
-- So if you are paranoid, used Tripple DES, else IDEA. If RC2
-- does get used more, perhaps more people will look for weaknesses in
-- it.
--
--
---- a/crypto/rc4/Makefile.in
-+++ /dev/null
-@@ -1,71 +0,0 @@
--#
--# OpenSSL/crypto/rc4/Makefile
--#
--
--DIR= rc4
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--AR= ar r
--
--RC4_ENC=rc4_enc.o rc4_skey.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=rc4_skey.c rc4_enc.c
--LIBOBJ=$(RC4_ENC)
--
--SRC= $(LIBSRC)
--
--HEADER= rc4_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--rc4-586.s: asm/rc4-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--rc4-x86_64.s: asm/rc4-x86_64.pl
-- $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) $@
--rc4-md5-x86_64.s: asm/rc4-md5-x86_64.pl
-- $(PERL) asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) $@
--
--rc4-ia64.S: asm/rc4-ia64.pl
-- $(PERL) asm/rc4-ia64.pl $(CFLAGS) $@
--
--rc4-parisc.s: asm/rc4-parisc.pl
-- $(PERL) asm/rc4-parisc.pl $(PERLASM_SCHEME) $@
--
--rc4-ia64.s: rc4-ia64.S
-- @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
-- int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \
-- char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \
-- *) exit 1 ;; \
-- esac
--
--# GNU make "catch all"
--rc4-%.s: asm/rc4-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/rc4/asm/rc4-586.pl
-+++ b/crypto/rc4/asm/rc4-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # [Re]written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/rc4/asm/rc4-c64xplus.pl
-+++ b/crypto/rc4/asm/rc4-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/rc4/asm/rc4-ia64.pl
-+++ b/crypto/rc4/asm/rc4-ia64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by David Mosberger <David.Mosberger at acm.org> based on the
---- a/crypto/rc4/asm/rc4-md5-x86_64.pl
-+++ b/crypto/rc4/asm/rc4-md5-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -57,7 +64,7 @@ my $win64=0; $win64=1 if ($flavour =~ /[
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
---- a/crypto/rc4/asm/rc4-parisc.pl
-+++ b/crypto/rc4/asm/rc4-parisc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/rc4/asm/rc4-s390x.pl
-+++ b/crypto/rc4/asm/rc4-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/rc4/asm/rc4-x86_64.pl
-+++ b/crypto/rc4/asm/rc4-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -115,7 +122,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $dat="%rdi"; # arg1
---- a/crypto/rc4/rc4_enc.c
-+++ b/crypto/rc4/rc4_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc4.h>
---- a/crypto/rc4/rc4_locl.h
-+++ b/crypto/rc4/rc4_locl.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #ifndef HEADER_RC4_LOCL_H
- # define HEADER_RC4_LOCL_H
-
---- a/crypto/rc4/rc4_skey.c
-+++ b/crypto/rc4/rc4_skey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc4.h>
---- a/crypto/rc5/Makefile.in
-+++ /dev/null
-@@ -1,51 +0,0 @@
--#
--# OpenSSL/crypto/rc5/Makefile
--#
--
--DIR= rc5
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--RC5_ENC= rc5_enc.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
--LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
--
--SRC= $(LIBSRC)
--
--HEADER= rc5_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
-- $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/rc5/asm/rc5-586.pl
-+++ b/crypto/rc5/asm/rc5-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
---- a/crypto/rc5/rc5_ecb.c
-+++ b/crypto/rc5/rc5_ecb.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc5.h>
---- a/crypto/rc5/rc5_enc.c
-+++ b/crypto/rc5/rc5_enc.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rc5/rc5_locl.h
-+++ b/crypto/rc5/rc5_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
---- a/crypto/rc5/rc5_skey.c
-+++ b/crypto/rc5/rc5_skey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc5.h>
---- a/crypto/rc5/rc5cfb64.c
-+++ b/crypto/rc5/rc5cfb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc5.h>
---- a/crypto/rc5/rc5ofb64.c
-+++ b/crypto/rc5/rc5ofb64.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rc5.h>
---- a/crypto/rc5/rc5s.cpp
-+++ /dev/null
-@@ -1,70 +0,0 @@
--//
--// gettsc.inl
--//
--// gives access to the Pentium's (secret) cycle counter
--//
--// This software was written by Leonard Janke (janke at unixg.ubc.ca)
--// in 1996-7 and is entered, by him, into the public domain.
--
--#if defined(__WATCOMC__)
--void GetTSC(unsigned long&);
--#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
--#elif defined(__GNUC__)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- asm volatile(".byte 15, 49\n\t"
-- : "=eax" (tsc)
-- :
-- : "%edx", "%eax");
--}
--#elif defined(_MSC_VER)
--inline
--void GetTSC(unsigned long& tsc)
--{
-- unsigned long a;
-- __asm _emit 0fh
-- __asm _emit 31h
-- __asm mov a, eax;
-- tsc=a;
--}
--#endif
--
--#include <stdio.h>
--#include <stdlib.h>
--#include <openssl/rc5.h>
--
--void main(int argc,char *argv[])
-- {
-- RC5_32_KEY key;
-- unsigned long s1,s2,e1,e2;
-- unsigned long data[2];
-- int i,j;
-- static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
--
-- RC5_32_set_key(&key, 16,d,12);
--
-- for (j=0; j<6; j++)
-- {
-- for (i=0; i<1000; i++) /**/
-- {
-- RC5_32_encrypt(&data[0],&key);
-- GetTSC(s1);
-- RC5_32_encrypt(&data[0],&key);
-- RC5_32_encrypt(&data[0],&key);
-- RC5_32_encrypt(&data[0],&key);
-- GetTSC(e1);
-- GetTSC(s2);
-- RC5_32_encrypt(&data[0],&key);
-- RC5_32_encrypt(&data[0],&key);
-- RC5_32_encrypt(&data[0],&key);
-- RC5_32_encrypt(&data[0],&key);
-- GetTSC(e2);
-- RC5_32_encrypt(&data[0],&key);
-- }
--
-- printf("cast %d %d (%d)\n",
-- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
-- }
-- }
--
---- a/crypto/ripemd/Makefile.in
-+++ /dev/null
-@@ -1,51 +0,0 @@
--#
--# OpenSSL/crypto/ripemd/Makefile
--#
--
--DIR= ripemd
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--RIP_ASM_OBJ=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=rmd_dgst.c rmd_one.c
--LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
--
--SRC= $(LIBSRC)
--
--HEADER= rmd_locl.h rmdconst.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--rmd-586.s: asm/rmd-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) $@
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/ripemd/asm/rmd-586.pl
-+++ b/crypto/ripemd/asm/rmd-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # Normal is the
- # ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
---- a/crypto/ripemd/rmd_dgst.c
-+++ b/crypto/ripemd/rmd_dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ripemd/rmd_locl.h
-+++ b/crypto/ripemd/rmd_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
-@@ -66,7 +18,7 @@
- * <appro at fy.chalmers.se>
- */
- #ifdef RMD160_ASM
--# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
- # define ripemd160_block_data_order ripemd160_block_asm_data_order
- # endif
- #endif
---- a/crypto/ripemd/rmd_one.c
-+++ b/crypto/ripemd/rmd_one.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ripemd/rmdconst.h
-+++ b/crypto/ripemd/rmdconst.h
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #define KL0 0x00000000L
- #define KL1 0x5A827999L
- #define KL2 0x6ED9EBA1L
---- a/crypto/rsa/Makefile.in
-+++ /dev/null
-@@ -1,49 +0,0 @@
--#
--# OpenSSL/crypto/rsa/Makefile
--#
--
--DIR= rsa
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
-- rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-- rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
-- rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c
--LIBOBJ= rsa_ossl.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
-- rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-- rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
-- rsa_pmeth.o rsa_crpt.o rsa_x931g.o rsa_meth.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -849,10 +800,11 @@ static int rsa_cms_encrypt(CMS_Recipient
- if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
- goto err;
- if (labellen > 0) {
-- ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
-+ ASN1_OCTET_STRING *los;
- oaep->pSourceFunc = X509_ALGOR_new();
- if (oaep->pSourceFunc == NULL)
- goto err;
-+ los = ASN1_OCTET_STRING_new();
- if (los == NULL)
- goto err;
- if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
-@@ -875,7 +827,7 @@ static int rsa_cms_encrypt(CMS_Recipient
- }
- #endif
-
--const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
-+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
- {
- EVP_PKEY_RSA,
- EVP_PKEY_RSA,
---- a/crypto/rsa/rsa_asn1.c
-+++ b/crypto/rsa/rsa_asn1.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_chk.c
-+++ b/crypto/rsa/rsa_chk.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/bn.h>
---- a/crypto/rsa/rsa_crpt.c
-+++ b/crypto/rsa/rsa_crpt.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -195,23 +147,18 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa
- }
-
- {
-- BIGNUM *local_n = NULL, *n;
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- /* Set BN_FLG_CONSTTIME flag */
-- local_n = n = BN_new();
-- if (local_n == NULL) {
-- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-- BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
-- } else {
-- n = rsa->n;
-+ BIGNUM *n = BN_new();
-+
-+ if (n == NULL) {
-+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
-+ goto err;
- }
-+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
-
- ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
- rsa->_method_mod_n);
-- /* We MUST free local_n before any further use of rsa->n */
-- BN_free(local_n);
-+ /* We MUST free n before any further use of rsa->n */
-+ BN_free(n);
- }
- if (ret == NULL) {
- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
---- a/crypto/rsa/rsa_depr.c
-+++ b/crypto/rsa/rsa_depr.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/rsa/rsa_err.c
-+++ b/crypto/rsa/rsa_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,12 +20,7 @@
-
- static ERR_STRING_DATA RSA_str_functs[] = {
- {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
-- {ERR_FUNC(RSA_F_DO_RSA_PRINT), "do_rsa_print"},
-- {ERR_FUNC(RSA_F_FIPS_RSA_SIGN_DIGEST), "FIPS_rsa_sign_digest"},
-- {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_rsa_verify"},
-- {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY_DIGEST), "FIPS_rsa_verify_digest"},
- {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
-- {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
- {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
-@@ -86,24 +31,24 @@ static ERR_STRING_DATA RSA_str_functs[]
- {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
- {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
- {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
-- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
-- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
-- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
-- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
-- {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
- {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
-- {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
-+ {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
-+ {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
-+ {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
- {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"},
- {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
- {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-- {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"},
- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"},
- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"},
- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"},
-- {ERR_FUNC(RSA_F_RSA_OAEP_TO_CTX), "RSA_OAEP_TO_CTX"},
-+ {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
-+ {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
-+ {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
-+ {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
- {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
-- {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
-+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
-+ "RSA_padding_add_PKCS1_OAEP"},
- {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1),
- "RSA_padding_add_PKCS1_OAEP_mgf1"},
- {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-@@ -128,13 +73,13 @@ static ERR_STRING_DATA RSA_str_functs[]
- {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
- {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
- {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-- {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
- {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"},
- {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"},
- {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"},
- {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
- {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
-- {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
-+ {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
-+ "RSA_sign_ASN1_OCTET_STRING"},
- {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
- {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
- "RSA_verify_ASN1_OCTET_STRING"},
-@@ -150,7 +95,8 @@ static ERR_STRING_DATA RSA_str_reasons[]
- {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
- {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
- {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
-- {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"},
-+ {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),
-+ "data greater than mod len"},
- {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
- {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
- "data too large for key size"},
-@@ -171,7 +117,6 @@ static ERR_STRING_DATA RSA_str_reasons[]
- {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"},
- {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
- {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
-- {ERR_REASON(RSA_R_INVALID_KEYBITS), "invalid keybits"},
- {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"},
- {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
- {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
-@@ -188,7 +133,8 @@ static ERR_STRING_DATA RSA_str_reasons[]
- {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
- {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
- {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
-- {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"},
-+ {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
-+ "null before block missing"},
- {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
- {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
- {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-@@ -208,7 +154,6 @@ static ERR_STRING_DATA RSA_str_reasons[]
- {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"},
- {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"},
- {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
-- {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST), "unknown pss digest"},
- {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
- "unsupported encryption type"},
- {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
-@@ -225,7 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]
-
- #endif
-
--void ERR_load_RSA_strings(void)
-+int ERR_load_RSA_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -234,4 +179,5 @@ void ERR_load_RSA_strings(void)
- ERR_load_strings(0, RSA_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/rsa/rsa_gen.c
-+++ b/crypto/rsa/rsa_gen.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -185,64 +137,51 @@ static int rsa_builtin_keygen(RSA *rsa,
- if (!BN_mul(r0, r1, r2, ctx))
- goto err; /* (p-1)(q-1) */
- {
-- BIGNUM *local_r0 = NULL, *pr0;
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- pr0 = local_r0 = BN_new();
-- if (local_r0 == NULL)
-- goto err;
-- BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-- } else {
-- pr0 = r0;
-- }
-+ BIGNUM *pr0 = BN_new();
-+
-+ if (pr0 == NULL)
-+ goto err;
-+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
- if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
-- BN_free(local_r0);
-+ BN_free(pr0);
- goto err; /* d */
- }
-- /* We MUST free local_r0 before any further use of r0 */
-- BN_free(local_r0);
-+ /* We MUST free pr0 before any further use of r0 */
-+ BN_free(pr0);
- }
-
- {
-- BIGNUM *local_d = NULL, *d;
-- /* set up d for correct BN_FLG_CONSTTIME flag */
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- d = local_d = BN_new();
-- if (local_d == NULL)
-- goto err;
-- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-- } else {
-- d = rsa->d;
-- }
-+ BIGNUM *d = BN_new();
-+
-+ if (d == NULL)
-+ goto err;
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-
- if ( /* calculate d mod (p-1) */
- !BN_mod(rsa->dmp1, d, r1, ctx)
- /* calculate d mod (q-1) */
- || !BN_mod(rsa->dmq1, d, r2, ctx)) {
-- BN_free(local_d);
-+ BN_free(d);
- goto err;
- }
-- /* We MUST free local_d before any further use of rsa->d */
-- BN_free(local_d);
-+ /* We MUST free d before any further use of rsa->d */
-+ BN_free(d);
- }
-
- {
-- BIGNUM *local_p = NULL, *p;
-+ BIGNUM *p = BN_new();
-+
-+ if (p == NULL)
-+ goto err;
-+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
- /* calculate inverse of q mod p */
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- p = local_p = BN_new();
-- if (local_p == NULL)
-- goto err;
-- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-- } else {
-- p = rsa->p;
-- }
- if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
-- BN_free(local_p);
-+ BN_free(p);
- goto err;
- }
-- /* We MUST free local_p before any further use of rsa->p */
-- BN_free(local_p);
-+ /* We MUST free p before any further use of rsa->p */
-+ BN_free(p);
- }
-
- ok = 1;
---- a/crypto/rsa/rsa_lib.c
-+++ b/crypto/rsa/rsa_lib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -60,7 +12,6 @@
- #include "internal/cryptlib.h"
- #include <openssl/lhash.h>
- #include "internal/bn_int.h"
--#include <openssl/rand.h>
- #include <openssl/engine.h>
- #include "rsa_locl.h"
-
-@@ -118,21 +69,28 @@ int RSA_set_method(RSA *rsa, const RSA_M
-
- RSA *RSA_new_method(ENGINE *engine)
- {
-- RSA *ret;
-+ RSA *ret = OPENSSL_zalloc(sizeof(*ret));
-
-- ret = OPENSSL_zalloc(sizeof(*ret));
- if (ret == NULL) {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
-+ ret->references = 1;
-+ ret->lock = CRYPTO_THREAD_lock_new();
-+ if (ret->lock == NULL) {
-+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
-+
- ret->meth = RSA_get_default_method();
- #ifndef OPENSSL_NO_ENGINE
-+ ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
- if (engine) {
- if (!ENGINE_init(engine)) {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- ret->engine = engine;
- } else
-@@ -141,39 +99,26 @@ RSA *RSA_new_method(ENGINE *engine)
- ret->meth = ENGINE_get_RSA(ret->engine);
- if (ret->meth == NULL) {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-- ENGINE_finish(ret->engine);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
- }
- #endif
-
-- ret->references = 1;
- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
--#ifndef OPENSSL_NO_ENGINE
-- ENGINE_finish(ret->engine);
--#endif
-- OPENSSL_free(ret);
-- return NULL;
-- }
--
-- ret->lock = CRYPTO_THREAD_lock_new();
-- if (ret->lock == NULL) {
--#ifndef OPENSSL_NO_ENGINE
-- ENGINE_finish(ret->engine);
--#endif
-- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-- OPENSSL_free(ret);
-- return NULL;
-+ goto err;
- }
-
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-- RSA_free(ret);
-- ret = NULL;
-+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
-+ goto err;
- }
-
- return ret;
-+
-+err:
-+ RSA_free(ret);
-+ return NULL;
- }
-
- void RSA_free(RSA *r)
-@@ -235,50 +180,6 @@ void *RSA_get_ex_data(const RSA *r, int
- return (CRYPTO_get_ex_data(&r->ex_data, idx));
- }
-
--int RSA_memory_lock(RSA *r)
--{
-- int i, j, k, off;
-- char *p;
-- BIGNUM *bn, **t[6], *b;
-- BN_ULONG *ul;
--
-- if (r->d == NULL)
-- return (1);
-- t[0] = &r->d;
-- t[1] = &r->p;
-- t[2] = &r->q;
-- t[3] = &r->dmp1;
-- t[4] = &r->dmq1;
-- t[5] = &r->iqmp;
-- k = bn_sizeof_BIGNUM() * 6;
-- off = k / sizeof(BN_ULONG) + 1;
-- j = 1;
-- for (i = 0; i < 6; i++)
-- j += bn_get_top(*t[i]);
-- if ((p = OPENSSL_malloc((off + j) * sizeof(*p))) == NULL) {
-- RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
-- return (0);
-- }
-- memset(p, 0, sizeof(*p) * (off + j));
-- bn = (BIGNUM *)p;
-- ul = (BN_ULONG *)&(p[off]);
-- for (i = 0; i < 6; i++) {
-- b = *(t[i]);
-- *(t[i]) = bn_array_el(bn, i);
-- memcpy(bn_array_el(bn, i), b, bn_sizeof_BIGNUM());
-- memcpy(ul, bn_get_words(b), sizeof(*ul) * bn_get_top(b));
-- bn_set_static_words(bn_array_el(bn, i), ul, bn_get_top(b));
-- ul += bn_get_top(b);
-- BN_clear_free(b);
-- }
--
-- /* I should fix this so it can still be done */
-- r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC);
--
-- r->bignum_data = p;
-- return (1);
--}
--
- int RSA_security_bits(const RSA *rsa)
- {
- return BN_security_bits(BN_num_bits(rsa->n), -1);
-@@ -286,49 +187,79 @@ int RSA_security_bits(const RSA *rsa)
-
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
- {
-- /* d is the private component and may be NULL */
-- if (n == NULL || e == NULL)
-+ /* If the fields n and e in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL for n and e. d may be
-+ * left NULL (in case only the public key is used).
-+ */
-+ if ((r->n == NULL && n == NULL)
-+ || (r->e == NULL && e == NULL))
- return 0;
-
-- BN_free(r->n);
-- BN_free(r->e);
-- BN_free(r->d);
-- r->n = n;
-- r->e = e;
-- r->d = d;
-+ if (n != NULL) {
-+ BN_free(r->n);
-+ r->n = n;
-+ }
-+ if (e != NULL) {
-+ BN_free(r->e);
-+ r->e = e;
-+ }
-+ if (d != NULL) {
-+ BN_free(r->d);
-+ r->d = d;
-+ }
-
- return 1;
- }
-
- int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
- {
-- if (p == NULL || q == NULL)
-+ /* If the fields p and q in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((r->p == NULL && p == NULL)
-+ || (r->q == NULL && q == NULL))
- return 0;
-
-- BN_free(r->p);
-- BN_free(r->q);
-- r->p = p;
-- r->q = q;
-+ if (p != NULL) {
-+ BN_free(r->p);
-+ r->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(r->q);
-+ r->q = q;
-+ }
-
- return 1;
- }
-
- int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
- {
-- if (dmp1 == NULL || dmq1 == NULL || iqmp == NULL)
-+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((r->dmp1 == NULL && dmp1 == NULL)
-+ || (r->dmq1 == NULL && dmq1 == NULL)
-+ || (r->iqmp == NULL && iqmp == NULL))
- return 0;
-
-- BN_free(r->dmp1);
-- BN_free(r->dmq1);
-- BN_free(r->iqmp);
-- r->dmp1 = dmp1;
-- r->dmq1 = dmq1;
-- r->iqmp = iqmp;
-+ if (dmp1 != NULL) {
-+ BN_free(r->dmp1);
-+ r->dmp1 = dmp1;
-+ }
-+ if (dmq1 != NULL) {
-+ BN_free(r->dmq1);
-+ r->dmq1 = dmq1;
-+ }
-+ if (iqmp != NULL) {
-+ BN_free(r->iqmp);
-+ r->iqmp = iqmp;
-+ }
-
- return 1;
- }
-
--void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d)
-+void RSA_get0_key(const RSA *r,
-+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
- {
- if (n != NULL)
- *n = r->n;
-@@ -338,7 +269,7 @@ void RSA_get0_key(const RSA *r, BIGNUM *
- *d = r->d;
- }
-
--void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q)
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
- {
- if (p != NULL)
- *p = r->p;
-@@ -347,7 +278,8 @@ void RSA_get0_factors(const RSA *r, BIGN
- }
-
- void RSA_get0_crt_params(const RSA *r,
-- BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp)
-+ const BIGNUM **dmp1, const BIGNUM **dmq1,
-+ const BIGNUM **iqmp)
- {
- if (dmp1 != NULL)
- *dmp1 = r->dmp1;
-@@ -372,7 +304,7 @@ void RSA_set_flags(RSA *r, int flags)
- r->flags |= flags;
- }
-
--ENGINE *RSA_get0_engine(RSA *r)
-+ENGINE *RSA_get0_engine(const RSA *r)
- {
- return r->engine;
- }
---- a/crypto/rsa/rsa_locl.h
-+++ b/crypto/rsa/rsa_locl.h
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <openssl/rsa.h>
---- a/crypto/rsa/rsa_meth.c
-+++ b/crypto/rsa/rsa_meth.c
-@@ -1,15 +1,15 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <string.h>
- #include "rsa_locl.h"
-+#include <openssl/err.h>
-
- RSA_METHOD *RSA_meth_new(const char *name, int flags)
- {
-@@ -17,6 +17,11 @@ RSA_METHOD *RSA_meth_new(const char *nam
-
- if (meth != NULL) {
- meth->name = OPENSSL_strdup(name);
-+ if (meth->name == NULL) {
-+ OPENSSL_free(meth);
-+ RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- meth->flags = flags;
- }
-
-@@ -26,8 +31,7 @@ RSA_METHOD *RSA_meth_new(const char *nam
- void RSA_meth_free(RSA_METHOD *meth)
- {
- if (meth != NULL) {
-- if (meth->name != NULL)
-- OPENSSL_free(meth->name);
-+ OPENSSL_free(meth->name);
- OPENSSL_free(meth);
- }
- }
-@@ -41,6 +45,11 @@ RSA_METHOD *RSA_meth_dup(const RSA_METHO
- if (ret != NULL) {
- memcpy(ret, meth, sizeof(*meth));
- ret->name = OPENSSL_strdup(meth->name);
-+ if (ret->name == NULL) {
-+ OPENSSL_free(ret);
-+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- }
-
- return ret;
-@@ -53,10 +62,18 @@ const char *RSA_meth_get0_name(const RSA
-
- int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
- {
-+ char *tmpname;
-+
-+ tmpname = OPENSSL_strdup(name);
-+ if (tmpname == NULL) {
-+ RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
- OPENSSL_free(meth->name);
-- meth->name = OPENSSL_strdup(name);
-+ meth->name = tmpname;
-
-- return meth->name != NULL;
-+ return 1;
- }
-
- int RSA_meth_get_flags(RSA_METHOD *meth)
---- a/crypto/rsa/rsa_none.c
-+++ b/crypto/rsa/rsa_none.c
-@@ -1,64 +1,15 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
- #include <openssl/bn.h>
- #include <openssl/rsa.h>
--#include <openssl/rand.h>
-
- int RSA_padding_add_none(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
---- a/crypto/rsa/rsa_null.c
-+++ b/crypto/rsa/rsa_null.c
-@@ -1,65 +1,15 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/bn.h>
--#include <openssl/rand.h>
- #include "rsa_locl.h"
-
- /*
---- a/crypto/rsa/rsa_oaep.c
-+++ b/crypto/rsa/rsa_oaep.c
-@@ -1,6 +1,10 @@
- /*
-- * Written by Ulf Moeller. This software is distributed on an "AS IS" basis,
-- * WITHOUT WARRANTY OF ANY KIND, either express or implied.
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
---- a/crypto/rsa/rsa_ossl.c
-+++ b/crypto/rsa/rsa_ossl.c
-@@ -1,116 +1,14 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
- #include "internal/bn_int.h"
--#include <openssl/rand.h>
- #include "rsa_locl.h"
-
- #ifndef RSA_NULL
-@@ -401,33 +299,27 @@ static int rsa_ossl_private_encrypt(int
- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
- goto err;
- } else {
-- BIGNUM *d = NULL, *local_d = NULL;
--
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- local_d = d = BN_new();
-- if (d == NULL) {
-- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-- } else {
-- d = rsa->d;
-+ BIGNUM *d = BN_new();
-+ if (d == NULL) {
-+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
-+ goto err;
- }
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
-- BN_free(local_d);
-+ BN_free(d);
- goto err;
- }
-
- if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
- rsa->_method_mod_n)) {
-- BN_free(local_d);
-+ BN_free(d);
- goto err;
- }
-- /* We MUST free local_d before any further use of rsa->d */
-- BN_free(local_d);
-+ /* We MUST free d before any further use of rsa->d */
-+ BN_free(d);
- }
-
- if (blinding)
-@@ -535,32 +427,26 @@ static int rsa_ossl_private_decrypt(int
- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
- goto err;
- } else {
-- BIGNUM *d = NULL, *local_d = NULL;
--
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- local_d = d = BN_new();
-- if (d == NULL) {
-- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-- } else {
-- d = rsa->d;
-+ BIGNUM *d = BN_new();
-+ if (d == NULL) {
-+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
-+ goto err;
- }
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
-- BN_free(local_d);
-+ BN_free(d);
- goto err;
- }
- if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
- rsa->_method_mod_n)) {
-- BN_free(local_d);
-+ BN_free(d);
- goto err;
- }
-- /* We MUST free local_d before any further use of rsa->d */
-- BN_free(local_d);
-+ /* We MUST free d before any further use of rsa->d */
-+ BN_free(d);
- }
-
- if (blinding)
-@@ -709,46 +595,35 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
- vrfy = BN_CTX_get(ctx);
-
- {
-- BIGNUM *local_p = NULL, *local_q = NULL;
-- BIGNUM *p = NULL, *q = NULL;
-+ BIGNUM *p = BN_new(), *q = BN_new();
-
- /*
- * Make sure BN_mod_inverse in Montgomery initialization uses the
-- * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
-+ * BN_FLG_CONSTTIME flag
- */
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- local_p = p = BN_new();
-- if (p == NULL)
-- goto err;
-- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
--
-- local_q = q = BN_new();
-- if (q == NULL) {
-- BN_free(local_p);
-- goto err;
-- }
-- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
-- } else {
-- p = rsa->p;
-- q = rsa->q;
-+ if (p == NULL || q == NULL) {
-+ BN_free(p);
-+ BN_free(q);
-+ goto err;
- }
-+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
-
- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
- if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_p, rsa->lock, p, ctx)
- || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
- rsa->lock, q, ctx)) {
-- BN_free(local_p);
-- BN_free(local_q);
-+ BN_free(p);
-+ BN_free(q);
- goto err;
- }
- }
- /*
-- * We MUST free local_p and local_q before any further use of rsa->p and
-- * rsa->q
-+ * We MUST free p and q before any further use of rsa->p and rsa->q
- */
-- BN_free(local_p);
-- BN_free(local_q);
-+ BN_free(p);
-+ BN_free(q);
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-@@ -758,72 +633,58 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
-
- /* compute I mod q */
- {
-- BIGNUM *local_c = NULL;
-- const BIGNUM *c;
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- local_c = BN_new();
-- if (local_c == NULL)
-- goto err;
-- BN_with_flags(local_c, I, BN_FLG_CONSTTIME);
-- c = local_c;
-- } else {
-- c = I;
-- }
-+ BIGNUM *c = BN_new();
-+ if (c == NULL)
-+ goto err;
-+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
-+
- if (!BN_mod(r1, c, rsa->q, ctx)) {
-- BN_free(local_c);
-+ BN_free(c);
- goto err;
- }
-
- {
-- BIGNUM *local_dmq1 = NULL, *dmq1;
-- /* compute r1^dmq1 mod q */
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- dmq1 = local_dmq1 = BN_new();
-- if (local_dmq1 == NULL) {
-- BN_free(local_c);
-- goto err;
-- }
-- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-- } else {
-- dmq1 = rsa->dmq1;
-+ BIGNUM *dmq1 = BN_new();
-+ if (dmq1 == NULL) {
-+ BN_free(c);
-+ goto err;
- }
-+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-+
-+ /* compute r1^dmq1 mod q */
- if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
- rsa->_method_mod_q)) {
-- BN_free(local_c);
-- BN_free(local_dmq1);
-+ BN_free(c);
-+ BN_free(dmq1);
- goto err;
- }
-- /* We MUST free local_dmq1 before any further use of rsa->dmq1 */
-- BN_free(local_dmq1);
-+ /* We MUST free dmq1 before any further use of rsa->dmq1 */
-+ BN_free(dmq1);
- }
-
- /* compute I mod p */
- if (!BN_mod(r1, c, rsa->p, ctx)) {
-- BN_free(local_c);
-+ BN_free(c);
- goto err;
- }
-- /* We MUST free local_c before any further use of I */
-- BN_free(local_c);
-+ /* We MUST free c before any further use of I */
-+ BN_free(c);
- }
-
- {
-- BIGNUM *local_dmp1 = NULL, *dmp1;
-+ BIGNUM *dmp1 = BN_new();
-+ if (dmp1 == NULL)
-+ goto err;
-+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
-+
- /* compute r1^dmp1 mod p */
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- dmp1 = local_dmp1 = BN_new();
-- if (local_dmp1 == NULL)
-- goto err;
-- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
-- } else {
-- dmp1 = rsa->dmp1;
-- }
- if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
- rsa->_method_mod_p)) {
-- BN_free(local_dmp1);
-+ BN_free(dmp1);
- goto err;
- }
-- /* We MUST free local_dmp1 before any further use of rsa->dmp1 */
-- BN_free(local_dmp1);
-+ /* We MUST free dmp1 before any further use of rsa->dmp1 */
-+ BN_free(dmp1);
- }
-
- if (!BN_sub(r0, r0, m1))
-@@ -840,22 +701,17 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
- goto err;
-
- {
-- BIGNUM *local_r1 = NULL, *pr1;
-- /* Turn BN_FLG_CONSTTIME flag on before division operation */
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- pr1 = local_r1 = BN_new();
-- if (local_r1 == NULL)
-- goto err;
-- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-- } else {
-- pr1 = r1;
-- }
-+ BIGNUM *pr1 = BN_new();
-+ if (pr1 == NULL)
-+ goto err;
-+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-+
- if (!BN_mod(r0, pr1, rsa->p, ctx)) {
-- BN_free(local_r1);
-+ BN_free(pr1);
- goto err;
- }
-- /* We MUST free local_r1 before any further use of r1 */
-- BN_free(local_r1);
-+ /* We MUST free pr1 before any further use of r1 */
-+ BN_free(pr1);
- }
-
- /*
-@@ -897,24 +753,18 @@ static int rsa_ossl_mod_exp(BIGNUM *r0,
- * return that instead.
- */
-
-- BIGNUM *local_d = NULL;
-- BIGNUM *d = NULL;
-+ BIGNUM *d = BN_new();
-+ if (d == NULL)
-+ goto err;
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-
-- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-- local_d = d = BN_new();
-- if (d == NULL)
-- goto err;
-- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-- } else {
-- d = rsa->d;
-- }
- if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
- rsa->_method_mod_n)) {
-- BN_free(local_d);
-+ BN_free(d);
- goto err;
- }
-- /* We MUST free local_d before any further use of rsa->d */
-- BN_free(local_d);
-+ /* We MUST free d before any further use of rsa->d */
-+ BN_free(d);
- }
- }
- ret = 1;
---- a/crypto/rsa/rsa_pk1.c
-+++ b/crypto/rsa/rsa_pk1.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/constant_time_locl.h"
-@@ -231,7 +183,7 @@ int RSA_padding_check_PKCS1_type_2(unsig
- /*
- * Always do this zero-padding copy (even when num == flen) to avoid
- * leaking that information. The copy still leaks some side-channel
-- * information, but it's impossible to have a fixed memory access
-+ * information, but it's impossible to have a fixed memory access
- * pattern since we can't read out of the bounds of |from|.
- *
- * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
---- a/crypto/rsa/rsa_pmeth.c
-+++ b/crypto/rsa/rsa_pmeth.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_prn.c
-+++ b/crypto/rsa/rsa_prn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2006.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_pss.c
-+++ b/crypto/rsa/rsa_pss.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_saos.c
-+++ b/crypto/rsa/rsa_saos.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_sign.c
-+++ b/crypto/rsa/rsa_sign.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_ssl.c
-+++ b/crypto/rsa/rsa_ssl.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/rsa/rsa_x931.c
-+++ b/crypto/rsa/rsa_x931.c
-@@ -1,66 +1,16 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/bn.h>
- #include <openssl/rsa.h>
--#include <openssl/rand.h>
- #include <openssl/objects.h>
-
- int RSA_padding_add_X931(unsigned char *to, int tlen,
---- a/crypto/rsa/rsa_x931g.c
-+++ b/crypto/rsa/rsa_x931g.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/s390xcap.c
-+++ b/crypto/s390xcap.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
---- a/crypto/s390xcpuid.S
-+++ b/crypto/s390xcpuid.S
-@@ -1,18 +1,56 @@
- .text
-+// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+//
-+// Licensed under the OpenSSL license (the "License"). You may not use
-+// this file except in compliance with the License. You can obtain a copy
-+// in the file LICENSE in the source distribution or at
-+// https://www.openssl.org/source/license.html
-
- .globl OPENSSL_s390x_facilities
- .type OPENSSL_s390x_facilities, at function
- .align 16
- OPENSSL_s390x_facilities:
- lghi %r0,0
-- larl %r2,OPENSSL_s390xcap_P
-- stg %r0,8(%r2)
-- .long 0xb2b02000 # stfle 0(%r2)
-+ larl %r4,OPENSSL_s390xcap_P
-+ stg %r0,8(%r4) # wipe capability vectors
-+ stg %r0,16(%r4)
-+ stg %r0,24(%r4)
-+ stg %r0,32(%r4)
-+ stg %r0,40(%r4)
-+ stg %r0,48(%r4)
-+ stg %r0,56(%r4)
-+ stg %r0,64(%r4)
-+ stg %r0,72(%r4)
-+
-+ .long 0xb2b04000 # stfle 0(%r4)
- brc 8,.Ldone
- lghi %r0,1
-- .long 0xb2b02000 # stfle 0(%r2)
-+ .long 0xb2b04000 # stfle 0(%r4)
- .Ldone:
-- lg %r2,0(%r2)
-+ lmg %r2,%r3,0(%r4)
-+ tmhl %r2,0x4000 # check for message-security-assist
-+ jz .Lret
-+
-+ lghi %r0,0 # query kimd capabilities
-+ la %r1,16(%r4)
-+ .long 0xb93e0002 # kimd %r0,%r2
-+
-+ lghi %r0,0 # query km capability vector
-+ la %r1,32(%r4)
-+ .long 0xb92e0042 # km %r4,%r2
-+
-+ lghi %r0,0 # query kmc capability vector
-+ la %r1,48(%r4)
-+ .long 0xb92f0042 # kmc %r4,%r2
-+
-+ tmhh %r3,0x0004 # check for message-security-assist-4
-+ jz .Lret
-+
-+ lghi %r0,0 # query kmctr capability vector
-+ la %r1,64(%r4)
-+ .long 0xb92d2042 # kmctr %r4,%r2,%r2
-+
-+.Lret:
- br %r14
- .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
-
-@@ -93,6 +131,33 @@
- br %r14
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
-+.globl CRYPTO_memcmp
-+.type CRYPTO_memcmp, at function
-+.align 16
-+CRYPTO_memcmp:
-+#if !defined(__s390x__) && !defined(__s390x)
-+ llgfr %r4,%r4
-+#endif
-+ lghi %r5,0
-+ clgr %r4,%r5
-+ je .Lno_data
-+
-+.Loop_cmp:
-+ llgc %r0,0(%r2)
-+ la %r2,1(%r2)
-+ llgc %r1,0(%r3)
-+ la %r3,1(%r3)
-+ xr %r1,%r0
-+ or %r5,%r1
-+ brctg %r4,.Loop_cmp
-+
-+ lnr %r5,%r5
-+ srl %r5,31
-+.Lno_data:
-+ lgr %r2,%r5
-+ br %r14
-+.size CRYPTO_memcmp,.-CRYPTO_memcmp
-+
- .globl OPENSSL_instrument_bus
- .type OPENSSL_instrument_bus, at function
- .align 16
-@@ -112,4 +177,4 @@
- .section .init
- brasl %r14,OPENSSL_cpuid_setup
-
--.comm OPENSSL_s390xcap_P,16,8
-+.comm OPENSSL_s390xcap_P,80,8
---- a/crypto/seed/Makefile.in
-+++ /dev/null
-@@ -1,44 +0,0 @@
--#
--# crypto/seed/Makefile
--#
--
--DIR= seed
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
--LIBOBJ=seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o
--
--SRC= $(LIBSRC)
--
--HEADER= seed_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/seed/seed.c
-+++ b/crypto/seed/seed.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
---- a/crypto/seed/seed_cbc.c
-+++ b/crypto/seed/seed_cbc.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/seed.h>
---- a/crypto/seed/seed_cfb.c
-+++ b/crypto/seed/seed_cfb.c
-@@ -1,107 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/seed.h>
---- a/crypto/seed/seed_ecb.c
-+++ b/crypto/seed/seed_ecb.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/seed.h>
---- a/crypto/seed/seed_locl.h
-+++ b/crypto/seed/seed_locl.h
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
---- a/crypto/seed/seed_ofb.c
-+++ b/crypto/seed/seed_ofb.c
-@@ -1,107 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/seed.h>
---- a/crypto/sha/Makefile.in
-+++ /dev/null
-@@ -1,106 +0,0 @@
--#
--# OpenSSL/crypto/sha/Makefile
--#
--
--DIR= sha
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--SHA1_ASM_OBJ=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=sha1dgst.c sha1_one.c sha256.c sha512.c
--LIBOBJ=sha1dgst.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
--
--SRC= $(LIBSRC)
--
--HEADER= sha_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--sha1-586.s: asm/sha1-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--sha256-586.s: asm/sha256-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--sha512-586.s: asm/sha512-586.pl ../perlasm/x86asm.pl
-- $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--sha1-ia64.s: asm/sha1-ia64.pl
-- (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ../$@)
--sha256-ia64.s: asm/sha512-ia64.pl
-- (cd asm; $(PERL) sha512-ia64.pl $(CFLAGS) ../$@)
--sha512-ia64.s: asm/sha512-ia64.pl
-- (cd asm; $(PERL) sha512-ia64.pl $(CFLAGS) ../$@)
--
--sha256-armv4.S: asm/sha256-armv4.pl
-- $(PERL) $< $(PERLASM_SCHEME) $@
--
--sha1-alpha.s: asm/sha1-alpha.pl
-- (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \
-- $(PERL) asm/sha1-alpha.pl $$preproc && \
-- $(CC) -E -P $$preproc > $@ && rm $$preproc)
--
--# Solaris make has to be explicitly told
--sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) $@
--sha1-mb-x86_64.s: asm/sha1-mb-x86_64.pl; $(PERL) asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME) $@
--sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
--sha256-mb-x86_64.s: asm/sha256-mb-x86_64.pl; $(PERL) asm/sha256-mb-x86_64.pl $(PERLASM_SCHEME) $@
--sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
--sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $(PERLASM_SCHEME) $@
--sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $(PERLASM_SCHEME) $@
--sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $(PERLASM_SCHEME) $@
--
--sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
--sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
--sha512-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
--sha256p8-ppc.s: asm/sha512p8-ppc.pl; $(PERL) asm/sha512p8-ppc.pl $(PERLASM_SCHEME) $@
--sha512p8-ppc.s: asm/sha512p8-ppc.pl; $(PERL) asm/sha512p8-ppc.pl $(PERLASM_SCHEME) $@
--
--sha1-parisc.s: asm/sha1-parisc.pl; $(PERL) asm/sha1-parisc.pl $(PERLASM_SCHEME) $@
--sha256-parisc.s:asm/sha512-parisc.pl; $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@
--sha512-parisc.s:asm/sha512-parisc.pl; $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@
--
--sha1-mips.S: asm/sha1-mips.pl; $(PERL) asm/sha1-mips.pl $(PERLASM_SCHEME) $@
--sha256-mips.S: asm/sha512-mips.pl; $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@
--sha512-mips.S: asm/sha512-mips.pl; $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@
--
--# GNU make "catch all"
--sha1-%.S: asm/sha1-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--sha256-%.S: asm/sha512-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--sha512-%.S: asm/sha512-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
--
--sha1-armv4-large.o: sha1-armv4-large.S
--sha256-armv4.o: sha256-armv4.S
--sha512-armv4.o: sha512-armv4.S
--sha1-armv8.o: sha1-armv8.S
--sha256-armv8.o: sha256-armv8.S
--sha512-armv8.o: sha512-armv8.S
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/sha/asm/README
-+++ /dev/null
-@@ -1 +0,0 @@
--C2.pl works
---- a/crypto/sha/asm/sha1-586.pl
-+++ b/crypto/sha/asm/sha1-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # [Re]written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha1-alpha.pl
-+++ b/crypto/sha/asm/sha1-alpha.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -317,6 +324,6 @@ for (;$i<80;$i++) { &BODY_20_39($i, at V);
- .ascii "SHA1 block transform for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
- .align 2
- ___
--$output=shift and open STDOUT,">$output";
-+$output=pop and open STDOUT,">$output";
- print $code;
- close STDOUT;
---- a/crypto/sha/asm/sha1-armv4-large.pl
-+++ b/crypto/sha/asm/sha1-armv4-large.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha1-armv8.pl
-+++ b/crypto/sha/asm/sha1-armv8.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha1-c64xplus.pl
-+++ b/crypto/sha/asm/sha1-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha1-ia64.pl
-+++ b/crypto/sha/asm/sha1-ia64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha1-mb-x86_64.pl
-+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -63,7 +70,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- # void sha1_multi_block (
---- a/crypto/sha/asm/sha1-mips.pl
-+++ b/crypto/sha/asm/sha1-mips.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -326,7 +333,7 @@ my $j=$i+1;
- }
-
- $FRAMESIZE=16; # large enough to accommodate NUBI saved registers
--$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
-+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
-
- $code=<<___;
- #ifdef OPENSSL_FIPSCANISTER
---- a/crypto/sha/asm/sha1-parisc.pl
-+++ b/crypto/sha/asm/sha1-parisc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha1-ppc.pl
-+++ b/crypto/sha/asm/sha1-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha1-s390x.pl
-+++ b/crypto/sha/asm/sha1-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -168,10 +175,7 @@ Ktable: .long 0x5a827999,0x6ed9eba1,0x8f
- lg %r0,0(%r1)
- tmhl %r0,0x4000 # check for message-security assist
- jz .Lsoftware
-- lghi %r0,0
-- la %r1,`2*$SIZE_T`($sp)
-- .long 0xb93e0002 # kimd %r0,%r2
-- lg %r0,`2*$SIZE_T`($sp)
-+ lg %r0,16(%r1) # check kimd capabilities
- tmhh %r0,`0x8000>>$kimdfunc`
- jz .Lsoftware
- lghi %r0,$kimdfunc
-@@ -238,7 +242,7 @@ for (;$i<80;$i++) { &BODY_20_39($i, at V);
- br %r14
- .size sha1_block_data_order,.-sha1_block_data_order
- .string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
--.comm OPENSSL_s390xcap_P,16,8
-+.comm OPENSSL_s390xcap_P,80,8
- ___
-
- $code =~ s/\`([^\`]*)\`/eval $1/gem;
---- a/crypto/sha/asm/sha1-sparcv9.pl
-+++ b/crypto/sha/asm/sha1-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha1-sparcv9a.pl
-+++ b/crypto/sha/asm/sha1-sparcv9a.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha1-thumb.pl
-+++ b/crypto/sha/asm/sha1-thumb.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha1-x86_64.pl
-+++ b/crypto/sha/asm/sha1-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -115,7 +122,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $shaext=1; ### set to zero if compiling for 1.0.1
- $avx=1 if (!$shaext && $avx);
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $ctx="%rdi"; # 1st arg
---- a/crypto/sha/asm/sha256-586.pl
-+++ b/crypto/sha/asm/sha256-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha256-armv4.pl
-+++ b/crypto/sha/asm/sha256-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha256-c64xplus.pl
-+++ b/crypto/sha/asm/sha256-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha256-mb-x86_64.pl
-+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -64,7 +71,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- # void sha256_multi_block (
---- a/crypto/sha/asm/sha512-586.pl
-+++ b/crypto/sha/asm/sha512-586.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha512-armv4.pl
-+++ b/crypto/sha/asm/sha512-armv4.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha512-armv8.pl
-+++ b/crypto/sha/asm/sha512-armv8.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha512-c64xplus.pl
-+++ b/crypto/sha/asm/sha512-c64xplus.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha512-ia64.pl
-+++ b/crypto/sha/asm/sha512-ia64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha512-mips.pl
-+++ b/crypto/sha/asm/sha512-mips.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -52,6 +59,7 @@
- $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64
-
- if ($flavour =~ /64|n32/i) {
-+ $PTR_LA="dla";
- $PTR_ADD="dadd"; # incidentally works even on n32
- $PTR_SUB="dsub"; # incidentally works even on n32
- $REG_S="sd";
-@@ -59,6 +67,7 @@ if ($flavour =~ /64|n32/i) {
- $PTR_SLL="dsll"; # incidentally works even on n32
- $SZREG=8;
- } else {
-+ $PTR_LA="la";
- $PTR_ADD="add";
- $PTR_SUB="sub";
- $REG_S="sw";
-@@ -286,7 +295,7 @@ my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4], at X[5
- }
-
- $FRAMESIZE=16*$SZ+16*$SZREG;
--$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
-+$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000";
-
- $code.=<<___;
- #ifdef OPENSSL_FIPSCANISTER
-@@ -343,7 +352,7 @@ my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4], at X[5
- ___
- $code.=<<___;
- .set reorder
-- la $Ktbl,K${label} # PIC-ified 'load address'
-+ $PTR_LA $Ktbl,K${label} # PIC-ified 'load address'
-
- $LD $A,0*$SZ($ctx) # load context
- $LD $B,1*$SZ($ctx)
---- a/crypto/sha/asm/sha512-parisc.pl
-+++ b/crypto/sha/asm/sha512-parisc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha512-ppc.pl
-+++ b/crypto/sha/asm/sha512-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/asm/sha512-s390x.pl
-+++ b/crypto/sha/asm/sha512-s390x.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -240,10 +247,7 @@ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
- lg %r0,0(%r1)
- tmhl %r0,0x4000 # check for message-security assist
- jz .Lsoftware
-- lghi %r0,0
-- la %r1,`2*$SIZE_T`($sp)
-- .long 0xb93e0002 # kimd %r0,%r2
-- lg %r0,`2*$SIZE_T`($sp)
-+ lg %r0,16(%r1) # check kimd capabilities
- tmhh %r0,`0x8000>>$kimdfunc`
- jz .Lsoftware
- lghi %r0,$kimdfunc
-@@ -311,7 +315,7 @@ for (;$i<32;$i++) { &BODY_16_XX($i, at V);
- br %r14
- .size $Func,.-$Func
- .string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
--.comm OPENSSL_s390xcap_P,16,8
-+.comm OPENSSL_s390xcap_P,80,8
- ___
-
- $code =~ s/\`([^\`]*)\`/eval $1/gem;
---- a/crypto/sha/asm/sha512-sparcv9.pl
-+++ b/crypto/sha/asm/sha512-sparcv9.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/sha/asm/sha512-x86_64.pl
-+++ b/crypto/sha/asm/sha512-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -132,7 +139,7 @@ if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:
- $shaext=1; ### set to zero if compiling for 1.0.1
- $avx=1 if (!$shaext && $avx);
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- if ($output =~ /512/) {
---- a/crypto/sha/asm/sha512p8-ppc.pl
-+++ b/crypto/sha/asm/sha512p8-ppc.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/crypto/sha/build.info
-+++ b/crypto/sha/build.info
-@@ -13,7 +13,7 @@ GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $
- GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
- GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS)
-
--GENERATE[sha1-alpha.s]=asm/sha1-alpha.pl
-+GENERATE[sha1-alpha.S]=asm/sha1-alpha.pl $(PERLASM_SCHEME)
-
- GENERATE[sha1-x86_64.s]=asm/sha1-x86_64.pl $(PERLASM_SCHEME)
- GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME)
---- a/crypto/sha/sha1_one.c
-+++ b/crypto/sha/sha1_one.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/sha/sha1dgst.c
-+++ b/crypto/sha/sha1dgst.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/sha/sha256.c
-+++ b/crypto/sha/sha256.c
-@@ -1,8 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved
-- * according to the OpenSSL license [found in ../../LICENSE].
-- * ====================================================================
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <openssl/opensslconf.h>
-
- #include <stdlib.h>
---- a/crypto/sha/sha512.c
-+++ b/crypto/sha/sha512.c
-@@ -1,8 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved
-- * according to the OpenSSL license [found in ../../LICENSE].
-- * ====================================================================
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <openssl/opensslconf.h>
- /*-
- * IMPLEMENTATION NOTES.
---- a/crypto/sha/sha_locl.h
-+++ b/crypto/sha/sha_locl.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
---- a/crypto/sparc_arch.h
-+++ b/crypto/sparc_arch.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #ifndef __SPARC_ARCH_H__
- # define __SPARC_ARCH_H__
-
-@@ -5,11 +14,16 @@
- # define SPARCV9_PREFER_FPU (1<<1)
- # define SPARCV9_VIS1 (1<<2)
- # define SPARCV9_VIS2 (1<<3)/* reserved */
--# define SPARCV9_FMADD (1<<4)/* reserved for SPARC64 V */
-+# define SPARCV9_FMADD (1<<4)
- # define SPARCV9_BLK (1<<5)/* VIS1 block copy */
- # define SPARCV9_VIS3 (1<<6)
- # define SPARCV9_RANDOM (1<<7)
- # define SPARCV9_64BIT_STACK (1<<8)
-+# define SPARCV9_FJAESX (1<<9)/* Fujitsu SPARC64 X AES */
-+# define SPARCV9_FJDESX (1<<10)/* Fujitsu SPARC64 X DES, reserved */
-+# define SPARCV9_FJHPCACE (1<<11)/* Fujitsu HPC-ACE, reserved */
-+# define SPARCV9_IMA (1<<13)/* reserved */
-+# define SPARCV9_VIS4 (1<<14)/* reserved */
-
- /*
- * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register,
-@@ -28,6 +42,9 @@
- # define CFR_MONTMUL 0x00000200/* Supports MONTMUL opcodes */
- # define CFR_MONTSQR 0x00000400/* Supports MONTSQR opcodes */
- # define CFR_CRC32C 0x00000800/* Supports CRC32C opcodes */
-+# define CFR_XMPMUL 0x00001000/* Supports XMPMUL opcodes */
-+# define CFR_XMONTMUL 0x00002000/* Supports XMONTMUL opcodes */
-+# define CFR_XMONTSQR 0x00004000/* Supports XMONTSQR opcodes */
-
- # if defined(OPENSSL_PIC) && !defined(__PIC__)
- # define __PIC__
---- a/crypto/sparccpuid.S
-+++ b/crypto/sparccpuid.S
-@@ -1,3 +1,10 @@
-+! Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+!
-+! Licensed under the OpenSSL license (the "License"). You may not use
-+! this file except in compliance with the License. You can obtain a copy
-+! in the file LICENSE in the source distribution or at
-+! https://www.openssl.org/source/license.html
-+
- #ifdef OPENSSL_FIPSCANISTER
- #include <openssl/fipssyms.h>
- #endif
-@@ -349,6 +356,14 @@
- .type _sparcv9_random,#function
- .size _sparcv9_random,.-_sparcv9_vis3_probe
-
-+.global _sparcv9_fjaesx_probe
-+.align 8
-+_sparcv9_fjaesx_probe:
-+ .word 0x81b09206 !faesencx %f2,%f6,%f0
-+ retl
-+ nop
-+.size _sparcv9_fjaesx_probe,.-_sparcv9_fjaesx_probe
-+
- .global OPENSSL_cleanse
- .align 32
- OPENSSL_cleanse:
-@@ -432,6 +447,40 @@
- .type OPENSSL_cleanse,#function
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
-+.global CRYPTO_memcmp
-+.align 16
-+CRYPTO_memcmp:
-+ cmp %o2,0
-+#ifdef ABI64
-+ beq,pn %xcc,.Lno_data
-+#else
-+ beq .Lno_data
-+#endif
-+ xor %g1,%g1,%g1
-+ nop
-+
-+.Loop_cmp:
-+ ldub [%o0],%o3
-+ add %o0,1,%o0
-+ ldub [%o1],%o4
-+ add %o1,1,%o1
-+ subcc %o2,1,%o2
-+ xor %o3,%o4,%o4
-+#ifdef ABI64
-+ bnz %xcc,.Loop_cmp
-+#else
-+ bnz .Loop_cmp
-+#endif
-+ or %o4,%g1,%g1
-+
-+ sub %g0,%g1,%g1
-+ srl %g1,31,%g1
-+.Lno_data:
-+ retl
-+ mov %g1,%o0
-+.type CRYPTO_memcmp,#function
-+.size CRYPTO_memcmp,.-CRYPTO_memcmp
-+
- .global _sparcv9_vis1_instrument_bus
- .align 8
- _sparcv9_vis1_instrument_bus:
---- a/crypto/sparcv9cap.c
-+++ b/crypto/sparcv9cap.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -60,9 +69,18 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U
- if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3))
- return bn_mul_mont_vis3(rp, ap, bp, np, n0, num);
- else if (num >= 8 &&
-- (OPENSSL_sparcv9cap_P[0] &
-- (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
-- (SPARCV9_PREFER_FPU | SPARCV9_VIS1))
-+ /*
-+ * bn_mul_mont_fpu doesn't use FMADD, we just use the
-+ * flag to detect when FPU path is preferable in cases
-+ * when current heuristics is unreliable. [it works
-+ * out because FMADD-capable processors where FPU
-+ * code path is undesirable are also VIS3-capable and
-+ * VIS3 code path takes precedence.]
-+ */
-+ ( (OPENSSL_sparcv9cap_P[0] & SPARCV9_FMADD) ||
-+ (OPENSSL_sparcv9cap_P[0] &
-+ (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) ==
-+ (SPARCV9_PREFER_FPU | SPARCV9_VIS1) ))
- return bn_mul_mont_fpu(rp, ap, bp, np, n0, num);
- }
- return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-@@ -149,16 +167,24 @@ void OPENSSL_cpuid_setup(void)
- unsigned int vec[1];
-
- if (getisax (vec,1)) {
-- if (vec[0]&0x0020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1;
-- if (vec[0]&0x0040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-- if (vec[0]&0x0080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK;
-- if (vec[0]&0x0100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
-- if (vec[0]&0x0400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-+ if (vec[0]&0x00020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1;
-+ if (vec[0]&0x00040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
-+ if (vec[0]&0x00080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK;
-+ if (vec[0]&0x00100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD;
-+ if (vec[0]&0x00400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
-+ if (vec[0]&0x01000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJHPCACE;
-+ if (vec[0]&0x02000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJDESX;
-+ if (vec[0]&0x08000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_IMA;
-+ if (vec[0]&0x10000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX;
-+ if (vec[1]&0x00008) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS4;
-
- /* reconstruct %cfr copy */
- OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff;
- OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1;
- if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C;
-+ if (vec[1]&0x00000020) OPENSSL_sparcv9cap_P[1] |= CFR_XMPMUL;
-+ if (vec[1]&0x00000040)
-+ OPENSSL_sparcv9cap_P[1] |= CFR_XMONTMUL|CFR_XMONTSQR;
-
- /* Some heuristics */
- /* all known VIS2-capable CPUs have unprivileged tick counter */
-@@ -233,6 +259,11 @@ void OPENSSL_cpuid_setup(void)
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
- }
-
-+ if (sigsetjmp(common_jmp, 1) == 0) {
-+ _sparcv9_fjaesx_probe();
-+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX;
-+ }
-+
- /*
- * In wait for better solution _sparcv9_rdcfr is masked by
- * VIS3 flag, because it goes to uninterruptable endless
---- a/crypto/srp/Makefile.in
-+++ /dev/null
-@@ -1,39 +0,0 @@
--DIR= srp
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--DESTDIR=
--OPENSSLDIR= /usr/local/ssl
--INSTALLTOP=/usr/local/ssl
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=srp_lib.c srp_vfy.c
--LIBOBJ=srp_lib.o srp_vfy.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/srp/srp_lib.c
-+++ b/crypto/srp/srp_lib.c
-@@ -1,61 +1,12 @@
- /*
-- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
-- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
-- * EdelKey project and contributed to the OpenSSL project 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef OPENSSL_NO_SRP
- # include "internal/cryptlib.h"
- # include <openssl/sha.h>
-@@ -63,7 +14,7 @@
- # include <openssl/evp.h>
- # include "internal/bn_srp.h"
-
--static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
-+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
- {
- /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
-
-@@ -84,24 +35,27 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIG
- goto err;
- BN_bn2bin(N, tmp);
-
-- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
-- EVP_DigestUpdate(ctxt, tmp, longN);
-+ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
-+ || !EVP_DigestUpdate(ctxt, tmp, longN))
-+ goto err;
-
- memset(tmp, 0, longN);
- longg = BN_bn2bin(g, tmp);
- /* use the zeros behind to pad on left */
-- EVP_DigestUpdate(ctxt, tmp + longg, longN - longg);
-- EVP_DigestUpdate(ctxt, tmp, longg);
-+ if (!EVP_DigestUpdate(ctxt, tmp + longg, longN - longg)
-+ || !EVP_DigestUpdate(ctxt, tmp, longg))
-+ goto err;
- OPENSSL_free(tmp);
-
-- EVP_DigestFinal_ex(ctxt, digest, NULL);
-+ if (!EVP_DigestFinal_ex(ctxt, digest, NULL))
-+ goto err;
- res = BN_bin2bn(digest, sizeof(digest), NULL);
- err:
- EVP_MD_CTX_free(ctxt);
- return res;
- }
-
--BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
-+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
- {
- /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
-
-@@ -126,11 +80,13 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B,
-
- memset(cAB, 0, longN);
-
-- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
-- EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
-- EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
-+ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
-+ || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN)
-+ || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN))
-+ goto err;
- OPENSSL_free(cAB);
-- EVP_DigestFinal_ex(ctxt, cu, NULL);
-+ if (!EVP_DigestFinal_ex(ctxt, cu, NULL))
-+ goto err;
-
- if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
- goto err;
-@@ -144,8 +100,8 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B,
- return u;
- }
-
--BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-- BIGNUM *N)
-+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
-+ const BIGNUM *b, const BIGNUM *N)
- {
- BIGNUM *tmp = NULL, *S = NULL;
- BN_CTX *bn_ctx;
-@@ -153,8 +109,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, B
- if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
- return NULL;
-
-- if ((bn_ctx = BN_CTX_new()) == NULL ||
-- (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
-+ if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
- goto err;
-
- /* S = (A*v**u) ** b */
-@@ -163,15 +118,20 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, B
- goto err;
- if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
- goto err;
-- if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
-- goto err;
-+
-+ S = BN_new();
-+ if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
-+ BN_free(S);
-+ S = NULL;
-+ }
- err:
- BN_CTX_free(bn_ctx);
- BN_clear_free(tmp);
- return S;
- }
-
--BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
-+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
-+ const BIGNUM *v)
- {
- BIGNUM *kv = NULL, *gb = NULL;
- BIGNUM *B = NULL, *k = NULL;
-@@ -202,7 +162,7 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N,
- return B;
- }
-
--BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
-+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
- {
- unsigned char dig[SHA_DIGEST_LENGTH];
- EVP_MD_CTX *ctxt;
-@@ -218,18 +178,20 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char
- if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
- goto err;
-
-- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
-- EVP_DigestUpdate(ctxt, user, strlen(user));
-- EVP_DigestUpdate(ctxt, ":", 1);
-- EVP_DigestUpdate(ctxt, pass, strlen(pass));
-- EVP_DigestFinal_ex(ctxt, dig, NULL);
--
-- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
-+ if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
-+ || !EVP_DigestUpdate(ctxt, user, strlen(user))
-+ || !EVP_DigestUpdate(ctxt, ":", 1)
-+ || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
-+ || !EVP_DigestFinal_ex(ctxt, dig, NULL)
-+ || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
-+ goto err;
- BN_bn2bin(s, cs);
-- EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
-+ if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
-+ goto err;
- OPENSSL_free(cs);
-- EVP_DigestUpdate(ctxt, dig, sizeof(dig));
-- EVP_DigestFinal_ex(ctxt, dig, NULL);
-+ if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
-+ || !EVP_DigestFinal_ex(ctxt, dig, NULL))
-+ goto err;
-
- res = BN_bin2bn(dig, sizeof(dig), NULL);
- err:
-@@ -237,7 +199,7 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char
- return res;
- }
-
--BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
-+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
- {
- BN_CTX *bn_ctx;
- BIGNUM *A = NULL;
-@@ -253,8 +215,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N,
- return A;
- }
-
--BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-- BIGNUM *a, BIGNUM *u)
-+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
-+ const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
- {
- BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
- BN_CTX *bn_ctx;
-@@ -265,8 +227,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, B
-
- if ((tmp = BN_new()) == NULL ||
- (tmp2 = BN_new()) == NULL ||
-- (tmp3 = BN_new()) == NULL ||
-- (K = BN_new()) == NULL)
-+ (tmp3 = BN_new()) == NULL)
- goto err;
-
- if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
-@@ -277,12 +238,15 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, B
- goto err;
- if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
- goto err;
-- if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
-- goto err;
-- if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
-+ if (!BN_mul(tmp3, u, x, bn_ctx))
- goto err;
-- if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
-+ if (!BN_add(tmp2, a, tmp3))
- goto err;
-+ K = BN_new();
-+ if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
-+ BN_free(K);
-+ K = NULL;
-+ }
-
- err:
- BN_CTX_free(bn_ctx);
-@@ -293,7 +257,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, B
- return K;
- }
-
--int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
-+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
- {
- BIGNUM *r;
- BN_CTX *bn_ctx;
-@@ -314,20 +278,20 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM
- return ret;
- }
-
--int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
-+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
- {
- /* Checks if A % N == 0 */
- return SRP_Verify_B_mod_N(A, N);
- }
-
- static SRP_gN knowngN[] = {
-- {"8192", (BIGNUM *)&bn_generator_19, (BIGNUM *)&bn_group_8192},
-- {"6144", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_6144},
-- {"4096", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_4096},
-- {"3072", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_3072},
-- {"2048", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_2048},
-- {"1536", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1536},
-- {"1024", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1024},
-+ {"8192", &bn_generator_19, &bn_group_8192},
-+ {"6144", &bn_generator_5, &bn_group_6144},
-+ {"4096", &bn_generator_5, &bn_group_4096},
-+ {"3072", &bn_generator_5, &bn_group_3072},
-+ {"2048", &bn_generator_2, &bn_group_2048},
-+ {"1536", &bn_generator_2, &bn_group_1536},
-+ {"1024", &bn_generator_2, &bn_group_1024},
- };
-
- # define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
-@@ -336,7 +300,7 @@ static SRP_gN knowngN[] = {
- * Check if G and N are known parameters. The values have been generated
- * from the ietf-tls-srp draft version 8
- */
--char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
-+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
- {
- size_t i;
- if ((g == NULL) || (N == NULL))
---- a/crypto/srp/srp_vfy.c
-+++ b/crypto/srp/srp_vfy.c
-@@ -1,61 +1,12 @@
- /*
-- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
-- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
-- * EdelKey project and contributed to the OpenSSL project 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef OPENSSL_NO_SRP
- # include "internal/cryptlib.h"
- # include <openssl/sha.h>
-@@ -445,7 +396,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *
-
- if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
- goto err;
-- user_pwd = NULL; /* abandon responsability */
-+ user_pwd = NULL; /* abandon responsibility */
- }
- }
- }
-@@ -549,10 +500,12 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP
- if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
- goto err;
- ctxt = EVP_MD_CTX_new();
-- EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
-- EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
-- EVP_DigestUpdate(ctxt, username, strlen(username));
-- EVP_DigestFinal_ex(ctxt, digs, NULL);
-+ if (ctxt == NULL
-+ || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
-+ || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
-+ || !EVP_DigestUpdate(ctxt, username, strlen(username))
-+ || !EVP_DigestFinal_ex(ctxt, digs, NULL))
-+ goto err;
- EVP_MD_CTX_free(ctxt);
- ctxt = NULL;
- if (SRP_user_pwd_set_sv_BN(user,
-@@ -574,7 +527,8 @@ char *SRP_create_verifier(const char *us
- {
- int len;
- char *result = NULL, *vf = NULL;
-- BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
-+ const BIGNUM *N_bn = NULL, *g_bn = NULL;
-+ BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
- unsigned char tmp[MAX_LEN];
- unsigned char tmp2[MAX_LEN];
- char *defgNid = NULL;
-@@ -587,10 +541,12 @@ char *SRP_create_verifier(const char *us
- if (N) {
- if ((len = t_fromb64(tmp, N)) == 0)
- goto err;
-- N_bn = BN_bin2bn(tmp, len, NULL);
-+ N_bn_alloc = BN_bin2bn(tmp, len, NULL);
-+ N_bn = N_bn_alloc;
- if ((len = t_fromb64(tmp, g)) == 0)
- goto err;
-- g_bn = BN_bin2bn(tmp, len, NULL);
-+ g_bn_alloc = BN_bin2bn(tmp, len, NULL);
-+ g_bn = g_bn_alloc;
- defgNid = "*";
- } else {
- SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
-@@ -636,10 +592,8 @@ char *SRP_create_verifier(const char *us
- result = defgNid;
-
- err:
-- if (N) {
-- BN_free(N_bn);
-- BN_free(g_bn);
-- }
-+ BN_free(N_bn_alloc);
-+ BN_free(g_bn_alloc);
- OPENSSL_clear_free(vf, vfsize);
- BN_clear_free(s);
- BN_clear_free(v);
---- a/crypto/stack/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/stack/Makefile
--#
--
--DIR= stack
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=stack.c
--LIBOBJ=stack.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/stack/stack.c
-+++ b/crypto/stack/stack.c
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include "internal/cryptlib.h"
- #include <openssl/stack.h>
-@@ -64,7 +17,7 @@ struct stack_st {
- char **data;
- int sorted;
- int num_alloc;
-- int (*comp) (const void *, const void *);
-+ OPENSSL_sk_compfunc comp;
- };
-
- #undef MIN_NODES
-@@ -72,9 +25,9 @@ struct stack_st {
-
- #include <errno.h>
-
--int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
-- (const void *, const void *) {
-- int (*old) (const void *, const void *) = sk->comp;
-+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c)
-+{
-+ OPENSSL_sk_compfunc old = sk->comp;
-
- if (sk->comp != c)
- sk->sorted = 0;
-@@ -83,49 +36,44 @@ int (*sk_set_cmp_func(_STACK *sk, int (*
- return old;
- }
-
--_STACK *sk_dup(_STACK *sk)
-+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
- {
-- _STACK *ret;
-- char **s;
-+ OPENSSL_STACK *ret;
-
-- if ((ret = sk_new(sk->comp)) == NULL)
-- goto err;
-- s = OPENSSL_realloc((char *)ret->data,
-- (unsigned int)sizeof(char *) * sk->num_alloc);
-- if (s == NULL)
-- goto err;
-- ret->data = s;
-+ if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
-+ return NULL;
-+
-+ /* direct structure assignment */
-+ *ret = *sk;
-
-- ret->num = sk->num;
-+ if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL)
-+ goto err;
- memcpy(ret->data, sk->data, sizeof(char *) * sk->num);
-- ret->sorted = sk->sorted;
-- ret->num_alloc = sk->num_alloc;
-- ret->comp = sk->comp;
-- return (ret);
-+ return ret;
- err:
-- sk_free(ret);
-- return (NULL);
-+ OPENSSL_sk_free(ret);
-+ return NULL;
- }
-
--_STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *),
-- void (*free_func) (void *))
-+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
-+ OPENSSL_sk_copyfunc copy_func,
-+ OPENSSL_sk_freefunc free_func)
- {
-- _STACK *ret;
-+ OPENSSL_STACK *ret;
- int i;
-
-- if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL)
-- return ret;
-- ret->comp = sk->comp;
-- ret->sorted = sk->sorted;
-- ret->num = sk->num;
-+ if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
-+ return NULL;
-+
-+ /* direct structure assignment */
-+ *ret = *sk;
-+
- ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES;
-- ret->data = OPENSSL_malloc(sizeof(*ret->data) * ret->num_alloc);
-+ ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
- if (ret->data == NULL) {
- OPENSSL_free(ret);
- return NULL;
- }
-- for (i = 0; i < ret->num_alloc; i++)
-- ret->data[i] = NULL;
-
- for (i = 0; i < ret->num; ++i) {
- if (sk->data[i] == NULL)
-@@ -134,23 +82,23 @@ int (*sk_set_cmp_func(_STACK *sk, int (*
- while (--i >= 0)
- if (ret->data[i] != NULL)
- free_func(ret->data[i]);
-- sk_free(ret);
-+ OPENSSL_sk_free(ret);
- return NULL;
- }
- }
- return ret;
- }
-
--_STACK *sk_new_null(void)
-+OPENSSL_STACK *OPENSSL_sk_new_null(void)
- {
-- return sk_new((int (*)(const void *, const void *))0);
-+ return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL);
- }
-
--_STACK *sk_new(int (*c) (const void *, const void *))
-+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
- {
-- _STACK *ret;
-+ OPENSSL_STACK *ret;
-
-- if ((ret = OPENSSL_zalloc(sizeof(_STACK))) == NULL)
-+ if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
- goto err;
- if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL)
- goto err;
-@@ -163,7 +111,7 @@ int (*sk_set_cmp_func(_STACK *sk, int (*
- return (NULL);
- }
-
--int sk_insert(_STACK *st, void *data, int loc)
-+int OPENSSL_sk_insert(OPENSSL_STACK *st, void *data, int loc)
- {
- char **s;
-
-@@ -189,22 +137,22 @@ int sk_insert(_STACK *st, void *data, in
- return (st->num);
- }
-
--void *sk_delete_ptr(_STACK *st, void *p)
-+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
- {
- int i;
-
- for (i = 0; i < st->num; i++)
- if (st->data[i] == p)
-- return (sk_delete(st, i));
-- return (NULL);
-+ return OPENSSL_sk_delete(st, i);
-+ return NULL;
- }
-
--void *sk_delete(_STACK *st, int loc)
-+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
- {
- char *ret;
- int i, j;
-
-- if (!st || (loc < 0) || (loc >= st->num))
-+ if (st == NULL || loc < 0 || loc >= st->num)
- return NULL;
-
- ret = st->data[loc];
-@@ -221,7 +169,8 @@ void *sk_delete(_STACK *st, int loc)
- return (ret);
- }
-
--static int internal_find(_STACK *st, void *data, int ret_val_options)
-+static int internal_find(OPENSSL_STACK *st, const void *data,
-+ int ret_val_options)
- {
- const void *const *r;
- int i;
-@@ -235,7 +184,7 @@ static int internal_find(_STACK *st, voi
- return (i);
- return (-1);
- }
-- sk_sort(st);
-+ OPENSSL_sk_sort(st);
- if (data == NULL)
- return (-1);
- r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
-@@ -245,45 +194,45 @@ static int internal_find(_STACK *st, voi
- return (int)((char **)r - st->data);
- }
-
--int sk_find(_STACK *st, void *data)
-+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
- {
- return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
- }
-
--int sk_find_ex(_STACK *st, void *data)
-+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
- {
- return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
- }
-
--int sk_push(_STACK *st, void *data)
-+int OPENSSL_sk_push(OPENSSL_STACK *st, void *data)
- {
-- return (sk_insert(st, data, st->num));
-+ return (OPENSSL_sk_insert(st, data, st->num));
- }
-
--int sk_unshift(_STACK *st, void *data)
-+int OPENSSL_sk_unshift(OPENSSL_STACK *st, void *data)
- {
-- return (sk_insert(st, data, 0));
-+ return (OPENSSL_sk_insert(st, data, 0));
- }
-
--void *sk_shift(_STACK *st)
-+void *OPENSSL_sk_shift(OPENSSL_STACK *st)
- {
- if (st == NULL)
- return (NULL);
- if (st->num <= 0)
- return (NULL);
-- return (sk_delete(st, 0));
-+ return (OPENSSL_sk_delete(st, 0));
- }
-
--void *sk_pop(_STACK *st)
-+void *OPENSSL_sk_pop(OPENSSL_STACK *st)
- {
- if (st == NULL)
- return (NULL);
- if (st->num <= 0)
- return (NULL);
-- return (sk_delete(st, st->num - 1));
-+ return (OPENSSL_sk_delete(st, st->num - 1));
- }
-
--void sk_zero(_STACK *st)
-+void OPENSSL_sk_zero(OPENSSL_STACK *st)
- {
- if (st == NULL)
- return;
-@@ -293,7 +242,7 @@ void sk_zero(_STACK *st)
- st->num = 0;
- }
-
--void sk_pop_free(_STACK *st, void (*func) (void *))
-+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
- {
- int i;
-
-@@ -302,10 +251,10 @@ void sk_pop_free(_STACK *st, void (*func
- for (i = 0; i < st->num; i++)
- if (st->data[i] != NULL)
- func(st->data[i]);
-- sk_free(st);
-+ OPENSSL_sk_free(st);
- }
-
--void sk_free(_STACK *st)
-+void OPENSSL_sk_free(OPENSSL_STACK *st)
- {
- if (st == NULL)
- return;
-@@ -313,48 +262,38 @@ void sk_free(_STACK *st)
- OPENSSL_free(st);
- }
-
--int sk_num(const _STACK *st)
-+int OPENSSL_sk_num(const OPENSSL_STACK *st)
- {
- if (st == NULL)
- return -1;
- return st->num;
- }
-
--void *sk_value(const _STACK *st, int i)
-+void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
- {
-- if (!st || (i < 0) || (i >= st->num))
-+ if (st == NULL || i < 0 || i >= st->num)
- return NULL;
- return st->data[i];
- }
-
--void *sk_set(_STACK *st, int i, void *value)
-+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, void *value)
- {
-- if (!st || (i < 0) || (i >= st->num))
-+ if (st == NULL || i < 0 || i >= st->num)
- return NULL;
- return (st->data[i] = value);
- }
-
--void sk_sort(_STACK *st)
-+void OPENSSL_sk_sort(OPENSSL_STACK *st)
- {
- if (st && !st->sorted && st->comp != NULL) {
-- int (*comp_func) (const void *, const void *);
--
-- /*
-- * same comment as in sk_find ... previously st->comp was declared as
-- * a (void*,void*) callback type, but this made the population of the
-- * callback pointer illogical - our callbacks compare type** with
-- * type**, so we leave the casting until absolutely necessary (ie.
-- * "now").
-- */
-- comp_func = (int (*)(const void *, const void *))(st->comp);
-- qsort(st->data, st->num, sizeof(char *), comp_func);
-+ qsort(st->data, st->num, sizeof(char *), st->comp);
- st->sorted = 1;
- }
- }
-
--int sk_is_sorted(const _STACK *st)
-+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
- {
-- if (!st)
-+ if (st == NULL)
- return 1;
- return st->sorted;
- }
---- a/crypto/threads_none.c
-+++ b/crypto/threads_none.c
-@@ -1,54 +1,13 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
--#include "internal/threads.h"
-
- #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-
---- a/crypto/threads_pthread.c
-+++ b/crypto/threads_pthread.c
-@@ -1,54 +1,13 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
--#include "internal/threads.h"
-
- #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
-
---- a/crypto/threads_win.c
-+++ b/crypto/threads_win.c
-@@ -1,54 +1,17 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
-+#if defined(_WIN32)
-+# include <windows.h>
-+#endif
-+
- #include <openssl/crypto.h>
--#include "internal/threads.h"
-
- #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS)
-
-@@ -96,12 +59,14 @@ void CRYPTO_THREAD_lock_free(CRYPTO_RWLO
- return;
- }
-
--# if _WIN32_WINNT < 0x0600
--
- # define ONCE_UNINITED 0
- # define ONCE_ININIT 1
- # define ONCE_DONE 2
-
-+/*
-+ * We don't use InitOnceExecuteOnce because that isn't available in WinXP which
-+ * we still have to support.
-+ */
- int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
- {
- LONG volatile *lock = (LONG *)once;
-@@ -122,27 +87,6 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *
- return (*lock == ONCE_DONE);
- }
-
--# else
--
--BOOL CALLBACK once_cb(PINIT_ONCE once, PVOID p, PVOID *pp)
--{
-- void (*init)(void) = p;
--
-- init();
--
-- return TRUE;
--}
--
--int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
--{
-- if (InitOnceExecuteOnce(once, once_cb, init, NULL))
-- return 1;
--
-- return 0;
--}
--
--# endif
--
- int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
- {
- *key = TlsAlloc();
---- a/crypto/ts/Makefile.in
-+++ /dev/null
-@@ -1,53 +0,0 @@
--#
--#
--
--DIR= ts
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I../../include
--CFLAG = -g
--DESTDIR=
--OPENSSLDIR= /usr/local/ssl
--INSTALLTOP=/usr/local/ssl
--AR= ar r
--
--PLIB_LDFLAG=
--EX_LIBS=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL= Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c \
-- ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \
-- ts_asn1.c
--LIBOBJ= ts_err.o ts_req_utils.o ts_req_print.o ts_rsp_utils.o ts_rsp_print.o \
-- ts_rsp_sign.o ts_rsp_verify.o ts_verify_ctx.o ts_lib.o ts_conf.o \
-- ts_asn1.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--test:
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/ts/ts_asn1.c
-+++ b/crypto/ts/ts_asn1.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/ts.h>
---- a/crypto/ts/ts_conf.c
-+++ b/crypto/ts/ts_conf.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
---- a/crypto/ts/ts_err.c
-+++ b/crypto/ts/ts_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -69,7 +19,6 @@
- # define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
-
- static ERR_STRING_DATA TS_str_functs[] = {
-- {ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"},
- {ERR_FUNC(TS_F_DEF_SERIAL_CB), "def_serial_cb"},
- {ERR_FUNC(TS_F_DEF_TIME_CB), "def_time_cb"},
- {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_add_signing_cert"},
-@@ -118,7 +67,6 @@ static ERR_STRING_DATA TS_str_functs[] =
- {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"},
- {ERR_FUNC(TS_F_TS_RESP_SIGN), "ts_RESP_sign"},
- {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"},
-- {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"},
- {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"},
- {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),
- "TS_TST_INFO_set_msg_imprint"},
-@@ -141,7 +89,6 @@ static ERR_STRING_DATA TS_str_reasons[]
- {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
- {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"},
- {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"},
-- {ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED), "d2i ts resp int failed"},
- {ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"},
- {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),
- "ess add signing cert error"},
-@@ -184,7 +131,7 @@ static ERR_STRING_DATA TS_str_reasons[]
-
- #endif
-
--void ERR_load_TS_strings(void)
-+int ERR_load_TS_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -193,4 +140,5 @@ void ERR_load_TS_strings(void)
- ERR_load_strings(0, TS_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/ts/ts_lcl.h
-+++ b/crypto/ts/ts_lcl.h
-@@ -1,58 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--
- /*-
- * MessageImprint ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
-@@ -144,8 +98,6 @@ struct TS_status_info_st {
- ASN1_BIT_STRING *failure_info;
- };
-
--DEFINE_STACK_OF(ASN1_UTF8STRING)
--
- /*-
- * IssuerSerial ::= SEQUENCE {
- * issuer GeneralNames,
---- a/crypto/ts/ts_lib.c
-+++ b/crypto/ts/ts_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -89,9 +40,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN
- {
- char obj_txt[128];
-
-- int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-- BIO_write(bio, obj_txt, len);
-- BIO_write(bio, "\n", 1);
-+ OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-+ BIO_printf(bio, "%s\n", obj_txt);
-
- return 1;
- }
---- a/crypto/ts/ts_req_print.c
-+++ b/crypto/ts/ts_req_print.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ts/ts_req_utils.c
-+++ b/crypto/ts/ts_req_utils.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ts/ts_rsp_print.c
-+++ b/crypto/ts/ts_rsp_print.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ts/ts_rsp_sign.c
-+++ b/crypto/ts/ts_rsp_sign.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -272,7 +223,7 @@ int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx,
- if (ctx->mds == NULL
- && (ctx->mds = sk_EVP_MD_new_null()) == NULL)
- goto err;
-- if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md))
-+ if (!sk_EVP_MD_push(ctx->mds, md))
- goto err;
-
- return 1;
-@@ -495,7 +446,7 @@ static int ts_RESP_check_request(TS_RESP
- X509_ALGOR *md_alg;
- int md_alg_id;
- const ASN1_OCTET_STRING *digest;
-- EVP_MD *md = NULL;
-+ const EVP_MD *md = NULL;
- int i;
-
- if (TS_REQ_get_version(request) != 1) {
-@@ -509,7 +460,7 @@ static int ts_RESP_check_request(TS_RESP
- md_alg = msg_imprint->hash_algo;
- md_alg_id = OBJ_obj2nid(md_alg->algorithm);
- for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
-- EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
-+ const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
- if (md_alg_id == EVP_MD_type(current_md))
- md = current_md;
- }
---- a/crypto/ts/ts_rsp_utils.c
-+++ b/crypto/ts/ts_rsp_utils.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/ts/ts_rsp_verify.c
-+++ b/crypto/ts/ts_rsp_verify.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2002.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -396,36 +347,43 @@ static int int_ts_RESP_verify_token(TS_V
- unsigned char *imprint = NULL;
- unsigned imprint_len = 0;
- int ret = 0;
-+ int flags = ctx->flags;
-
-- if ((ctx->flags & TS_VFY_SIGNATURE)
-+ /* Some options require us to also check the signature */
-+ if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
-+ || (flags & TS_VFY_TSA_NAME)) {
-+ flags |= TS_VFY_SIGNATURE;
-+ }
-+
-+ if ((flags & TS_VFY_SIGNATURE)
- && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
- goto err;
-- if ((ctx->flags & TS_VFY_VERSION)
-+ if ((flags & TS_VFY_VERSION)
- && TS_TST_INFO_get_version(tst_info) != 1) {
- TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
- goto err;
- }
-- if ((ctx->flags & TS_VFY_POLICY)
-+ if ((flags & TS_VFY_POLICY)
- && !ts_check_policy(ctx->policy, tst_info))
- goto err;
-- if ((ctx->flags & TS_VFY_IMPRINT)
-+ if ((flags & TS_VFY_IMPRINT)
- && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
- tst_info))
- goto err;
-- if ((ctx->flags & TS_VFY_DATA)
-+ if ((flags & TS_VFY_DATA)
- && (!ts_compute_imprint(ctx->data, tst_info,
- &md_alg, &imprint, &imprint_len)
- || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
- goto err;
-- if ((ctx->flags & TS_VFY_NONCE)
-+ if ((flags & TS_VFY_NONCE)
- && !ts_check_nonces(ctx->nonce, tst_info))
- goto err;
-- if ((ctx->flags & TS_VFY_SIGNER)
-+ if ((flags & TS_VFY_SIGNER)
- && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
- TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
- goto err;
- }
-- if ((ctx->flags & TS_VFY_TSA_NAME)
-+ if ((flags & TS_VFY_TSA_NAME)
- && !ts_check_signer_name(ctx->tsa_name, signer)) {
- TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
- goto err;
-@@ -505,7 +463,7 @@ static char *ts_get_status_text(STACK_OF
- TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
--
-+
- for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
- ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
- length = ASN1_STRING_length(current);
---- a/crypto/ts/ts_verify_ctx.c
-+++ b/crypto/ts/ts_verify_ctx.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
-- * 2003.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/txt_db/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/txt_db/Makefile
--#
--
--DIR= txt_db
--TOP= ../..
--CC= cc
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=txt_db.c
--LIBOBJ=txt_db.o
--
--SRC= $(LIBSRC)
--
--HEADER=
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/txt_db/txt_db.c
-+++ b/crypto/txt_db/txt_db.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -193,7 +145,7 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_
- }
-
- int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
-- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
-+ OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp)
- {
- LHASH_OF(OPENSSL_STRING) *idx;
- OPENSSL_STRING *r;
-@@ -204,7 +156,7 @@ int TXT_DB_create_index(TXT_DB *db, int
- return (0);
- }
- /* FIXME: we lose type checking at this point */
-- if ((idx = (LHASH_OF(OPENSSL_STRING) *)lh_new(hash, cmp)) == NULL) {
-+ if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) {
- db->error = DB_ERROR_MALLOC;
- return (0);
- }
---- a/crypto/ui/Makefile.in
-+++ /dev/null
-@@ -1,43 +0,0 @@
--#
--# OpenSSL/crypto/ui/Makefile
--#
--
--DIR= ui
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c
--LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o
--
--SRC= $(LIBSRC)
--
--HEADER= ui_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/ui/ui_err.c
-+++ b/crypto/ui/ui_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -71,7 +21,7 @@
- static ERR_STRING_DATA UI_str_functs[] = {
- {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "general_allocate_boolean"},
- {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "general_allocate_prompt"},
-- {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
-+ {ERR_FUNC(UI_F_UI_CREATE_METHOD), "UI_create_method"},
- {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
- {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
- {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
-@@ -98,7 +48,7 @@ static ERR_STRING_DATA UI_str_reasons[]
-
- #endif
-
--void ERR_load_UI_strings(void)
-+int ERR_load_UI_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -107,4 +57,5 @@ void ERR_load_UI_strings(void)
- ERR_load_strings(0, UI_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/ui/ui_lib.c
-+++ b/crypto/ui/ui_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -92,7 +43,10 @@ UI *UI_new_method(const UI_METHOD *metho
- else
- ret->meth = method;
-
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
- return ret;
- }
-
-@@ -173,8 +127,10 @@ static int general_allocate_string(UI *u
- s->_.string_data.test_buf = test_buf;
- ret = sk_UI_STRING_push(ui->strings, s);
- /* sk_push() returns 0 on error. Let's adapt that */
-- if (ret <= 0)
-+ if (ret <= 0) {
- ret--;
-+ free_string(s);
-+ }
- } else
- free_string(s);
- }
-@@ -218,8 +174,10 @@ static int general_allocate_boolean(UI *
- /*
- * sk_push() returns 0 on error. Let's adapt that
- */
-- if (ret <= 0)
-+ if (ret <= 0) {
- ret--;
-+ free_string(s);
-+ }
- } else
- free_string(s);
- }
-@@ -578,12 +536,18 @@ const UI_METHOD *UI_set_method(UI *ui, c
- return ui->meth;
- }
-
--UI_METHOD *UI_create_method(char *name)
-+UI_METHOD *UI_create_method(const char *name)
- {
- UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method));
-
-- if (ui_method != NULL)
-+ if (ui_method != NULL) {
- ui_method->name = OPENSSL_strdup(name);
-+ if (ui_method->name == NULL) {
-+ OPENSSL_free(ui_method);
-+ UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+ }
- return ui_method;
- }
-
---- a/crypto/ui/ui_locl.h
-+++ b/crypto/ui/ui_locl.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_UI_LOCL_H
---- a/crypto/ui/ui_openssl.c
-+++ b/crypto/ui/ui_openssl.c
-@@ -1,118 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) and others for the
-- * OpenSSL project 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- */
--
--/*-
-- * The lowest level part of this file was previously in crypto/des/read_pwd.c,
-- * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/e_os2.h>
-@@ -176,8 +68,8 @@
- #endif
-
- /*
-- * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
-- * MSDOS and SGTTY.
-+ * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
-+ * MSDOS, WIN32 Console and SGTTY.
- *
- * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
- * remain respected. Otherwise, we default to TERMIOS except for a few
-@@ -195,11 +87,9 @@
- # undef SGTTY
- /*
- * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
-- * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed.
- */
- # elif !defined(OPENSSL_SYS_VMS) \
- && !defined(OPENSSL_SYS_MSDOS) \
-- && !defined(MAC_OS_GUSI_SOURCE) \
- && !defined(OPENSSL_SYS_VXWORKS)
- # define TERMIOS
- # undef TERMIO
-@@ -252,15 +142,6 @@ struct IOSB {
- };
- #endif
-
--#if defined(MAC_OS_GUSI_SOURCE)
--/*
-- * This one needs work. As a matter of fact the code is unoperational
-- * and this is only a trick to get it compiled.
-- * <appro at fy.chalmers.se>
-- */
--# define TTY_STRUCT int
--#endif
--
- #ifndef NX509_SIG
- # define NX509_SIG 32
- #endif
-@@ -280,6 +161,8 @@ static long tty_orig[3], tty_new[3]; /*
- * structures? */
- static long status;
- static unsigned short channel = 0;
-+#elif defined(_WIN32) && !defined(_WIN32_WCE)
-+static DWORD tty_orig, tty_new;
- #else
- # if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
- static TTY_STRUCT tty_orig, tty_new;
-@@ -295,7 +178,7 @@ static void recsig(int);
- static void pushsig(void);
- static void popsig(void);
- #endif
--#if defined(OPENSSL_SYS_MSDOS)
-+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
- static int noecho_fgets(char *buf, int size, FILE *tty);
- #endif
- static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
-@@ -403,7 +286,8 @@ static int read_string_inner(UI *ui, UI_
- char result[BUFSIZ];
- int maxsize = BUFSIZ - 1;
- #if !defined(OPENSSL_SYS_WINCE)
-- char *p;
-+ char *p = NULL;
-+ int echo_eol = !echo;
-
- intr_signal = 0;
- ok = 0;
-@@ -417,15 +301,48 @@ static int read_string_inner(UI *ui, UI_
- ps = 2;
-
- result[0] = '\0';
--# ifdef OPENSSL_SYS_MSDOS
-+# if defined(_WIN32)
-+ if (is_a_tty) {
-+ DWORD numread;
-+# if defined(CP_UTF8)
-+ WCHAR wresult[BUFSIZ];
-+
-+ if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE),
-+ wresult, maxsize, &numread, NULL)) {
-+ if (numread >= 2 &&
-+ wresult[numread-2] == L'\r' && wresult[numread-1] == L'\n') {
-+ wresult[numread-2] = L'\n';
-+ numread--;
-+ echo_eol = 0;
-+ }
-+ wresult[numread] = '\0';
-+ if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1,
-+ result, sizeof(result), NULL, 0) > 0)
-+ p = result;
-+
-+ OPENSSL_cleanse(wresult, sizeof(wresult));
-+ }
-+# else
-+ if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
-+ result, maxsize, &numread, NULL)) {
-+ if (numread >= 2 &&
-+ result[numread-2] == '\r' && result[numread-1] == '\n') {
-+ result[numread-2] = '\n';
-+ numread--;
-+ echo_eol = 0;
-+ }
-+ result[numread] = '\0';
-+ p = result;
-+ }
-+# endif
-+ } else
-+# elif defined(OPENSSL_SYS_MSDOS)
- if (!echo) {
- noecho_fgets(result, maxsize, tty_in);
- p = result; /* FIXME: noecho_fgets doesn't return errors */
- } else
-- p = fgets(result, maxsize, tty_in);
--# else
-- p = fgets(result, maxsize, tty_in);
- # endif
-+ p = fgets(result, maxsize, tty_in);
- if (!p)
- goto error;
- if (feof(tty_in))
-@@ -443,7 +360,7 @@ static int read_string_inner(UI *ui, UI_
- error:
- if (intr_signal == SIGINT)
- ok = -1;
-- if (!echo)
-+ if (echo_eol)
- fprintf(tty_out, "\n");
- if (ps >= 2 && !echo && !echo_console(ui))
- ok = 0;
-@@ -467,6 +384,17 @@ static int open_console(UI *ui)
- #if defined(OPENSSL_SYS_VXWORKS)
- tty_in = stdin;
- tty_out = stderr;
-+#elif defined(_WIN32) && !defined(_WIN32_WCE)
-+ if ((tty_out = fopen("conout$", "w")) == NULL)
-+ tty_out = stderr;
-+
-+ if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) {
-+ tty_in = stdin;
-+ } else {
-+ is_a_tty = 0;
-+ if ((tty_in = fopen("conin$", "r")) == NULL)
-+ tty_in = stdin;
-+ }
- #else
- # ifdef OPENSSL_SYS_MSDOS
- # define DEV_TTY "con"
-@@ -532,6 +460,13 @@ static int noecho_console(UI *ui)
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
- #endif
-+#if defined(_WIN32) && !defined(_WIN32_WCE)
-+ if (is_a_tty) {
-+ tty_new = tty_orig;
-+ tty_new &= ~ENABLE_ECHO_INPUT;
-+ SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
-+ }
-+#endif
- return 1;
- }
-
-@@ -556,6 +491,13 @@ static int echo_console(UI *ui)
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
- #endif
-+#if defined(_WIN32) && !defined(_WIN32_WCE)
-+ if (is_a_tty) {
-+ tty_new = tty_orig;
-+ tty_new |= ENABLE_ECHO_INPUT;
-+ SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
-+ }
-+#endif
- return 1;
- }
-
-@@ -657,7 +599,7 @@ static void recsig(int i)
- #endif
-
- /* Internal functions specific for Windows */
--#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE)
-+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
- static int noecho_fgets(char *buf, int size, FILE *tty)
- {
- int i;
---- a/crypto/ui/ui_util.c
-+++ b/crypto/ui/ui_util.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
---- a/crypto/uid.c
-+++ b/crypto/uid.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/crypto/vms_rms.h
-+++ b/crypto/vms_rms.h
-@@ -1,3 +1,11 @@
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #ifdef NAML$C_MAXRSS
-
---- a/crypto/whrlpool/Makefile.in
-+++ /dev/null
-@@ -1,56 +0,0 @@
--#
--# crypto/whrlpool/Makefile
--#
--
--DIR= whrlpool
--TOP= ../..
--CC= cc
--CPP= $(CC) -E
--INCLUDES=
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--WP_ASM_OBJ=wp_block.o
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC=wp_dgst.c wp_block.c
--LIBOBJ=wp_dgst.o $(WP_ASM_OBJ)
--
--SRC= $(LIBSRC)
--
--HEADER= wp_locl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--wp-mmx.s: asm/wp-mmx.pl ../perlasm/x86asm.pl
-- $(PERL) asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--
--wp-x86_64.s: asm/wp-x86_64.pl
-- $(PERL) asm/wp-x86_64.pl $(PERLASM_SCHEME) $@
--
--$(LIBOBJ): $(LIBSRC)
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/whrlpool/asm/wp-mmx.pl
-+++ b/crypto/whrlpool/asm/wp-mmx.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
---- a/crypto/whrlpool/asm/wp-x86_64.pl
-+++ b/crypto/whrlpool/asm/wp-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # ====================================================================
- # Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-@@ -41,7 +48,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- sub L() { $code.=".byte ".join(',', at _)."\n"; }
---- a/crypto/whrlpool/wp_block.c
-+++ b/crypto/whrlpool/wp_block.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /**
- * The Whirlpool hashing function.
- *
---- a/crypto/whrlpool/wp_dgst.c
-+++ b/crypto/whrlpool/wp_dgst.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /**
- * The Whirlpool hashing function.
- *
-@@ -51,6 +60,7 @@
- * input. This is done for performance.
- */
-
-+#include <openssl/crypto.h>
- #include "wp_locl.h"
- #include <string.h>
-
-@@ -236,7 +246,7 @@ int WHIRLPOOL_Final(unsigned char *md, W
-
- if (md) {
- memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
-- memset(c, 0, sizeof(*c));
-+ OPENSSL_cleanse(c, sizeof(*c));
- return (1);
- }
- return (0);
---- a/crypto/whrlpool/wp_locl.h
-+++ b/crypto/whrlpool/wp_locl.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <openssl/whrlpool.h>
-
- void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
---- a/crypto/x509/Makefile.in
-+++ /dev/null
-@@ -1,57 +0,0 @@
--#
--# OpenSSL/crypto/x509/Makefile
--#
--
--DIR= x509
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
-- x509_obj.c x509_req.c x509spki.c x509_vfy.c \
-- x509_set.c x509cset.c x509rset.c x509_err.c \
-- x509name.c x509_v3.c x509_ext.c x509_att.c \
-- x509type.c x509_lu.c x_all.c x509_txt.c \
-- x509_trs.c by_file.c by_dir.c x509_vpm.c \
-- x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
-- x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c
--LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
-- x509_obj.o x509_req.o x509spki.o x509_vfy.o \
-- x509_set.o x509cset.o x509rset.o x509_err.o \
-- x509name.o x509_v3.o x509_ext.o x509_att.o \
-- x509type.o x509_lu.o x_all.o x509_txt.o \
-- x509_trs.o by_file.o by_dir.o x509_vpm.o \
-- x_crl.o t_crl.o x_req.o t_req.o x_x509.o t_x509.o \
-- x_pubkey.o x_x509a.o x_attrib.o x_exten.o x_name.o
--
--SRC= $(LIBSRC)
--
--HEADER= x509_lcl.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/x509/by_dir.c
-+++ b/crypto/x509/by_dir.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -71,7 +23,6 @@
-
- #include <openssl/lhash.h>
- #include <openssl/x509.h>
--#include "internal/threads.h"
- #include "internal/x509_int.h"
- #include "x509_lcl.h"
-
-@@ -97,8 +48,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
- static int new_dir(X509_LOOKUP *lu);
- static void free_dir(X509_LOOKUP *lu);
- static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
--static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
-- X509_OBJECT *ret);
-+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, X509_OBJECT *ret);
- static X509_LOOKUP_METHOD x509_dir_lookup = {
- "Load certs from files in a directory",
- new_dir, /* new */
---- a/crypto/x509/by_file.c
-+++ b/crypto/x509/by_file.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/t_crl.c
-+++ b/crypto/x509/t_crl.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/t_req.c
-+++ b/crypto/x509/t_req.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -134,13 +86,12 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
- if (BIO_puts(bp, "\n") <= 0)
- goto err;
-
-- pkey = X509_REQ_get_pubkey(x);
-+ pkey = X509_REQ_get0_pubkey(x);
- if (pkey == NULL) {
- BIO_printf(bp, "%12sUnable to load Public Key\n", "");
- ERR_print_errors(bp);
- } else {
- EVP_PKEY_print_public(bp, pkey, 16, NULL);
-- EVP_PKEY_free(pkey);
- }
- }
-
-@@ -181,6 +132,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
- goto err;
- if ((type == V_ASN1_PRINTABLESTRING) ||
- (type == V_ASN1_T61STRING) ||
-+ (type == V_ASN1_UTF8STRING) ||
- (type == V_ASN1_IA5STRING)) {
- if (BIO_write(bp, (char *)bs->data, bs->length)
- != bs->length)
---- a/crypto/x509/t_x509.c
-+++ b/crypto/x509/t_x509.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x509_att.c
-+++ b/crypto/x509/x509_att.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -288,13 +240,13 @@ int X509_ATTRIBUTE_set1_object(X509_ATTR
- return (0);
- ASN1_OBJECT_free(attr->object);
- attr->object = OBJ_dup(obj);
-- return (1);
-+ return attr->object != NULL;
- }
-
- int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
- const void *data, int len)
- {
-- ASN1_TYPE *ttmp;
-+ ASN1_TYPE *ttmp = NULL;
- ASN1_STRING *stmp = NULL;
- int atype = 0;
- if (!attr)
-@@ -319,24 +271,30 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB
- * least one value but some types use and zero length SET and require
- * this.
- */
-- if (attrtype == 0)
-+ if (attrtype == 0) {
-+ ASN1_STRING_free(stmp);
- return 1;
-+ }
- if ((ttmp = ASN1_TYPE_new()) == NULL)
- goto err;
- if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
- if (!ASN1_TYPE_set1(ttmp, attrtype, data))
- goto err;
-- } else
-+ } else {
- ASN1_TYPE_set(ttmp, atype, stmp);
-+ stmp = NULL;
-+ }
- if (!sk_ASN1_TYPE_push(attr->set, ttmp))
- goto err;
- return 1;
- err:
- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
-+ ASN1_TYPE_free(ttmp);
-+ ASN1_STRING_free(stmp);
- return 0;
- }
-
--int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
-+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
- {
- if (attr == NULL)
- return 0;
---- a/crypto/x509/x509_cmp.c
-+++ b/crypto/x509/x509_cmp.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -128,7 +80,7 @@ int X509_CRL_match(const X509_CRL *a, co
- return memcmp(a->sha1_hash, b->sha1_hash, 20);
- }
-
--X509_NAME *X509_get_issuer_name(X509 *a)
-+X509_NAME *X509_get_issuer_name(const X509 *a)
- {
- return (a->cert_info.issuer);
- }
-@@ -145,7 +97,7 @@ unsigned long X509_issuer_name_hash_old(
- }
- #endif
-
--X509_NAME *X509_get_subject_name(X509 *a)
-+X509_NAME *X509_get_subject_name(const X509 *a)
- {
- return (a->cert_info.subject);
- }
-@@ -187,9 +139,10 @@ int X509_cmp(const X509 *a, const X509 *
- return rv;
- /* Check for match against stored encoding too */
- if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
-- rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len);
-- if (rv)
-- return rv;
-+ if (a->cert_info.enc.len < b->cert_info.enc.len)
-+ return -1;
-+ if (a->cert_info.enc.len > b->cert_info.enc.len)
-+ return 1;
- return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
- a->cert_info.enc.len);
- }
-@@ -304,7 +257,7 @@ X509 *X509_find_by_subject(STACK_OF(X509
- return (NULL);
- }
-
--EVP_PKEY *X509_get0_pubkey(X509 *x)
-+EVP_PKEY *X509_get0_pubkey(const X509 *x)
- {
- if (x == NULL)
- return NULL;
-@@ -318,9 +271,9 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
- return X509_PUBKEY_get(x->cert_info.key);
- }
-
--int X509_check_private_key(X509 *x, EVP_PKEY *k)
-+int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
- {
-- EVP_PKEY *xk;
-+ const EVP_PKEY *xk;
- int ret;
-
- xk = X509_get0_pubkey(x);
---- a/crypto/x509/x509_d2.c
-+++ b/crypto/x509/x509_d2.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x509_def.c
-+++ b/crypto/x509/x509_def.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x509_err.c
-+++ b/crypto/x509/x509_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -72,6 +22,7 @@ static ERR_STRING_DATA X509_str_functs[]
- {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"},
- {ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"},
- {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"},
-+ {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "check_name_constraints"},
- {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"},
- {ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"},
- {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"},
-@@ -109,6 +60,7 @@ static ERR_STRING_DATA X509_str_functs[]
- "X509_NAME_ENTRY_set_object"},
- {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
- {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
-+ {ERR_FUNC(X509_F_X509_OBJECT_NEW), "X509_OBJECT_new"},
- {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
- {ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"},
- {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"},
-@@ -126,8 +78,6 @@ static ERR_STRING_DATA X509_str_functs[]
- {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
- {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
- "X509_STORE_CTX_purpose_inherit"},
-- {ERR_FUNC(X509_F_X509_STORE_GET_X509_BY_SUBJECT),
-- "X509_STORE_get_X509_by_subject"},
- {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
- {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
- {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-@@ -145,7 +95,6 @@ static ERR_STRING_DATA X509_str_reasons[
- "cert already in hash table"},
- {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
- {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
-- {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
- {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
- {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
- {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
-@@ -156,6 +105,7 @@ static ERR_STRING_DATA X509_str_reasons[
- {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
- {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
- {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
-+ {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
- {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
- {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
- "no cert set for us to verify"},
-@@ -179,7 +129,7 @@ static ERR_STRING_DATA X509_str_reasons[
-
- #endif
-
--void ERR_load_X509_strings(void)
-+int ERR_load_X509_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -188,4 +138,5 @@ void ERR_load_X509_strings(void)
- ERR_load_strings(0, X509_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/x509/x509_ext.c
-+++ b/crypto/x509/x509_ext.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -65,27 +17,27 @@
- #include "internal/x509_int.h"
- #include <openssl/x509v3.h>
-
--int X509_CRL_get_ext_count(X509_CRL *x)
-+int X509_CRL_get_ext_count(const X509_CRL *x)
- {
- return (X509v3_get_ext_count(x->crl.extensions));
- }
-
--int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
-+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
- {
- return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos));
- }
-
--int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
-+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
- {
- return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos));
- }
-
--int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
-+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
- {
- return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos));
- }
-
--X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
-+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
- {
- return (X509v3_get_ext(x->crl.extensions, loc));
- }
-@@ -95,7 +47,7 @@ X509_EXTENSION *X509_CRL_delete_ext(X509
- return (X509v3_delete_ext(x->crl.extensions, loc));
- }
-
--void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
-+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
- }
-@@ -111,28 +63,28 @@ int X509_CRL_add_ext(X509_CRL *x, X509_E
- return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
- }
-
--int X509_get_ext_count(X509 *x)
-+int X509_get_ext_count(const X509 *x)
- {
- return (X509v3_get_ext_count(x->cert_info.extensions));
- }
-
--int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
-+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
- {
- return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos));
- }
-
--int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
-+int X509_get_ext_by_OBJ(const X509 *x, ASN1_OBJECT *obj, int lastpos)
- {
- return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos));
- }
-
--int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
-+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
- {
- return (X509v3_get_ext_by_critical
- (x->cert_info.extensions, crit, lastpos));
- }
-
--X509_EXTENSION *X509_get_ext(X509 *x, int loc)
-+X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
- {
- return (X509v3_get_ext(x->cert_info.extensions, loc));
- }
-@@ -147,7 +99,7 @@ int X509_add_ext(X509 *x, X509_EXTENSION
- return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
- }
-
--void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
-+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx);
- }
-@@ -159,28 +111,28 @@ int X509_add1_ext_i2d(X509 *x, int nid,
- flags);
- }
-
--int X509_REVOKED_get_ext_count(X509_REVOKED *x)
-+int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
- {
- return (X509v3_get_ext_count(x->extensions));
- }
-
--int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
-+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
- {
- return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
- }
-
--int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, ASN1_OBJECT *obj,
- int lastpos)
- {
- return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
- }
-
--int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
-+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
- {
- return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
- }
-
--X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
-+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
- {
- return (X509v3_get_ext(x->extensions, loc));
- }
-@@ -195,7 +147,7 @@ int X509_REVOKED_add_ext(X509_REVOKED *x
- return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
- }
-
--void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
-+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->extensions, nid, crit, idx);
- }
---- a/crypto/x509/x509_lcl.h
-+++ b/crypto/x509/x509_lcl.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2013.
-- */
--/* ====================================================================
-- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -123,15 +74,16 @@ struct x509_lookup_method_st {
- int (*shutdown) (X509_LOOKUP *ctx);
- int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
- char **ret);
-- int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
-- X509_OBJECT *ret);
-- int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
-- ASN1_INTEGER *serial, X509_OBJECT *ret);
-- int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
-+ int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, X509_OBJECT *ret);
-+ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, ASN1_INTEGER *serial,
-+ X509_OBJECT *ret);
-+ int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- unsigned char *bytes, int len,
- X509_OBJECT *ret);
-- int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
-- X509_OBJECT *ret);
-+ int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ char *str, int len, X509_OBJECT *ret);
- };
-
- /* This is the functions plus an instance of the local variables. */
-@@ -172,6 +124,8 @@ struct x509_store_st {
- int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
- /* Check certificate against CRL */
- int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
-+ /* Check policy status of the chain */
-+ int (*check_policy) (X509_STORE_CTX *ctx);
- STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
- STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
- int (*cleanup) (X509_STORE_CTX *ctx);
---- a/crypto/x509/x509_lu.c
-+++ b/crypto/x509/x509_lu.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -88,6 +40,16 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
- OPENSSL_free(ctx);
- }
-
-+int X509_STORE_lock(X509_STORE *s)
-+{
-+ return CRYPTO_THREAD_write_lock(s->lock);
-+}
-+
-+int X509_STORE_unlock(X509_STORE *s)
-+{
-+ return CRYPTO_THREAD_unlock(s->lock);
-+}
-+
- int X509_LOOKUP_init(X509_LOOKUP *ctx)
- {
- if (ctx->method == NULL)
-@@ -119,38 +81,39 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, i
- return 1;
- }
-
--int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-- X509_OBJECT *ret)
-+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-- return X509_LU_FAIL;
-+ return 0;
- if (ctx->skip)
- return 0;
- return ctx->method->get_by_subject(ctx, type, name, ret);
- }
-
--int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-- ASN1_INTEGER *serial, X509_OBJECT *ret)
-+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, ASN1_INTEGER *serial,
-+ X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
-- return X509_LU_FAIL;
-+ return 0;
- return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
- }
-
--int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- unsigned char *bytes, int len,
- X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-- return X509_LU_FAIL;
-+ return 0;
- return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
- }
-
--int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-- X509_OBJECT *ret)
-+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ char *str, int len, X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-- return X509_LU_FAIL;
-+ return 0;
- return ctx->method->get_by_alias(ctx, type, str, len, ret);
- }
-
-@@ -294,25 +257,23 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_
- }
- }
-
--X509_OBJECT *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, int type,
-- X509_NAME *name)
-+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
-+ X509_LOOKUP_TYPE type,
-+ X509_NAME *name)
- {
-- X509_OBJECT *ret;
-+ X509_OBJECT *ret = X509_OBJECT_new();
-
-- ret = OPENSSL_malloc(sizeof (*ret));
-- if (ret == NULL) {
-- X509err(X509_F_X509_STORE_GET_X509_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
-+ if (ret == NULL)
- return NULL;
-- }
-- if (!X509_STORE_get_by_subject(vs, type, name, ret)) {
-- OPENSSL_free(ret);
-+ if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
-+ X509_OBJECT_free(ret);
- return NULL;
- }
- return ret;
- }
-
--int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
-- X509_NAME *name, X509_OBJECT *ret)
-+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, X509_OBJECT *ret)
- {
- X509_STORE *ctx = vs->ctx;
- X509_LOOKUP *lu;
-@@ -324,26 +285,18 @@ int X509_STORE_get_by_subject(X509_STORE
- CRYPTO_THREAD_unlock(ctx->lock);
-
- if (tmp == NULL || type == X509_LU_CRL) {
-- for (i = vs->current_method;
-- i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
-+ for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
- lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
- j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
-- if (j < 0) {
-- vs->current_method = j;
-- return j;
-- } else if (j) {
-+ if (j) {
- tmp = &stmp;
- break;
- }
- }
-- vs->current_method = 0;
- if (tmp == NULL)
- return 0;
- }
-
--/*- if (ret->data.ptr != NULL)
-- X509_OBJECT_free_contents(ret); */
--
- ret->type = tmp->type;
- ret->data.ptr = tmp->data.ptr;
-
-@@ -355,96 +308,118 @@ int X509_STORE_get_by_subject(X509_STORE
- int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
- {
- X509_OBJECT *obj;
-- int ret = 1;
-+ int ret = 1, added = 1;
-
- if (x == NULL)
- return 0;
-- obj = OPENSSL_malloc(sizeof(*obj));
-- if (obj == NULL) {
-- X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
-+ obj = X509_OBJECT_new();
-+ if (obj == NULL)
- return 0;
-- }
- obj->type = X509_LU_X509;
- obj->data.x509 = x;
-+ X509_OBJECT_up_ref_count(obj);
-
- CRYPTO_THREAD_write_lock(ctx->lock);
-
-- X509_OBJECT_up_ref_count(obj);
--
- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-- X509_OBJECT_free_contents(obj);
-- OPENSSL_free(obj);
- X509err(X509_F_X509_STORE_ADD_CERT,
- X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret = 0;
-- } else
-- sk_X509_OBJECT_push(ctx->objs, obj);
-+ } else {
-+ added = sk_X509_OBJECT_push(ctx->objs, obj);
-+ ret = added != 0;
-+ }
-
- CRYPTO_THREAD_unlock(ctx->lock);
-
-+ if (!ret) /* obj not pushed */
-+ X509_OBJECT_free(obj);
-+ if (!added) /* on push failure */
-+ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
-+
- return ret;
- }
-
- int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
- {
- X509_OBJECT *obj;
-- int ret = 1;
-+ int ret = 1, added = 1;
-
- if (x == NULL)
- return 0;
-- obj = OPENSSL_malloc(sizeof(*obj));
-- if (obj == NULL) {
-- X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
-+ obj = X509_OBJECT_new();
-+ if (obj == NULL)
- return 0;
-- }
- obj->type = X509_LU_CRL;
- obj->data.crl = x;
-+ X509_OBJECT_up_ref_count(obj);
-
- CRYPTO_THREAD_write_lock(ctx->lock);
-
-- X509_OBJECT_up_ref_count(obj);
--
- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-- X509_OBJECT_free_contents(obj);
-- OPENSSL_free(obj);
- X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret = 0;
-- } else
-- sk_X509_OBJECT_push(ctx->objs, obj);
-+ } else {
-+ added = sk_X509_OBJECT_push(ctx->objs, obj);
-+ ret = added != 0;
-+ }
-
- CRYPTO_THREAD_unlock(ctx->lock);
-
-+ if (!ret) /* obj not pushed */
-+ X509_OBJECT_free(obj);
-+ if (!added) /* on push failure */
-+ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
-+
- return ret;
- }
-
--void X509_OBJECT_up_ref_count(X509_OBJECT *a)
-+int X509_OBJECT_up_ref_count(X509_OBJECT *a)
- {
- switch (a->type) {
- default:
- break;
- case X509_LU_X509:
-- X509_up_ref(a->data.x509);
-- break;
-+ return X509_up_ref(a->data.x509);
- case X509_LU_CRL:
-- X509_CRL_up_ref(a->data.crl);
-- break;
-+ return X509_CRL_up_ref(a->data.crl);
- }
-+ return 1;
- }
-
--X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
-+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
- {
-+ if (a == NULL || a->type != X509_LU_X509)
-+ return NULL;
- return a->data.x509;
- }
-
--void X509_OBJECT_free(X509_OBJECT *a)
-+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
- {
-- if (a == NULL)
-- return;
-- X509_OBJECT_free_contents(a);
-- OPENSSL_free(a);
-+ if (a == NULL || a->type != X509_LU_CRL)
-+ return NULL;
-+ return a->data.crl;
- }
-
--void X509_OBJECT_free_contents(X509_OBJECT *a)
-+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
-+{
-+ return a->type;
-+}
-+
-+X509_OBJECT *X509_OBJECT_new()
-+{
-+ X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
-+
-+ if (ret == NULL) {
-+ X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+ ret->type = X509_LU_NONE;
-+ return ret;
-+}
-+
-+
-+void X509_OBJECT_free(X509_OBJECT *a)
- {
- if (a == NULL)
- return;
-@@ -458,9 +433,10 @@ void X509_OBJECT_free_contents(X509_OBJE
- X509_CRL_free(a->data.crl);
- break;
- }
-+ OPENSSL_free(a);
- }
-
--static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
-+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
- X509_NAME *name, int *pnmatch)
- {
- X509_OBJECT stmp;
-@@ -499,14 +475,15 @@ static int x509_object_idx_cnt(STACK_OF(
- return idx;
- }
-
--int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
- X509_NAME *name)
- {
- return x509_object_idx_cnt(h, type, name, NULL);
- }
-
- X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
-- int type, X509_NAME *name)
-+ X509_LOOKUP_TYPE type,
-+ X509_NAME *name)
- {
- int idx;
- idx = X509_OBJECT_idx_by_subject(h, type, name);
-@@ -515,13 +492,18 @@ X509_OBJECT *X509_OBJECT_retrieve_by_sub
- return sk_X509_OBJECT_value(h, idx);
- }
-
--STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
-+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
-+{
-+ return v->objs;
-+}
-+
-+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
- {
- int i, idx, cnt;
-- STACK_OF(X509) *sk;
-+ STACK_OF(X509) *sk = NULL;
- X509 *x;
- X509_OBJECT *obj;
-- sk = sk_X509_new_null();
-+
- CRYPTO_THREAD_write_lock(ctx->ctx->lock);
- idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
- if (idx < 0) {
-@@ -529,21 +511,25 @@ STACK_OF(X509) *X509_STORE_get1_certs(X5
- * Nothing found in cache: do lookup to possibly add new objects to
- * cache
- */
-- X509_OBJECT xobj;
-+ X509_OBJECT *xobj = X509_OBJECT_new();
-+
- CRYPTO_THREAD_unlock(ctx->ctx->lock);
-- if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
-- sk_X509_free(sk);
-+ if (xobj == NULL)
-+ return NULL;
-+ if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
-+ X509_OBJECT_free(xobj);
- return NULL;
- }
-- X509_OBJECT_free_contents(&xobj);
-+ X509_OBJECT_free(xobj);
- CRYPTO_THREAD_write_lock(ctx->ctx->lock);
- idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
- if (idx < 0) {
- CRYPTO_THREAD_unlock(ctx->ctx->lock);
-- sk_X509_free(sk);
- return NULL;
- }
- }
-+
-+ sk = sk_X509_new_null();
- for (i = 0; i < cnt; i++, idx++) {
- obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
- x = obj->data.x509;
-@@ -557,25 +543,23 @@ STACK_OF(X509) *X509_STORE_get1_certs(X5
- }
- CRYPTO_THREAD_unlock(ctx->ctx->lock);
- return sk;
--
- }
-
--STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
-+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
- {
- int i, idx, cnt;
-- STACK_OF(X509_CRL) *sk;
-+ STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
- X509_CRL *x;
-- X509_OBJECT *obj, xobj;
-- sk = sk_X509_CRL_new_null();
-+ X509_OBJECT *obj, *xobj = X509_OBJECT_new();
-
-- /*
-- * Always do lookup to possibly add new CRLs to cache
-- */
-- if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
-+ /* Always do lookup to possibly add new CRLs to cache */
-+ if (sk == NULL || xobj == NULL ||
-+ !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
-+ X509_OBJECT_free(xobj);
- sk_X509_CRL_free(sk);
- return NULL;
- }
-- X509_OBJECT_free_contents(&xobj);
-+ X509_OBJECT_free(xobj);
- CRYPTO_THREAD_write_lock(ctx->ctx->lock);
- idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
- if (idx < 0) {
-@@ -641,32 +625,28 @@ X509_OBJECT *X509_OBJECT_retrieve_match(
- int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
- {
- X509_NAME *xn;
-- X509_OBJECT obj, *pobj;
-+ X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
- int i, ok, idx, ret;
-
-+ if (obj == NULL)
-+ return -1;
- *issuer = NULL;
- xn = X509_get_issuer_name(x);
-- ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
-- if (ok != X509_LU_X509) {
-- if (ok == X509_LU_RETRY) {
-- X509_OBJECT_free_contents(&obj);
-- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
-- return -1;
-- } else if (ok != X509_LU_FAIL) {
-- X509_OBJECT_free_contents(&obj);
-- /* not good :-(, break anyway */
-- return -1;
-- }
-+ ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
-+ if (ok != 1) {
-+ X509_OBJECT_free(obj);
- return 0;
- }
- /* If certificate matches all OK */
-- if (ctx->check_issued(ctx, x, obj.data.x509)) {
-- if (x509_check_cert_time(ctx, obj.data.x509, -1)) {
-- *issuer = obj.data.x509;
-+ if (ctx->check_issued(ctx, x, obj->data.x509)) {
-+ if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
-+ *issuer = obj->data.x509;
-+ X509_up_ref(*issuer);
-+ X509_OBJECT_free(obj);
- return 1;
- }
- }
-- X509_OBJECT_free_contents(&obj);
-+ X509_OBJECT_free(obj);
-
- /* Else find index of first cert accepted by 'check_issued' */
- ret = 0;
-@@ -729,18 +709,150 @@ int X509_STORE_set1_param(X509_STORE *ct
- return X509_VERIFY_PARAM_set1(ctx->param, param);
- }
-
-+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
-+{
-+ return ctx->param;
-+}
-+
-+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
-+{
-+ ctx->verify = verify;
-+}
-+
-+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
-+{
-+ return ctx->verify;
-+}
-+
- void X509_STORE_set_verify_cb(X509_STORE *ctx,
-- int (*verify_cb) (int, X509_STORE_CTX *))
-+ X509_STORE_CTX_verify_cb verify_cb)
- {
- ctx->verify_cb = verify_cb;
- }
-
--void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-- STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
-- *ctx,
-- X509_NAME *nm))
-+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
-+{
-+ return ctx->verify_cb;
-+}
-+
-+void X509_STORE_set_get_issuer(X509_STORE *ctx,
-+ X509_STORE_CTX_get_issuer_fn get_issuer)
-+{
-+ ctx->get_issuer = get_issuer;
-+}
-+
-+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
-+{
-+ return ctx->get_issuer;
-+}
-+
-+void X509_STORE_set_check_issued(X509_STORE *ctx,
-+ X509_STORE_CTX_check_issued_fn check_issued)
-+{
-+ ctx->check_issued = check_issued;
-+}
-+
-+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
-+{
-+ return ctx->check_issued;
-+}
-+
-+void X509_STORE_set_check_revocation(X509_STORE *ctx,
-+ X509_STORE_CTX_check_revocation_fn check_revocation)
-+{
-+ ctx->check_revocation = check_revocation;
-+}
-+
-+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
-+{
-+ return ctx->check_revocation;
-+}
-+
-+void X509_STORE_set_get_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_get_crl_fn get_crl)
-+{
-+ ctx->get_crl = get_crl;
-+}
-+
-+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
-+{
-+ return ctx->get_crl;
-+}
-+
-+void X509_STORE_set_check_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_check_crl_fn check_crl)
-+{
-+ ctx->check_crl = check_crl;
-+}
-+
-+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
-+{
-+ return ctx->check_crl;
-+}
-+
-+void X509_STORE_set_cert_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_cert_crl_fn cert_crl)
-+{
-+ ctx->cert_crl = cert_crl;
-+}
-+
-+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
-+{
-+ return ctx->cert_crl;
-+}
-+
-+void X509_STORE_set_check_policy(X509_STORE *ctx,
-+ X509_STORE_CTX_check_policy_fn check_policy)
-+{
-+ ctx->check_policy = check_policy;
-+}
-+
-+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
-+{
-+ return ctx->check_policy;
-+}
-+
-+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_certs_fn lookup_certs)
-+{
-+ ctx->lookup_certs = lookup_certs;
-+}
-+
-+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
-+{
-+ return ctx->lookup_certs;
-+}
-+
-+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_crls_fn lookup_crls)
-+{
-+ ctx->lookup_crls = lookup_crls;
-+}
-+
-+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
-+{
-+ return ctx->lookup_crls;
-+}
-+
-+void X509_STORE_set_cleanup(X509_STORE *ctx,
-+ X509_STORE_CTX_cleanup_fn ctx_cleanup)
-+{
-+ ctx->cleanup = ctx_cleanup;
-+}
-+
-+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
-+{
-+ return ctx->cleanup;
-+}
-+
-+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
-+{
-+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
-+}
-+
-+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
- {
-- ctx->lookup_crls = cb;
-+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
- }
-
- X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
---- a/crypto/x509/x509_obj.c
-+++ b/crypto/x509/x509_obj.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -63,6 +15,13 @@
- #include <openssl/buffer.h>
- #include "internal/x509_int.h"
-
-+/*
-+ * Limit to ensure we don't overflow: much greater than
-+ * anything encountered in practice.
-+ */
-+
-+#define NAME_ONELINE_MAX (1024 * 1024)
-+
- char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
- {
- X509_NAME_ENTRY *ne;
-@@ -76,7 +35,7 @@ char *X509_NAME_oneline(X509_NAME *a, ch
- int gs_doit[4];
- char tmp_buf[80];
- #ifdef CHARSET_EBCDIC
-- char ebcdic_buf[1024];
-+ unsigned char ebcdic_buf[1024];
- #endif
-
- if (buf == NULL) {
-@@ -86,6 +45,8 @@ char *X509_NAME_oneline(X509_NAME *a, ch
- goto err;
- b->data[0] = '\0';
- len = 200;
-+ } else if (len == 0) {
-+ return NULL;
- }
- if (a == NULL) {
- if (b) {
-@@ -110,15 +71,20 @@ char *X509_NAME_oneline(X509_NAME *a, ch
-
- type = ne->value->type;
- num = ne->value->length;
-+ if (num > NAME_ONELINE_MAX) {
-+ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
-+ goto end;
-+ }
- q = ne->value->data;
- #ifdef CHARSET_EBCDIC
- if (type == V_ASN1_GENERALSTRING ||
- type == V_ASN1_VISIBLESTRING ||
- type == V_ASN1_PRINTABLESTRING ||
- type == V_ASN1_TELETEXSTRING ||
-- type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-- ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
-- ? sizeof ebcdic_buf : num);
-+ type == V_ASN1_IA5STRING) {
-+ if (num > (int)sizeof(ebcdic_buf))
-+ num = sizeof(ebcdic_buf);
-+ ascii2ebcdic(ebcdic_buf, q, num);
- q = ebcdic_buf;
- }
- #endif
-@@ -154,6 +120,10 @@ char *X509_NAME_oneline(X509_NAME *a, ch
-
- lold = l;
- l += 1 + l1 + 1 + l2;
-+ if (l > NAME_ONELINE_MAX) {
-+ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
-+ goto end;
-+ }
- if (b != NULL) {
- if (!BUF_MEM_grow(b, l + 1))
- goto err;
-@@ -206,6 +176,7 @@ char *X509_NAME_oneline(X509_NAME *a, ch
- return (p);
- err:
- X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
-+ end:
- BUF_MEM_free(b);
- return (NULL);
- }
---- a/crypto/x509/x509_r2x.c
-+++ b/crypto/x509/x509_r2x.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x509_req.c
-+++ b/crypto/x509/x509_req.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -315,12 +267,12 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *
- return 0;
- }
-
--long X509_REQ_get_version(X509_REQ *req)
-+long X509_REQ_get_version(const X509_REQ *req)
- {
- return ASN1_INTEGER_get(req->req_info.version);
- }
-
--X509_NAME *X509_REQ_get_subject_name(X509_REQ *req)
-+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
- {
- return req->req_info.subject;
- }
---- a/crypto/x509/x509_set.c
-+++ b/crypto/x509/x509_set.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -146,23 +98,29 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *p
- return (X509_PUBKEY_set(&(x->cert_info.key), pkey));
- }
-
--void X509_up_ref(X509 *x)
-+int X509_up_ref(X509 *x)
- {
- int i;
-- CRYPTO_atomic_add(&x->references, 1, &i, x->lock);
-+
-+ if (CRYPTO_atomic_add(&x->references, 1, &i, x->lock) <= 0)
-+ return 0;
-+
-+ REF_PRINT_COUNT("X509", x);
-+ REF_ASSERT_ISNT(i < 2);
-+ return ((i > 1) ? 1 : 0);
- }
-
--long X509_get_version(X509 *x)
-+long X509_get_version(const X509 *x)
- {
- return ASN1_INTEGER_get(x->cert_info.version);
- }
-
--ASN1_TIME * X509_get_notBefore(X509 *x)
-+ASN1_TIME * X509_get_notBefore(const X509 *x)
- {
- return x->cert_info.validity.notBefore;
- }
-
--ASN1_TIME *X509_get_notAfter(X509 *x)
-+ASN1_TIME *X509_get_notAfter(const X509 *x)
- {
- return x->cert_info.validity.notAfter;
- }
---- a/crypto/x509/x509_trs.c
-+++ b/crypto/x509/x509_trs.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -169,7 +120,7 @@ int X509_TRUST_set(int *t, int trust)
- }
-
- int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
-- char *name, int arg1, void *arg2)
-+ const char *name, int arg1, void *arg2)
- {
- int idx;
- X509_TRUST *trtmp;
-@@ -197,7 +148,7 @@ int X509_TRUST_add(int id, int flags, in
- /* dup supplied name */
- if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
- X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- /* Keep the dynamic flag of existing entry */
- trtmp->flags &= X509_TRUST_DYNAMIC;
-@@ -214,14 +165,20 @@ int X509_TRUST_add(int id, int flags, in
- if (trtable == NULL
- && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
- X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;;
- }
- if (!sk_X509_TRUST_push(trtable, trtmp)) {
- X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- }
- return 1;
-+ err:
-+ if (idx == -1) {
-+ OPENSSL_free(trtmp->name);
-+ OPENSSL_free(trtmp);
-+ }
-+ return 0;
- }
-
- static void trtable_free(X509_TRUST *p)
-@@ -237,24 +194,21 @@ static void trtable_free(X509_TRUST *p)
-
- void X509_TRUST_cleanup(void)
- {
-- unsigned int i;
-- for (i = 0; i < X509_TRUST_COUNT; i++)
-- trtable_free(trstandard + i);
- sk_X509_TRUST_pop_free(trtable, trtable_free);
- trtable = NULL;
- }
-
--int X509_TRUST_get_flags(X509_TRUST *xp)
-+int X509_TRUST_get_flags(const X509_TRUST *xp)
- {
- return xp->flags;
- }
-
--char *X509_TRUST_get0_name(X509_TRUST *xp)
-+char *X509_TRUST_get0_name(const X509_TRUST *xp)
- {
- return xp->name;
- }
-
--int X509_TRUST_get_trust(X509_TRUST *xp)
-+int X509_TRUST_get_trust(const X509_TRUST *xp)
- {
- return xp->trust;
- }
---- a/crypto/x509/x509_txt.c
-+++ b/crypto/x509/x509_txt.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -209,6 +161,14 @@ const char *X509_verify_cert_error_strin
- return ("CA certificate key too weak");
- case X509_V_ERR_CA_MD_TOO_WEAK:
- return ("CA signature digest algorithm too weak");
-+ case X509_V_ERR_INVALID_CALL:
-+ return ("Invalid certificate verification context");
-+ case X509_V_ERR_STORE_LOOKUP:
-+ return ("Issuer certificate lookup error");
-+ case X509_V_ERR_NO_VALID_SCTS:
-+ return ("Certificate Transparency required, but no valid SCTs found");
-+ case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
-+ return ("proxy subject name violation");
-
- default:
- /* Printing an error number into a static buffer is not thread-safe */
---- a/crypto/x509/x509_v3.c
-+++ b/crypto/x509/x509_v3.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -235,7 +187,7 @@ int X509_EXTENSION_set_object(X509_EXTEN
- return (0);
- ASN1_OBJECT_free(ex->object);
- ex->object = OBJ_dup(obj);
-- return (1);
-+ return ex->object != NULL;
- }
-
- int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
-@@ -272,7 +224,7 @@ ASN1_OCTET_STRING *X509_EXTENSION_get_da
- return &ex->value;
- }
-
--int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
-+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
- {
- if (ex == NULL)
- return (0);
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -299,9 +251,11 @@ static int verify_chain(X509_STORE_CTX *
- int X509_verify_cert(X509_STORE_CTX *ctx)
- {
- SSL_DANE *dane = ctx->dane;
-+ int ret;
-
- if (ctx->cert == NULL) {
- X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-+ ctx->error = X509_V_ERR_INVALID_CALL;
- return -1;
- }
-
-@@ -311,6 +265,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
- * cannot do another one.
- */
- X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-+ ctx->error = X509_V_ERR_INVALID_CALL;
- return -1;
- }
-
-@@ -321,6 +276,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
- if (((ctx->chain = sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain, ctx->cert))) {
- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- return -1;
- }
- X509_up_ref(ctx->cert);
-@@ -331,15 +287,19 @@ int X509_verify_cert(X509_STORE_CTX *ctx
- !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
- return 0;
-
-+ if (DANETLS_ENABLED(dane))
-+ ret = dane_verify(ctx);
-+ else
-+ ret = verify_chain(ctx);
-+
- /*
-- * If dane->trecs is an empty stack, we'll fail, since the user enabled
-- * DANE. If none of the TLSA records were usable, and it makes sense to
-- * keep going with an unauthenticated handshake, they can handle that in
-- * the verify callback, or not set SSL_VERIFY_PEER.
-+ * Safety-net. If we are returning an error, we must also set ctx->error,
-+ * so that the chain is not considered verified should the error be ignored
-+ * (e.g. TLS with SSL_VERIFY_NONE).
- */
-- if (DANETLS_ENABLED(dane))
-- return dane_verify(ctx);
-- return verify_chain(ctx);
-+ if (ret <= 0 && ctx->error == X509_V_OK)
-+ ctx->error = X509_V_ERR_UNSPECIFIED;
-+ return ret;
- }
-
- /*
-@@ -501,12 +461,6 @@ static int check_chain_extensions(X509_S
- } else {
- allow_proxy_certs =
- ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-- /*
-- * A hack to keep people who don't want to modify their software
-- * happy
-- */
-- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-- allow_proxy_certs = 1;
- purpose = ctx->param->purpose;
- }
-
-@@ -573,10 +527,24 @@ static int check_chain_extensions(X509_S
- * the next certificate must be a CA certificate.
- */
- if (x->ex_flags & EXFLAG_PROXY) {
-- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
-- if (!verify_cb_cert(ctx, x, i,
-- X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED))
-- return 0;
-+ /*
-+ * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint
-+ * is less than max_path_length, the former should be copied to
-+ * the latter, and 4.1.4 (a) stipulates that max_path_length
-+ * should be verified to be larger than zero and decrement it.
-+ *
-+ * Because we're checking the certs in the reverse order, we start
-+ * with verifying that proxy_path_length isn't larger than pcPLC,
-+ * and copy the latter to the former if it is, and finally,
-+ * increment proxy_path_length.
-+ */
-+ if (x->ex_pcpathlen != -1) {
-+ if (proxy_path_length > x->ex_pcpathlen) {
-+ if (!verify_cb_cert(ctx, x, i,
-+ X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED))
-+ return 0;
-+ }
-+ proxy_path_length = x->ex_pcpathlen;
- }
- proxy_path_length++;
- must_be_ca = 0;
-@@ -598,6 +566,79 @@ static int check_name_constraints(X509_S
- /* Ignore self issued certs unless last in chain */
- if (i && (x->ex_flags & EXFLAG_SI))
- continue;
-+
-+ /*
-+ * Proxy certificates policy has an extra constraint, where the
-+ * certificate subject MUST be the issuer with a single CN entry
-+ * added.
-+ * (RFC 3820: 3.4, 4.1.3 (a)(4))
-+ */
-+ if (x->ex_flags & EXFLAG_PROXY) {
-+ X509_NAME *tmpsubject = X509_get_subject_name(x);
-+ X509_NAME *tmpissuer = X509_get_issuer_name(x);
-+ X509_NAME_ENTRY *tmpentry = NULL;
-+ int last_object_nid = 0;
-+ int err = X509_V_OK;
-+ int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
-+
-+ /* Check that there are at least two RDNs */
-+ if (last_object_loc < 1) {
-+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
-+ goto proxy_name_done;
-+ }
-+
-+ /*
-+ * Check that there is exactly one more RDN in subject as
-+ * there is in issuer.
-+ */
-+ if (X509_NAME_entry_count(tmpsubject)
-+ != X509_NAME_entry_count(tmpissuer) + 1) {
-+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
-+ goto proxy_name_done;
-+ }
-+
-+ /*
-+ * Check that the last subject component isn't part of a
-+ * multivalued RDN
-+ */
-+ if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
-+ last_object_loc))
-+ == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
-+ last_object_loc - 1))) {
-+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
-+ goto proxy_name_done;
-+ }
-+
-+ /*
-+ * Check that the last subject RDN is a commonName, and that
-+ * all the previous RDNs match the issuer exactly
-+ */
-+ tmpsubject = X509_NAME_dup(tmpsubject);
-+ if (tmpsubject == NULL) {
-+ X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
-+ return 0;
-+ }
-+
-+ tmpentry =
-+ X509_NAME_delete_entry(tmpsubject, last_object_loc);
-+ last_object_nid =
-+ OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
-+
-+ if (last_object_nid != NID_commonName
-+ || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
-+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
-+ }
-+
-+ X509_NAME_ENTRY_free(tmpentry);
-+ X509_NAME_free(tmpsubject);
-+
-+ proxy_name_done:
-+ if (err != X509_V_OK
-+ && !verify_cb_cert(ctx, x, i, err))
-+ return 0;
-+ }
-+
- /*
- * Check against constraints for all certificates higher in chain
- * including trust anchor. Trust anchor not strictly speaking needed
-@@ -610,8 +651,20 @@ static int check_name_constraints(X509_S
- if (nc) {
- int rv = NAME_CONSTRAINTS_check(x, nc);
-
-- if (rv != X509_V_OK && !verify_cb_cert(ctx, x, i, rv))
-+ /* If EE certificate check commonName too */
-+ if (rv == X509_V_OK && i == 0)
-+ rv = NAME_CONSTRAINTS_check_CN(x, nc);
-+
-+ switch (rv) {
-+ case X509_V_OK:
-+ break;
-+ case X509_V_ERR_OUT_OF_MEM:
- return 0;
-+ default:
-+ if (!verify_cb_cert(ctx, x, i, rv))
-+ return 0;
-+ break;
-+ }
- }
- }
- }
-@@ -918,13 +971,25 @@ static int get_crl_sk(X509_STORE_CTX *ct
- crl = sk_X509_CRL_value(crls, i);
- reasons = *preasons;
- crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
--
-- if (crl_score > best_score) {
-- best_crl = crl;
-- best_crl_issuer = crl_issuer;
-- best_score = crl_score;
-- best_reasons = reasons;
-+ if (crl_score < best_score)
-+ continue;
-+ /* If current CRL is equivalent use it if it is newer */
-+ if (crl_score == best_score) {
-+ int day, sec;
-+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
-+ X509_CRL_get_lastUpdate(crl)) == 0)
-+ continue;
-+ /*
-+ * ASN1_TIME_diff never returns inconsistent signs for |day|
-+ * and |sec|.
-+ */
-+ if (day <= 0 && sec <= 0)
-+ continue;
- }
-+ best_crl = crl;
-+ best_crl_issuer = crl_issuer;
-+ best_score = crl_score;
-+ best_reasons = reasons;
- }
-
- if (best_crl) {
-@@ -1505,6 +1570,7 @@ static int check_policy(X509_STORE_CTX *
- */
- if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
- X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-@@ -1514,6 +1580,7 @@ static int check_policy(X509_STORE_CTX *
-
- if (ret == X509_PCY_TREE_INTERNAL) {
- X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
- /* Invalid or inconsistent extensions */
-@@ -1544,7 +1611,12 @@ static int check_policy(X509_STORE_CTX *
-
- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
- ctx->current_cert = NULL;
-- ctx->error = X509_V_OK;
-+ /*
-+ * Verification errors need to be "sticky", a callback may have allowed
-+ * an SSL handshake to continue despite an error, and we must then
-+ * remain in an error state. Therefore, we MUST NOT clear earlier
-+ * verification errors by setting the error to X509_V_OK.
-+ */
- if (!ctx->verify_cb(2, ctx))
- return 0;
- }
-@@ -1989,11 +2061,21 @@ int X509_STORE_CTX_get_error_depth(X509_
- return ctx->error_depth;
- }
-
-+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
-+{
-+ ctx->error_depth = depth;
-+}
-+
- X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
- {
- return ctx->current_cert;
- }
-
-+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x)
-+{
-+ ctx->current_cert = x;
-+}
-+
- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
- {
- return ctx->chain;
-@@ -2138,7 +2220,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
- int ret = 1;
-
- ctx->ctx = store;
-- ctx->current_method = 0;
- ctx->cert = x509;
- ctx->untrusted = chain;
- ctx->crls = NULL;
-@@ -2161,11 +2242,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
- /* Zero ex_data to make sure we're cleanup-safe */
- memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
-
-- if (store) {
-- ctx->verify_cb = store->verify_cb;
-- /* Seems to always be 0 in OpenSSL, else must be idempotent */
-+ /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
-+ if (store)
- ctx->cleanup = store->cleanup;
-- } else
-+ else
- ctx->cleanup = 0;
-
- if (store && store->check_issued)
-@@ -2208,17 +2288,20 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
- else
- ctx->cert_crl = cert_crl;
-
-+ if (store && store->check_policy)
-+ ctx->check_policy = store->check_policy;
-+ else
-+ ctx->check_policy = check_policy;
-+
- if (store && store->lookup_certs)
- ctx->lookup_certs = store->lookup_certs;
- else
-- ctx->lookup_certs = X509_STORE_get1_certs;
-+ ctx->lookup_certs = X509_STORE_CTX_get1_certs;
-
- if (store && store->lookup_crls)
- ctx->lookup_crls = store->lookup_crls;
- else
-- ctx->lookup_crls = X509_STORE_get1_crls;
--
-- ctx->check_policy = check_policy;
-+ ctx->lookup_crls = X509_STORE_CTX_get1_crls;
-
- ctx->param = X509_VERIFY_PARAM_new();
- if (ctx->param == NULL) {
-@@ -2322,6 +2405,27 @@ void X509_STORE_CTX_set_time(X509_STORE_
- X509_VERIFY_PARAM_set_time(ctx->param, t);
- }
-
-+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
-+{
-+ return ctx->cert;
-+}
-+
-+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
-+{
-+ return ctx->untrusted;
-+}
-+
-+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-+{
-+ ctx->untrusted = sk;
-+}
-+
-+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-+{
-+ sk_X509_pop_free(ctx->chain, X509_free);
-+ ctx->chain = sk;
-+}
-+
- void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
- X509_STORE_CTX_verify_cb verify_cb)
- {
-@@ -2333,36 +2437,59 @@ X509_STORE_CTX_verify_cb X509_STORE_CTX_
- return ctx->verify_cb;
- }
-
--X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
-+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
- {
-- return ctx->cert;
-+ return ctx->verify;
- }
-
--STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
-+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx)
- {
-- return ctx->untrusted;
-+ return ctx->get_issuer;
- }
-
--void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
- {
-- ctx->untrusted = sk;
-+ return ctx->check_issued;
- }
-
--void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx)
- {
-- sk_X509_pop_free(ctx->chain, X509_free);
-- ctx->chain = sk;
-+ return ctx->check_revocation;
- }
-
--void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
-- X509_STORE_CTX_verify verify)
-+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx)
- {
-- ctx->verify = verify;
-+ return ctx->get_crl;
- }
-
--X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
-+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx)
- {
-- return ctx->verify;
-+ return ctx->check_crl;
-+}
-+
-+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx)
-+{
-+ return ctx->cert_crl;
-+}
-+
-+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx)
-+{
-+ return ctx->check_policy;
-+}
-+
-+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx)
-+{
-+ return ctx->lookup_certs;
-+}
-+
-+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx)
-+{
-+ return ctx->lookup_crls;
-+}
-+
-+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx)
-+{
-+ return ctx->cleanup;
- }
-
- X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
-@@ -2467,7 +2594,7 @@ static int dane_match(X509_STORE_CTX *ct
-
- /*
- * If we've previously matched a PKIX-?? record, no need to test any
-- * further PKIX-?? records, it remains to just build the PKIX chain.
-+ * further PKIX-?? records, it remains to just build the PKIX chain.
- * Had the match been a DANE-?? record, we'd be done already.
- */
- if (dane->mdpth >= 0)
-@@ -2549,9 +2676,9 @@ static int dane_match(X509_STORE_CTX *ct
- cmplen = i2dlen;
-
- if (md != NULL) {
-- cmpbuf = mdbuf;
-- if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) {
-- matched = -1;
-+ cmpbuf = mdbuf;
-+ if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) {
-+ matched = -1;
- break;
- }
- }
-@@ -2696,6 +2823,10 @@ static int dane_verify(X509_STORE_CTX *c
- /* Callback invoked as needed */
- if (!check_leaf_suiteb(ctx, cert))
- return 0;
-+ /* Callback invoked as needed */
-+ if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
-+ !check_id(ctx))
-+ return 0;
- /* Bypass internal_verify(), issue depth 0 success callback */
- ctx->error_depth = 0;
- ctx->current_cert = cert;
-@@ -2781,15 +2912,31 @@ static int build_chain(X509_STORE_CTX *c
- */
- if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
-
-- /* Include any untrusted full certificates from DNS */
-+ /*
-+ * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
-+ * them to our working copy of the untrusted certificate stack. Since the
-+ * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
-+ * no corresponding stack of untrusted certificates, we may need to create
-+ * an empty stack first. [ At present only the ssl library provides DANE
-+ * support, and ssl_verify_cert_chain() always provides a non-null stack
-+ * containing at least the leaf certificate, but we must be prepared for
-+ * this to change. ]
-+ */
- if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
-+ if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
-+ X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
-+ return 0;
-+ }
- for (i = 0; i < sk_X509_num(dane->certs); ++i) {
- if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
- sk_X509_free(sktmp);
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
- }
-@@ -2853,6 +3000,7 @@ static int build_chain(X509_STORE_CTX *c
-
- if (ok < 0) {
- trust = X509_TRUST_REJECTED;
-+ ctx->error = X509_V_ERR_STORE_LOOKUP;
- search = 0;
- continue;
- }
-@@ -2899,6 +3047,7 @@ static int build_chain(X509_STORE_CTX *c
- X509_free(xtmp);
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
- trust = X509_TRUST_REJECTED;
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- search = 0;
- continue;
- }
-@@ -2995,6 +3144,7 @@ static int build_chain(X509_STORE_CTX *c
- if (!sk_X509_push(ctx->chain, xtmp)) {
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
- trust = X509_TRUST_REJECTED;
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- search = 0;
- continue;
- }
---- a/crypto/x509/x509_vpm.c
-+++ b/crypto/x509/x509_vpm.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -64,6 +15,7 @@
- #include <openssl/buffer.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
-+#include "internal/x509_int.h"
-
- #include "x509_lcl.h"
-
-@@ -308,12 +260,11 @@ static int int_x509_param_set1(char **pd
- {
- void *tmp;
- if (src) {
-- if (srclen == 0) {
-- tmp = OPENSSL_strdup(src);
-+ if (srclen == 0)
- srclen = strlen(src);
-- } else
-- tmp = OPENSSL_memdup(src, srclen);
-- if (!tmp)
-+
-+ tmp = OPENSSL_memdup(src, srclen);
-+ if (tmp == NULL)
- return 0;
- } else {
- tmp = NULL;
-@@ -321,7 +272,7 @@ static int int_x509_param_set1(char **pd
- }
- OPENSSL_free(*pdest);
- *pdest = tmp;
-- if (pdestlen)
-+ if (pdestlen != NULL)
- *pdestlen = srclen;
- return 1;
- }
---- a/crypto/x509/x509cset.c
-+++ b/crypto/x509/x509cset.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -132,28 +83,34 @@ int X509_CRL_sort(X509_CRL *c)
- return 1;
- }
-
--void X509_CRL_up_ref(X509_CRL *crl)
-+int X509_CRL_up_ref(X509_CRL *crl)
- {
- int i;
-- CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock);
-+
-+ if (CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock) <= 0)
-+ return 0;
-+
-+ REF_PRINT_COUNT("X509_CRL", crl);
-+ REF_ASSERT_ISNT(i < 2);
-+ return ((i > 1) ? 1 : 0);
- }
-
--long X509_CRL_get_version(X509_CRL *crl)
-+long X509_CRL_get_version(const X509_CRL *crl)
- {
- return ASN1_INTEGER_get(crl->crl.version);
- }
-
--ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
-+ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl)
- {
- return crl->crl.lastUpdate;
- }
-
--ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
-+ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl)
- {
- return crl->crl.nextUpdate;
- }
-
--X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
-+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
- {
- return crl->crl.issuer;
- }
-@@ -221,7 +178,7 @@ int X509_REVOKED_set_serialNumber(X509_R
- return 1;
- }
-
--STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r)
-+STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r)
- {
- return r->extensions;
- }
---- a/crypto/x509/x509name.c
-+++ b/crypto/x509/x509name.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -92,7 +44,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME
- return (i);
- }
-
--int X509_NAME_entry_count(X509_NAME *name)
-+int X509_NAME_entry_count(const X509_NAME *name)
- {
- if (name == NULL)
- return (0);
-@@ -178,7 +130,7 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(
- return (ret);
- }
-
--int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc,
- int set)
- {
-@@ -318,7 +270,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_
- }
-
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-- ASN1_OBJECT *obj, int type,
-+ const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes,
- int len)
- {
-@@ -344,7 +296,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_
- return (NULL);
- }
-
--int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
-+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
- {
- if ((ne == NULL) || (obj == NULL)) {
- X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
---- a/crypto/x509/x509rset.c
-+++ b/crypto/x509/x509rset.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x509spki.c
-+++ b/crypto/x509/x509spki.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x509type.c
-+++ b/crypto/x509/x509type.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x_all.c
-+++ b/crypto/x509/x_all.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x_attrib.c
-+++ b/crypto/x509/x_attrib.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x_crl.c
-+++ b/crypto/x509/x_crl.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x_exten.c
-+++ b/crypto/x509/x_exten.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
---- a/crypto/x509/x_name.c
-+++ b/crypto/x509/x_name.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -64,6 +16,13 @@
- #include "internal/asn1_int.h"
- #include "x509_lcl.h"
-
-+/*
-+ * Maximum length of X509_NAME: much larger than anything we should
-+ * ever see in practice.
-+ */
-+
-+#define X509_NAME_MAX (1024 * 1024)
-+
- static int x509_name_ex_d2i(ASN1_VALUE **val,
- const unsigned char **in, long len,
- const ASN1_ITEM *it,
-@@ -76,7 +35,7 @@ static void x509_name_ex_free(ASN1_VALUE
-
- static int x509_name_encode(X509_NAME *a);
- static int x509_name_canon(X509_NAME *a);
--static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
-+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
- static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
- unsigned char **in);
-
-@@ -187,6 +146,8 @@ static int x509_name_ex_d2i(ASN1_VALUE *
- int i, j, ret;
- STACK_OF(X509_NAME_ENTRY) *entries;
- X509_NAME_ENTRY *entry;
-+ if (len > X509_NAME_MAX)
-+ len = X509_NAME_MAX;
- q = p;
-
- /* Get internal representation of Name */
-@@ -212,12 +173,26 @@ static int x509_name_ex_d2i(ASN1_VALUE *
- for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
- entry = sk_X509_NAME_ENTRY_value(entries, j);
- entry->set = i;
-- if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
-+ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) {
-+ /*
-+ * Free all in entries if sk_X509_NAME_ENTRY_push return failure.
-+ * X509_NAME_ENTRY_free will check the null entry.
-+ */
-+ sk_X509_NAME_ENTRY_pop_free(entries, X509_NAME_ENTRY_free);
- goto err;
-+ }
-+ /*
-+ * If sk_X509_NAME_ENTRY_push return success, clean the entries[j].
-+ * It's necessary when 'goto err;' happens.
-+ */
-+ sk_X509_NAME_ENTRY_set(entries, j, NULL);
- }
- sk_X509_NAME_ENTRY_free(entries);
-+ sk_STACK_OF_X509_NAME_ENTRY_set(intname.s, i, NULL);
- }
-+
- sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
-+ intname.s = NULL;
- ret = x509_name_canon(nm.x);
- if (!ret)
- goto err;
-@@ -225,8 +200,10 @@ static int x509_name_ex_d2i(ASN1_VALUE *
- *val = nm.a;
- *in = p;
- return ret;
-+
- err:
- X509_NAME_free(nm.x);
-+ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, sk_X509_NAME_ENTRY_free);
- ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
-@@ -335,7 +312,7 @@ static int x509_name_canon(X509_NAME *a)
- STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
- STACK_OF(X509_NAME_ENTRY) *entries = NULL;
- X509_NAME_ENTRY *entry, *tmpentry = NULL;
-- int i, set = -1, ret = 0;
-+ int i, set = -1, ret = 0, len;
-
- OPENSSL_free(a->canon_enc);
- a->canon_enc = NULL;
-@@ -361,6 +338,8 @@ static int x509_name_canon(X509_NAME *a)
- if (tmpentry == NULL)
- goto err;
- tmpentry->object = OBJ_dup(entry->object);
-+ if (tmpentry->object == NULL)
-+ goto err;
- if (!asn1_string_canon(tmpentry->value, entry->value))
- goto err;
- if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
-@@ -370,7 +349,10 @@ static int x509_name_canon(X509_NAME *a)
-
- /* Finally generate encoding */
-
-- a->canon_enclen = i2d_name_canon(intname, NULL);
-+ len = i2d_name_canon(intname, NULL);
-+ if (len < 0)
-+ goto err;
-+ a->canon_enclen = len;
-
- p = OPENSSL_malloc(a->canon_enclen);
-
-@@ -398,7 +380,7 @@ static int x509_name_canon(X509_NAME *a)
- | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
- | B_ASN1_VISIBLESTRING)
-
--static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
-+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
- {
- unsigned char *to, *from;
- int len, i;
-@@ -432,10 +414,10 @@ static int asn1_string_canon(ASN1_STRING
- len--;
- }
-
-- to = from + len - 1;
-+ to = from + len;
-
- /* Ignore trailing spaces */
-- while ((len > 0) && !(*to & 0x80) && isspace(*to)) {
-+ while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) {
- to--;
- len--;
- }
---- a/crypto/x509/x_pubkey.c
-+++ b/crypto/x509/x_pubkey.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x_req.c
-+++ b/crypto/x509/x_req.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509/x_x509.c
-+++ b/crypto/x509/x_x509.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -91,6 +43,7 @@ static int x509_cb(int operation, ASN1_V
- case ASN1_OP_NEW_POST:
- ret->ex_flags = 0;
- ret->ex_pathlen = -1;
-+ ret->ex_pcpathlen = -1;
- ret->skid = NULL;
- ret->akid = NULL;
- #ifndef OPENSSL_NO_RFC3779
-@@ -99,7 +52,8 @@ static int x509_cb(int operation, ASN1_V
- #endif
- ret->aux = NULL;
- ret->crldp = NULL;
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
-+ return 0;
- break;
-
- case ASN1_OP_FREE_POST:
-@@ -180,12 +134,72 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
- return NULL;
- }
-
-+/*
-+ * Serialize trusted certificate to *pp or just return the required buffer
-+ * length if pp == NULL. We ultimately want to avoid modifying *pp in the
-+ * error path, but that depends on similar hygiene in lower-level functions.
-+ * Here we avoid compounding the problem.
-+ */
-+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
-+{
-+ int length, tmplen;
-+ unsigned char *start = pp != NULL ? *pp : NULL;
-+
-+ OPENSSL_assert(pp == NULL || *pp != NULL);
-+
-+ /*
-+ * This might perturb *pp on error, but fixing that belongs in i2d_X509()
-+ * not here. It should be that if a == NULL length is zero, but we check
-+ * both just in case.
-+ */
-+ length = i2d_X509(a, pp);
-+ if (length <= 0 || a == NULL)
-+ return length;
-+
-+ tmplen = i2d_X509_CERT_AUX(a->aux, pp);
-+ if (tmplen < 0) {
-+ if (start != NULL)
-+ *pp = start;
-+ return tmplen;
-+ }
-+ length += tmplen;
-+
-+ return length;
-+}
-+
-+/*
-+ * Serialize trusted certificate to *pp, or just return the required buffer
-+ * length if pp == NULL.
-+ *
-+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
-+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
-+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
-+ * allocated buffer.
-+ */
- int i2d_X509_AUX(X509 *a, unsigned char **pp)
- {
- int length;
-- length = i2d_X509(a, pp);
-- if (a)
-- length += i2d_X509_CERT_AUX(a->aux, pp);
-+ unsigned char *tmp;
-+
-+ /* Buffer provided by caller */
-+ if (pp == NULL || *pp != NULL)
-+ return i2d_x509_aux_internal(a, pp);
-+
-+ /* Obtain the combined length */
-+ if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
-+ return length;
-+
-+ /* Allocate requisite combined storage */
-+ *pp = tmp = OPENSSL_malloc(length);
-+ if (tmp == NULL)
-+ return -1; /* Push error onto error stack? */
-+
-+ /* Encode, but keep *pp at the originally malloced pointer */
-+ length = i2d_x509_aux_internal(a, &tmp);
-+ if (length <= 0) {
-+ OPENSSL_free(*pp);
-+ *pp = NULL;
-+ }
- return length;
- }
-
---- a/crypto/x509/x_x509a.c
-+++ b/crypto/x509/x_x509a.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -125,7 +76,7 @@ int X509_keyid_set1(X509 *x, unsigned ch
- }
- if ((aux = aux_get(x)) == NULL)
- return 0;
-- if (aux->keyid ==NULL
-+ if (aux->keyid == NULL
- && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
- return 0;
- return ASN1_STRING_set(aux->keyid, id, len);
---- a/crypto/x509v3/Makefile.in
-+++ /dev/null
-@@ -1,53 +0,0 @@
--#
--# OpenSSL/crypto/x509v3/Makefile
--#
--
--DIR= x509v3
--TOP= ../..
--CC= cc
--INCLUDES= -I.. -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README
--
--LIB=$(TOP)/libcrypto.a
--LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
--v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
--v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
--v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
--pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
--v3_asid.c v3_addr.c v3_tlsf.c
--LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
--v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
--v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
--v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \
--pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \
--v3_asid.o v3_addr.o v3_tlsf.o
--
--SRC= $(LIBSRC)
--
--HEADER= pcy_int.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
--
--all: lib
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/crypto/x509v3/ext_dat.h
-+++ b/crypto/x509v3/ext_dat.h
-@@ -1,66 +1,17 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- int name_cmp(const char *name, const char *cmp);
-
- extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
- extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
--extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-+extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id;
- extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
- extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
- extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-@@ -69,5 +20,5 @@ extern const X509V3_EXT_METHOD v3_crl_ho
- extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
- extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
- extern const X509V3_EXT_METHOD v3_addr, v3_asid;
--extern const X509V3_EXT_METHOD v3_ct_scts[];
-+extern const X509V3_EXT_METHOD v3_ct_scts[3];
- extern const X509V3_EXT_METHOD v3_tls_feature;
---- a/crypto/x509v3/pcy_cache.c
-+++ b/crypto/x509v3/pcy_cache.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -127,6 +78,9 @@ static int policy_cache_new(X509 *x)
- CERTIFICATEPOLICIES *ext_cpols = NULL;
- POLICY_MAPPINGS *ext_pmaps = NULL;
- int i;
-+
-+ if (x->policy_cache != NULL)
-+ return 1;
- cache = OPENSSL_malloc(sizeof(*cache));
- if (cache == NULL)
- return 0;
---- a/crypto/x509v3/pcy_data.c
-+++ b/crypto/x509v3/pcy_data.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -77,9 +28,9 @@ void policy_data_free(X509_POLICY_DATA *
- }
-
- /*
-- * Create a data based on an existing policy. If 'id' is NULL use the oid in
-+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
- * the policy, otherwise use 'id'. This behaviour covers the two types of
-- * data in RFC3280: data with from a CertificatePolcies extension and
-+ * data in RFC3280: data with from a CertificatePolicies extension and
- * additional data with just the qualifiers of anyPolicy and ID from another
- * source.
- */
---- a/crypto/x509v3/pcy_int.h
-+++ b/crypto/x509v3/pcy_int.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
-@@ -168,7 +119,7 @@ struct X509_POLICY_TREE_st {
- * required.
- */
- STACK_OF(X509_POLICY_DATA) *extra_data;
-- /* This is the authority constained policy set */
-+ /* This is the authority constrained policy set */
- STACK_OF(X509_POLICY_NODE) *auth_policies;
- STACK_OF(X509_POLICY_NODE) *user_policies;
- unsigned int flags;
---- a/crypto/x509v3/pcy_lib.c
-+++ b/crypto/x509v3/pcy_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/x509v3/pcy_map.c
-+++ b/crypto/x509v3/pcy_map.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
---- a/crypto/x509v3/pcy_node.c
-+++ b/crypto/x509v3/pcy_node.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/asn1.h>
---- a/crypto/x509v3/pcy_tree.c
-+++ b/crypto/x509v3/pcy_tree.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/cryptlib.h"
-@@ -167,7 +118,7 @@ static int tree_init(X509_POLICY_TREE **
- X509_check_purpose(x, -1, 0);
-
- /* If cache is NULL, likely ENOMEM: return immediately */
-- if ((cache = policy_cache_set(x)) == NULL)
-+ if (policy_cache_set(x) == NULL)
- return X509_PCY_TREE_INTERNAL;
- }
-
---- a/crypto/x509v3/tabtest.c
-+++ b/crypto/x509v3/tabtest.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/x509v3/v3_addr.c
-+++ b/crypto/x509v3/v3_addr.c
-@@ -1,58 +1,10 @@
- /*
-- * Contributed to the OpenSSL Project by the American Registry for
-- * Internet Numbers ("ARIN").
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -734,7 +686,7 @@ int X509v3_addr_is_canonical(IPAddrBlock
- int i, j, k;
-
- /*
-- * Empty extension is cannonical.
-+ * Empty extension is canonical.
- */
- if (addr == NULL)
- return 1;
-@@ -897,7 +849,8 @@ static int IPAddressOrRanges_canonize(IP
- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
- if (a != NULL && a->type == IPAddressOrRange_addressRange) {
- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-- extract_min_max(a, a_min, a_max, length);
-+ if (!extract_min_max(a, a_min, a_max, length))
-+ return 0;
- if (memcmp(a_min, a_max, length) > 0)
- return 0;
- }
-@@ -1213,6 +1166,11 @@ int X509v3_addr_subset(IPAddrBlocks *a,
-
- /*
- * Core code for RFC 3779 2.3 path validation.
-+ *
-+ * Returns 1 for success, 0 on error.
-+ *
-+ * When returning 0, ctx->error MUST be set to an appropriate value other than
-+ * X509_V_OK.
- */
- static int addr_validate_path_internal(X509_STORE_CTX *ctx,
- STACK_OF(X509) *chain,
-@@ -1247,6 +1205,7 @@ static int addr_validate_path_internal(X
- if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
- X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
- ERR_R_MALLOC_FAILURE);
-+ ctx->error = X509_V_ERR_OUT_OF_MEM;
- ret = 0;
- goto done;
- }
---- a/crypto/x509v3/v3_akey.c
-+++ b/crypto/x509v3/v3_akey.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -192,12 +143,16 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KE
- }
-
- akeyid->issuer = gens;
-+ gen = NULL;
-+ gens = NULL;
- akeyid->serial = serial;
- akeyid->keyid = ikeyid;
-
- return akeyid;
-
- err:
-+ sk_GENERAL_NAME_free(gens);
-+ GENERAL_NAME_free(gen);
- X509_NAME_free(isname);
- ASN1_INTEGER_free(serial);
- ASN1_OCTET_STRING_free(ikeyid);
---- a/crypto/x509v3/v3_akeya.c
-+++ b/crypto/x509v3/v3_akeya.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_alt.c
-+++ b/crypto/x509v3/v3_alt.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,10 +21,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X50
- STACK_OF(CONF_VALUE) *nval);
- static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
- static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
--static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
--static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
-+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
-
--const X509V3_EXT_METHOD v3_alt[] = {
-+const X509V3_EXT_METHOD v3_alt[3] = {
- {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
- 0, 0, 0, 0,
- 0, 0,
-@@ -431,7 +382,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X50
-
- GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
- const X509V3_EXT_METHOD *method,
-- X509V3_CTX *ctx, int gen_type, char *value,
-+ X509V3_CTX *ctx, int gen_type, const char *value,
- int is_nc)
- {
- char is_string = 0;
-@@ -560,7 +511,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERA
-
- }
-
--static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
-+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
- {
- char *objtmp = NULL, *p;
- int objlen;
-@@ -587,7 +538,7 @@ static int do_othername(GENERAL_NAME *ge
- return 1;
- }
-
--static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
-+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
- {
- int ret = 0;
- STACK_OF(CONF_VALUE) *sk = NULL;
---- a/crypto/x509v3/v3_asid.c
-+++ b/crypto/x509v3/v3_asid.c
-@@ -1,58 +1,10 @@
- /*
-- * Contributed to the OpenSSL Project by the American Registry for
-- * Internet Numbers ("ARIN").
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/crypto/x509v3/v3_bcons.c
-+++ b/crypto/x509v3/v3_bcons.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_bitst.c
-+++ b/crypto/x509v3/v3_bitst.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_conf.c
-+++ b/crypto/x509v3/v3_conf.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* extension creation utilities */
-
- #include <stdio.h>
-@@ -65,24 +17,24 @@
- #include "internal/x509_int.h"
- #include <openssl/x509v3.h>
-
--static int v3_check_critical(char **value);
--static int v3_check_generic(char **value);
-+static int v3_check_critical(const char **value);
-+static int v3_check_generic(const char **value);
- static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-- int crit, char *value);
--static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-+ int crit, const char *value);
-+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
- int crit, int type,
- X509V3_CTX *ctx);
--static char *conf_lhash_get_string(void *db, char *section, char *value);
--static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-+static char *conf_lhash_get_string(void *db, const char *section, const char *value);
-+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
- static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
- int ext_nid, int crit, void *ext_struc);
--static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
-+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
- long *ext_len);
- /* CONF *conf: Config file */
- /* char *name: Name */
- /* char *value: Value */
--X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-- char *value)
-+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
-+ const char *value)
- {
- int crit;
- int ext_type;
-@@ -101,7 +53,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *c
- /* CONF *conf: Config file */
- /* char *value: Value */
- X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-- char *value)
-+ const char *value)
- {
- int crit;
- int ext_type;
-@@ -115,7 +67,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CON
- /* CONF *conf: Config file */
- /* char *value: Value */
- static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-- int crit, char *value)
-+ int crit, const char *value)
- {
- const X509V3_EXT_METHOD *method;
- X509_EXTENSION *ext;
-@@ -136,11 +88,13 @@ static X509_EXTENSION *do_ext_nconf(CONF
- nval = NCONF_get_section(conf, value + 1);
- else
- nval = X509V3_parse_list(value);
-- if (sk_CONF_VALUE_num(nval) <= 0) {
-+ if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
- X509V3err(X509V3_F_DO_EXT_NCONF,
- X509V3_R_INVALID_EXTENSION_STRING);
- ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
- value);
-+ if (*value != '@')
-+ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
- return NULL;
- }
- ext_struc = method->v2i(method, ctx, nval);
-@@ -232,9 +186,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_n
- }
-
- /* Check the extension string for critical flag */
--static int v3_check_critical(char **value)
-+static int v3_check_critical(const char **value)
- {
-- char *p = *value;
-+ const char *p = *value;
- if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
- return 0;
- p += 9;
-@@ -245,10 +199,10 @@ static int v3_check_critical(char **valu
- }
-
- /* Check extension string for generic extension and return the type */
--static int v3_check_generic(char **value)
-+static int v3_check_generic(const char **value)
- {
- int gen_type = 0;
-- char *p = *value;
-+ const char *p = *value;
- if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
- p += 4;
- gen_type = 1;
-@@ -265,7 +219,7 @@ static int v3_check_generic(char **value
- }
-
- /* Create a generic extension: for now just handle DER type */
--static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
- int crit, int gen_type,
- X509V3_CTX *ctx)
- {
-@@ -313,7 +267,7 @@ static X509_EXTENSION *v3_generic_extens
-
- }
-
--static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
-+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
- long *ext_len)
- {
- ASN1_TYPE *typ;
-@@ -343,7 +297,7 @@ static void delete_ext(STACK_OF(X509_EXT
- * file section to an extension STACK.
- */
-
--int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
- STACK_OF(X509_EXTENSION) **sk)
- {
- X509_EXTENSION *ext;
-@@ -370,7 +324,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf,
- * Convenience functions to add extensions to a certificate, CRL and request
- */
-
--int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
- X509 *cert)
- {
- STACK_OF(X509_EXTENSION) **sk = NULL;
-@@ -381,7 +335,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X50
-
- /* Same as above but for a CRL */
-
--int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
- X509_CRL *crl)
- {
- STACK_OF(X509_EXTENSION) **sk = NULL;
-@@ -392,7 +346,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf,
-
- /* Add extensions to certificate request */
-
--int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
- X509_REQ *req)
- {
- STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-@@ -409,7 +363,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf,
-
- /* Config database functions */
-
--char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
- {
- if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
- X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
-@@ -420,7 +374,7 @@ char *X509V3_get_string(X509V3_CTX *ctx,
- return NULL;
- }
-
--STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)
-+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
- {
- if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
- X509V3err(X509V3_F_X509V3_GET_SECTION,
-@@ -448,12 +402,12 @@ void X509V3_section_free(X509V3_CTX *ctx
- ctx->db_meth->free_section(ctx->db, section);
- }
-
--static char *nconf_get_string(void *db, char *section, char *value)
-+static char *nconf_get_string(void *db, const char *section, const char *value)
- {
- return NCONF_get_string(db, section, value);
- }
-
--static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
-+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
- {
- return NCONF_get_section(db, section);
- }
-@@ -484,7 +438,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X50
- /* Old conf compatibility functions */
-
- X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *name, char *value)
-+ const char *name, const char *value)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
-@@ -494,19 +448,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF
- /* LHASH *conf: Config file */
- /* char *value: Value */
- X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
-- X509V3_CTX *ctx, int ext_nid, char *value)
-+ X509V3_CTX *ctx, int ext_nid, const char *value)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
- }
-
--static char *conf_lhash_get_string(void *db, char *section, char *value)
-+static char *conf_lhash_get_string(void *db, const char *section, const char *value)
- {
- return CONF_get_string(db, section, value);
- }
-
--static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
- {
- return CONF_get_section(db, section);
- }
-@@ -525,7 +479,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *c
- }
-
- int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *section, X509 *cert)
-+ const char *section, X509 *cert)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
-@@ -535,7 +489,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VA
- /* Same as above but for a CRL */
-
- int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *section, X509_CRL *crl)
-+ const char *section, X509_CRL *crl)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
-@@ -545,7 +499,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CON
- /* Add extensions to certificate request */
-
- int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *section, X509_REQ *req)
-+ const char *section, X509_REQ *req)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
---- a/crypto/x509v3/v3_cpols.c
-+++ b/crypto/x509v3/v3_cpols.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -71,7 +22,7 @@
- static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
- BIO *out, int indent);
- static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-- X509V3_CTX *ctx, char *value);
-+ X509V3_CTX *ctx, const char *value);
- static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
- int indent);
- static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-@@ -133,7 +84,7 @@ ASN1_SEQUENCE(NOTICEREF) = {
- IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
-
- static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-- X509V3_CTX *ctx, char *value)
-+ X509V3_CTX *ctx, const char *value)
- {
- STACK_OF(POLICYINFO) *pols = NULL;
- char *pstr;
-@@ -188,6 +139,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol
- pol = POLICYINFO_new();
- if (pol == NULL) {
- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-+ ASN1_OBJECT_free(pobj);
- goto err;
- }
- pol->policyid = pobj;
-@@ -343,6 +295,7 @@ static POLICYQUALINFO *notice_section(X5
- if (!nos || !sk_CONF_VALUE_num(nos)) {
- X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
- X509V3_conf_err(cnf);
-+ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
- goto err;
- }
- ret = nref_nos(nref->noticenos, nos);
---- a/crypto/x509v3/v3_crld.c
-+++ b/crypto/x509v3/v3_crld.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -199,10 +150,10 @@ static int set_reasons(ASN1_BIT_STRING *
- const char *bnam;
- int i, ret = 0;
- rsk = X509V3_parse_list(value);
-- if (!rsk)
-- return 0;
-- if (*preas)
-+ if (rsk == NULL)
- return 0;
-+ if (*preas != NULL)
-+ goto err;
- for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
- bnam = sk_CONF_VALUE_value(rsk, i)->name;
- if (*preas == NULL) {
---- a/crypto/x509v3/v3_enum.c
-+++ b/crypto/x509v3/v3_enum.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_extku.c
-+++ b/crypto/x509v3/v3_extku.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_genn.c
-+++ b/crypto/x509v3/v3_genn.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_ia5.c
-+++ b/crypto/x509v3/v3_ia5.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -63,7 +14,7 @@
- #include <openssl/x509v3.h>
- #include "ext_dat.h"
-
--const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
-+const X509V3_EXT_METHOD v3_ns_ia5_list[8] = {
- EXT_IA5STRING(NID_netscape_base_url),
- EXT_IA5STRING(NID_netscape_revocation_url),
- EXT_IA5STRING(NID_netscape_ca_revocation_url),
-@@ -90,7 +41,7 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METH
- }
-
- ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-- X509V3_CTX *ctx, char *str)
-+ X509V3_CTX *ctx, const char *str)
- {
- ASN1_IA5STRING *ia5;
- if (!str) {
-@@ -100,10 +51,9 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V
- }
- if ((ia5 = ASN1_IA5STRING_new()) == NULL)
- goto err;
-- if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str,
-- strlen(str))) {
-+ if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
- ASN1_IA5STRING_free(ia5);
-- goto err;
-+ return NULL;
- }
- #ifdef CHARSET_EBCDIC
- ebcdic2ascii(ia5->data, ia5->data, ia5->length);
---- a/crypto/x509v3/v3_info.c
-+++ b/crypto/x509v3/v3_info.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_int.c
-+++ b/crypto/x509v3/v3_int.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -78,7 +29,7 @@ const X509V3_EXT_METHOD v3_delta_crl = {
- };
-
- static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
-- char *value)
-+ const char *value)
- {
- return s2i_ASN1_INTEGER(meth, value);
- }
---- a/crypto/x509v3/v3_lib.c
-+++ b/crypto/x509v3/v3_lib.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* X509 v3 extension utilities */
-
- #include <stdio.h>
-@@ -274,7 +226,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext
- * -2 extension occurs more than once.
- */
-
--void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
-+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
- int *idx)
- {
- int lastpos, i;
---- a/crypto/x509v3/v3_ncons.c
-+++ b/crypto/x509v3/v3_ncons.c
-@@ -1,63 +1,15 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
-+#include "internal/asn1_int.h"
- #include <openssl/asn1t.h>
- #include <openssl/conf.h>
- #include <openssl/x509v3.h>
-@@ -72,7 +24,7 @@ static int i2r_NAME_CONSTRAINTS(const X5
- BIO *bp, int ind);
- static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
-- int ind, char *name);
-+ int ind, const char *name);
- static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
-
- static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
-@@ -171,7 +123,7 @@ static int i2r_NAME_CONSTRAINTS(const X5
-
- static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
-- BIO *bp, int ind, char *name)
-+ BIO *bp, int ind, const char *name)
- {
- GENERAL_SUBTREE *tree;
- int i;
-@@ -275,6 +227,51 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME
-
- }
-
-+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
-+{
-+ int r, i;
-+ X509_NAME *nm;
-+
-+ ASN1_STRING stmp;
-+ GENERAL_NAME gntmp;
-+ stmp.flags = 0;
-+ stmp.type = V_ASN1_IA5STRING;
-+ gntmp.type = GEN_DNS;
-+ gntmp.d.dNSName = &stmp;
-+
-+ nm = X509_get_subject_name(x);
-+
-+ /* Process any commonName attributes in subject name */
-+
-+ for (i = -1;;) {
-+ X509_NAME_ENTRY *ne;
-+ ASN1_STRING *hn;
-+ i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
-+ if (i == -1)
-+ break;
-+ ne = X509_NAME_get_entry(nm, i);
-+ hn = X509_NAME_ENTRY_get_data(ne);
-+ /* Only process attributes that look like host names */
-+ if (asn1_valid_host(hn)) {
-+ unsigned char *h;
-+ int hlen = ASN1_STRING_to_UTF8(&h, hn);
-+ if (hlen <= 0)
-+ return X509_V_ERR_OUT_OF_MEM;
-+
-+ stmp.length = hlen;
-+ stmp.data = h;
-+
-+ r = nc_match(&gntmp, nc);
-+
-+ OPENSSL_free(h);
-+
-+ if (r != X509_V_OK)
-+ return r;
-+ }
-+ }
-+ return X509_V_OK;
-+}
-+
- static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
- {
- GENERAL_SUBTREE *sub;
---- a/crypto/x509v3/v3_pci.c
-+++ b/crypto/x509v3/v3_pci.c
-@@ -1,7 +1,12 @@
- /*
-- * Contributed to the OpenSSL Project 2004 by Richard Levitte
-- * (richard at levitte.org)
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
---- a/crypto/x509v3/v3_pcia.c
-+++ b/crypto/x509v3/v3_pcia.c
-@@ -1,7 +1,12 @@
- /*
-- * Contributed to the OpenSSL Project 2004 by Richard Levitte
-- * (richard at levitte.org)
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
---- a/crypto/x509v3/v3_pcons.c
-+++ b/crypto/x509v3/v3_pcons.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_pku.c
-+++ b/crypto/x509v3/v3_pku.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_pmaps.c
-+++ b/crypto/x509v3/v3_pmaps.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -113,9 +64,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_
- static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
- {
-- POLICY_MAPPINGS *pmaps;
-- POLICY_MAPPING *pmap;
-- ASN1_OBJECT *obj1, *obj2;
-+ POLICY_MAPPINGS *pmaps = NULL;
-+ POLICY_MAPPING *pmap = NULL;
-+ ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
- CONF_VALUE *val;
- int i;
-
-@@ -127,30 +78,33 @@ static void *v2i_POLICY_MAPPINGS(const X
- for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- if (!val->value || !val->name) {
-- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
- X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
-- return NULL;
-+ goto err;
- }
- obj1 = OBJ_txt2obj(val->name, 0);
- obj2 = OBJ_txt2obj(val->value, 0);
- if (!obj1 || !obj2) {
-- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
- X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
-- return NULL;
-+ goto err;
- }
- pmap = POLICY_MAPPING_new();
- if (pmap == NULL) {
-- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
-- return NULL;
-+ goto err;
- }
- pmap->issuerDomainPolicy = obj1;
- pmap->subjectDomainPolicy = obj2;
-+ obj1 = obj2 = NULL;
- sk_POLICY_MAPPING_push(pmaps, pmap);
- }
- return pmaps;
-+ err:
-+ ASN1_OBJECT_free(obj1);
-+ ASN1_OBJECT_free(obj2);
-+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-+ return NULL;
- }
---- a/crypto/x509v3/v3_prn.c
-+++ b/crypto/x509v3/v3_prn.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* X509 v3 extension utilities */
-
- #include <stdio.h>
-@@ -236,7 +188,7 @@ static int unknown_ext_print(BIO *out, c
- case X509V3_EXT_PARSE_UNKNOWN:
- return ASN1_parse_dump(out, ext, extlen, indent, -1);
- case X509V3_EXT_DUMP_UNKNOWN:
-- return BIO_dump_indent(out, (char *)ext, extlen, indent);
-+ return BIO_dump_indent(out, (const char *)ext, extlen, indent);
-
- default:
- return 1;
---- a/crypto/x509v3/v3_purp.c
-+++ b/crypto/x509v3/v3_purp.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -168,7 +119,7 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx)
- return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
- }
-
--int X509_PURPOSE_get_by_sname(char *sname)
-+int X509_PURPOSE_get_by_sname(const char *sname)
- {
- int i;
- X509_PURPOSE *xptmp;
-@@ -197,7 +148,7 @@ int X509_PURPOSE_get_by_id(int purpose)
-
- int X509_PURPOSE_add(int id, int trust, int flags,
- int (*ck) (const X509_PURPOSE *, const X509 *, int),
-- char *name, char *sname, void *arg)
-+ const char *name, const char *sname, void *arg)
- {
- int idx;
- X509_PURPOSE *ptmp;
-@@ -229,7 +180,7 @@ int X509_PURPOSE_add(int id, int trust,
- ptmp->sname = OPENSSL_strdup(sname);
- if (!ptmp->name || !ptmp->sname) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- /* Keep the dynamic flag of existing entry */
- ptmp->flags &= X509_PURPOSE_DYNAMIC;
-@@ -246,14 +197,21 @@ int X509_PURPOSE_add(int id, int trust,
- if (xptable == NULL
- && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ goto err;
- }
- }
- return 1;
-+ err:
-+ if (idx == -1) {
-+ OPENSSL_free(ptmp->name);
-+ OPENSSL_free(ptmp->sname);
-+ OPENSSL_free(ptmp);
-+ }
-+ return 0;
- }
-
- static void xptable_free(X509_PURPOSE *p)
-@@ -271,29 +229,26 @@ static void xptable_free(X509_PURPOSE *p
-
- void X509_PURPOSE_cleanup(void)
- {
-- unsigned int i;
- sk_X509_PURPOSE_pop_free(xptable, xptable_free);
-- for (i = 0; i < X509_PURPOSE_COUNT; i++)
-- xptable_free(xstandard + i);
- xptable = NULL;
- }
-
--int X509_PURPOSE_get_id(X509_PURPOSE *xp)
-+int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
- {
- return xp->purpose;
- }
-
--char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
-+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
- {
- return xp->name;
- }
-
--char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
-+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
- {
- return xp->sname;
- }
-
--int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
-+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
- {
- return xp->trust;
- }
-@@ -573,6 +528,16 @@ static int check_ca(const X509 *x)
- }
- }
-
-+void X509_set_proxy_flag(X509 *x)
-+{
-+ x->ex_flags |= EXFLAG_PROXY;
-+}
-+
-+void X509_set_proxy_pathlen(X509 *x, long l)
-+{
-+ x->ex_pcpathlen = l;
-+}
-+
- int X509_check_ca(X509 *x)
- {
- if (!(x->ex_flags & EXFLAG_SET)) {
-@@ -760,7 +725,7 @@ static int check_purpose_timestamp_sign(
- return 0;
-
- /* Extended Key Usage MUST be critical */
-- i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
-+ i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
- if (i_ext >= 0) {
- X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
- if (!X509_EXTENSION_get_critical(ext))
-@@ -880,3 +845,21 @@ const ASN1_OCTET_STRING *X509_get0_subje
- X509_check_purpose(x, -1, -1);
- return x->skid;
- }
-+
-+long X509_get_pathlen(X509 *x)
-+{
-+ /* Called for side effect of caching extensions */
-+ if (X509_check_purpose(x, -1, -1) != 1
-+ || (x->ex_flags & EXFLAG_BCONS) == 0)
-+ return -1;
-+ return x->ex_pathlen;
-+}
-+
-+long X509_get_proxy_pathlen(X509 *x)
-+{
-+ /* Called for side effect of caching extensions */
-+ if (X509_check_purpose(x, -1, -1) != 1
-+ || (x->ex_flags & EXFLAG_PROXY) == 0)
-+ return -1;
-+ return x->ex_pcpathlen;
-+}
---- a/crypto/x509v3/v3_skey.c
-+++ b/crypto/x509v3/v3_skey.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3_sxnet.c
-+++ b/crypto/x509v3/v3_sxnet.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -150,7 +101,7 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHO
-
- /* Add an id given the zone as an ASCII number */
-
--int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
-+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
- {
- ASN1_INTEGER *izone;
-
-@@ -163,7 +114,7 @@ int SXNET_add_id_asc(SXNET **psx, char *
-
- /* Add an id given the zone as an unsigned long */
-
--int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
-+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
- int userlen)
- {
- ASN1_INTEGER *izone;
-@@ -183,7 +134,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsi
- * passed integer and doesn't make a copy so don't free it up afterwards.
- */
-
--int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
-+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
- int userlen)
- {
- SXNET *sx = NULL;
-@@ -217,7 +168,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, AS
- if (userlen == -1)
- userlen = strlen(user);
-
-- if (!ASN1_OCTET_STRING_set(id->user, (unsigned char *)user, userlen))
-+ if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
- goto err;
- if (!sk_SXNETID_push(sx->ids, id))
- goto err;
-@@ -232,7 +183,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, AS
- return 0;
- }
-
--ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
-+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
- {
- ASN1_INTEGER *izone;
- ASN1_OCTET_STRING *oct;
---- a/crypto/x509v3/v3_tlsf.c
-+++ b/crypto/x509v3/v3_tlsf.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Rob Stradling (rob at comodo.com) for the OpenSSL project 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -155,7 +107,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(cons
- extval = val->name;
-
- for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
-- if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0)
-+ if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
- break;
- if (j < OSSL_NELEM(tls_feature_tbl))
- tlsextid = tls_feature_tbl[j].num;
---- a/crypto/x509v3/v3_utl.c
-+++ b/crypto/x509v3/v3_utl.c
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* X509 v3 extension utilities */
-
- #include <stdio.h>
-@@ -134,7 +86,7 @@ int X509V3_add_value_bool(const char *na
- return X509V3_add_value(name, "FALSE", extlist);
- }
-
--int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist)
- {
- if (asn1_bool)
-@@ -156,7 +108,7 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_MET
- return strtmp;
- }
-
--char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
-+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
- {
- BIGNUM *bntmp = NULL;
- char *strtmp = NULL;
-@@ -170,7 +122,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD
- return strtmp;
- }
-
--ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
-+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
- {
- BIGNUM *bn = NULL;
- ASN1_INTEGER *aint;
-@@ -1177,19 +1129,17 @@ static int ipv6_hex(unsigned char *out,
- {
- unsigned char c;
- unsigned int num = 0;
-+ int x;
-+
- if (inlen > 4)
- return 0;
- while (inlen--) {
- c = *in++;
- num <<= 4;
-- if ((c >= '0') && (c <= '9'))
-- num |= c - '0';
-- else if ((c >= 'A') && (c <= 'F'))
-- num |= c - 'A' + 10;
-- else if ((c >= 'a') && (c <= 'f'))
-- num |= c - 'a' + 10;
-- else
-+ x = OPENSSL_hexchar2int(c);
-+ if (x < 0)
- return 0;
-+ num |= (char)x;
- }
- out[0] = num >> 8;
- out[1] = num & 0xff;
---- a/crypto/x509v3/v3conf.c
-+++ b/crypto/x509v3/v3conf.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x509v3/v3err.c
-+++ b/crypto/x509v3/v3err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -70,6 +20,8 @@
-
- static ERR_STRING_DATA X509V3_str_functs[] = {
- {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"},
-+ {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL),
-+ "addr_validate_path_internal"},
- {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
- "ASIdentifierChoice_canonize"},
- {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
-@@ -77,10 +29,8 @@ static ERR_STRING_DATA X509V3_str_functs
- {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"},
- {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"},
- {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"},
-- {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
- {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"},
- {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"},
-- {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
- {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"},
- {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
- {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"},
-@@ -96,7 +46,6 @@ static ERR_STRING_DATA X509V3_str_functs
- {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"},
- {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
- {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
-- {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
- {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"},
- {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"},
- {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
-@@ -122,14 +71,11 @@ static ERR_STRING_DATA X509V3_str_functs
- {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"},
- {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"},
- {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"},
-- {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL),
-- "addr_validate_path_internal"},
- {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"},
- {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
- {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
- {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
- {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
-- {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
- {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
- {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
- {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
-@@ -201,7 +147,6 @@ static ERR_STRING_DATA X509V3_str_reason
- "no proxy cert policy language defined"},
- {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
- {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
-- {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
- {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
- {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
- {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
-@@ -209,8 +154,6 @@ static ERR_STRING_DATA X509V3_str_reason
- {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
- {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
- "policy path length already defined"},
-- {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),
-- "policy syntax not currently supported"},
- {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
- "policy when proxy language requires no policy"},
- {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
-@@ -231,7 +174,7 @@ static ERR_STRING_DATA X509V3_str_reason
-
- #endif
-
--void ERR_load_X509V3_strings(void)
-+int ERR_load_X509V3_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -240,4 +183,5 @@ void ERR_load_X509V3_strings(void)
- ERR_load_strings(0, X509V3_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/crypto/x509v3/v3prin.c
-+++ b/crypto/x509v3/v3prin.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/crypto/x86_64cpuid.pl
-+++ b/crypto/x86_64cpuid.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- $flavour = shift;
- $output = shift;
-@@ -11,7 +18,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
-@@ -217,6 +224,28 @@ print<<___;
- jne .Little
- ret
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-+
-+.globl CRYPTO_memcmp
-+.type CRYPTO_memcmp,\@abi-omnipotent
-+.align 16
-+CRYPTO_memcmp:
-+ xor %rax,%rax
-+ xor %r10,%r10
-+ cmp \$0,$arg3
-+ je .Lno_data
-+.Loop_cmp:
-+ mov ($arg1),%r10b
-+ lea 1($arg1),$arg1
-+ xor ($arg2),%r10b
-+ lea 1($arg2),$arg2
-+ or %r10b,%al
-+ dec $arg3
-+ jnz .Loop_cmp
-+ neg %rax
-+ shr \$63,%rax
-+.Lno_data:
-+ ret
-+.size CRYPTO_memcmp,.-CRYPTO_memcmp
- ___
-
- print<<___ if (!$win64);
-@@ -364,36 +393,67 @@ print<<___;
- ___
- }
-
-+sub gen_random {
-+my $rdop = shift;
- print<<___;
--.globl OPENSSL_ia32_rdrand
--.type OPENSSL_ia32_rdrand,\@abi-omnipotent
-+.globl OPENSSL_ia32_${rdop}
-+.type OPENSSL_ia32_${rdop},\@abi-omnipotent
- .align 16
--OPENSSL_ia32_rdrand:
-+OPENSSL_ia32_${rdop}:
- mov \$8,%ecx
--.Loop_rdrand:
-- rdrand %rax
-- jc .Lbreak_rdrand
-- loop .Loop_rdrand
--.Lbreak_rdrand:
-+.Loop_${rdop}:
-+ ${rdop} %rax
-+ jc .Lbreak_${rdop}
-+ loop .Loop_${rdop}
-+.Lbreak_${rdop}:
- cmp \$0,%rax
- cmove %rcx,%rax
- ret
--.size OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand
-+.size OPENSSL_ia32_${rdop},.-OPENSSL_ia32_${rdop}
-
--.globl OPENSSL_ia32_rdseed
--.type OPENSSL_ia32_rdseed,\@abi-omnipotent
-+.globl OPENSSL_ia32_${rdop}_bytes
-+.type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
- .align 16
--OPENSSL_ia32_rdseed:
-- mov \$8,%ecx
--.Loop_rdseed:
-- rdseed %rax
-- jc .Lbreak_rdseed
-- loop .Loop_rdseed
--.Lbreak_rdseed:
-- cmp \$0,%rax
-- cmove %rcx,%rax
-+OPENSSL_ia32_${rdop}_bytes:
-+ xor %rax, %rax # return value
-+ cmp \$0,$arg2
-+ je .Ldone_${rdop}_bytes
-+
-+ mov \$8,%r11
-+.Loop_${rdop}_bytes:
-+ ${rdop} %r10
-+ jc .Lbreak_${rdop}_bytes
-+ dec %r11
-+ jnz .Loop_${rdop}_bytes
-+ jmp .Ldone_${rdop}_bytes
-+
-+.align 16
-+.Lbreak_${rdop}_bytes:
-+ cmp \$8,$arg2
-+ jb .Ltail_${rdop}_bytes
-+ mov %r10,($arg1)
-+ lea 8($arg1),$arg1
-+ add \$8,%rax
-+ sub \$8,$arg2
-+ jz .Ldone_${rdop}_bytes
-+ mov \$8,%r11
-+ jmp .Loop_${rdop}_bytes
-+
-+.align 16
-+.Ltail_${rdop}_bytes:
-+ mov %r10b,($arg1)
-+ lea 1($arg1),$arg1
-+ inc %rax
-+ shr \$8,%r8
-+ dec $arg2
-+ jnz .Ltail_${rdop}_bytes
-+
-+.Ldone_${rdop}_bytes:
- ret
--.size OPENSSL_ia32_rdseed,.-OPENSSL_ia32_rdseed
-+.size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
- ___
-+}
-+gen_random("rdrand");
-+gen_random("rdseed");
-
- close STDOUT; # flush
---- a/crypto/x86cpuid.pl
-+++ b/crypto/x86cpuid.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC, "${dir}perlasm", "perlasm");
-@@ -359,6 +365,31 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
- &ret ();
- &function_end_B("OPENSSL_cleanse");
-
-+&function_begin_B("CRYPTO_memcmp");
-+ &push ("esi");
-+ &push ("edi");
-+ &mov ("esi",&wparam(0));
-+ &mov ("edi",&wparam(1));
-+ &mov ("ecx",&wparam(2));
-+ &xor ("eax","eax");
-+ &xor ("edx","edx");
-+ &cmp ("ecx",0);
-+ &je (&label("no_data"));
-+&set_label("loop");
-+ &mov ("dl",&BP(0,"esi"));
-+ &lea ("esi",&DWP(1,"esi"));
-+ &xor ("dl",&BP(0,"edi"));
-+ &lea ("edi",&DWP(1,"edi"));
-+ &or ("al","dl");
-+ &dec ("ecx");
-+ &jnz (&label("loop"));
-+ &neg ("eax");
-+ &shr ("eax",31);
-+&set_label("no_data");
-+ &pop ("edi");
-+ &pop ("esi");
-+ &ret ();
-+&function_end_B("CRYPTO_memcmp");
- {
- my $lasttick = "esi";
- my $lastdiff = "ebx";
-@@ -461,29 +492,64 @@ my $max = "ebp";
- &function_end("OPENSSL_instrument_bus2");
- }
-
--&function_begin_B("OPENSSL_ia32_rdrand");
-+sub gen_random {
-+my $rdop = shift;
-+&function_begin_B("OPENSSL_ia32_${rdop}");
- &mov ("ecx",8);
- &set_label("loop");
-- &rdrand ("eax");
-+ &${rdop}("eax");
- &jc (&label("break"));
- &loop (&label("loop"));
- &set_label("break");
- &cmp ("eax",0);
- &cmove ("eax","ecx");
- &ret ();
--&function_end_B("OPENSSL_ia32_rdrand");
-+&function_end_B("OPENSSL_ia32_${rdop}");
-+
-+&function_begin_B("OPENSSL_ia32_${rdop}_bytes");
-+ &push ("edi");
-+ &push ("ebx");
-+ &xor ("eax","eax"); # return value
-+ &mov ("edi",&wparam(0));
-+ &mov ("ebx",&wparam(1));
-+
-+ &cmp ("ebx",0);
-+ &je (&label("done"));
-
--&function_begin_B("OPENSSL_ia32_rdseed");
- &mov ("ecx",8);
- &set_label("loop");
-- &rdseed ("eax");
-+ &${rdop}("edx");
- &jc (&label("break"));
- &loop (&label("loop"));
--&set_label("break");
-- &cmp ("eax",0);
-- &cmove ("eax","ecx");
-+ &jmp (&label("done"));
-+
-+&set_label("break",16);
-+ &cmp ("ebx",4);
-+ &jb (&label("tail"));
-+ &mov (&DWP(0,"edi"),"edx");
-+ &lea ("edi",&DWP(4,"edi"));
-+ &add ("eax",4);
-+ &sub ("ebx",4);
-+ &jz (&label("done"));
-+ &mov ("ecx",8);
-+ &jmp (&label("loop"));
-+
-+&set_label("tail",16);
-+ &mov (&BP(0,"edi"),"dl");
-+ &lea ("edi",&DWP(1,"edi"));
-+ &inc ("eax");
-+ &shr ("edx",8);
-+ &dec ("ebx");
-+ &jnz (&label("tail"));
-+
-+&set_label("done");
-+ &pop ("ebx");
-+ &pop ("edi");
- &ret ();
--&function_end_B("OPENSSL_ia32_rdseed");
-+&function_end_B("OPENSSL_ia32_${rdop}_bytes");
-+}
-+&gen_random("rdrand");
-+&gen_random("rdseed");
-
- &initseg("OPENSSL_cpuid_setup");
-
---- a/demos/bio/Makefile.in
-+++ /dev/null
-@@ -1,23 +0,0 @@
--CC=cc
--CFLAGS= -g -I../../include
--LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl
--EXAMPLES=saccept sconnect client-arg client-conf
--
--all: $(EXAMPLES)
--
--saccept: saccept.o
-- $(CC) -o saccept saccept.o $(LIBS)
--
--sconnect: sconnect.o
-- $(CC) -o sconnect sconnect.o $(LIBS)
--
--client-arg: client-arg.o
-- $(CC) -o client-arg client-arg.o $(LIBS)
--
--client-conf: client-conf.o
-- $(CC) -o client-conf client-conf.o $(LIBS)
--
--clean:
-- rm -f $(EXAMPLES) *.o
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/demos/bio/client-arg.c
-+++ b/demos/bio/client-arg.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <string.h>
- #include <openssl/err.h>
- #include <openssl/ssl.h>
---- a/demos/bio/client-conf.c
-+++ b/demos/bio/client-conf.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <string.h>
- #include <openssl/err.h>
- #include <openssl/ssl.h>
---- a/demos/bio/saccept.c
-+++ b/demos/bio/saccept.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*-
- * A minimal program to serve an SSL connection.
- * It uses blocking.
---- a/demos/bio/sconnect.c
-+++ b/demos/bio/sconnect.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*-
- * A minimal program to do SSL to a passed host and port.
- * It is actually using non-blocking IO but in a very simple manner
---- a/demos/bio/server-arg.c
-+++ b/demos/bio/server-arg.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * A minimal program to serve an SSL connection. It uses blocking. It use the
- * SSL_CONF API with the command line. cc -I../../include server-arg.c
- * -L../.. -lssl -lcrypto -ldl
---- a/demos/bio/server-cmod.c
-+++ b/demos/bio/server-cmod.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * A minimal TLS server it ses SSL_CTX_config and a configuration file to
- * set most server parameters.
- */
---- a/demos/bio/server-conf.c
-+++ b/demos/bio/server-conf.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * A minimal program to serve an SSL connection. It uses blocking. It uses
- * the SSL_CONF API with a configuration file. cc -I../../include saccept.c
- * -L../.. -lssl -lcrypto -ldl
---- a/demos/cms/cms_comp.c
-+++ b/demos/cms/cms_comp.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME compress example */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/cms/cms_ddec.c
-+++ b/demos/cms/cms_ddec.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * S/MIME detached data decrypt example: rarely done but should the need
- * arise this is an example....
- */
---- a/demos/cms/cms_dec.c
-+++ b/demos/cms/cms_dec.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME decryption example */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/cms/cms_denc.c
-+++ b/demos/cms/cms_denc.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * S/MIME detached data encrypt example: rarely done but should the need
- * arise this is an example....
- */
---- a/demos/cms/cms_enc.c
-+++ b/demos/cms/cms_enc.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME encrypt example */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/cms/cms_sign.c
-+++ b/demos/cms/cms_sign.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME signing example */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/cms/cms_sign2.c
-+++ b/demos/cms/cms_sign2.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* S/MIME signing example: 2 signers */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/cms/cms_uncomp.c
-+++ b/demos/cms/cms_uncomp.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME uncompression example */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/cms/cms_ver.c
-+++ b/demos/cms/cms_ver.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME verification example */
- #include <openssl/pem.h>
- #include <openssl/cms.h>
---- a/demos/evp/aesccm.c
-+++ b/demos/evp/aesccm.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Simple AES CCM test program, uses the same NIST data used for the FIPS
- * self test but uses the application level EVP APIs.
- */
---- a/demos/evp/aesgcm.c
-+++ b/demos/evp/aesgcm.c
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Simple AES GCM test program, uses the same NIST data used for the FIPS
- * self test but uses the application level EVP APIs.
- */
---- a/demos/pkcs12/pkread.c
-+++ b/demos/pkcs12/pkread.c
-@@ -1,3 +1,11 @@
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #include <stdio.h>
- #include <stdlib.h>
---- a/demos/pkcs12/pkwrite.c
-+++ b/demos/pkcs12/pkwrite.c
-@@ -1,3 +1,11 @@
-+/*
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #include <stdio.h>
- #include <stdlib.h>
---- a/demos/smime/smdec.c
-+++ b/demos/smime/smdec.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME signing example */
- #include <openssl/pem.h>
- #include <openssl/pkcs7.h>
---- a/demos/smime/smenc.c
-+++ b/demos/smime/smenc.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME encrypt example */
- #include <openssl/pem.h>
- #include <openssl/pkcs7.h>
---- a/demos/smime/smsign.c
-+++ b/demos/smime/smsign.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME signing example */
- #include <openssl/pem.h>
- #include <openssl/pkcs7.h>
---- a/demos/smime/smsign2.c
-+++ b/demos/smime/smsign2.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
- #include <openssl/pem.h>
- #include <openssl/pkcs7.h>
---- a/demos/smime/smver.c
-+++ b/demos/smime/smver.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* Simple S/MIME verification example */
- #include <openssl/pem.h>
- #include <openssl/pkcs7.h>
---- a/doc/HOWTO/proxy_certificates.txt
-+++ b/doc/HOWTO/proxy_certificates.txt
-@@ -164,138 +164,151 @@ application and the certificate validati
-
- Here is some skeleton code you can fill in:
-
-- /* In this example, I will use a view of granted rights as a bit
-- array, one bit for each possible right. */
-+ #include <string.h>
-+ #include <netdb.h>
-+ #include <openssl/x509.h>
-+ #include <openssl/x509v3.h>
-+
-+ #define total_rights 25
-+
-+ /*
-+ * In this example, I will use a view of granted rights as a bit
-+ * array, one bit for each possible right.
-+ */
- typedef struct your_rights {
-- unsigned char rights[total_rights / 8];
-+ unsigned char rights[(total_rights + 7) / 8];
- } YOUR_RIGHTS;
-
-- /* The following procedure will create an index for the ex_data
-- store in the X509 validation context the first time it's called.
-- Subsequent calls will return the same index. */
-- static int get_proxy_auth_ex_data_idx(void)
-+ /*
-+ * The following procedure will create an index for the ex_data
-+ * store in the X509 validation context the first time it's called.
-+ * Subsequent calls will return the same index. */
-+ static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
- {
-- static volatile int idx = -1;
-- if (idx < 0)
-- {
-- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-- if (idx < 0)
-- {
-- idx = X509_STORE_CTX_get_ex_new_index(0,
-- "for verify callback",
-- NULL,NULL,NULL);
-+ static volatile int idx = -1;
-+ if (idx < 0) {
-+ X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
-+ if (idx < 0) {
-+ idx = X509_STORE_CTX_get_ex_new_index(0,
-+ "for verify callback",
-+ NULL,NULL,NULL);
- }
-- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-+ X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
- }
-- return idx;
-+ return idx;
- }
-
- /* Callback to be given to the X509 validation procedure. */
- static int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
-- if (ok == 1) /* It's REALLY important you keep the proxy policy
-- check within this section. It's important to know
-- that when ok is 1, the certificates are checked
-- from top to bottom. You get the CA root first,
-- followed by the possible chain of intermediate
-- CAs, followed by the EE certificate, followed by
-- the possible proxy certificates. */
-- {
-- X509 *xs = ctx->current_cert;
--
-- if (xs->ex_flags & EXFLAG_PROXY)
-- {
-- YOUR_RIGHTS *rights =
-- (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
-- get_proxy_auth_ex_data_idx());
-- PROXY_CERT_INFO_EXTENSION *pci =
-- X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
-+ if (ok == 1) {
-+ /*
-+ * It's REALLY important you keep the proxy policy
-+ * check within this section. It's important to know
-+ * that when ok is 1, the certificates are checked
-+ * from top to bottom. You get the CA root first,
-+ * followed by the possible chain of intermediate
-+ * CAs, followed by the EE certificate, followed by
-+ * the possible proxy certificates.
-+ */
-+ X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
-+
-+ if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
-+ YOUR_RIGHTS *rights =
-+ (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
-+ get_proxy_auth_ex_data_idx(ctx));
-+ PROXY_CERT_INFO_EXTENSION *pci =
-+ X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
-
-- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
-- {
-+ switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
- case NID_Independent:
-- /* Do whatever you need to grant explicit rights to
-- this particular proxy certificate, usually by
-- pulling them from some database. If there are none
-- to be found, clear all rights (making this and any
-- subsequent proxy certificate void of any rights).
-- */
-- memset(rights->rights, 0, sizeof(rights->rights));
-- break;
-+ /*
-+ * Do whatever you need to grant explicit rights to
-+ * this particular proxy certificate, usually by
-+ * pulling them from some database. If there are none
-+ * to be found, clear all rights (making this and any
-+ * subsequent proxy certificate void of any rights).
-+ */
-+ memset(rights->rights, 0, sizeof(rights->rights));
-+ break;
- case NID_id_ppl_inheritAll:
-- /* This is basically a NOP, we simply let the current
-- rights stand as they are. */
-- break;
-+ /*
-+ * This is basically a NOP, we simply let the current
-+ * rights stand as they are.
-+ */
-+ break;
- default:
-- /* This is usually the most complex section of code.
-- You really do whatever you want as long as you
-- follow RFC 3820. In the example we use here, the
-- simplest thing to do is to build another, temporary
-- bit array and fill it with the rights granted by
-- the current proxy certificate, then use it as a
-- mask on the accumulated rights bit array, and
-- voilà , you now have a new accumulated rights bit
-- array. */
-- {
-- int i;
-- YOUR_RIGHTS tmp_rights;
-- memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
--
-- /* process_rights() is supposed to be a procedure
-- that takes a string and it's length, interprets
-- it and sets the bits in the YOUR_RIGHTS pointed
-- at by the third argument. */
-- process_rights((char *) pci->proxyPolicy->policy->data,
-- pci->proxyPolicy->policy->length,
-- &tmp_rights);
--
-- for(i = 0; i < total_rights / 8; i++)
-- rights->rights[i] &= tmp_rights.rights[i];
-- }
-- break;
-+ /* This is usually the most complex section of code.
-+ * You really do whatever you want as long as you
-+ * follow RFC 3820. In the example we use here, the
-+ * simplest thing to do is to build another, temporary
-+ * bit array and fill it with the rights granted by
-+ * the current proxy certificate, then use it as a
-+ * mask on the accumulated rights bit array, and
-+ * voilà , you now have a new accumulated rights bit
-+ * array.
-+ */
-+ {
-+ int i;
-+ YOUR_RIGHTS tmp_rights;
-+ memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
-+
-+ /*
-+ * process_rights() is supposed to be a procedure
-+ * that takes a string and it's length, interprets
-+ * it and sets the bits in the YOUR_RIGHTS pointed
-+ * at by the third argument.
-+ */
-+ process_rights((char *) pci->proxyPolicy->policy->data,
-+ pci->proxyPolicy->policy->length,
-+ &tmp_rights);
-+
-+ for(i = 0; i < total_rights / 8; i++)
-+ rights->rights[i] &= tmp_rights.rights[i];
-+ }
-+ break;
- }
-- PROXY_CERT_INFO_EXTENSION_free(pci);
-- }
-- else if (!(xs->ex_flags & EXFLAG_CA))
-- {
-- /* We have an EE certificate, let's use it to set default!
-- */
-- YOUR_RIGHTS *rights =
-- (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
-- get_proxy_auth_ex_data_idx());
--
-- /* The following procedure finds out what rights the owner
-- of the current certificate has, and sets them in the
-- YOUR_RIGHTS structure pointed at by the second
-- argument. */
-- set_default_rights(xs, rights);
-+ PROXY_CERT_INFO_EXTENSION_free(pci);
-+ } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
-+ /* We have an EE certificate, let's use it to set default! */
-+ YOUR_RIGHTS *rights =
-+ (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
-+ get_proxy_auth_ex_data_idx(ctx));
-+
-+ /* The following procedure finds out what rights the owner
-+ * of the current certificate has, and sets them in the
-+ * YOUR_RIGHTS structure pointed at by the second
-+ * argument.
-+ */
-+ set_default_rights(xs, rights);
- }
- }
-- return ok;
-+ return ok;
- }
-
- static int my_X509_verify_cert(X509_STORE_CTX *ctx,
- YOUR_RIGHTS *needed_rights)
- {
-- int i;
-- int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = ctx->verify_cb;
-- YOUR_RIGHTS rights;
--
-- X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
-- X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(), &rights);
-- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-- ok = X509_verify_cert(ctx);
--
-- if (ok == 1)
-- {
-- ok = check_needed_rights(rights, needed_rights);
-+ int ok;
-+ int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
-+ X509_STORE_CTX_get_verify_cb(ctx);
-+ YOUR_RIGHTS rights;
-+
-+ X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
-+ X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), &rights);
-+ X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-+ ok = X509_verify_cert(ctx);
-+
-+ if (ok == 1) {
-+ ok = check_needed_rights(rights, needed_rights);
- }
-
-- X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
-+ X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
-
-- return ok;
-+ return ok;
- }
-
-+
- If you use SSL or TLS, you can easily set up a callback to have the
- certificates checked properly, using the code above:
-
---- a/doc/apps/CA.pl.pod
-+++ b/doc/apps/CA.pl.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -103,7 +102,7 @@ B<cessationOfOperation>, B<certificateHo
- =item B<-verify>
-
- verifies certificates against the CA certificate for "demoCA". If no certificates
--are specified on the command line it tries to verify the file "newcert.pem".
-+are specified on the command line it tries to verify the file "newcert.pem".
-
- =item B<files>
-
-@@ -148,7 +147,7 @@ enter cacert.pem when prompted for the C
- Create a DSA certificate request and private key (a different set of parameters
- can optionally be created first):
-
-- openssl req -out newreq.pem -newkey dsa:dsap.pem
-+ openssl req -out newreq.pem -newkey dsa:dsap.pem
-
- Sign the request:
-
-@@ -169,7 +168,7 @@ directly (for example Win32) and the def
-
- perl -S CA.pl
-
--can be used and the B<OPENSSL_CONF> environment variable changed to point to
-+can be used and the B<OPENSSL_CONF> environment variable changed to point to
- the correct path of the configuration file "openssl.cnf".
-
- The script is intended as a simple front end for the B<openssl> program for use
-@@ -187,4 +186,13 @@ configuration file, not just its directo
- L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
- L<config(5)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/asn1parse.pod
-+++ b/doc/apps/asn1parse.pod
-@@ -92,7 +92,7 @@ L<ASN1_generate_nconf(3)> format. If B<f
- present then the string is obtained from the default section using the name
- B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
- though it came from a file, the contents can thus be examined and written to a
--file using the B<out> option.
-+file using the B<out> option.
-
- =item B<-strictpem>
-
-@@ -104,28 +104,28 @@ END marker in a PEM file.
-
- =back
-
--=head2 OUTPUT
-+=head2 Output
-
- The output will typically contain lines like this:
-
-- 0:d=0 hl=4 l= 681 cons: SEQUENCE
-+ 0:d=0 hl=4 l= 681 cons: SEQUENCE
-
- .....
-
- 229:d=3 hl=3 l= 141 prim: BIT STRING
-- 373:d=2 hl=3 l= 162 cons: cont [ 3 ]
-- 376:d=3 hl=3 l= 159 cons: SEQUENCE
-- 379:d=4 hl=2 l= 29 cons: SEQUENCE
-+ 373:d=2 hl=3 l= 162 cons: cont [ 3 ]
-+ 376:d=3 hl=3 l= 159 cons: SEQUENCE
-+ 379:d=4 hl=2 l= 29 cons: SEQUENCE
- 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
-- 386:d=5 hl=2 l= 22 prim: OCTET STRING
-- 410:d=4 hl=2 l= 112 cons: SEQUENCE
-+ 386:d=5 hl=2 l= 22 prim: OCTET STRING
-+ 410:d=4 hl=2 l= 112 cons: SEQUENCE
- 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
-- 417:d=5 hl=2 l= 105 prim: OCTET STRING
-- 524:d=4 hl=2 l= 12 cons: SEQUENCE
-+ 417:d=5 hl=2 l= 105 prim: OCTET STRING
-+ 524:d=4 hl=2 l= 12 cons: SEQUENCE
-
- .....
-
--This example is part of a self signed certificate. Each line starts with the
-+This example is part of a self-signed certificate. Each line starts with the
- offset in decimal. B<d=XX> specifies the current depth. The depth is increased
- within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
- (tag and length octets) of the current type. B<l=XX> gives the length of
-@@ -133,27 +133,27 @@ the contents octets.
-
- The B<-i> option can be used to make the output more readable.
-
--Some knowledge of the ASN.1 structure is needed to interpret the output.
-+Some knowledge of the ASN.1 structure is needed to interpret the output.
-
- In this example the BIT STRING at offset 229 is the certificate public key.
- The contents octets of this will contain the public key information. This can
- be examined using the option B<-strparse 229> to yield:
-
-- 0:d=0 hl=3 l= 137 cons: SEQUENCE
-+ 0:d=0 hl=3 l= 137 cons: SEQUENCE
- 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
- 135:d=1 hl=2 l= 3 prim: INTEGER :010001
-
- =head1 NOTES
-
- If an OID is not part of OpenSSL's internal table it will be represented in
--numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
-+numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
- allows additional OIDs to be included. Each line consists of three columns,
- the first column is the OID in numerical format and should be followed by white
- space. The second column is the "short name" which is a single word followed
- by white space. The final column is the rest of the line and is the
- "long name". B<asn1parse> displays the long name. Example:
-
--C<1.2.3.4 shortName A long name>
-+C<1.2.3.4 shortName A long name>
-
- =head1 EXAMPLES
-
-@@ -196,4 +196,13 @@ ASN.1 types is not well handled (if at a
-
- L<ASN1_generate_nconf(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/ca.pod
-+++ b/doc/apps/ca.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -62,7 +61,7 @@ and their status.
-
- The options descriptions will be divided into each purpose.
-
--=head1 CA OPTIONS
-+=head1 COMMAND OPTIONS
-
- =over 4
-
-@@ -90,7 +89,7 @@ signed by the CA.
-
- =item B<-ss_cert filename>
-
--a single self signed certificate to be signed by the CA.
-+a single self-signed certificate to be signed by the CA.
-
- =item B<-spkac filename>
-
-@@ -101,7 +100,7 @@ section for information on the required
- =item B<-infiles>
-
- if present this should be the last option, all subsequent arguments
--are taken as the names of files containing certificate requests.
-+are taken as the names of files containing certificate requests.
-
- =item B<-out filename>
-
-@@ -195,7 +194,7 @@ need this option.
- =item B<-preserveDN>
-
- Normally the DN order of a certificate is the same as the order of the
--fields in the relevant policy section. When this option is set the order
-+fields in the relevant policy section. When this option is set the order
- is the same as the request. This is largely for compatibility with the
- older IE enrollment control which would only accept certificates if their
- DNs match the order of the request. This is not needed for Xenroll.
-@@ -245,7 +244,7 @@ characters may be escaped by \ (backslas
-
- =item B<-utf8>
-
--this option causes field values to be interpreted as UTF8 strings, by
-+this option causes field values to be interpreted as UTF8 strings, by
- default they are interpreted as ASCII. This means that the field
- values, whether prompted from a terminal or obtained from a
- configuration file, must be valid UTF8 strings.
-@@ -366,7 +365,7 @@ any) used.
- This specifies a file containing additional B<OBJECT IDENTIFIERS>.
- Each line of the file should consist of the numerical form of the
- object identifier followed by white space then the short name followed
--by white space and finally the long name.
-+by white space and finally the long name.
-
- =item B<oid_section>
-
-@@ -398,7 +397,7 @@ an EGD socket (see L<RAND_egd(3)>).
- =item B<default_days>
-
- the same as the B<-days> option. The number of days to certify
--a certificate for.
-+a certificate for.
-
- =item B<default_startdate>
-
-@@ -521,7 +520,7 @@ this can be regarded more of a quirk tha
-
- The input to the B<-spkac> command line option is a Netscape
- signed public key and challenge. This will usually come from
--the B<KEYGEN> tag in an HTML form to create a new private key.
-+the B<KEYGEN> tag in an HTML form to create a new private key.
- It is however possible to create SPKACs using the B<spkac> utility.
-
- The file should contain the variable SPKAC set to the value of
-@@ -581,18 +580,18 @@ Generate a CRL
-
- [ ca ]
- default_ca = CA_default # The default ca section
--
-+
- [ CA_default ]
-
- dir = ./demoCA # top dir
- database = $dir/index.txt # index file.
-- new_certs_dir = $dir/newcerts # new certs dir
--
-+ new_certs_dir = $dir/newcerts # new certs dir
-+
- certificate = $dir/cacert.pem # The CA cert
- serial = $dir/serial # serial no file
- private_key = $dir/private/cakey.pem# CA private key
- RANDFILE = $dir/private/.rand # random number file
--
-+
- default_days = 365 # how long to certify for
- default_crl_days= 30 # how long before next CRL
- default_md = md5 # md to use
-@@ -600,9 +599,9 @@ Generate a CRL
- policy = policy_any # default policy
- email_in_dn = no # Don't add the email into cert DN
-
-- name_opt = ca_default # Subject name display option
-- cert_opt = ca_default # Certificate display option
-- copy_extensions = none # Don't copy extensions from request
-+ name_opt = ca_default # Subject name display option
-+ cert_opt = ca_default # Certificate display option
-+ copy_extensions = none # Don't copy extensions from request
-
- [ policy_any ]
- countryName = supplied
-@@ -636,7 +635,7 @@ be overridden by the B<-config> command
-
- =head1 RESTRICTIONS
-
--The text database index file is a critical part of the process and
-+The text database index file is a critical part of the process and
- if corrupted it can be difficult to fix. It is theoretically possible
- to rebuild the index file from all the issued certificates and a current
- CRL: however there is no option to do this.
-@@ -644,11 +643,11 @@ CRL: however there is no option to do th
- V2 CRL features like delta CRLs are not currently supported.
-
- Although several requests can be input and handled at once it is only
--possible to include one SPKAC or self signed certificate.
-+possible to include one SPKAC or self-signed certificate.
-
- =head1 BUGS
-
--The use of an in memory text database can cause problems when large
-+The use of an in-memory text database can cause problems when large
- numbers of certificates are present because, as the name implies
- the database has to be kept in memory.
-
-@@ -704,6 +703,15 @@ then even if a certificate is issued wit
- =head1 SEE ALSO
-
- L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
--L<config(5)>, L<x509v3_config(5)>
-+L<config(5)>, L<x509v3_config(5)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/ciphers.pod
-+++ b/doc/apps/ciphers.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--ciphers - SSL cipher display and cipher list tool.
-+ciphers - SSL cipher display and cipher list tool
-
- =head1 SYNOPSIS
-
-@@ -17,6 +17,7 @@ B<openssl> B<ciphers>
- [B<-tls1_2>]
- [B<-s>]
- [B<-psk>]
-+[B<-srp>]
- [B<-stdname>]
- [B<cipherlist>]
-
-@@ -37,13 +38,12 @@ Print a usage message.
- =item B<-s>
-
- Only list supported ciphers: those consistent with the security level, and
--minimum and maximum protocol version.
--This is closer to the actual cipher list an application will support.
-+minimum and maximum protocol version. This is closer to the actual cipher list
-+an application will support.
-+
-+PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
-+to enable them.
-
--This program does not set up support for SRP and so SRP based ciphers will
--always be excluded when using this option.
--PSK ciphers are not enabled by default and it requires the B<-psk> to enable
--them.
- It also does not change the default list of supported signature algorithms.
-
- On a server the list of supported ciphers might also exclude other ciphers
-@@ -56,6 +56,10 @@ listed.
-
- When combined with B<-s> includes cipher suites which require PSK.
-
-+=item B<-srp>
-+
-+When combined with B<-s> includes cipher suites which require SRP.
-+
- =item B<-v>
-
- Verbose output: For each ciphersuite, list details as provided by
-@@ -242,7 +246,7 @@ Cipher suites using authenticated epheme
-
- =item B<AECDH>
-
--Anonymous Elliptic Curve Diffie Hellman cipher suites.
-+Anonymous Elliptic Curve Diffie-Hellman cipher suites.
-
- =item B<aDSS>, B<DSS>
-
-@@ -390,7 +394,7 @@ relevant specification and their OpenSSL
- that several cipher suite names do not include the authentication used,
- e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
-
--=head2 SSL v3.0 cipher suites.
-+=head2 SSL v3.0 cipher suites
-
- SSL_RSA_WITH_NULL_MD5 NULL-MD5
- SSL_RSA_WITH_NULL_SHA NULL-SHA
-@@ -411,7 +415,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA a
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
-
--=head2 TLS v1.0 cipher suites.
-+=head2 TLS v1.0 cipher suites
-
- TLS_RSA_WITH_NULL_MD5 NULL-MD5
- TLS_RSA_WITH_NULL_SHA NULL-SHA
-@@ -576,7 +580,7 @@ Note: these ciphers can also be used in
- TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
- TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
-
--=head2 Pre shared keying (PSK) ciphersuites
-+=head2 Pre-shared keying (PSK) ciphersuites
-
- PSK_WITH_NULL_SHA PSK-NULL-SHA
- DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA
-@@ -650,7 +654,7 @@ Note: these ciphers can also be used in
- DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
- DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
-
--=head2 ChaCha20-Poly1305 cipher suites from draft-ietf-tls-chacha20-poly1305-04, extending TLS v1.2
-+=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
-
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
-@@ -660,6 +664,13 @@ Note: these ciphers can also be used in
- TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
- TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
-
-+=head2 Older names used by OpenSSL
-+
-+The following names are accepted by older releases:
-+
-+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
-+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
-+
- =head1 NOTES
-
- Some compiled versions of OpenSSL may not include all the ciphers
-@@ -706,4 +717,13 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(3)
-
- The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/cms.pod
-+++ b/doc/apps/cms.pod
-@@ -47,6 +47,7 @@ B<openssl> B<cms>
- [B<-ignore_critical>]
- [B<-inhibit_any>]
- [B<-inhibit_map>]
-+[B<-no_check_time>]
- [B<-partial_chain>]
- [B<-policy arg>]
- [B<-policy_check>]
-@@ -73,6 +74,7 @@ B<openssl> B<cms>
- [B<-noattr>]
- [B<-nosmimecap>]
- [B<-binary>]
-+[B<-crlfeol>]
- [B<-asciicrlf>]
- [B<-nodetach>]
- [B<-certfile file>]
-@@ -184,13 +186,13 @@ B<EncrytedData> type and output the cont
-
- =item B<-sign_receipt>
-
--Generate and output a signed receipt for the supplied message. The input
-+Generate and output a signed receipt for the supplied message. The input
- message B<must> contain a signed receipt request. Functionality is otherwise
- similar to the B<-sign> operation.
-
- =item B<-verify_receipt receipt>
-
--Verify a signed receipt in filename B<receipt>. The input message B<must>
-+Verify a signed receipt in filename B<receipt>. The input message B<must>
- contain the original receipt request. Functionality is otherwise similar
- to the B<-verify> operation.
-
-@@ -254,7 +256,7 @@ is S/MIME and it uses the multipart/sign
-
- this option adds plain text (text/plain) MIME headers to the supplied
- message if encrypting or signing. If decrypting or verifying it strips
--off text headers: if the decrypted or verified message is not of MIME
-+off text headers: if the decrypted or verified message is not of MIME
- type text/plain then an error occurs.
-
- =item B<-noout>
-@@ -296,11 +298,11 @@ default digest algorithm for the signing
-
- the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
- or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
--EVP_get_cipherbyname() function) can also be used preceded by a dash, for
-+EVP_get_cipherbyname() function) can also be used preceded by a dash, for
- example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for a list of ciphers
- supported by your version of OpenSSL.
-
--If not specified triple DES is used. Only used with B<-encrypt> and
-+If not specified triple DES is used. Only used with B<-encrypt> and
- B<-EncryptedData_create> commands.
-
- =item B<-nointern>
-@@ -339,6 +341,11 @@ effectively using CR and LF as end of li
- specification. When this option is present no translation occurs. This
- is useful when handling binary data which may not be in MIME format.
-
-+=item B<-crlfeol>
-+
-+normally the output file uses a single B<LF> as end of line. When this
-+option is present B<CRLF> is used instead.
-+
- =item B<-asciicrlf>
-
- when signing use ASCII CRLF format canonicalisation. This strips trailing
-@@ -401,7 +408,7 @@ address where receipts should be supplie
-
- =item B<-receipt_request_to emailaddress>
-
--Add an explicit email address where signed receipts should be sent to. This
-+Add an explicit email address where signed receipts should be sent to. This
- option B<must> but supplied if a signed receipt it requested.
-
- =item B<-receipt_request_print>
-@@ -429,7 +436,7 @@ B<KEKRecipientInfo> structures.
-
- set the encapsulated content type to B<type> if not supplied the B<Data> type
- is used. The B<type> argument can be any valid OID name in either text or
--numerical format.
-+numerical format.
-
- =item B<-inkey file>
-
-@@ -462,7 +469,7 @@ all others.
- =item B<cert.pem...>
-
- one or more certificates of message recipients: used when encrypting
--a message.
-+a message.
-
- =item B<-to, -from, -subject>
-
-@@ -473,7 +480,7 @@ address matches that specified in the Fr
-
- =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
- B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
--B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
- B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
- B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
- B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -527,7 +534,7 @@ attempt is made to locate the recipient
- in turn using the supplied private key. To thwart the MMA attack
- (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
- tried whether they succeed or not and if no recipients match the message
--is "decrypted" using a random key which will typically output garbage.
-+is "decrypted" using a random key which will typically output garbage.
- The B<-debug_decrypt> option can be used to disable the MMA attack protection
- and return an error if no recipient can be found: this option should be used
- with caution. For a fuller description see L<CMS_decrypt(3)>).
-@@ -591,29 +598,29 @@ be processed by the older B<smime> comma
- Create a cleartext signed message:
-
- openssl cms -sign -in message.txt -text -out mail.msg \
-- -signer mycert.pem
-+ -signer mycert.pem
-
- Create an opaque signed message
-
- openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
-- -signer mycert.pem
-+ -signer mycert.pem
-
- Create a signed message, include some additional certificates and
- read the private key from another file:
-
- openssl cms -sign -in in.txt -text -out mail.msg \
-- -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-+ -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-
- Create a signed message with two signers, use key identifier:
-
- openssl cms -sign -in message.txt -text -out mail.msg \
-- -signer mycert.pem -signer othercert.pem -keyid
-+ -signer mycert.pem -signer othercert.pem -keyid
-
- Send a signed message under Unix directly to sendmail, including headers:
-
- openssl cms -sign -in in.txt -text -signer mycert.pem \
-- -from steve at openssl.org -to someone at somewhere \
-- -subject "Signed message" | sendmail someone at somewhere
-+ -from steve at openssl.org -to someone at somewhere \
-+ -subject "Signed message" | sendmail someone at somewhere
-
- Verify a message and extract the signer's certificate if successful:
-
-@@ -622,15 +629,15 @@ Create a signed message, include some ad
- Send encrypted mail using triple DES:
-
- openssl cms -encrypt -in in.txt -from steve at openssl.org \
-- -to someone at somewhere -subject "Encrypted message" \
-- -des3 user.pem -out mail.msg
-+ -to someone at somewhere -subject "Encrypted message" \
-+ -des3 user.pem -out mail.msg
-
- Sign and encrypt mail:
-
- openssl cms -sign -in ml.txt -signer my.pem -text \
-- | openssl cms -encrypt -out mail.msg \
-- -from steve at openssl.org -to someone at somewhere \
-- -subject "Signed and Encrypted message" -des3 user.pem
-+ | openssl cms -encrypt -out mail.msg \
-+ -from steve at openssl.org -to someone at somewhere \
-+ -subject "Signed and Encrypted message" -des3 user.pem
-
- Note: the encryption command does not include the B<-text> option because the
- message being encrypted already has MIME headers.
-@@ -647,7 +654,7 @@ signature by line wrapping the base64 en
- -----BEGIN PKCS7-----
- -----END PKCS7-----
-
--and using the command,
-+and using the command,
-
- openssl cms -verify -inform PEM -in signature.pem -content content.txt
-
-@@ -666,17 +673,17 @@ alternatively you can base64 decode the
- Sign mail using RSA-PSS:
-
- openssl cms -sign -in message.txt -text -out mail.msg \
-- -signer mycert.pem -keyopt rsa_padding_mode:pss
-+ -signer mycert.pem -keyopt rsa_padding_mode:pss
-
- Create encrypted mail using RSA-OAEP:
-
- openssl cms -encrypt -in plain.txt -out mail.msg \
-- -recip cert.pem -keyopt rsa_padding_mode:oaep
-+ -recip cert.pem -keyopt rsa_padding_mode:oaep
-
- Use SHA256 KDF with an ECDH certificate:
-
- openssl cms -encrypt -in plain.txt -out mail.msg \
-- -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
-+ -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
-
- =head1 BUGS
-
-@@ -708,11 +715,20 @@ The B<keyopt> option was first added in
- The use of B<-recip> to specify the recipient when encrypting mail was first
- added to OpenSSL 1.1.0
-
--Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
-+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
-
- The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
- to OpenSSL 1.1.0.
-
- The -no_alt_chains options was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/config.pod
-+++ b/doc/apps/config.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =for comment openssl_manual_section:5
-@@ -63,14 +62,14 @@ functionality: any sub command uses the
- unless an option is used in the sub command to use an alternative configuration
- file.
-
--To enable library configuration the default section needs to contain an
-+To enable library configuration the default section needs to contain an
- appropriate line which points to the main configuration section. The default
- name is B<openssl_conf> which is used by the B<openssl> utility. Other
- applications may use an alternative name such as B<myapplicaton_conf>.
-
- The configuration section should consist of a set of name value pairs which
- contain specific module configuration information. The B<name> represents
--the name of the I<configuration module> the meaning of the B<value> is
-+the name of the I<configuration module> the meaning of the B<value> is
- module specific: it may, for example, represent a further configuration
- section containing configuration module specific information. E.g.
-
-@@ -91,7 +90,7 @@ section containing configuration module
-
- The features of each configuration module are described below.
-
--=head2 ASN1 OBJECT CONFIGURATION MODULE
-+=head2 ASN1 Object Configuration Module
-
- This module has the name B<oid_section>. The value of this variable points
- to a section containing name value pairs of OIDs: the name is the OID short
-@@ -102,7 +101,7 @@ B<all> the B<openssl> utility sub comman
- as any compliant applications. For example:
-
- [new_oids]
--
-+
- some_new_oid = 1.2.3.4
- some_other_oid = 1.2.3.5
-
-@@ -111,7 +110,7 @@ It is also possible to set the value to
-
- shortName = some object long name, 1.2.3.4
-
--=head2 ENGINE CONFIGURATION MODULE
-+=head2 Engine Configuration Module
-
- This ENGINE configuration module has the name B<engines>. The value of this
- variable points to a section containing further ENGINE configuration
-@@ -141,7 +140,7 @@ currently supported commands are listed
- [bar_section]
- ... "bar" ENGINE specific commands ...
-
--The command B<engine_id> is used to give the ENGINE name. If used this
-+The command B<engine_id> is used to give the ENGINE name. If used this
- command must be first. For example:
-
- [engine_section]
-@@ -168,7 +167,7 @@ The command B<default_algorithms> sets t
- supply using the functions ENGINE_set_default_string().
-
- If the name matches none of the above command names it is assumed to be a
--ctrl command which is sent to the ENGINE. The value of the command is the
-+ctrl command which is sent to the ENGINE. The value of the command is the
- argument to the ctrl command. If the value is the string B<EMPTY> then no
- value is sent to the command.
-
-@@ -190,7 +189,7 @@ value is sent to the command.
- # Supply all default algorithms
- default_algorithms = ALL
-
--=head2 EVP CONFIGURATION MODULE
-+=head2 EVP Configuration Module
-
- This modules has the name B<alg_section> which points to a section containing
- algorithm commands.
-@@ -208,7 +207,7 @@ not FIPS capable then an error occurs.
-
- fips_mode = on
-
--=head2 SSL CONFIGURATION MODULE
-+=head2 SSL Configuration Module
-
- This module has the name B<ssl_conf> which points to a section containing
- SSL configurations.
-@@ -266,7 +265,7 @@ Here is a sample configuration file usin
- mentioned above.
-
- # This is the default section.
--
-+
- HOME=/temp
- RANDFILE= ${ENV::HOME}/.rnd
- configdir=$ENV::HOME/config
-@@ -296,7 +295,7 @@ the B<TEMP> or B<TMP> environment variab
- set to any value at all. If you just include the environment variable
- names and the variable doesn't exist then this will cause an error when
- an attempt is made to load the configuration file. By making use of the
--default section both values can be looked up with B<TEMP> taking
-+default section both values can be looked up with B<TEMP> taking
- priority and B</tmp> used if neither is defined:
-
- TMP=/tmp
-@@ -375,4 +374,13 @@ file.
-
- L<x509(1)>, L<req(1)>, L<ca(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/crl.pod
-+++ b/doc/apps/crl.pod
-@@ -42,7 +42,7 @@ the DER form with header and footer line
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -130,4 +130,13 @@ and files too.
-
- L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/crl2pkcs7.pod
-+++ b/doc/apps/crl2pkcs7.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
-+crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
-
- =head1 SYNOPSIS
-
-@@ -74,8 +74,8 @@ included in the output file and a CRL is
- Creates a PKCS#7 structure in DER format with no CRL from several
- different certificates:
-
-- openssl crl2pkcs7 -nocrl -certfile newcert.pem
-- -certfile demoCA/cacert.pem -outform DER -out p7.der
-+ openssl crl2pkcs7 -nocrl -certfile newcert.pem
-+ -certfile demoCA/cacert.pem -outform DER -out p7.der
-
- =head1 NOTES
-
-@@ -93,4 +93,13 @@ install user certificates and CAs in MSI
-
- L<pkcs7(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/dgst.pod
-+++ b/doc/apps/dgst.pod
-@@ -156,7 +156,7 @@ a file or files containing random data u
- generator, or an EGD socket (see L<RAND_egd(3)>).
- Multiple files can be specified separated by an OS-dependent character.
- The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
--all others.
-+all others.
-
- =item B<-fips-fingerprint>
-
-@@ -225,7 +225,16 @@ prior to verification.
-
- =head1 HISTORY
-
--The default digest was changed from MD5 to SHA256 in Openssl 1.1.
--The FIPS-related options were removed in OpenSSL 1.1
-+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
-+The FIPS-related options were removed in OpenSSL 1.1.0
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/dhparam.pod
-+++ b/doc/apps/dhparam.pod
-@@ -44,7 +44,7 @@ additional header and footer lines.
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in> I<filename>
-@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be
-
- =item B<-check>
-
--check if the parameters are valid primes and generator.
-+Performs numerous checks to see if the supplied parameters are valid and
-+displays a warning if not.
-
- =item B<-2>, B<-5>
-
-@@ -123,7 +124,7 @@ for all available algorithms.
-
- The program B<dhparam> combines the functionality of the programs B<dh> and
- B<gendh> in previous versions of OpenSSL. The B<dh> and B<gendh>
--programs are retained for now but may have different purposes in future
-+programs are retained for now but may have different purposes in future
- versions of OpenSSL.
-
- =head1 NOTES
-@@ -146,4 +147,13 @@ There should be a way to generate and ma
-
- L<dsaparam(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/dsa.pod
-+++ b/doc/apps/dsa.pod
-@@ -59,7 +59,7 @@ PKCS#8 format is also accepted.
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -149,7 +149,7 @@ for all available algorithms.
-
- openssl dsa -in key.pem -des3 -out keyout.pem
-
--To convert a private key from PEM to DER format:
-+To convert a private key from PEM to DER format:
-
- openssl dsa -in key.pem -outform DER -out keyout.der
-
-@@ -166,4 +166,13 @@ To convert a private key from PEM to DER
- L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
- L<genrsa(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/dsaparam.pod
-+++ b/doc/apps/dsaparam.pod
-@@ -41,7 +41,7 @@ of the B<DER> format base64 encoded with
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -112,4 +112,13 @@ DSA parameters is often used to generate
- L<gendsa(1)>, L<dsa(1)>, L<genrsa(1)>,
- L<rsa(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/ec.pod
-+++ b/doc/apps/ec.pod
-@@ -31,7 +31,7 @@ B<openssl> B<ec>
- =head1 DESCRIPTION
-
- The B<ec> command processes EC keys. They can be converted between various
--forms and their components printed out. B<Note> OpenSSL uses the
-+forms and their components printed out. B<Note> OpenSSL uses the
- private key format specified in 'SEC 1: Elliptic Curve Cryptography'
- (http://www.secg.org/). To convert an OpenSSL EC private key into the
- PKCS#8 private key format use the B<pkcs8> command.
-@@ -55,7 +55,7 @@ PKCS#8 format is also accepted.
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -83,7 +83,7 @@ see the B<PASS PHRASE ARGUMENTS> section
-
- =item B<-des|-des3|-idea>
-
--These options encrypt the private key with the DES, triple DES, IDEA or
-+These options encrypt the private key with the DES, triple DES, IDEA or
- any other cipher supported by OpenSSL before outputting it. A pass phrase is
- prompted for.
- If none of these options is specified the key is written in plain text. This
-@@ -130,9 +130,9 @@ the preprocessor macro B<OPENSSL_EC_BIN_
- This specifies how the elliptic curve parameters are encoded.
- Possible value are: B<named_curve>, i.e. the ec parameters are
- specified by an OID, or B<explicit> where the ec parameters are
--explicitly given (see RFC 3279 for the definition of the
-+explicitly given (see RFC 3279 for the definition of the
- EC parameters structures). The default value is B<named_curve>.
--B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
-+B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
- is currently not implemented in OpenSSL.
-
- =item B<-no_public>
-@@ -170,7 +170,7 @@ for all available algorithms.
-
- openssl ec -in key.pem -des3 -out keyout.pem
-
--To convert a private key from PEM to DER format:
-+To convert a private key from PEM to DER format:
-
- openssl ec -in key.pem -outform DER -out keyout.der
-
-@@ -194,4 +194,13 @@ To convert a private key from PEM to DER
-
- L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/ecparam.pod
-+++ b/doc/apps/ecparam.pod
-@@ -41,12 +41,12 @@ Print out a usage message.
-
- This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
- form compatible with RFC 3279 EcpkParameters. The PEM form is the default
--format: it consists of the B<DER> format base64 encoded with additional
-+format: it consists of the B<DER> format base64 encoded with additional
- header and footer lines.
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -102,9 +102,9 @@ the preprocessor macro B<OPENSSL_EC_BIN_
- This specifies how the elliptic curve parameters are encoded.
- Possible value are: B<named_curve>, i.e. the ec parameters are
- specified by an OID, or B<explicit> where the ec parameters are
--explicitly given (see RFC 3279 for the definition of the
-+explicitly given (see RFC 3279 for the definition of the
- EC parameters structures). The default value is B<named_curve>.
--B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
-+B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
- is currently not implemented in OpenSSL.
-
- =item B<-no_seed>
-@@ -141,7 +141,7 @@ for all available algorithms.
- -----END EC PARAMETERS-----
-
- OpenSSL is currently not able to generate new groups and therefore
--B<ecparam> can only create EC parameters from known (named) curves.
-+B<ecparam> can only create EC parameters from known (named) curves.
-
- =head1 EXAMPLES
-
-@@ -173,4 +173,13 @@ B<ecparam> can only create EC parameters
-
- L<ec(1)>, L<dsaparam(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/enc.pod
-+++ b/doc/apps/enc.pod
-@@ -8,6 +8,7 @@ enc - symmetric cipher routines
-
- B<openssl enc -ciphername>
- [B<-help>]
-+[B<-ciphers>]
- [B<-in filename>]
- [B<-out filename>]
- [B<-pass arg>]
-@@ -47,6 +48,10 @@ either by itself or in addition to the e
-
- Print out a usage message.
-
-+=item B<-ciphers>
-+
-+List all supported ciphers.
-+
- =item B<-in filename>
-
- the input filename, standard input by default.
-@@ -257,7 +262,7 @@ authentication tag.
- desx DESX algorithm.
-
- gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
-- gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
-+ gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
-
- idea-cbc IDEA algorithm in CBC mode
- idea same as idea-cbc
-@@ -283,13 +288,13 @@ authentication tag.
- rc5-ecb RC5 cipher in ECB mode
- rc5-ofb RC5 cipher in OFB mode
-
-- aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
-- aes[128|192|256] Alias for aes-[128|192|256]-cbc
-- aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
-- aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
-- aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
-- aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
-- aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
-+ aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
-+ aes[128|192|256] Alias for aes-[128|192|256]-cbc
-+ aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
-+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
-+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
-+ aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
-+ aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
-
- =head1 EXAMPLES
-
-@@ -299,11 +304,11 @@ authentication tag.
-
- Decode the same file
-
-- openssl base64 -d -in file.b64 -out file.bin
-+ openssl base64 -d -in file.b64 -out file.bin
-
- Encrypt a file using triple DES in CBC mode using a prompted password:
-
-- openssl des3 -salt -in file.txt -out file.des3
-+ openssl des3 -salt -in file.txt -out file.des3
-
- Decrypt a file using a supplied password:
-
-@@ -336,4 +341,13 @@ certain parameters. So if, for example,
-
- The default digest was changed from MD5 to SHA256 in Openssl 1.1.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/engine.pod
-+++ b/doc/apps/engine.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -25,7 +24,7 @@ B<openssl engine>
-
- The B<engine> command is used to query the status and capabilities
- of the specified B<engine>'s.
--Engines may be speicifed before and after all other command-line flags.
-+Engines may be specified before and after all other command-line flags.
- Only those specified are queried.
-
- =head1 OPTIONS
-@@ -52,6 +51,7 @@ Tests if each specified engine is availa
- Displays an error trace for any unavailable engine.
-
- =item B<-pre> I<command>
-+
- =item B<-post> I<command>
-
- Command-line configuration of engines.
-@@ -92,4 +92,13 @@ See the example below.
- [RSA]
- (dynamic) Dynamic engine loading support
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/errstr.pod
-+++ b/doc/apps/errstr.pod
-@@ -11,10 +11,14 @@ B<openssl errstr error_code>
- =head1 DESCRIPTION
-
- Sometimes an application will not load error message and only
--numerical forms will be available. The B<errstr> utility can be used to
-+numerical forms will be available. The B<errstr> utility can be used to
- display the meaning of the hex code. The hex code is the hex digits after the
- second colon.
-
-+=head1 COMMAND OPTIONS
-+
-+None.
-+
- =head1 EXAMPLE
-
- The error code:
-@@ -22,7 +26,7 @@ second colon.
- 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
-
- can be displayed with:
--
-+
- openssl errstr 2006D080
-
- to produce the error message:
-@@ -33,4 +37,13 @@ second colon.
-
- L<err(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/gendsa.pod
-+++ b/doc/apps/gendsa.pod
-@@ -79,4 +79,13 @@ much quicker that RSA key generation for
- L<dsaparam(1)>, L<dsa(1)>, L<genrsa(1)>,
- L<rsa(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/genpkey.pod
-+++ b/doc/apps/genpkey.pod
-@@ -73,14 +73,14 @@ implementation. See B<KEY GENERATION OPT
- =item B<-genparam>
-
- generate a set of parameters instead of a private key. If used this option must
--precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
-+precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
-
- =item B<-paramfile filename>
-
- Some public key algorithms generate a private key based on a set of parameters.
- They can be supplied using this option. If this option is used the public key
- algorithm used is determined by the parameters. If used this option must
--precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
-+precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
- are mutually exclusive.
-
- =item B<-text>
-@@ -213,12 +213,12 @@ can be used.
- Generate a 2048 bit RSA key using 3 as the public exponent:
-
- openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
-- -pkeyopt rsa_keygen_pubexp:3
-+ -pkeyopt rsa_keygen_pubexp:3
-
- Generate 1024 bit DSA parameters:
-
- openssl genpkey -genparam -algorithm DSA -out dsap.pem \
-- -pkeyopt dsa_paramgen_bits:1024
-+ -pkeyopt dsa_paramgen_bits:1024
-
- Generate DSA key from parameters:
-
-@@ -227,7 +227,7 @@ can be used.
- Generate 1024 bit DH parameters:
-
- openssl genpkey -genparam -algorithm DH -out dhp.pem \
-- -pkeyopt dh_paramgen_prime_len:1024
-+ -pkeyopt dh_paramgen_prime_len:1024
-
- Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
-
-@@ -240,8 +240,8 @@ can be used.
- Generate EC parameters:
-
- openssl genpkey -genparam -algorithm EC -out ecp.pem \
-- -pkeyopt ec_paramgen_curve:secp384r1 \
-- -pkeyopt ec_param_enc:named_curve
-+ -pkeyopt ec_paramgen_curve:secp384r1 \
-+ -pkeyopt ec_param_enc:named_curve
-
- Generate EC key from parameters:
-
-@@ -250,13 +250,21 @@ can be used.
- Generate EC key directly:
-
- openssl genpkey -algorithm EC -out eckey.pem \
-- -pkeyopt ec_paramgen_curve:P-384 \
-- -pkeyopt ec_param_enc:named_curve
-+ -pkeyopt ec_paramgen_curve:P-384 \
-+ -pkeyopt ec_param_enc:named_curve
-
- =head1 HISTORY
-
- The ability to use NIST curve names, and to generate an EC key directly,
- were added in OpenSSL 1.0.2.
-
--=cut
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/genrsa.pod
-+++ b/doc/apps/genrsa.pod
-@@ -103,5 +103,13 @@ be much larger (typically 1024 bits).
-
- L<gendsa(1)>
-
--=cut
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/apps/list.pod
-@@ -0,0 +1,81 @@
-+=pod
-+
-+=head1 NAME
-+
-+list - list algorithms and features
-+
-+=head1 SYNOPSIS
-+
-+B<openssl list>
-+[B<-help>]
-+[B<-commands>]
-+[B<-digest-commands>]
-+[B<-digest-algorithms>]
-+[B<-cipher-commands>]
-+[B<-cipher-algorithms>]
-+[B<-public-key-algorithms>]
-+[B<-disabled>]
-+
-+=head1 DESCRIPTION
-+
-+This command is used to generate list of algorithms or disabled
-+features.
-+
-+=head1 OPTIONS
-+
-+=over 4
-+
-+=item B<-help>
-+
-+Display out a usage message.
-+
-+=item B<-commands>
-+
-+Display a list of standard commands.
-+
-+=item B<-digest-commands>
-+
-+Display a list of message digest commands, which are typically used
-+as input to the L<dgst(1)> or L<speed(1)> commands.
-+
-+=item B<-digest-algorithms>
-+
-+Display a list of message digest algorithms.
-+If a line is of the form
-+ foo => bar
-+then B<foo> is an alias for the official algorithm name, B<bar>.
-+
-+=item B<-cipher-commands>
-+
-+Display a list of cipher commands, which are typically used as input
-+to the L<dgst(1)> or L<speed(1)> commands.
-+
-+=item B<-cipher-algorithms>
-+
-+Display a list of cipher algorithms.
-+If a line is of the form
-+ foo => bar
-+then B<foo> is an alias for the official algorithm name, B<bar>.
-+
-+=item B<-public-key-algorithms>
-+
-+Display a list of public key algorithms, with each algorithm as
-+a block of multiple lines, all but the first are indented.
-+
-+=item B<-disabled>
-+
-+Display a list of disabled features, those that were compiled out
-+of the installation.
-+
-+=back
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/nseq.pod
-+++ b/doc/apps/nseq.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--nseq - create or examine a netscape certificate sequence
-+nseq - create or examine a Netscape certificate sequence
-
- =head1 SYNOPSIS
-
-@@ -72,4 +72,13 @@ It is used by Netscape certificate serve
- This program needs a few more options: like allowing DER or PEM input and
- output files and allowing multiple certificate files to be used.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/ocsp.pod
-+++ b/doc/apps/ocsp.pod
-@@ -42,6 +42,7 @@ B<openssl> B<ocsp>
- [B<-ignore_critical>]
- [B<-inhibit_any>]
- [B<-inhibit_map>]
-+[B<-no_check_time>]
- [B<-partial_chain>]
- [B<-policy arg>]
- [B<-policy_check>]
-@@ -94,7 +95,12 @@ The B<ocsp> command performs many common
- to print out requests and responses, create requests and send queries
- to an OCSP responder and behave like a mini OCSP server itself.
-
--=head1 OCSP CLIENT OPTIONS
-+=head1 COMMAND OPTIONS
-+
-+This command operates as either a client or a server.
-+The options are described below, divided into those two modes.
-+
-+=head2 OCSP Client Options
-
- =over 4
-
-@@ -195,7 +201,7 @@ Do not load the trusted CA certificates
-
- =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
- B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
--B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
- B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
- B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
- B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -265,28 +271,29 @@ only be used for testing purposes.
- =item B<-validity_period nsec>, B<-status_age age>
-
- these options specify the range of times, in seconds, which will be tolerated
--in an OCSP response. Each certificate status response includes a B<notBefore> time and
--an optional B<notAfter> time. The current time should fall between these two values, but
--the interval between the two times may be only a few seconds. In practice the OCSP
--responder and clients clocks may not be precisely synchronised and so such a check
--may fail. To avoid this the B<-validity_period> option can be used to specify an
--acceptable error range in seconds, the default value is 5 minutes.
--
--If the B<notAfter> time is omitted from a response then this means that new status
--information is immediately available. In this case the age of the B<notBefore> field
--is checked to see it is not older than B<age> seconds old. By default this additional
--check is not performed.
-+in an OCSP response. Each certificate status response includes a B<notBefore>
-+time and an optional B<notAfter> time. The current time should fall between
-+these two values, but the interval between the two times may be only a few
-+seconds. In practice the OCSP responder and clients clocks may not be precisely
-+synchronised and so such a check may fail. To avoid this the
-+B<-validity_period> option can be used to specify an acceptable error range in
-+seconds, the default value is 5 minutes.
-+
-+If the B<notAfter> time is omitted from a response then this means that new
-+status information is immediately available. In this case the age of the
-+B<notBefore> field is checked to see it is not older than B<age> seconds old.
-+By default this additional check is not performed.
-
- =item B<-[digest]>
-
--this option sets digest algorithm to use for certificate identification
--in the OCSP request.
--Any digest supported by the OpenSSL B<dgst> command can be used.
--The default is SHA-1.
-+this option sets digest algorithm to use for certificate identification in the
-+OCSP request. Any digest supported by the OpenSSL B<dgst> command can be used.
-+The default is SHA-1. This option may be used multiple times to specify the
-+digest used by subsequent certificate identifiers.
-
- =back
-
--=head1 OCSP SERVER OPTIONS
-+=head2 OCSP Server Options
-
- =over 4
-
-@@ -335,13 +342,13 @@ option.
-
- =item B<-nrequest number>
-
--The OCSP server will exit after receiving B<number> requests, default unlimited.
-+The OCSP server will exit after receiving B<number> requests, default unlimited.
-
- =item B<-nmin minutes>, B<-ndays days>
-
- Number of minutes or days when fresh revocation information is available: used in the
--B<nextUpdate> field. If neither option is present then the B<nextUpdate> field is
--omitted meaning fresh revocation information is immediately available.
-+B<nextUpdate> field. If neither option is present then the B<nextUpdate> field
-+is omitted meaning fresh revocation information is immediately available.
-
- =back
-
-@@ -411,7 +418,7 @@ script using the B<reqin> and B<respout>
-
- openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
-
--Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
-+Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
- response to a file, print it out in text form, and verify the response:
-
- openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
-@@ -425,7 +432,7 @@ OCSP server on port 8888 using a standar
- responder certificate. All requests and responses are printed to a file.
-
- openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
-- -text -out log.txt
-+ -text -out log.txt
-
- As above but exit after processing one request:
-
-@@ -447,4 +454,13 @@ to a second file.
-
- The -no_alt_chains options was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/openssl.pod
-+++ b/doc/apps/openssl.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -65,7 +64,7 @@ availability of ciphers in the B<openssl
- not able to detect pseudo-commands such as B<quit>,
- B<list>, or B<no->I<XXX> itself.)
-
--=head2 STANDARD COMMANDS
-+=head2 Standard Commands
-
- =over 10
-
-@@ -157,7 +156,7 @@ Generation of RSA Private Key. Supersede
-
- =item L<B<nseq>|nseq(1)>
-
--Create or examine a netscape certificate sequence
-+Create or examine a Netscape certificate sequence
-
- =item L<B<ocsp>|ocsp(1)>
-
-@@ -259,7 +258,7 @@ X.509 Certificate Data Management.
-
- =back
-
--=head2 MESSAGE DIGEST COMMANDS
-+=head2 Message Digest Commands
-
- =over 10
-
-@@ -305,7 +304,7 @@ SHA-512 Digest
-
- =back
-
--=head2 ENCODING AND CIPHER COMMANDS
-+=head2 Encoding and Cipher Commands
-
- =over 10
-
-@@ -351,7 +350,22 @@ RC5 Cipher
-
- =back
-
--=head1 PASS PHRASE ARGUMENTS
-+=head1 COMMAND OPTIONS
-+
-+Details of which options are available depend on the specific command.
-+This section describes some common options with common behavior.
-+
-+=head2 Common Options
-+
-+=over 10
-+
-+=item B<-help>
-+
-+Provides a terse summary of all options.
-+
-+=back
-+
-+=head2 Pass Phrase Options
-
- Several commands accept password arguments, typically using B<-passin>
- and B<-passout> for input and output passwords respectively. These allow
-@@ -416,4 +430,13 @@ The B<list->I<XXX>B<-algorithms> pseudo-
- For notes on the availability of other commands, see their individual
- manual pages.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/passwd.pod
-+++ b/doc/apps/passwd.pod
-@@ -84,4 +84,13 @@ B<openssl passwd -1 -salt xxxxxxxx passw
-
- B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/pkcs12.pod
-+++ b/doc/apps/pkcs12.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -337,7 +336,7 @@ description of all algorithms is contain
- openssl pkcs12 -in file.p12 -clcerts -out file.pem
-
- Don't encrypt the private key:
--
-+
- openssl pkcs12 -in file.p12 -out file.pem -nodes
-
- Print some info about a PKCS#12 file:
-@@ -357,3 +356,13 @@ description of all algorithms is contain
-
- L<pkcs8(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/pkcs7.pod
-+++ b/doc/apps/pkcs7.pod
-@@ -37,7 +37,7 @@ the DER form with header and footer line
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -100,11 +100,20 @@ for all available algorithms.
-
- There is no option to print out all the fields of a PKCS#7 file.
-
--This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
-+This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
- cannot currently parse, for example, the new CMS as described in RFC2630.
-
- =head1 SEE ALSO
-
- L<crl2pkcs7(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/pkcs8.pod
-+++ b/doc/apps/pkcs8.pod
-@@ -18,6 +18,7 @@ B<openssl> B<pkcs8>
- [B<-iter count>]
- [B<-noiter>]
- [B<-nocrypt>]
-+[B<-traditional>]
- [B<-v2 alg>]
- [B<-v2prf alg>]
- [B<-v1 alg>]
-@@ -43,22 +44,22 @@ Print out a usage message.
-
- =item B<-topk8>
-
--Normally a PKCS#8 private key is expected on input and a traditional format
--private key will be written. With the B<-topk8> option the situation is
--reversed: it reads a traditional format private key and writes a PKCS#8
--format key.
-+Normally a PKCS#8 private key is expected on input and a private key will be
-+written to the output file. With the B<-topk8> option the situation is
-+reversed: it reads a private key and writes a PKCS#8 format key.
-
- =item B<-inform DER|PEM>
-
--This specifies the input format. If a PKCS#8 format key is expected on input
--then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
--expected. Otherwise the B<DER> or B<PEM> format of the traditional format
--private key is used.
-+This specifies the input format: see L<KEY FORMATS> for more details.
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
--B<-inform> option.
-+This specifies the output format: see L<KEY FORMATS> for more details.
-+
-+=item B<-traditional>
-+
-+When this option is present and B<-topk8> is not a traditional format private
-+key is written.
-
- =item B<-in filename>
-
-@@ -100,28 +101,26 @@ code signing software used unencrypted p
-
- =item B<-v2 alg>
-
--This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
--private keys are encrypted with the password based encryption algorithm
--called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
--was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
--the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
--encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
--not many implementations support PKCS#5 v2.0 yet. If you are just using
--private keys with OpenSSL then this doesn't matter.
-+This option sets the PKCS#5 v2.0 algorithm.
-
- The B<alg> argument is the encryption algorithm to use, valid values include
--B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
-+B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256>
-+is used.
-
- =item B<-v2prf alg>
-
- This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
--values would be B<hmacWithSHA256>. If this option isn't set then the default
--for the cipher is used or B<hmacWithSHA1> if there is no default.
-+value would be B<hmacWithSHA256>. If this option isn't set then the default
-+for the cipher is used or B<hmacWithSHA256> if there is no default.
-+
-+Some implementations may not support custom PRF algorithms and may require
-+the B<hmacWithSHA1> option to work.
-
- =item B<-v1 alg>
-
--This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
--list of possible algorithms is included below.
-+This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
-+older implementations may not support PKCS#5 v2.0 and may require this option.
-+If not specified PKCS#5 v2.0 form is used.
-
- =item B<-engine id>
-
-@@ -143,8 +142,36 @@ sets the scrypt B<N>, B<r> or B<p> param
-
- =back
-
-+=head1 KEY FORMATS
-+
-+Various different formats are used by the pkcs8 utility. These are detailed
-+below.
-+
-+If a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is
-+not used) then the input file must be in PKCS#8 format. An encrypted
-+key is expected unless B<-nocrypt> is included.
-+
-+If B<-topk8> is not used and B<PEM> mode is set the output file will be an
-+unencrypted private key in PKCS#8 format. If the B<-traditional> option is
-+used then a traditional format private key is written instead.
-+
-+If B<-topk8> is not used and B<DER> mode is set the output file will be an
-+unencrypted private key in traditional DER format.
-+
-+If B<-topk8> is used then any supported private key can be used for the input
-+file in a format specified by B<-inform>. The output file will be encrypted
-+PKCS#8 format using the specified encryption parameters unless B<-nocrypt>
-+is included.
-+
- =head1 NOTES
-
-+By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
-+AES with HMAC and SHA256 is used.
-+
-+Some older implementations do not support PKCS#5 v2.0 format and require
-+the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak
-+encryption algorithms such as 56 bit DES.
-+
- The encrypted form of a PEM encode PKCS#8 files uses the following
- headers and footers:
-
-@@ -161,13 +188,6 @@ counts are more secure that those encryp
- SSLeay compatible formats. So if additional security is considered
- important the keys should be converted.
-
--The default encryption is only 56 bits because this is the encryption
--that most current implementations of PKCS#8 will support.
--
--Some software may use PKCS#12 password based encryption algorithms
--with PKCS#8 format private keys: these are handled automatically
--but there is no option to produce them.
--
- It is possible to write out DER encoded encrypted private keys in
- PKCS#8 format because the encryption details are included at an ASN1
- level whereas the traditional format includes them at a PEM level.
-@@ -201,20 +221,28 @@ allow strong encryption algorithms like
-
- =head1 EXAMPLES
-
--Convert a private from traditional to PKCS#5 v2.0 format using triple
--DES:
-+Convert a private key to PKCS#8 format using default parameters (AES with
-+256 bit key and B<hmacWithSHA256>):
-+
-+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
-+
-+Convert a private key to PKCS#8 unencrypted format:
-+
-+ openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
-+
-+Convert a private key to PKCS#5 v2.0 format using triple DES:
-
- openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
-
--Convert a private from traditional to PKCS#5 v2.0 format using AES with
--256 bits in CBC mode and B<hmacWithSHA256> PRF:
-+Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC
-+mode and B<hmacWithSHA512> PRF:
-
-- openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -out enckey.pem
-+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
-
- Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
- (DES):
-
-- openssl pkcs8 -in key.pem -topk8 -out enckey.pem
-+ openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
-
- Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
- (3DES):
-@@ -225,14 +253,14 @@ Convert a private key to PKCS#8 using a
-
- openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
-
--Convert a private key from any PKCS#8 format to traditional format:
-+Convert a private key from any PKCS#8 encrypted format to traditional format:
-
-- openssl pkcs8 -in pk8.pem -out key.pem
--
--Convert a private key to PKCS#8 format, encrypting with AES-256 and with
-+ openssl pkcs8 -in pk8.pem -traditional -out key.pem
-+
-+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
- one million iterations of the password:
-
-- openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
-+ openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
-
- =head1 STANDARDS
-
-@@ -252,17 +280,22 @@ PKCS#8 private key format complies with
- There should be an option that prints out the encryption algorithm
- in use and other details such as the iteration count.
-
--PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
--key format for OpenSSL: for compatibility several of the utilities use
--the old format at present.
--
- =head1 SEE ALSO
-
- L<dsa(1)>, L<rsa(1)>, L<genrsa(1)>,
--L<gendsa(1)>
-+L<gendsa(1)>
-
- =head1 HISTORY
-
- The B<-iter> option was added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/pkey.pod
-+++ b/doc/apps/pkey.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -15,6 +14,7 @@ B<openssl> B<pkey>
- [B<-passin arg>]
- [B<-out filename>]
- [B<-passout arg>]
-+[B<-traditional>]
- [B<-cipher>]
- [B<-text>]
- [B<-text_pub>]
-@@ -42,7 +42,7 @@ This specifies the input format DER or P
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -68,6 +68,12 @@ filename.
- the output file password source. For more information about the format of B<arg>
- see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-
-+=item B<-traditional>
-+
-+normally a private key is written using standard format: this is PKCS#8 form
-+with the appropriate encryption algorithm (if any). If the B<-traditional>
-+option is specified then the older "traditional" format is used instead.
-+
- =item B<-cipher>
-
- These options encrypt the private key with the supplied cipher. Any algorithm
-@@ -76,7 +82,7 @@ name accepted by EVP_get_cipherbyname()
- =item B<-text>
-
- prints out the various public or private key components in
--plain text in addition to the encoded version.
-+plain text in addition to the encoded version.
-
- =item B<-text_pub>
-
-@@ -116,7 +122,7 @@ for all available algorithms.
-
- openssl pkey -in key.pem -des3 -out keyout.pem
-
--To convert a private key from PEM to DER format:
-+To convert a private key from PEM to DER format:
-
- openssl pkey -in key.pem -outform DER -out keyout.der
-
-@@ -135,6 +141,15 @@ To convert a private key from PEM to DER
- =head1 SEE ALSO
-
- L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
--L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
-+L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/pkeyparam.pod
-+++ b/doc/apps/pkeyparam.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -40,7 +39,7 @@ this option is not specified.
-
- =item B<-text>
-
--prints out the parameters in plain text in addition to the encoded version.
-+prints out the parameters in plain text in addition to the encoded version.
-
- =item B<-noout>
-
-@@ -69,6 +68,15 @@ PEM format is supported because the key
- =head1 SEE ALSO
-
- L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
--L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
-+L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/pkeyutl.pod
-+++ b/doc/apps/pkeyutl.pod
-@@ -84,11 +84,11 @@ the peer key format PEM, DER or ENGINE.
-
- =item B<-pubin>
-
--the input file is a public key.
-+the input file is a public key.
-
- =item B<-certin>
-
--the input is a certificate containing a public key.
-+the input is a certificate containing a public key.
-
- =item B<-rev>
-
-@@ -125,7 +125,7 @@ derive a shared secret using the peer ke
-
- Use key derivation function B<algorithm>. The supported algorithms are
- at present B<TLS1-PRF> and B<HKDF>.
--Note: additional paramers and the KDF output length will normally have to be
-+Note: additional parameters and the KDF output length will normally have to be
- set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
- for the supported string parameters of each algorithm.
-
-@@ -198,7 +198,7 @@ This sets the RSA padding mode. Acceptab
- PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
- for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
-
--In PKCS#1 padding if the message digest is not set then the supplied data is
-+In PKCS#1 padding if the message digest is not set then the supplied data is
- signed or verified directly instead of using a B<DigestInfo> structure. If a
- digest is set then the a B<DigestInfo> structure is used and its the length
- must correspond to the digest type.
-@@ -273,3 +273,14 @@ Hexdump 48 bytes of TLS1 PRF using diges
- L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
- L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
- L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/rand.pod
-+++ b/doc/apps/rand.pod
-@@ -57,4 +57,13 @@ Show the output as a hex string.
-
- L<RAND_bytes(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/rehash.pod
-+++ b/doc/apps/rehash.pod
-@@ -125,3 +125,14 @@ Ignored if directories are listed on the
- L<openssl(1)>,
- L<crl(1)>.
- L<x509(1)>.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/req.pod
-+++ b/doc/apps/req.pod
-@@ -1,9 +1,8 @@
--
- =pod
-
- =head1 NAME
-
--req - PKCS#10 certificate request and certificate generating utility.
-+req - PKCS#10 certificate request and certificate generating utility
-
- =head1 SYNOPSIS
-
-@@ -70,7 +69,7 @@ footer lines.
-
- =item B<-outform DER|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -257,7 +256,7 @@ a variety of purposes.
-
- =item B<-utf8>
-
--this option causes field values to be interpreted as UTF8 strings, by
-+this option causes field values to be interpreted as UTF8 strings, by
- default they are interpreted as ASCII. This means that the field
- values, whether prompted from a terminal or obtained from a
- configuration file, must be valid UTF8 strings.
-@@ -272,7 +271,7 @@ set multiple options. See the L<x509(1)>
- =item B<-reqopt>
-
- customise the output format used with B<-text>. The B<option> argument can be
--a single option or multiple options separated by commas.
-+a single option or multiple options separated by commas.
-
- See discussion of the B<-certopt> parameter in the L<x509(1)>
- command.
-@@ -342,7 +341,7 @@ overridden by the B<-keyout> option.
- This specifies a file containing additional B<OBJECT IDENTIFIERS>.
- Each line of the file should consist of the numerical form of the
- object identifier followed by white space then the short name followed
--by white space and finally the long name.
-+by white space and finally the long name.
-
- =item B<oid_section>
-
-@@ -376,7 +375,7 @@ This option masks out the use of certain
- fields. Most users will not need to change this option.
-
- It can be set to several values B<default> which is also the default
--option uses PrintableStrings, T61Strings and BMPStrings if the
-+option uses PrintableStrings, T61Strings and BMPStrings if the
- B<pkix> value is used then only PrintableStrings and BMPStrings will
- be used. This follows the PKIX recommendation in RFC2459. If the
- B<utf8only> option is used then only UTF8Strings will be used: this
-@@ -388,7 +387,7 @@ problems with BMPStrings and UTF8Strings
-
- this specifies the configuration file section containing a list of
- extensions to add to the certificate request. It can be overridden
--by the B<-reqexts> command line switch. See the
-+by the B<-reqexts> command line switch. See the
- L<x509v3_config(5)> manual page for details of the
- extension section format.
-
-@@ -499,8 +498,8 @@ will be treated as though they were a Di
-
- Example of a file pointed to by the B<oid_file> option:
-
-- 1.2.3.4 shortName A longer Name
-- 1.2.3.6 otherName Other longer Name
-+ 1.2.3.4 shortName A longer Name
-+ 1.2.3.6 otherName Other longer Name
-
- Example of a section pointed to by B<oid_section> making use of variable
- expansion:
-@@ -511,65 +510,65 @@ Example of a section pointed to by B<oid
- Sample configuration file prompting for field values:
-
- [ req ]
-- default_bits = 2048
-- default_keyfile = privkey.pem
-- distinguished_name = req_distinguished_name
-- attributes = req_attributes
-- req_extensions = v3_ca
-+ default_bits = 2048
-+ default_keyfile = privkey.pem
-+ distinguished_name = req_distinguished_name
-+ attributes = req_attributes
-+ req_extensions = v3_ca
-
- dirstring_type = nobmp
-
- [ req_distinguished_name ]
-- countryName = Country Name (2 letter code)
-- countryName_default = AU
-- countryName_min = 2
-- countryName_max = 2
-+ countryName = Country Name (2 letter code)
-+ countryName_default = AU
-+ countryName_min = 2
-+ countryName_max = 2
-
-- localityName = Locality Name (eg, city)
-+ localityName = Locality Name (eg, city)
-
-- organizationalUnitName = Organizational Unit Name (eg, section)
-+ organizationalUnitName = Organizational Unit Name (eg, section)
-
-- commonName = Common Name (eg, YOUR name)
-- commonName_max = 64
-+ commonName = Common Name (eg, YOUR name)
-+ commonName_max = 64
-
-- emailAddress = Email Address
-- emailAddress_max = 40
-+ emailAddress = Email Address
-+ emailAddress_max = 40
-
- [ req_attributes ]
-- challengePassword = A challenge password
-- challengePassword_min = 4
-- challengePassword_max = 20
-+ challengePassword = A challenge password
-+ challengePassword_min = 4
-+ challengePassword_max = 20
-
- [ v3_ca ]
-
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always,issuer:always
-- basicConstraints = CA:true
-+ basicConstraints = critical, CA:true
-
- Sample configuration containing all field values:
-
-
-- RANDFILE = $ENV::HOME/.rnd
-+ RANDFILE = $ENV::HOME/.rnd
-
- [ req ]
-- default_bits = 2048
-- default_keyfile = keyfile.pem
-- distinguished_name = req_distinguished_name
-- attributes = req_attributes
-- prompt = no
-- output_password = mypass
-+ default_bits = 2048
-+ default_keyfile = keyfile.pem
-+ distinguished_name = req_distinguished_name
-+ attributes = req_attributes
-+ prompt = no
-+ output_password = mypass
-
- [ req_distinguished_name ]
-- C = GB
-- ST = Test State or Province
-- L = Test Locality
-- O = Organization Name
-- OU = Organizational Unit Name
-- CN = Common Name
-- emailAddress = test at email.address
-+ C = GB
-+ ST = Test State or Province
-+ L = Test Locality
-+ O = Organization Name
-+ OU = Organizational Unit Name
-+ CN = Common Name
-+ emailAddress = test at email.address
-
- [ req_attributes ]
-- challengePassword = A challenge password
-+ challengePassword = A challenge password
-
-
- =head1 NOTES
-@@ -596,13 +595,13 @@ by the script in an extendedKeyUsage ext
-
- The following messages are frequently asked about:
-
-- Using configuration from /some/path/openssl.cnf
-- Unable to load config info
-+ Using configuration from /some/path/openssl.cnf
-+ Unable to load config info
-
- This is followed some time later by...
-
-- unable to find 'distinguished_name' in config
-- problems making Certificate Request
-+ unable to find 'distinguished_name' in config
-+ problems making Certificate Request
-
- The first error message is the clue: it can't find the configuration
- file! Certain operations (like examining a certificate request) don't
-@@ -652,6 +651,15 @@ address in subjectAltName should be inpu
-
- L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
- L<gendsa(1)>, L<config(5)>,
--L<x509v3_config(5)>
-+L<x509v3_config(5)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/rsa.pod
-+++ b/doc/apps/rsa.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -61,7 +60,7 @@ section.
-
- =item B<-outform DER|NET|PEM>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -100,7 +99,7 @@ These options can only be used with PEM
- =item B<-text>
-
- prints out the various public or private key components in
--plain text in addition to the encoded version.
-+plain text in addition to the encoded version.
-
- =item B<-noout>
-
-@@ -176,7 +175,7 @@ to the B<rsa> utility with the B<-inform
-
- openssl rsa -in key.pem -des3 -out keyout.pem
-
--To convert a private key from PEM to DER format:
-+To convert a private key from PEM to DER format:
-
- openssl rsa -in key.pem -outform DER -out keyout.der
-
-@@ -203,6 +202,15 @@ without having to manually edit them.
- =head1 SEE ALSO
-
- L<pkcs8(1)>, L<dsa(1)>, L<genrsa(1)>,
--L<gendsa(1)>
-+L<gendsa(1)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/rsautl.pod
-+++ b/doc/apps/rsautl.pod
-@@ -61,7 +61,7 @@ the input file is an RSA public key.
-
- =item B<-certin>
-
--the input is a certificate containing an RSA public key.
-+the input is a certificate containing an RSA public key.
-
- =item B<-sign>
-
-@@ -136,24 +136,24 @@ utility in conjunction with B<asn1parse>
-
- openssl asn1parse -in pca-cert.pem
-
-- 0:d=0 hl=4 l= 742 cons: SEQUENCE
-- 4:d=1 hl=4 l= 591 cons: SEQUENCE
-- 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
-+ 0:d=0 hl=4 l= 742 cons: SEQUENCE
-+ 4:d=1 hl=4 l= 591 cons: SEQUENCE
-+ 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
- 10:d=3 hl=2 l= 1 prim: INTEGER :02
- 13:d=2 hl=2 l= 1 prim: INTEGER :00
-- 16:d=2 hl=2 l= 13 cons: SEQUENCE
-+ 16:d=2 hl=2 l= 13 cons: SEQUENCE
- 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
-- 29:d=3 hl=2 l= 0 prim: NULL
-- 31:d=2 hl=2 l= 92 cons: SEQUENCE
-- 33:d=3 hl=2 l= 11 cons: SET
-- 35:d=4 hl=2 l= 9 cons: SEQUENCE
-+ 29:d=3 hl=2 l= 0 prim: NULL
-+ 31:d=2 hl=2 l= 92 cons: SEQUENCE
-+ 33:d=3 hl=2 l= 11 cons: SET
-+ 35:d=4 hl=2 l= 9 cons: SEQUENCE
- 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
- 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
- ....
-- 599:d=1 hl=2 l= 13 cons: SEQUENCE
-+ 599:d=1 hl=2 l= 13 cons: SEQUENCE
- 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
-- 612:d=2 hl=2 l= 0 prim: NULL
-- 614:d=1 hl=3 l= 129 prim: BIT STRING
-+ 612:d=2 hl=2 l= 0 prim: NULL
-+ 614:d=1 hl=3 l= 129 prim: BIT STRING
-
-
- The final BIT STRING contains the actual signature. It can be extracted with:
-@@ -161,18 +161,18 @@ utility in conjunction with B<asn1parse>
- openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
-
- The certificate public key can be extracted with:
--
-+
- openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
-
- The signature can be analysed with:
-
- openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
-
-- 0:d=0 hl=2 l= 32 cons: SEQUENCE
-- 2:d=1 hl=2 l= 12 cons: SEQUENCE
-+ 0:d=0 hl=2 l= 32 cons: SEQUENCE
-+ 2:d=1 hl=2 l= 12 cons: SEQUENCE
- 4:d=2 hl=2 l= 8 prim: OBJECT :md5
-- 14:d=2 hl=2 l= 0 prim: NULL
-- 16:d=1 hl=2 l= 16 prim: OCTET STRING
-+ 14:d=2 hl=2 l= 0 prim: NULL
-+ 16:d=1 hl=2 l= 16 prim: OCTET STRING
- 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
-
- This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
-@@ -191,3 +191,14 @@ which it can be seen agrees with the rec
- =head1 SEE ALSO
-
- L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/s_client.pod
-+++ b/doc/apps/s_client.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -34,6 +33,7 @@ B<openssl> B<s_client>
- [B<-ignore_critical>]
- [B<-inhibit_any>]
- [B<-inhibit_map>]
-+[B<-no_check_time>]
- [B<-partial_chain>]
- [B<-policy arg>]
- [B<-policy_check>]
-@@ -227,7 +227,7 @@ data, with the last of these encoded in
-
- =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
- B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
--B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
- B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
- B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
- B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -355,7 +355,7 @@ L<SSL_CTX_set_split_send_fragment(3)> fo
-
- The maximum number of encrypt/decrypt pipelines to be used. This will only have
- an effect if an engine has been loaded that supports pipelining (e.g. the dasync
--engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
-+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
- See L<SSL_CTX_set_max_pipelines(3)> for further information.
-
- =item B<-read_buf int>
-@@ -415,7 +415,7 @@ print out a hex dump of any TLS extensio
-
- =item B<-no_ticket>
-
--disable RFC4507bis session ticket support.
-+disable RFC4507bis session ticket support.
-
- =item B<-sess_out filename>
-
-@@ -443,7 +443,7 @@ all others.
-
- =item B<-serverinfo types>
-
--a list of comma-separated TLS Extension Types (numbers between 0 and
-+a list of comma-separated TLS Extension Types (numbers between 0 and
- 65535). Each type will be sent as an empty ClientHello TLS Extension.
- The server's response (if any) will be encoded and displayed as a PEM
- file.
-@@ -549,4 +549,13 @@ L<sess_id(1)>, L<s_server(1)>, L<ciphers
-
- The -no_alt_chains options was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/s_server.pod
-+++ b/doc/apps/s_server.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -44,6 +43,7 @@ B<openssl> B<s_server>
- [B<-ignore_critical>]
- [B<-inhibit_any>]
- [B<-inhibit_map>]
-+[B<-no_check_time>]
- [B<-partial_chain>]
- [B<-policy arg>]
- [B<-policy_check>]
-@@ -232,7 +232,7 @@ anonymous ciphersuite or PSK) this optio
-
- =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
- B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
--B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-+B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
- B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
- B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
- B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-@@ -305,7 +305,7 @@ from the client.
- =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
-
- These options make B<s_server> use DTLS protocols instead of TLS.
--With B<-dtls>, B<s_server> will negotiate any supported DTLS protcol version,
-+With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version,
- whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
- respectively.
-
-@@ -339,7 +339,7 @@ L<SSL_CTX_set_split_send_fragment(3)> fo
-
- The maximum number of encrypt/decrypt pipelines to be used. This will only have
- an effect if an engine has been loaded that supports pipelining (e.g. the dasync
--engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
-+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
- See L<SSL_CTX_set_max_pipelines(3)> for further information.
-
- =item B<-read_buf int>
-@@ -559,4 +559,13 @@ L<sess_id(1)>, L<s_client(1)>, L<ciphers
-
- The -no_alt_chains options was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/s_time.pod
-+++ b/doc/apps/s_time.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -183,4 +182,13 @@ fails.
-
- L<s_client(1)>, L<s_server(1)>, L<ciphers(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/sess_id.pod
-+++ b/doc/apps/sess_id.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -25,6 +24,8 @@ master key) in human readable format. Si
- needs some knowledge of the SSL protocol to use properly, most users will
- not need to use it.
-
-+=head1 COMMAND OPTIONS
-+
- =over 4
-
- =item B<-help>
-@@ -57,7 +58,7 @@ output if this option is not specified.
- =item B<-text>
-
- prints out the various public or private key components in
--plain text in addition to the encoded version.
-+plain text in addition to the encoded version.
-
- =item B<-cert>
-
-@@ -150,4 +151,13 @@ The cipher and start time should be prin
-
- L<ciphers(1)>, L<s_server(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/smime.pod
-+++ b/doc/apps/smime.pod
-@@ -14,6 +14,8 @@ B<openssl> B<smime>
- [B<-resign>]
- [B<-verify>]
- [B<-pk7out>]
-+[B<-binary>]
-+[B<-crlfeol>]
- [B<-[cipher]>]
- [B<-in file>]
- [B<-CAfile file>]
-@@ -168,7 +170,7 @@ is S/MIME and it uses the multipart/sign
-
- this option adds plain text (text/plain) MIME headers to the supplied
- message if encrypting or signing. If decrypting or verifying it strips
--off text headers: if the decrypted or verified message is not of MIME
-+off text headers: if the decrypted or verified message is not of MIME
- type text/plain then an error occurs.
-
- =item B<-CAfile file>
-@@ -199,7 +201,7 @@ default digest algorithm for the signing
-
- the encryption algorithm to use. For example DES (56 bits) - B<-des>,
- triple DES (168 bits) - B<-des3>,
--EVP_get_cipherbyname() function) can also be used preceded by a dash, for
-+EVP_get_cipherbyname() function) can also be used preceded by a dash, for
- example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for list of ciphers
- supported by your version of OpenSSL.
-
-@@ -245,6 +247,11 @@ effectively using CR and LF as end of li
- specification. When this option is present no translation occurs. This
- is useful when handling binary data which may not be in MIME format.
-
-+=item B<-crlfeol>
-+
-+normally the output file uses a single B<LF> as end of line. When this
-+option is present B<CRLF> is used instead.
-+
- =item B<-nodetach>
-
- when signing a message use opaque signing: this form is more resistant
-@@ -294,7 +301,7 @@ all others.
- =item B<cert.pem...>
-
- one or more certificates of message recipients: used when encrypting
--a message.
-+a message.
-
- =item B<-to, -from, -subject>
-
-@@ -391,29 +398,29 @@ the signers certificates.
- Create a cleartext signed message:
-
- openssl smime -sign -in message.txt -text -out mail.msg \
-- -signer mycert.pem
-+ -signer mycert.pem
-
- Create an opaque signed message:
-
- openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-- -signer mycert.pem
-+ -signer mycert.pem
-
- Create a signed message, include some additional certificates and
- read the private key from another file:
-
- openssl smime -sign -in in.txt -text -out mail.msg \
-- -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-+ -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-
- Create a signed message with two signers:
-
- openssl smime -sign -in message.txt -text -out mail.msg \
-- -signer mycert.pem -signer othercert.pem
-+ -signer mycert.pem -signer othercert.pem
-
- Send a signed message under Unix directly to sendmail, including headers:
-
- openssl smime -sign -in in.txt -text -signer mycert.pem \
-- -from steve at openssl.org -to someone at somewhere \
-- -subject "Signed message" | sendmail someone at somewhere
-+ -from steve at openssl.org -to someone at somewhere \
-+ -subject "Signed message" | sendmail someone at somewhere
-
- Verify a message and extract the signer's certificate if successful:
-
-@@ -422,15 +429,15 @@ Create a signed message, include some ad
- Send encrypted mail using triple DES:
-
- openssl smime -encrypt -in in.txt -from steve at openssl.org \
-- -to someone at somewhere -subject "Encrypted message" \
-- -des3 user.pem -out mail.msg
-+ -to someone at somewhere -subject "Encrypted message" \
-+ -des3 user.pem -out mail.msg
-
- Sign and encrypt mail:
-
- openssl smime -sign -in ml.txt -signer my.pem -text \
-- | openssl smime -encrypt -out mail.msg \
-- -from steve at openssl.org -to someone at somewhere \
-- -subject "Signed and Encrypted message" -des3 user.pem
-+ | openssl smime -encrypt -out mail.msg \
-+ -from steve at openssl.org -to someone at somewhere \
-+ -subject "Signed and Encrypted message" -des3 user.pem
-
- Note: the encryption command does not include the B<-text> option because the
- message being encrypted already has MIME headers.
-@@ -447,7 +454,7 @@ signature by line wrapping the base64 en
- -----BEGIN PKCS7-----
- -----END PKCS7-----
-
--and using the command:
-+and using the command:
-
- openssl smime -verify -inform PEM -in signature.pem -content content.txt
-
-@@ -493,4 +500,13 @@ added in OpenSSL 1.0.0
-
- The -no_alt_chains options was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/speed.pod
-+++ b/doc/apps/speed.pod
-@@ -12,35 +12,13 @@ B<openssl speed>
- [B<-elapsed>]
- [B<-evp algo>]
- [B<-decrypt>]
--[B<md2>]
--[B<mdc2>]
--[B<md5>]
--[B<hmac>]
--[B<sha1>]
--[B<rmd160>]
--[B<idea-cbc>]
--[B<rc2-cbc>]
--[B<rc5-cbc>]
--[B<bf-cbc>]
--[B<des-cbc>]
--[B<des-ede3>]
--[B<rc4>]
--[B<rsa512>]
--[B<rsa1024>]
--[B<rsa2048>]
--[B<rsa4096>]
--[B<dsa512>]
--[B<dsa1024>]
--[B<dsa2048>]
--[B<idea>]
--[B<rc2>]
--[B<des>]
--[B<rsa>]
--[B<blowfish>]
-+[B<algorithm...>]
-
- =head1 DESCRIPTION
-
- This command is used to test the performance of cryptographic algorithms.
-+To see the list of supported algorithms, use the I<list --digest-commands>
-+or I<list --cipher-commands> command.
-
- =head1 OPTIONS
-
-@@ -77,4 +55,13 @@ the above are tested.
-
- =back
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/spkac.pod
-+++ b/doc/apps/spkac.pod
-@@ -135,4 +135,13 @@ to be used in a "replay attack".
-
- L<ca(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/ts.pod
-+++ b/doc/apps/ts.pod
-@@ -522,13 +522,13 @@ To create a time stamp request for desig
- without nonce and policy and no certificate is required in the response:
-
- openssl ts -query -data design1.txt -no_nonce \
-- -out design1.tsq
-+ -out design1.tsq
-
- To create a similar time stamp request with specifying the message imprint
- explicitly:
-
- openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-- -no_nonce -out design1.tsq
-+ -no_nonce -out design1.tsq
-
- To print the content of the previous request in human readable format:
-
-@@ -540,7 +540,7 @@ specifies a policy id (assuming the tsa_
- OID section of the config file):
-
- openssl ts -query -data design2.txt -md5 \
-- -tspolicy tsa_policy1 -cert -out design2.tsq
-+ -tspolicy tsa_policy1 -cert -out design2.tsq
-
- =head2 Time Stamp Response
-
-@@ -557,7 +557,7 @@ tsakey.pem is the private key of the TSA
- To create a time stamp response for a request:
-
- openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
-- -signer tsacert.pem -out design1.tsr
-+ -signer tsacert.pem -out design1.tsr
-
- If you want to use the settings in the config file you could just write:
-
-@@ -589,20 +589,20 @@ To add 'granted' status info to a time s
- To verify a time stamp reply against a request:
-
- openssl ts -verify -queryfile design1.tsq -in design1.tsr \
-- -CAfile cacert.pem -untrusted tsacert.pem
-+ -CAfile cacert.pem -untrusted tsacert.pem
-
- To verify a time stamp reply that includes the certificate chain:
-
- openssl ts -verify -queryfile design2.tsq -in design2.tsr \
-- -CAfile cacert.pem
-+ -CAfile cacert.pem
-
- To verify a time stamp token against the original data file:
- openssl ts -verify -data design2.txt -in design2.tsr \
-- -CAfile cacert.pem
-+ -CAfile cacert.pem
-
- To verify a time stamp token against a message imprint:
- openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-- -in design2.tsr -CAfile cacert.pem
-+ -in design2.tsr -CAfile cacert.pem
-
- You could also look at the 'test' directory for more examples.
-
-@@ -634,12 +634,19 @@ test/testtsa).
-
- =back
-
--=cut
--
- =head1 SEE ALSO
-
- L<tsget(1)>, L<openssl(1)>, L<req(1)>,
- L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
- L<config(5)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/tsget.pod
-+++ b/doc/apps/tsget.pod
-@@ -33,15 +33,15 @@ line.
-
- The tool sends the following HTTP request for each time stamp request:
-
-- POST url HTTP/1.1
-- User-Agent: OpenTSA tsget.pl/<version>
-- Host: <host>:<port>
-- Pragma: no-cache
-- Content-Type: application/timestamp-query
-- Accept: application/timestamp-reply
-- Content-Length: length of body
-+ POST url HTTP/1.1
-+ User-Agent: OpenTSA tsget.pl/<version>
-+ Host: <host>:<port>
-+ Pragma: no-cache
-+ Content-Type: application/timestamp-query
-+ Accept: application/timestamp-reply
-+ Content-Length: length of body
-
-- ...binary request specified by the user...
-+ ...binary request specified by the user...
-
- B<tsget> expects a response of type application/timestamp-reply, which is
- written to a file without any interpretation.
-@@ -142,7 +142,7 @@ time stamp requests, tsa.opentsa.org lis
- and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
- absolute path.
-
--Get a time stamp response for file1.tsq over HTTP, output is written to
-+Get a time stamp response for file1.tsq over HTTP, output is written to
- file1.tsr:
-
- tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
-@@ -151,40 +151,49 @@ Get a time stamp response for file1.tsq
- progress, output is written to file1.reply and file2.reply respectively:
-
- tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
-- file1.tsq file2.tsq
-+ file1.tsq file2.tsq
-
- Create a time stamp request, write it to file3.tsq, send it to the server and
- write the response to file3.tsr:
-
- openssl ts -query -data file3.txt -cert | tee file3.tsq \
-- | tsget -h http://tsa.opentsa.org:8080/tsa \
-- -o file3.tsr
-+ | tsget -h http://tsa.opentsa.org:8080/tsa \
-+ -o file3.tsr
-
- Get a time stamp response for file1.tsq over HTTPS without client
- authentication:
-
- tsget -h https://tsa.opentsa.org:8443/tsa \
-- -C cacerts.pem file1.tsq
-+ -C cacerts.pem file1.tsq
-
- Get a time stamp response for file1.tsq over HTTPS with certificate-based
- client authentication (it will ask for the passphrase if client_key.pem is
- protected):
-
- tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-- -k client_key.pem -c client_cert.pem file1.tsq
-+ -k client_key.pem -c client_cert.pem file1.tsq
-
- You can shorten the previous command line if you make use of the B<TSGET>
- environment variable. The following commands do the same as the previous
- example:
-
- TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-- -k client_key.pem -c client_cert.pem'
-+ -k client_key.pem -c client_cert.pem'
- export TSGET
- tsget file1.tsq
-
- =head1 SEE ALSO
-
--L<openssl(1)>, L<ts(1)>, L<curl(1)>,
-+L<openssl(1)>, L<ts(1)>, L<curl(1)>,
- B<RFC 3161>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/verify.pod
-+++ b/doc/apps/verify.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--verify - Utility to verify certificates.
-+verify - Utility to verify certificates
-
- =head1 SYNOPSIS
-
-@@ -12,6 +12,7 @@ B<openssl> B<verify>
- [B<-CApath directory>]
- [B<-no-CAfile>]
- [B<-no-CApath>]
-+[B<-allow_proxy_certs>]
- [B<-attime timestamp>]
- [B<-check_ss_sig>]
- [B<-CRLfile file>]
-@@ -24,6 +25,7 @@ B<openssl> B<verify>
- [B<-ignore_critical>]
- [B<-inhibit_any>]
- [B<-inhibit_map>]
-+[B<-no_check_time>]
- [B<-partial_chain>]
- [B<-policy arg>]
- [B<-policy_check>]
-@@ -82,6 +84,10 @@ Do not load the trusted CA certificates
-
- Do not load the trusted CA certificates from the default directory location
-
-+=item B<-allow_proxy_certs>
-+
-+Allow the verification of proxy certificates
-+
- =item B<-attime timestamp>
-
- Perform validation checks using time specified by B<timestamp> and not
-@@ -145,6 +151,12 @@ Set policy variable inhibit-any-policy (
-
- Set policy variable inhibit-policy-mapping (see RFC5280).
-
-+=item B<-no_check_time>
-+
-+This option suppresses checking the validity period of certificates and CRLs
-+against the current time. If option B<-attime timestamp> is used to specify
-+a verification time, the check is not suppressed.
-+
- =item B<-partial_chain>
-
- Allow verification to succeed even if a I<complete> chain cannot be built to a
-@@ -203,14 +215,14 @@ effect.
- A B<file> of additional untrusted certificates (intermediate issuer CAs) used
- to construct a certificate chain from the subject certificate to a trust-anchor.
- The B<file> should contain one or more certificates in PEM format.
--This option can be specified more than once to include untrusted certiificates
-+This option can be specified more than once to include untrusted certificates
- from multiple B<files>.
-
- =item B<-trusted file>
-
- A B<file> of trusted certificates, which must be self-signed, unless the
- B<-partial_chain> option is specified.
--The B<file> contain one or more certificates in PEM format.
-+The B<file> contains one or more certificates in PEM format.
- With this option, no additional (e.g., default) certificate lists are
- consulted.
- That is, the only trust-anchors are those listed in B<file>.
-@@ -333,7 +345,7 @@ CA.
-
- The process of 'looking up the issuers certificate' itself involves a number of
- steps.
--Ater all certificates whose subject name matches the issuer name of the current
-+After all certificates whose subject name matches the issuer name of the current
- certificate are subject to further tests.
- The relevant authority key identifier components of the current certificate (if
- present) must match the subject key identifier (if present) and issuer and
-@@ -381,287 +393,292 @@ problem was detected starting with zero
- then 1 for the CA that signed the certificate and so on. Finally a text version
- of the error number is presented.
-
--An partial list of the error codes and messages is shown below, this also
-+A partial list of the error codes and messages is shown below, this also
- includes the name of the error code as defined in the header file x509_vfy.h
- Some of the error codes are defined but never returned: these are described
- as "unused".
-
- =over 4
-
--=item B<0 X509_V_OK: ok>
-+=item B<X509_V_OK>
-
--the operation was successful.
-+The operation was successful.
-
--=item B<1 X509_V_ERR_UNSPECIFIED: unspecified certificate verification error>
-+=item B<X509_V_ERR_UNSPECIFIED>
-
--unspecified error, should not happen.
-+Unspecified error; should not happen.
-
--=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
-+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT>
-
--the issuer certificate of a looked up certificate could not be found. This
-+The issuer certificate of a looked up certificate could not be found. This
- normally means the list of trusted certificates is not complete.
-
--=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
-+=item B<X509_V_ERR_UNABLE_TO_GET_CRL>
-
--the CRL of a certificate could not be found.
-+The CRL of a certificate could not be found.
-
--=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
-+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE>
-
--the certificate signature could not be decrypted. This means that the actual signature value
-+The certificate signature could not be decrypted. This means that the actual signature value
- could not be determined rather than it not matching the expected value, this is only
- meaningful for RSA keys.
-
--=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
-+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE>
-
--the CRL signature could not be decrypted: this means that the actual signature value
-+The CRL signature could not be decrypted: this means that the actual signature value
- could not be determined rather than it not matching the expected value. Unused.
-
--=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
-+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY>
-
--the public key in the certificate SubjectPublicKeyInfo could not be read.
-+The public key in the certificate SubjectPublicKeyInfo could not be read.
-
--=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
-+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE>
-
--the signature of the certificate is invalid.
-+The signature of the certificate is invalid.
-
--=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE>
-
--the signature of the certificate is invalid.
-+The signature of the certificate is invalid.
-
--=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
-+=item B<X509_V_ERR_CERT_NOT_YET_VALID>
-
--the certificate is not yet valid: the notBefore date is after the current time.
-+The certificate is not yet valid: the notBefore date is after the current time.
-
--=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
-+=item B<X509_V_ERR_CERT_HAS_EXPIRED>
-
--the certificate has expired: that is the notAfter date is before the current time.
-+The certificate has expired: that is the notAfter date is before the current time.
-
--=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-+=item B<X509_V_ERR_CRL_NOT_YET_VALID>
-
--the CRL is not yet valid.
-+The CRL is not yet valid.
-
--=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-+=item B<X509_V_ERR_CRL_HAS_EXPIRED>
-
--the CRL has expired.
-+The CRL has expired.
-
--=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
-+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD>
-
--the certificate notBefore field contains an invalid time.
-+The certificate notBefore field contains an invalid time.
-
--=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
-+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD>
-
--the certificate notAfter field contains an invalid time.
-+The certificate notAfter field contains an invalid time.
-
--=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
-+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD>
-
--the CRL lastUpdate field contains an invalid time.
-+The CRL lastUpdate field contains an invalid time.
-
--=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
-+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD>
-
--the CRL nextUpdate field contains an invalid time.
-+The CRL nextUpdate field contains an invalid time.
-
--=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
-+=item B<X509_V_ERR_OUT_OF_MEM>
-
--an error occurred trying to allocate memory. This should never happen.
-+An error occurred trying to allocate memory. This should never happen.
-
--=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
-+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT>
-
--the passed certificate is self signed and the same certificate cannot be found in the list of
-+The passed certificate is self-signed and the same certificate cannot be found in the list of
- trusted certificates.
-
--=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
-+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN>
-
--the certificate chain could be built up using the untrusted certificates but the root could not
-+The certificate chain could be built up using the untrusted certificates but the root could not
- be found locally.
-
--=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
-+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY>
-
--the issuer certificate could not be found: this occurs if the issuer
-+The issuer certificate could not be found: this occurs if the issuer
- certificate of an untrusted certificate cannot be found.
-
--=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
-+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE>
-
--no signatures could be verified because the chain contains only one certificate and it is not
-+No signatures could be verified because the chain contains only one certificate and it is not
- self signed.
-
--=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
-+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG>
-
--the certificate chain length is greater than the supplied maximum depth. Unused.
-+The certificate chain length is greater than the supplied maximum depth. Unused.
-
--=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
-+=item B<X509_V_ERR_CERT_REVOKED>
-
--the certificate has been revoked.
-+The certificate has been revoked.
-
--=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
-+=item B<X509_V_ERR_INVALID_CA>
-
--a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
-+A CA certificate is invalid. Either it is not a CA or its extensions are not consistent
- with the supplied purpose.
-
--=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
-+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED>
-
--the basicConstraints pathlength parameter has been exceeded.
-+The basicConstraints pathlength parameter has been exceeded.
-
--=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
-+=item B<X509_V_ERR_INVALID_PURPOSE>
-
--the supplied certificate cannot be used for the specified purpose.
-+The supplied certificate cannot be used for the specified purpose.
-
--=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
-+=item B<X509_V_ERR_CERT_UNTRUSTED>
-
- the root CA is not marked as trusted for the specified purpose.
-
--=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
-+=item B<X509_V_ERR_CERT_REJECTED>
-
--the root CA is marked to reject the specified purpose.
-+The root CA is marked to reject the specified purpose.
-
--=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
-+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH>
-
--Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
-+not used as of OpenSSL 1.1.0 as a result of the deprecation of the
- B<-issuer_checks> option.
-
--=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
-+=item B<X509_V_ERR_AKID_SKID_MISMATCH>
-
- Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
- B<-issuer_checks> option.
-
--=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
-+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH>
-
- Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
- B<-issuer_checks> option.
-
--=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN: key usage does not include certificate signing>
-+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN>
-
- Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
- B<-issuer_checks> option.
-
--=item B<33 X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate>
-+=item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER>
-+
-+Unable to get CRL issuer certificate.
-
--TBA
-+=item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION>
-
--=item B<34 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension>
-+Unhandled critical extension.
-
--TBA
-+=item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN>
-
--=item B<35 X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing>
-+Key usage does not include CRL signing.
-
--TBA
-+=item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION>
-
--=item B<36 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension>
-+Unhandled critical CRL extension.
-
--TBA
-+=item B<X509_V_ERR_INVALID_NON_CA>
-
--=item B<37 X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate has CA markings>
-+Invalid non-CA certificate has CA markings.
-
--TBA
-+=item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED>
-
--=item B<38 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded>
-+Proxy path length constraint exceeded.
-
--TBA
-+=item B<X509_V_ERR_PROXY_SUBJECT_INVALID>
-
--=item B<39 X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature>
-+Proxy certificate subject is invalid. It MUST be the same as the issuer
-+with a single CN component added.
-
--TBA
-+=item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE>
-
--=item B<40 X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag>
-+Key usage does not include digital signature.
-
--TBA
-+=item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED>
-
--=item B<41 X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
-+Proxy certificates not allowed, please use B<-allow_proxy_certs>.
-
--TBA
-+=item B<X509_V_ERR_INVALID_EXTENSION>
-
--=item B<42 X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
-+Invalid or inconsistent certificate extension.
-
--TBA
-+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION>
-
--=item B<43 X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
-+Invalid or inconsistent certificate policy extension.
-
--TBA
-+=item B<X509_V_ERR_NO_EXPLICIT_POLICY>
-
--=item B<44 X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
-+No explicit policy.
-
--TBA
-+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE>
-
--=item B<45 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
-+Different CRL scope.
-
--TBA
-+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE>
-
--=item B<46 X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resources>
-+Unsupported extension feature.
-
--TBA
-+=item B<X509_V_ERR_UNNESTED_RESOURCE>
-
--=item B<47 X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
-+RFC 3779 resource not subset of parent's resources.
-
--TBA
-+=item B<X509_V_ERR_PERMITTED_VIOLATION>
-
--=item B<48 X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
-+Permitted subtree violation.
-
--TBA
-+=item B<X509_V_ERR_EXCLUDED_VIOLATION>
-
--=item B<49 X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
-+Excluded subtree violation.
-
--TBA
-+=item B<X509_V_ERR_SUBTREE_MINMAX>
-
--=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
-+Name constraints minimum and maximum not supported.
-
--an application specific error. Unused.
-+=item B<X509_V_ERR_APPLICATION_VERIFICATION>
-
--=item B<51 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
-+Application verification failure. Unused.
-
--TBA
-+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE>
-
--=item B<52 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
-+Unsupported name constraint type.
-
--TBA
-+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX>
-
--=item B<53 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax>
-+Unsupported or invalid name constraint syntax.
-
--TBA
-+=item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX>
-
--=item B<54 X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
-+Unsupported or invalid name syntax.
-
--TBA
-+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR>
-
--=item B<55 X509_V_ERR_PATH_LOOP: Path Loop>
-+CRL path validation error.
-
--TBA
-+=item B<X509_V_ERR_PATH_LOOP>
-
--=item B<56 X509_V_ERR_SUITE_B_INVALID_VERSION: Suite B: certificate version invalid>
-+Path loop.
-
--TBA
-+=item B<X509_V_ERR_SUITE_B_INVALID_VERSION>
-
--=item B<57 X509_V_ERR_SUITE_B_INVALID_ALGORITHM: Suite B: invalid public key algorithm>
-+Suite B: certificate version invalid.
-
--TBA
-+=item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM>
-
--=item B<58 X509_V_ERR_SUITE_B_INVALID_CURVE: Suite B: invalid ECC curve>
-+Suite B: invalid public key algorithm.
-
--TBA
-+=item B<X509_V_ERR_SUITE_B_INVALID_CURVE>
-
--=item B<59 X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Suite B: invalid signature algorithm>
-+Suite B: invalid ECC curve.
-
--TBA
-+=item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM>
-
--=item B<60 X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: Suite B: curve not allowed for this LOS>
-+Suite B: invalid signature algorithm.
-
--TBA
-+=item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED>
-
--=item B<61 X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Suite B: cannot sign P-384 with P-256>
-+Suite B: curve not allowed for this LOS.
-
--TBA
-+=item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256>
-
--=item B<62 X509_V_ERR_HOSTNAME_MISMATCH: Hostname mismatch>
-+Suite B: cannot sign P-384 with P-256.
-
--TBA
-+=item B<X509_V_ERR_HOSTNAME_MISMATCH>
-
--=item B<63 X509_V_ERR_EMAIL_MISMATCH: Email address mismatch>
-+Hostname mismatch.
-
--TBA
-+=item B<X509_V_ERR_EMAIL_MISMATCH>
-
--=item B<64 X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch>
-+Email address mismatch.
-
--TBA
-+=item B<X509_V_ERR_IP_ADDRESS_MISMATCH>
-
--=item B<65 X509_V_ERR_DANE_NO_MATCH: No matching DANE TLSA records>
-+IP address mismatch.
-+
-+=item B<X509_V_ERR_DANE_NO_MATCH>
-
- DANE TLSA authentication is enabled, but no TLSA records matched the
- certificate chain.
-@@ -682,7 +699,7 @@ mishandled them.
-
- Previous versions of this documentation swapped the meaning of the
- B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
--B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
-+B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
-
- =head1 SEE ALSO
-
-@@ -695,5 +712,13 @@ The B<-show_chain> option was first adde
- The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
- is silently ignored.
-
--=cut
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/apps/version.pod
-+++ b/doc/apps/version.pod
-@@ -68,4 +68,13 @@ ENGINESDIR setting.
- The output of B<openssl version -a> would typically be used when sending
- in a bug report.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/apps/x509.pod
-+++ b/doc/apps/x509.pod
-@@ -1,4 +1,3 @@
--
- =pod
-
- =head1 NAME
-@@ -74,7 +73,7 @@ various sections.
-
- =head1 OPTIONS
-
--=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
-+=head2 Input, Output, and General Purpose Options
-
- =over 4
-
-@@ -93,7 +92,7 @@ obsolete.
-
- =item B<-outform DER|PEM|NET>
-
--This specifies the output format, the options have the same meaning as the
-+This specifies the output format, the options have the same meaning as the
- B<-inform> option.
-
- =item B<-in filename>
-@@ -112,9 +111,8 @@ the digest to use.
- This affects any signing or display option that uses a message
- digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options.
- Any digest supported by the OpenSSL B<dgst> command can be used.
--If not specified then SHA1 is used.
--Note that if a DSA key is used for signing, then this flag is ignored
--and SHA1 is used.
-+If not specified then SHA1 is used with B<-fingerprint> or
-+the default digest for the signing algorithm is used, typically SHA256.
-
- =item B<-engine id>
-
-@@ -125,7 +123,7 @@ for all available algorithms.
-
- =back
-
--=head2 DISPLAY OPTIONS
-+=head2 Display Options
-
- Note: the B<-alias> and B<-purpose> options are also display options
- but are described in the B<TRUST SETTINGS> section.
-@@ -241,7 +239,7 @@ this outputs the certificate in the form
-
- =back
-
--=head2 TRUST SETTINGS
-+=head2 Trust Settings
-
- A B<trusted certificate> is an ordinary certificate which has several
- additional pieces of information attached to it such as the permitted
-@@ -313,7 +311,7 @@ EXTENSIONS> section.
-
- =back
-
--=head2 SIGNING OPTIONS
-+=head2 Signing Options
-
- The B<x509> utility can be used to sign certificates and requests: it
- can thus behave like a "mini CA".
-@@ -323,7 +321,7 @@ can thus behave like a "mini CA".
- =item B<-signkey filename>
-
- this option causes the input file to be self signed using the supplied
--private key.
-+private key.
-
- If the input file is a certificate it sets the issuer name to the
- subject name (i.e. makes it self signed) changes the public key to the
-@@ -404,7 +402,7 @@ an even number of hex digits with the se
- use the serial number is incremented and written out to the file again.
-
- The default filename consists of the CA certificate file base name with
--".srl" appended. For example if the CA certificate file is called
-+".srl" appended. For example if the CA certificate file is called
- "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
-
- =item B<-CAcreateserial>
-@@ -440,7 +438,7 @@ The format or B<key> can be specified us
-
- =back
-
--=head2 NAME OPTIONS
-+=head2 Name Options
-
- The B<nameopt> command line switch determines how the subject and issuer
- names are displayed. If no B<nameopt> switch is present the default "oneline"
-@@ -474,10 +472,15 @@ B<space_eq>, B<lname> and B<align>.
-
- =item B<esc_2253>
-
--escape the "special" characters required by RFC2253 in a field That is
-+escape the "special" characters required by RFC2253 in a field. That is
- B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
- and a space character at the beginning or end of a string.
-
-+=item B<esc_2254>
-+
-+escape the "special" characters required by RFC2254 in a field. That is
-+the B<NUL> character as well as and B<()*>.
-+
- =item B<esc_ctrl>
-
- escape control characters. That is those with ASCII values less than
-@@ -578,7 +581,7 @@ name.
-
- =back
-
--=head2 TEXT OPTIONS
-+=head2 Text Options
-
- As well as customising the name output format, it is also possible to
- customise the actual fields printed using the B<certopt> options when
-@@ -652,8 +655,8 @@ hex dump unsupported extensions.
-
- =item B<ca_default>
-
--the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
--B<no_version>, B<no_sigdump> and B<no_signame>.
-+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>,
-+B<no_header>, and B<no_version>.
-
- =back
-
-@@ -703,20 +706,20 @@ Convert a certificate request into a sel
- extensions for a CA:
-
- openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
-- -signkey key.pem -out cacert.pem
-+ -signkey key.pem -out cacert.pem
-
- Sign a certificate request using the CA certificate above and add user
- certificate extensions:
-
- openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
-- -CA cacert.pem -CAkey key.pem -CAcreateserial
-+ -CA cacert.pem -CAkey key.pem -CAcreateserial
-
-
- Set a certificate to be trusted for SSL client use and change set its alias to
- "Steve's Class 1 CA"
-
- openssl x509 -in cert.pem -addtrust clientAuth \
-- -setalias "Steve's Class 1 CA" -out trust.pem
-+ -setalias "Steve's Class 1 CA" -out trust.pem
-
- =head1 NOTES
-
-@@ -831,7 +834,7 @@ Otherwise it is the same as a normal SSL
-
- The extended key usage extension must be absent or include the "email
- protection" OID. Netscape certificate type must be absent or should have the
--S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
-+S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type
- then the SSL client bit is tolerated as an alternative but a warning is shown:
- this is because some Verisign certificates don't set the S/MIME bit.
-
-@@ -850,7 +853,7 @@ if the keyUsage extension is present.
- The extended key usage extension must be absent or include the "email
- protection" OID. Netscape certificate type must be absent or must have the
- S/MIME CA bit set: this is used as a work around if the basicConstraints
--extension is absent.
-+extension is absent.
-
- =item B<CRL Signing>
-
-@@ -880,7 +883,7 @@ dates rather than an offset from the cur
-
- L<req(1)>, L<ca(1)>, L<genrsa(1)>,
- L<gendsa(1)>, L<verify(1)>,
--L<x509v3_config(5)>
-+L<x509v3_config(5)>
-
- =head1 HISTORY
-
-@@ -888,6 +891,15 @@ The hash algorithm used in the B<-subjec
- before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
- of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
- canonical version of the DN using SHA1. This means that any directories using
--the old form must have their links rebuilt using B<c_rehash> or similar.
-+the old form must have their links rebuilt using B<c_rehash> or similar.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/apps/x509v3_config.pod
-+++ b/doc/apps/x509v3_config.pod
-@@ -104,23 +104,23 @@ and decipherOnly.
- This extensions consists of a list of usages indicating purposes for which
- the certificate public key can be used for,
-
--These can either be object short names of the dotted numerical form of OIDs.
-+These can either be object short names or the dotted numerical form of OIDs.
- While any OID can be used only certain values make sense. In particular the
- following PKIX, NS and MS values are meaningful:
-
-- Value Meaning
-- ----- -------
-- serverAuth SSL/TLS Web Server Authentication.
-- clientAuth SSL/TLS Web Client Authentication.
-- codeSigning Code signing.
-- emailProtection E-mail Protection (S/MIME).
-- timeStamping Trusted Timestamping
-- OCSPSigning OCSP Signing
-- ipsecIKE ipsec Internet Key Exchnage
-- msCodeInd Microsoft Individual Code Signing (authenticode)
-- msCodeCom Microsoft Commercial Code Signing (authenticode)
-- msCTLSign Microsoft Trust List Signing
-- msEFS Microsoft Encrypted File System
-+ Value Meaning
-+ ----- -------
-+ serverAuth SSL/TLS Web Server Authentication.
-+ clientAuth SSL/TLS Web Client Authentication.
-+ codeSigning Code signing.
-+ emailProtection E-mail Protection (S/MIME).
-+ timeStamping Trusted Timestamping
-+ OCSPSigning OCSP Signing
-+ ipsecIKE ipsec Internet Key Exchange
-+ msCodeInd Microsoft Individual Code Signing (authenticode)
-+ msCodeCom Microsoft Commercial Code Signing (authenticode)
-+ msCTLSign Microsoft Trust List Signing
-+ msEFS Microsoft Encrypted File System
-
- Examples:
-
-@@ -224,7 +224,7 @@ certain values are meaningful, for examp
- authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
-
-
--=head2 CRL distribution points.
-+=head2 CRL distribution points
-
- This is a multi-valued extension whose options can be either in name:value pair
- using the same form as subject alternative name or a single value representing
-@@ -529,5 +529,13 @@ Due to the behaviour of the OpenSSL B<co
- L<req(1)>, L<ca(1)>, L<x509(1)>,
- L<ASN1_generate_nconf(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/ASN1_INTEGER_get_int64.pod
-+++ b/doc/crypto/ASN1_INTEGER_get_int64.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64,
- ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN, - ASN.1 INTEGER and ENUMERATED utilities
-
- =head1 SYNOPSIS
-@@ -119,4 +120,13 @@ ASN1_INTEGER_set_int64(), ASN1_INTEGER_g
- ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
- were added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ASN1_OBJECT_new.pod
-+++ b/doc/crypto/ASN1_OBJECT_new.pod
-@@ -39,4 +39,13 @@ ASN1_OBJECT_free() returns no value.
-
- L<ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ASN1_STRING_length.pod
-+++ b/doc/crypto/ASN1_STRING_length.pod
-@@ -3,7 +3,7 @@
- =head1 NAME
-
- ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
--ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 -
-+ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 -
- ASN1_STRING utility functions
-
- =head1 SYNOPSIS
-@@ -19,9 +19,9 @@ ASN1_STRING utility functions
-
- int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-
-- int ASN1_STRING_type(ASN1_STRING *x);
-+ int ASN1_STRING_type(const ASN1_STRING *x);
-
-- int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-+ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
-
- =head1 DESCRIPTION
-
-@@ -53,7 +53,7 @@ should be freed using OPENSSL_free().
- =head1 NOTES
-
- Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
--structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
-+structure. Other types such as B<ASN1_OCTET_STRING> are simply typedef'ed
- to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
- B<ASN1_STRING> is also used for some B<CHOICE> types which consist
- entirely of primitive string types such as B<DirectoryString> and
-@@ -72,12 +72,17 @@ character in big endian format, UTF8Stri
- Similar care should be take to ensure the data is in the correct format
- when calling ASN1_STRING_set().
-
--=head1 RETURN VALUES
--
- =head1 SEE ALSO
-
- L<ERR_get_error(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/ASN1_STRING_new.pod
-+++ b/doc/crypto/ASN1_STRING_new.pod
-@@ -40,8 +40,13 @@ ASN1_STRING_free() does not return a val
-
- L<ERR_get_error(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/ASN1_STRING_print_ex.pod
-+++ b/doc/crypto/ASN1_STRING_print_ex.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines.
-+ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines
-
- =head1 SYNOPSIS
-
-@@ -30,7 +30,7 @@ with '.'.
-
- ASN1_STRING_print() is a legacy function which should be avoided in new applications.
-
--Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
-+Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
- suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
-
- The complete set of supported options for B<flags> is listed below.
-@@ -75,7 +75,7 @@ Normally non character string types (suc
- one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
- be dumped instead.
-
--When a type is dumped normally just the content octets are printed, if
-+When a type is dumped normally just the content octets are printed, if
- B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
- instead (including tag and length octets).
-
-@@ -89,8 +89,13 @@ B<ASN1_STRFLGS_RFC2253> includes all the
- L<X509_NAME_print_ex(3)>,
- L<ASN1_tag2str(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/ASN1_TIME_set.pod
-+++ b/doc/crypto/ASN1_TIME_set.pod
-@@ -3,7 +3,7 @@
- =head1 NAME
-
- ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string,
--ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions.
-+ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions
-
- =head1 SYNOPSIS
-
-@@ -100,7 +100,7 @@ anyway.
- int day, sec;
-
- if (!ASN1_TIME_diff(&day, &sec, NULL, to))
-- /* Invalid time format */
-+ /* Invalid time format */
-
- if (day > 0 || sec > 0)
- printf("Later\n");
-@@ -126,4 +126,13 @@ an error occurred (I/O error or invalid
- ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the
- pass ASN1_TIME structure has invalid syntax for example.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ASN1_TYPE_get.pod
-+++ b/doc/crypto/ASN1_TYPE_get.pod
-@@ -9,7 +9,7 @@ functions
-
- #include <openssl/asn1.h>
-
-- int ASN1_TYPE_get(ASN1_TYPE *a);
-+ int ASN1_TYPE_get(const ASN1_TYPE *a);
- void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
- int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
- int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
-@@ -88,4 +88,13 @@ NULL on failure.
- ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or
- NULL on failure.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ASN1_generate_nconf.pod
-+++ b/doc/crypto/ASN1_generate_nconf.pod
-@@ -8,8 +8,8 @@ ASN1_generate_nconf, ASN1_generate_v3 -
-
- #include <openssl/asn1.h>
-
-- ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-- ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-+ ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
-+ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
-
- =head1 DESCRIPTION
-
-@@ -40,7 +40,7 @@ That is zero or more comma separated mod
- followed by an optional colon and a value. The formats of B<type>,
- B<value> and B<modifier> are explained below.
-
--=head2 SUPPORTED TYPES
-+=head2 Supported Types
-
- The supported types are listed below. Unless otherwise specified
- only the B<ASCII> format is permissible.
-@@ -52,7 +52,7 @@ only the B<ASCII> format is permissible.
- This encodes a boolean type. The B<value> string is mandatory and
- should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>,
- B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no>
--are acceptable.
-+are acceptable.
-
- =item B<NULL>
-
-@@ -78,12 +78,12 @@ a short name, a long name or numerical f
- =item B<UTCTIME>, B<UTC>
-
- Encodes an ASN1 B<UTCTime> structure, the value should be in
--the format B<YYMMDDHHMMSSZ>.
-+the format B<YYMMDDHHMMSSZ>.
-
- =item B<GENERALIZEDTIME>, B<GENTIME>
-
- Encodes an ASN1 B<GeneralizedTime> structure, the value should be in
--the format B<YYYYMMDDHHMMSSZ>.
-+the format B<YYYYMMDDHHMMSSZ>.
-
- =item B<OCTETSTRING>, B<OCT>
-
-@@ -119,7 +119,7 @@ will be encoded.
-
- =back
-
--=head2 MODIFIERS
-+=head2 Modifiers
-
- Modifiers affect the following structure, they can be used to
- add EXPLICIT or IMPLICIT tagging, add wrappers or to change
-@@ -258,4 +258,13 @@ The error codes that can be obtained by
-
- L<ERR_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ASYNC_WAIT_CTX_new.pod
-+++ b/doc/crypto/ASYNC_WAIT_CTX_new.pod
-@@ -53,7 +53,7 @@ ASYNC_WAIT_CTX_get_all_fds() with a NULL
- descriptors but will still populate B<*numfds>. Therefore application code is
- typically expected to call this function twice: once to get the number of fds,
- and then again when sufficient memory has been allocated. If only one
--asynchronous engine is being used then noramlly this call will only ever return
-+asynchronous engine is being used then normally this call will only ever return
- one fd. If multiple asynchronous engines are being used then more could be
- returned.
-
-@@ -112,6 +112,15 @@ ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_C
- ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on
- success or 0 on error.
-
-+=head1 NOTES
-+
-+On Windows platforms the openssl/async.h header is dependent on some
-+of the types customarily made available by including windows.h. The
-+application developer is likely to require control over when the latter
-+is included, commonly as one of the first included headers. Therefore
-+it is defined as an application developer's responsibility to include
-+windows.h prior to async.h.
-+
- =head1 SEE ALSO
-
- L<crypto(3)>, L<ASYNC_start_job(3)>
-@@ -123,4 +132,13 @@ ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_ge
- ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to
- OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ASYNC_start_job.pod
-+++ b/doc/crypto/ASYNC_start_job.pod
-@@ -2,8 +2,8 @@
-
- =head1 NAME
-
-+ASYNC_get_wait_ctx,
- ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job,
--ASYNC_in_job, ASYNC_get_wait_fd, ASYNC_set_wait_fd, ASYNC_clear_wait_fd,
- ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable
- - asynchronous job management functions
-
-@@ -111,7 +111,7 @@ for the B<job>. ASYNC_WAIT_CTXs can have
- with them. Applications can wait for the file descriptor to be ready for "read"
- using a system function call such as select or poll (being ready for "read"
- indicates that the job should be resumed). If no file descriptor is made
--available then an application will have to priodically "poll" the job by
-+available then an application will have to periodically "poll" the job by
- attempting to restart it to see if it is ready to continue.
-
- An example of typical usage might be an async capable engine. User code would
-@@ -161,17 +161,27 @@ ASYNC_get_wait_ctx() returns a pointer t
- ASYNC_is_capable() returns 1 if the current platform is async capable or 0
- otherwise.
-
-+=head1 NOTES
-+
-+On Windows platforms the openssl/async.h header is dependent on some
-+of the types customarily made available by including windows.h. The
-+application developer is likely to require control over when the latter
-+is included, commonly as one of the first included headers. Therefore
-+it is defined as an application developer's responsibility to include
-+windows.h prior to async.h.
-+
- =head1 EXAMPLE
-
- The following example demonstrates how to use most of the core async APIs:
-
-+ #ifdef _WIN32
-+ # include <windows.h>
-+ #endif
- #include <stdio.h>
- #include <unistd.h>
- #include <openssl/async.h>
- #include <openssl/crypto.h>
-
-- #define WAIT_SIGNAL_CHAR 'X'
--
- int unique = 0;
-
- void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
-@@ -188,7 +198,7 @@ otherwise.
- unsigned char *msg;
- int pipefds[2] = {0, 0};
- OSSL_ASYNC_FD *wptr;
-- char buf = WAIT_SIGNAL_CHAR;
-+ char buf = 'X';
-
- currjob = ASYNC_get_current_job();
- if (currjob != NULL) {
-@@ -267,7 +277,7 @@ otherwise.
-
- /* Wait for the job to be woken */
- printf("Waiting for the job to be woken up\n");
--
-+
- if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
- || numfds > 1) {
- printf("Unexpected number of fds\n");
-@@ -308,4 +318,13 @@ ASYNC_start_job, ASYNC_pause_job, ASYNC_
- ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first
- added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/BF_encrypt.pod
-@@ -0,0 +1,117 @@
-+=pod
-+
-+=head1 NAME
-+
-+BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
-+BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/blowfish.h>
-+
-+ void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-+
-+ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-+ BF_KEY *key, int enc);
-+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, BF_KEY *schedule, unsigned char *ivec, int enc);
-+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, BF_KEY *schedule, unsigned char *ivec, int *num,
-+ int enc);
-+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, BF_KEY *schedule, unsigned char *ivec, int *num);
-+ const char *BF_options(void);
-+
-+ void BF_encrypt(BF_LONG *data, const BF_KEY *key);
-+ void BF_decrypt(BF_LONG *data, const BF_KEY *key);
-+
-+=head1 DESCRIPTION
-+
-+This library implements the Blowfish cipher, which was invented and described
-+by Counterpane (see http://www.counterpane.com/blowfish.html ).
-+
-+Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
-+It uses a variable size key, but typically, 128 bit (16 byte) keys are
-+considered good for strong encryption. Blowfish can be used in the same
-+modes as DES (see L<des_modes(7)>). Blowfish is currently one
-+of the faster block ciphers. It is quite a bit faster than DES, and much
-+faster than IDEA or RC2.
-+
-+Blowfish consists of a key setup phase and the actual encryption or decryption
-+phase.
-+
-+BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
-+at B<data>.
-+
-+BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
-+It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
-+putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
-+or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
-+B<in> and B<out> must be 64 bits in length, no less. If they are larger,
-+everything after the first 64 bits is ignored.
-+
-+The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
-+all operate on variable length data. They all take an initialization vector
-+B<ivec> which needs to be passed along into the next call of the same function
-+for the same message. B<ivec> may be initialized with anything, but the
-+recipient needs to know what it was initialized with, or it won't be able
-+to decrypt. Some programs and protocols simplify this, like SSH, where
-+B<ivec> is simply initialized to zero.
-+BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
-+BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
-+number of bytes (the amount does not have to be an exact multiple of 8). The
-+purpose of the latter two is to simulate stream ciphers, and therefore, they
-+need the parameter B<num>, which is a pointer to an integer where the current
-+offset in B<ivec> is stored between calls. This integer must be initialized
-+to zero when B<ivec> is initialized.
-+
-+BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
-+encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
-+putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
-+decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
-+long initialization vector.
-+
-+BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
-+It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
-+putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
-+or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
-+8 byte long initialization vector. B<num> must point at an integer which must
-+be initially zero.
-+
-+BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
-+It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
-+the same way.
-+
-+BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
-+encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
-+B<data>, using the key B<key>. These functions should not be used unless you
-+implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt().
-+If you still want to use these functions, you should be aware that they take
-+each 32-bit chunk in host-byte order, which is little-endian on little-endian
-+platforms and big-endian on big-endian ones.
-+
-+=head1 RETURN VALUES
-+
-+None of the functions presented here return any value.
-+
-+=head1 NOTE
-+
-+Applications should use the higher level functions
-+L<EVP_EncryptInit(3)> etc. instead of calling these
-+functions directly.
-+
-+=head1 SEE ALSO
-+
-+L<EVP_EncryptInit(3)>,
-+L<des_modes(7)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_ADDR.pod
-+++ b/doc/crypto/BIO_ADDR.pod
-@@ -112,3 +112,14 @@ information they should return isn't ava
- =head1 SEE ALSO
-
- L<BIO_connect(3)>, L<BIO_s_connect(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_ADDRINFO.pod
-+++ b/doc/crypto/BIO_ADDRINFO.pod
-@@ -2,9 +2,10 @@
-
- =head1 NAME
-
--BIO_ADDRINFO, BIO_ADDRINFO_lookup, BIO_ADDRINFO_next, BIO_ADDRINFO_free,
-+BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free,
- BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol,
--BIO_ADDRINFO_sockaddr, BIO_ADDRINFO_sockaddr_size, BIO_ADDRINFO_address
-+BIO_ADDRINFO_address,
-+BIO_lookup
- - BIO_ADDRINFO type and routines
-
- =head1 SYNOPSIS
-@@ -72,11 +73,18 @@ with the given one.
- =head1 RETURN VALUES
-
- BIO_lookup() returns 1 on success and 0 when an error occurred, and
--will leave an error indicaton on the OpenSSL error stack in that case.
-+will leave an error indication on the OpenSSL error stack in that case.
-
- All other functions described here return 0 or B<NULL> when the
- information they should return isn't available.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--L<BIO_lookup(3)>
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_connect.pod
-+++ b/doc/crypto/BIO_connect.pod
-@@ -99,3 +99,14 @@ BIO_get_accept_socket() and BIO_accept()
- =head1 SEE ALSO
-
- L<BIO_ADDR(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_ctrl.pod
-+++ b/doc/crypto/BIO_ctrl.pod
-@@ -11,27 +11,27 @@ BIO_get_info_callback, BIO_set_info_call
-
- #include <openssl/bio.h>
-
-- long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-- long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
-- char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
-- long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
-+ typedef void (*bio_info_cb)(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
-+
-+ long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
-+ long BIO_callback_ctrl(BIO *b, int cmd, bio_info_cb cb);
-+ char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
-+ long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
-
- int BIO_reset(BIO *b);
- int BIO_seek(BIO *b, int ofs);
- int BIO_tell(BIO *b);
- int BIO_flush(BIO *b);
- int BIO_eof(BIO *b);
-- int BIO_set_close(BIO *b,long flag);
-+ int BIO_set_close(BIO *b, long flag);
- int BIO_get_close(BIO *b);
- int BIO_pending(BIO *b);
- int BIO_wpending(BIO *b);
- size_t BIO_ctrl_pending(BIO *b);
- size_t BIO_ctrl_wpending(BIO *b);
-
-- int BIO_get_info_callback(BIO *b,bio_info_cb **cbp);
-- int BIO_set_info_callback(BIO *b,bio_info_cb *cb);
--
-- typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
-+ int BIO_get_info_callback(BIO *b, bio_info_cb **cbp);
-+ int BIO_set_info_callback(BIO *b, bio_info_cb *cb);
-
- =head1 DESCRIPTION
-
-@@ -94,7 +94,7 @@ return the amount of pending data.
- =head1 NOTES
-
- BIO_flush(), because it can write data may return 0 or -1 indicating
--that the call should be retried later in a similar manner to BIO_write().
-+that the call should be retried later in a similar manner to BIO_write().
- The BIO_should_retry() call should be used and appropriate action taken
- is the call fails.
-
-@@ -121,8 +121,15 @@ operation.
- Some of the return values are ambiguous and care should be taken. In
- particular a return value of 0 can be returned if an operation is not
- supported, if an error occurred, if EOF has not been reached and in
--the case of BIO_seek() on a file BIO for a successful operation.
-+the case of BIO_seek() on a file BIO for a successful operation.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
--=head1 SEE ALSO
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_f_base64.pod
-+++ b/doc/crypto/BIO_f_base64.pod
-@@ -4,12 +4,14 @@
-
- BIO_f_base64 - base64 BIO filter
-
-+=for comment multiple includes
-+
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/evp.h>
-
-- const BIO_METHOD * BIO_f_base64(void);
-+ const BIO_METHOD *BIO_f_base64(void);
-
- =head1 DESCRIPTION
-
-@@ -17,7 +19,7 @@ BIO_f_base64() returns the base64 BIO me
- BIO that base64 encodes any data written through it and decodes
- any data read through it.
-
--Base64 BIOs do not support BIO_gets() or BIO_puts().
-+Base64 BIOs do not support BIO_gets() or BIO_puts().
-
- BIO_flush() on a base64 BIO that is being written through is
- used to signal that no more data is to be encoded: this is used
-@@ -63,8 +65,8 @@ Read Base64 encoded data from standard i
- bio = BIO_new_fp(stdin, BIO_NOCLOSE);
- bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
- BIO_push(b64, bio);
-- while((inlen = BIO_read(b64, inbuf, 512)) > 0)
-- BIO_write(bio_out, inbuf, inlen);
-+ while((inlen = BIO_read(b64, inbuf, 512)) > 0)
-+ BIO_write(bio_out, inbuf, inlen);
-
- BIO_flush(bio_out);
- BIO_free_all(b64);
-@@ -77,6 +79,13 @@ data following the base64 encoded block
- There should be some way of specifying a test that the BIO can perform
- to reliably determine EOF (for example a MIME boundary).
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_f_buffer.pod
-+++ b/doc/crypto/BIO_f_buffer.pod
-@@ -2,19 +2,25 @@
-
- =head1 NAME
-
--BIO_f_buffer - buffering BIO
-+BIO_get_buffer_num_lines,
-+BIO_set_read_buffer_size,
-+BIO_set_write_buffer_size,
-+BIO_set_buffer_size,
-+BIO_set_buffer_read_data,
-+BIO_f_buffer
-+- buffering BIO
-
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
-- const BIO_METHOD * BIO_f_buffer(void);
-+ const BIO_METHOD *BIO_f_buffer(void);
-
-- #define BIO_get_buffer_num_lines(b)
-- #define BIO_set_read_buffer_size(b,size)
-- #define BIO_set_write_buffer_size(b,size)
-- #define BIO_set_buffer_size(b,size)
-- #define BIO_set_buffer_read_data(b,buf,num)
-+ long BIO_get_buffer_num_lines(BIO *b);
-+ long BIO_set_read_buffer_size(BIO *b, long size);
-+ long BIO_set_write_buffer_size(BIO *b, long size);
-+ long BIO_set_buffer_size(BIO *b, long size);
-+ long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
-
- =head1 DESCRIPTION
-
-@@ -41,6 +47,8 @@ is expanded.
-
- =head1 NOTES
-
-+These functions, other than BIO_f_buffer(), are implemented as macros.
-+
- Buffering BIOs implement BIO_gets() by using BIO_read() operations on the
- next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
- possible to provide BIO_gets() functionality if the following BIOs do not
-@@ -71,3 +79,14 @@ L<BIO_reset(3)>,
- L<BIO_flush(3)>,
- L<BIO_pop(3)>,
- L<BIO_ctrl(3)>.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_f_cipher.pod
-+++ b/doc/crypto/BIO_f_cipher.pod
-@@ -4,14 +4,16 @@
-
- BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
-
-+=for comment multiple includes
-+
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/evp.h>
-
-- const BIO_METHOD * BIO_f_cipher(void);
-- void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
-- unsigned char *key, unsigned char *iv, int enc);
-+ const BIO_METHOD *BIO_f_cipher(void);
-+ void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
-+ unsigned char *key, unsigned char *iv, int enc);
- int BIO_get_cipher_status(BIO *b)
- int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
-
-@@ -22,7 +24,7 @@ BIO that encrypts any data written throu
- read from it. It is a BIO wrapper for the cipher routines
- EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
-
--Cipher BIOs do not support BIO_gets() or BIO_puts().
-+Cipher BIOs do not support BIO_gets() or BIO_puts().
-
- BIO_flush() on an encryption BIO that is being written through is
- used to signal that no more data is to be encrypted: this is used
-@@ -67,10 +69,13 @@ for failure.
-
- BIO_get_cipher_ctx() currently always returns 1.
-
--=head1 EXAMPLES
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
--=head1 SEE ALSO
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_f_md.pod
-+++ b/doc/crypto/BIO_f_md.pod
-@@ -4,15 +4,17 @@
-
- BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
-
-+=for comment multiple includes
-+
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/evp.h>
-
-- const BIO_METHOD * BIO_f_md(void);
-- int BIO_set_md(BIO *b,EVP_MD *md);
-- int BIO_get_md(BIO *b,EVP_MD **mdp);
-- int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
-+ const BIO_METHOD *BIO_f_md(void);
-+ int BIO_set_md(BIO *b, EVP_MD *md);
-+ int BIO_get_md(BIO *b, EVP_MD **mdp);
-+ int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
-
- =head1 DESCRIPTION
-
-@@ -103,9 +105,9 @@ checking has been omitted for clarity.
- BIO_set_md(mdtmp, EVP_md5());
- bio = BIO_push(mdtmp, bio);
- do {
-- rdlen = BIO_read(bio, buf, sizeof(buf));
-+ rdlen = BIO_read(bio, buf, sizeof(buf));
- /* Might want to do something with the data here */
-- } while(rdlen > 0);
-+ } while (rdlen > 0);
-
- This next example retrieves the message digests from a BIO chain and
- outputs them. This could be used with the examples above.
-@@ -114,18 +116,18 @@ outputs them. This could be used with th
- unsigned char mdbuf[EVP_MAX_MD_SIZE];
- int mdlen;
- int i;
-- mdtmp = bio; /* Assume bio has previously been set up */
-+ mdtmp = bio; /* Assume bio has previously been set up */
- do {
-- EVP_MD *md;
-- mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
-- if(!mdtmp) break;
-- BIO_get_md(mdtmp, &md);
-+ EVP_MD *md;
-+ mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
-+ if (!mdtmp) break;
-+ BIO_get_md(mdtmp, &md);
- printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
-- mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
-- for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
-- printf("\n");
-- mdtmp = BIO_next(mdtmp);
-- } while(mdtmp);
-+ mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
-+ for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
-+ printf("\n");
-+ mdtmp = BIO_next(mdtmp);
-+ } while (mdtmp);
-
- BIO_free_all(bio);
-
-@@ -142,8 +144,13 @@ separate BIO_ctrl() call.
- Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the
- BIO was initialized first.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
--TBA
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/BIO_f_null.pod
-+++ b/doc/crypto/BIO_f_null.pod
-@@ -8,7 +8,7 @@ BIO_f_null - null filter
-
- #include <openssl/bio.h>
-
-- const BIO_METHOD * BIO_f_null(void);
-+ const BIO_METHOD * BIO_f_null(void);
-
- =head1 DESCRIPTION
-
-@@ -27,6 +27,13 @@ As may be apparent a null filter BIO is
-
- BIO_f_null() returns the null filter BIO method.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_f_ssl.pod
-+++ b/doc/crypto/BIO_f_ssl.pod
-@@ -2,11 +2,15 @@
-
- =head1 NAME
-
--BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
-+BIO_do_handshake,
-+BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode,
-+BIO_set_ssl_renegotiate_bytes,
- BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
- BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
- BIO_ssl_shutdown - SSL BIO
-
-+=for comment multiple includes
-+
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
-@@ -14,29 +18,26 @@ BIO_ssl_shutdown - SSL BIO
-
- const BIO_METHOD *BIO_f_ssl(void);
-
-- #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-- #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-- #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-- #define BIO_set_ssl_renegotiate_bytes(b,num) \
-- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-- #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-- #define BIO_get_num_renegotiates(b) \
-- BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
-+ long BIO_set_ssl(BIO *b, SSL *ssl, long c);
-+ long BIO_get_ssl(BIO *b, SSL **sslp);
-+ long BIO_set_ssl_mode(BIO *b, long client);
-+ long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
-+ long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
-+ long BIO_get_num_renegotiates(BIO *b);
-
-- BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-+ BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
- BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
- BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-- int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-+ int BIO_ssl_copy_session_id(BIO *to, BIO *from);
- void BIO_ssl_shutdown(BIO *bio);
-
-- #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-+ long BIO_do_handshake(BIO *b);
-
- =head1 DESCRIPTION
-
- BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which
- is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to
--SSL I/O.
-+SSL I/O.
-
- I/O performed on an SSL BIO communicates using the SSL protocol with
- the SSLs read and write BIOs. If an SSL connection is not established
-@@ -63,7 +64,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode
- is 1 client mode is set. If B<client> is 0 server mode is set.
-
- BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
--to B<num>. When set after every B<num> bytes of I/O (read and write)
-+to B<num>. When set after every B<num> bytes of I/O (read and write)
- the SSL session is automatically renegotiated. B<num> must be at
- least 512 bytes.
-
-@@ -84,7 +85,7 @@ BIO_new_buffer_ssl_connect() creates a n
- of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
- BIO.
-
--BIO_ssl_copy_session_id() copies an SSL session id between
-+BIO_ssl_copy_session_id() copies an SSL session id between
- BIO chains B<from> and B<to>. It does this by locating the
- SSL BIOs in each chain and calling SSL_copy_session_id() on
- the internal SSL pointer.
-@@ -124,9 +125,9 @@ Applications do not have to call BIO_do_
- to do so to separate the handshake process from other I/O
- processing.
-
--=head1 RETURN VALUES
--
--TBA
-+BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(),
-+BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(),
-+BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.
-
- =head1 EXAMPLE
-
-@@ -140,54 +141,48 @@ unencrypted example in L<BIO_s_connect(3
- SSL_CTX *ctx;
- SSL *ssl;
-
-- /* We would seed the PRNG here if the platform didn't
-- * do it automatically
-- */
-+ /* XXX Seed the PRNG if needed. */
-
- ctx = SSL_CTX_new(TLS_client_method());
-
-- /* We'd normally set some stuff like the verify paths and
-- * mode here because as things stand this will connect to
-- * any server whose certificate is signed by any CA.
-- */
-+ /* XXX Set verify paths and mode here. */
-
- sbio = BIO_new_ssl_connect(ctx);
--
- BIO_get_ssl(sbio, &ssl);
--
-- if(!ssl) {
-- fprintf(stderr, "Can't locate SSL pointer\n");
-- /* whatever ... */
-+ if (ssl == NULL) {
-+ fprintf(stderr, "Can't locate SSL pointer\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
- /* Don't want any retries */
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
-- /* We might want to do other things with ssl here */
-+ /* XXX We might want to do other things with ssl here */
-
- /* An empty host part means the loopback address */
- BIO_set_conn_hostname(sbio, ":https");
-
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-- if(BIO_do_connect(sbio) <= 0) {
-- fprintf(stderr, "Error connecting to server\n");
-- ERR_print_errors_fp(stderr);
-- /* whatever ... */
-+ if (BIO_do_connect(sbio) <= 0) {
-+ fprintf(stderr, "Error connecting to server\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
--
-- if(BIO_do_handshake(sbio) <= 0) {
-- fprintf(stderr, "Error establishing SSL connection\n");
-- ERR_print_errors_fp(stderr);
-- /* whatever ... */
-+ if (BIO_do_handshake(sbio) <= 0) {
-+ fprintf(stderr, "Error establishing SSL connection\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
-- /* Could examine ssl here to get connection info */
-+ /* XXX Could examine ssl here to get connection info */
-
- BIO_puts(sbio, "GET / HTTP/1.0\n\n");
-- for(;;) {
-- len = BIO_read(sbio, tmpbuf, 1024);
-- if(len <= 0) break;
-- BIO_write(out, tmpbuf, len);
-+ for ( ; ; ) {
-+ len = BIO_read(sbio, tmpbuf, 1024);
-+ if (len <= 0)
-+ break;
-+ BIO_write(out, tmpbuf, len);
- }
- BIO_free_all(sbio);
- BIO_free(out);
-@@ -203,102 +198,83 @@ a client and also echoes the request to
- SSL_CTX *ctx;
- SSL *ssl;
-
-- /* Might seed PRNG here */
-+ /* XXX Seed the PRNG if needed. */
-
- ctx = SSL_CTX_new(TLS_server_method());
--
-- if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-- || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-- || !SSL_CTX_check_private_key(ctx)) {
--
-- fprintf(stderr, "Error setting up SSL_CTX\n");
-- ERR_print_errors_fp(stderr);
-- return 0;
-+ if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
-+ || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
-+ || !SSL_CTX_check_private_key(ctx)) {
-+ fprintf(stderr, "Error setting up SSL_CTX\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
-- /* Might do other things here like setting verify locations and
-- * DH and/or RSA temporary key callbacks
-- */
-+ /* XXX Other things like set verify locations, EDH temp callbacks. */
-
- /* New SSL BIO setup as server */
-- sbio=BIO_new_ssl(ctx,0);
--
-+ sbio = BIO_new_ssl(ctx, 0);
- BIO_get_ssl(sbio, &ssl);
--
-- if(!ssl) {
-- fprintf(stderr, "Can't locate SSL pointer\n");
-- /* whatever ... */
-+ if (ssl == NULL) {
-+ fprintf(stderr, "Can't locate SSL pointer\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
-- /* Don't want any retries */
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
--
-- /* Create the buffering BIO */
--
- bbio = BIO_new(BIO_f_buffer());
--
-- /* Add to chain */
- sbio = BIO_push(bbio, sbio);
-+ acpt = BIO_new_accept("4433");
-
-- acpt=BIO_new_accept("4433");
--
-- /* By doing this when a new connection is established
-+ /*
-+ * By doing this when a new connection is established
- * we automatically have sbio inserted into it. The
- * BIO chain is now 'swallowed' by the accept BIO and
-- * will be freed when the accept BIO is freed.
-+ * will be freed when the accept BIO is freed.
- */
--
-- BIO_set_accept_bios(acpt,sbio);
--
-+ BIO_set_accept_bios(acpt, sbio);
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- /* Setup accept BIO */
-- if(BIO_do_accept(acpt) <= 0) {
-- fprintf(stderr, "Error setting up accept BIO\n");
-- ERR_print_errors_fp(stderr);
-- return 0;
-+ if (BIO_do_accept(acpt) <= 0) {
-+ fprintf(stderr, "Error setting up accept BIO\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
-- /* Now wait for incoming connection */
-- if(BIO_do_accept(acpt) <= 0) {
-- fprintf(stderr, "Error in connection\n");
-- ERR_print_errors_fp(stderr);
-- return 0;
-+ if (BIO_do_accept(acpt) <= 0) {
-+ fprintf(stderr, "Error in connection\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
-- /* We only want one connection so remove and free
-- * accept BIO
-- */
--
-+ /* We only want one connection so remove and free accept BIO */
- sbio = BIO_pop(acpt);
--
- BIO_free_all(acpt);
-
-- if(BIO_do_handshake(sbio) <= 0) {
-- fprintf(stderr, "Error in SSL handshake\n");
-- ERR_print_errors_fp(stderr);
-- return 0;
-+ if (BIO_do_handshake(sbio) <= 0) {
-+ fprintf(stderr, "Error in SSL handshake\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
- BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
- BIO_puts(sbio, "--------------------------------------------------\r\n");
-
-- for(;;) {
-- len = BIO_gets(sbio, tmpbuf, 1024);
-- if(len <= 0) break;
-- BIO_write(sbio, tmpbuf, len);
-- BIO_write(out, tmpbuf, len);
-- /* Look for blank line signifying end of headers*/
-- if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
-+ for ( ; ; ) {
-+ len = BIO_gets(sbio, tmpbuf, 1024);
-+ if (len <= 0)
-+ break;
-+ BIO_write(sbio, tmpbuf, len);
-+ BIO_write(out, tmpbuf, len);
-+ /* Look for blank line signifying end of headers*/
-+ if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
-+ break;
- }
-
- BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "\r\n");
--
-- /* Since there is a buffering BIO present we had better flush it */
- BIO_flush(sbio);
--
- BIO_free_all(sbio);
-
- =head1 BUGS
-@@ -310,6 +286,13 @@ explicitly being popped (e.g. a pop high
- included workarounds for this bug (e.g. freeing BIOs more than once) should
- be modified to handle this fix or they may free up an already freed BIO.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_find_type.pod
-+++ b/doc/crypto/BIO_find_type.pod
-@@ -8,46 +8,23 @@ BIO_find_type, BIO_next, BIO_method_type
-
- #include <openssl/bio.h>
-
-- BIO * BIO_find_type(BIO *b,int bio_type);
-- BIO * BIO_next(BIO *b);
--
-- #define BIO_method_type(b) ((b)->method->type)
--
-- #define BIO_TYPE_NONE 0
-- #define BIO_TYPE_MEM (1|0x0400)
-- #define BIO_TYPE_FILE (2|0x0400)
--
-- #define BIO_TYPE_FD (4|0x0400|0x0100)
-- #define BIO_TYPE_SOCKET (5|0x0400|0x0100)
-- #define BIO_TYPE_NULL (6|0x0400)
-- #define BIO_TYPE_SSL (7|0x0200)
-- #define BIO_TYPE_MD (8|0x0200)
-- #define BIO_TYPE_BUFFER (9|0x0200)
-- #define BIO_TYPE_CIPHER (10|0x0200)
-- #define BIO_TYPE_BASE64 (11|0x0200)
-- #define BIO_TYPE_CONNECT (12|0x0400|0x0100)
-- #define BIO_TYPE_ACCEPT (13|0x0400|0x0100)
-- #define BIO_TYPE_PROXY_CLIENT (14|0x0200)
-- #define BIO_TYPE_PROXY_SERVER (15|0x0200)
-- #define BIO_TYPE_NBIO_TEST (16|0x0200)
-- #define BIO_TYPE_NULL_FILTER (17|0x0200)
-- #define BIO_TYPE_BER (18|0x0200)
-- #define BIO_TYPE_BIO (19|0x0400)
--
-- #define BIO_TYPE_DESCRIPTOR 0x0100
-- #define BIO_TYPE_FILTER 0x0200
-- #define BIO_TYPE_SOURCE_SINK 0x0400
-+ BIO *BIO_find_type(BIO *b, int bio_type);
-+ BIO *BIO_next(BIO *b);
-+ int BIO_method_type(const BIO *b);
-
- =head1 DESCRIPTION
-
- The BIO_find_type() searches for a BIO of a given type in a chain, starting
--at BIO B<b>. If B<type> is a specific type (such as BIO_TYPE_MEM) then a search
-+at BIO B<b>. If B<type> is a specific type (such as B<BIO_TYPE_MEM>) then a search
- is made for a BIO of that type. If B<type> is a general type (such as
- B<BIO_TYPE_SOURCE_SINK>) then the next matching BIO of the given general type is
- searched for. BIO_find_type() returns the next matching BIO or NULL if none is
- found.
-
--Note: not all the B<BIO_TYPE_*> types above have corresponding BIO implementations.
-+The following general types are defined:
-+B<BIO_TYPE_DESCRIPTOR>, B<BIO_TYPE_FILTER>, and B<BIO_TYPE_SOURCE_SINK>.
-+
-+For a list of the specific types, see the B<openssl/bio.h> header file.
-
- BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
- in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
-@@ -68,18 +45,25 @@ BIO_method_type() returns the type of th
- Traverse a chain looking for digest BIOs:
-
- BIO *btmp;
-- btmp = in_bio; /* in_bio is chain to search through */
-+ btmp = in_bio; /* in_bio is chain to search through */
-
- do {
-- btmp = BIO_find_type(btmp, BIO_TYPE_MD);
-- if(btmp == NULL) break; /* Not found */
-- /* btmp is a digest BIO, do something with it ...*/
-- ...
-+ btmp = BIO_find_type(btmp, BIO_TYPE_MD);
-+ if (btmp == NULL) break; /* Not found */
-+ /* btmp is a digest BIO, do something with it ...*/
-+ ...
-+
-+ btmp = BIO_next(btmp);
-+ } while (btmp);
-+
-
-- btmp = BIO_next(btmp);
-- } while(btmp);
-+=head1 COPYRIGHT
-
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
--=head1 SEE ALSO
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_get_data.pod
-+++ b/doc/crypto/BIO_get_data.pod
-@@ -53,4 +53,13 @@ L<bio>, L<BIO_meth_new>
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BIO_get_ex_new_index.pod
-+++ b/doc/crypto/BIO_get_ex_new_index.pod
-@@ -15,31 +15,50 @@ ECDSA_get_ex_new_index, ECDSA_set_ex_dat
- RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data
- - application-specific data
-
--=head1 SYNOPSIS
-+=for comment generic
-
--The synopsis below is for the X509 structure, but is the same for all
--crypto structures:
-+=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
-- int X509_get_ex_new_index(long argl, void *argp,
-- CRYPTO_EX_new *new_func,
-- CRYPTO_EX_dup *dup_func,
-- CRYPTO_EX_free *free_func);
-+ int TYPE_get_ex_new_index(long argl, void *argp,
-+ CRYPTO_EX_new *new_func,
-+ CRYPTO_EX_dup *dup_func,
-+ CRYPTO_EX_free *free_func);
-
-- int X509_set_ex_data(X509 *d, int idx, void *arg);
-+ int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
-
-- void *X509_get_ex_data(X509 *d, int idx);
-+ void *TYPE_get_ex_data(TYPE *d, int idx);
-
- =head1 DESCRIPTION
-
--These functions handle application-specific data for OpenSSL crypto
-+In the description here, I<TYPE> is used a placeholder
-+for any of the OpenSSL datatypes listed in
-+L<CRYPTO_get_ex_new_index(3)>.
-+
-+These functions handle application-specific data for OpenSSL data
- structures.
-
--For details, see L<CRYPTO_get_ex_new_index(3)>.
-+TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index()
-+with the correct B<index> value.
-+
-+TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with
-+an offset into the opaque exdata part of the TYPE object.
-+
-+TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with an
-+an offset into the opaque exdata part of the TYPE object.
-
- =head1 SEE ALSO
-
- L<CRYPTO_get_ex_new_index(3)>.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BIO_meth_new.pod
-+++ b/doc/crypto/BIO_meth_new.pod
-@@ -75,7 +75,7 @@ called in response to the application ca
- the function have the same meaning as for BIO_puts().
-
- BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically
--used for reading a line of data from the BIO respectively (see the L<BIO_gets>
-+used for reading a line of data from the BIO respectively (see the L<BIO_gets(3)>
- page for more information). This function will be called in response to the
- application calling BIO_gets(). The parameters for the function have the same
- meaning as for BIO_gets().
-@@ -88,7 +88,7 @@ BIO_ctrl().
-
- BIO_meth_get_create() and BIO_meth_set_create() get and set the function used
- for creating a new instance of the BIO respectively. This function will be
--called in response to the application calling BIO_new() or BIO_set() and passing
-+called in response to the application calling BIO_new() and passing
- in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the
- memory for the new BIO, and a pointer to this newly allocated structure will
- be passed as a parameter to the function.
-@@ -102,7 +102,7 @@ this function.
-
- BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the
- function used for processing callback ctrl messages in the BIO respectively. See
--the L<BIO_callback_ctrl> page for more information. This function will be called
-+the L<BIO_callback_ctrl(3)> page for more information. This function will be called
- in response to the application calling BIO_callback_ctrl(). The parameters for
- the function have the same meaning as for BIO_callback_ctrl().
-
-@@ -114,4 +114,13 @@ L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BIO_new.pod
-+++ b/doc/crypto/BIO_new.pod
-@@ -2,25 +2,24 @@
-
- =head1 NAME
-
--BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
-+BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all,
-+BIO_set - BIO allocation and freeing functions
-
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
-- BIO * BIO_new(const BIO_METHOD *type);
-- int BIO_set(BIO *a,const BIO_METHOD *type);
-- int BIO_up_ref(BIO *a);
-- int BIO_free(BIO *a);
-- void BIO_vfree(BIO *a);
-- void BIO_free_all(BIO *a);
-+ BIO * BIO_new(const BIO_METHOD *type);
-+ int BIO_set(BIO *a, const BIO_METHOD *type);
-+ int BIO_up_ref(BIO *a);
-+ int BIO_free(BIO *a);
-+ void BIO_vfree(BIO *a);
-+ void BIO_free_all(BIO *a);
-
- =head1 DESCRIPTION
-
- The BIO_new() function returns a new BIO using method B<type>.
-
--BIO_set() sets the method of an already existing BIO.
--
- BIO_up_ref() increments the reference count associated with the BIO object.
-
- BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
-@@ -45,20 +44,15 @@ BIO_free_all() and BIO_vfree() do not re
-
- =head1 NOTES
-
--Some BIOs (such as memory BIOs) can be used immediately after calling
--BIO_new(). Others (such as file BIOs) need some additional initialization,
--and frequently a utility function exists to create and initialize such BIOs.
--
- If BIO_free() is called on a BIO chain it will only free one BIO resulting
- in a memory leak.
-
--Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
-+Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free()
- on it other than the discarded return value.
-
--Normally the B<type> argument is supplied by a function which returns a
--pointer to a BIO_METHOD. There is a naming convention for such functions:
--a source/sink BIO is normally called BIO_s_*() and a filter BIO
--BIO_f_*();
-+=head1 HISTORY
-+
-+BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.
-
- =head1 EXAMPLE
-
-@@ -66,6 +60,13 @@ BIO_f_*();
-
- BIO *mem = BIO_new(BIO_s_mem());
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_new_CMS.pod
-+++ b/doc/crypto/BIO_new_CMS.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- BIO_new_CMS - CMS streaming filter BIO
-+BIO_new_CMS - CMS streaming filter BIO
-
- =head1 SYNOPSIS
-
-@@ -63,4 +63,13 @@ L<CMS_encrypt(3)>
-
- BIO_new_CMS() was added to OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BIO_parse_hostserv.pod
-+++ b/doc/crypto/BIO_parse_hostserv.pod
-@@ -42,26 +42,32 @@ The service part can be a service name
- The returned values will depend on the given B<hostserv> string
- and B<hostserv_prio>, as follows:
-
--=for comment
--The following is ONE verbatim block. To make sure it's rendered as
--one block and not several, the blank lines in between have one space.
--They should be left as is.
--
- host + ':' + service => *host = "host", *service = "service"
- host + ':' + '*' => *host = "host", *service = NULL
- host + ':' => *host = "host", *service = NULL
- ':' + service => *host = NULL, *service = "service"
- '*' + ':' + service => *host = NULL, *service = "service"
--
-+
- in case no ':' is present in the string, the result depends on
- hostserv_prio, as follows:
--
-+
- when hostserv_prio == BIO_PARSE_PRIO_HOST
- host => *host = "host", *service untouched
--
-+
- when hostserv_prio == BIO_PARSE_PRIO_SERV
- service => *host untouched, *service = "service"
-
- =head1 SEE ALSO
-
- L<BIO_ADDRINFO(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_push.pod
-+++ b/doc/crypto/BIO_push.pod
-@@ -2,13 +2,13 @@
-
- =head1 NAME
-
--BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain.
-+BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain
-
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
-- BIO *BIO_push(BIO *b,BIO *append);
-+ BIO *BIO_push(BIO *b, BIO *append);
- BIO *BIO_pop(BIO *b);
- void BIO_set_next(BIO *b, BIO *next);
-
-@@ -77,4 +77,13 @@ L<bio>
-
- The BIO_set_next() function was added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BIO_read.pod
-+++ b/doc/crypto/BIO_read.pod
-@@ -8,10 +8,10 @@ BIO_read, BIO_write, BIO_gets, BIO_puts
-
- #include <openssl/bio.h>
-
-- int BIO_read(BIO *b, void *buf, int len);
-- int BIO_gets(BIO *b, char *buf, int size);
-- int BIO_write(BIO *b, const void *buf, int len);
-- int BIO_puts(BIO *b, const char *buf);
-+ int BIO_read(BIO *b, void *buf, int len);
-+ int BIO_gets(BIO *b, char *buf, int size);
-+ int BIO_write(BIO *b, const void *buf, int len);
-+ int BIO_puts(BIO *b, const char *buf);
-
- =head1 DESCRIPTION
-
-@@ -65,4 +65,13 @@ to the chain.
-
- L<BIO_should_retry(3)>
-
--TBA
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_s_accept.pod
-+++ b/doc/crypto/BIO_s_accept.pod
-@@ -23,10 +23,6 @@ BIO_get_bind_mode, BIO_do_accept - accep
- long BIO_set_bind_mode(BIO *b, long mode);
- long BIO_get_bind_mode(BIO *b);
-
-- #define BIO_BIND_NORMAL 0
-- #define BIO_BIND_REUSEADDR_IF_UNUSED 1
-- #define BIO_BIND_REUSEADDR 2
--
- int BIO_do_accept(BIO *b);
-
- =head1 DESCRIPTION
-@@ -75,19 +71,19 @@ BIO_set_nbio_accept() sets the accept so
-
- BIO_set_accept_bios() can be used to set a chain of BIOs which
- will be duplicated and prepended to the chain when an incoming
--connection is received. This is useful if, for example, a
-+connection is received. This is useful if, for example, a
- buffering or SSL BIO is required for each connection. The
- chain of BIOs must not be freed after this call, they will
- be automatically freed when the accept BIO is freed.
-
- BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
--the current bind mode. If BIO_BIND_NORMAL (the default) is set
-+the current bind mode. If B<BIO_BIND_NORMAL> (the default) is set
- then another socket cannot be bound to the same port. If
--BIO_BIND_REUSEADDR is set then other sockets can bind to the
--same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and
-+B<BIO_BIND_REUSEADDR> is set then other sockets can bind to the
-+same port. If B<BIO_BIND_REUSEADDR_IF_UNUSED> is set then and
- attempt is first made to use BIO_BIN_NORMAL, if this fails
- and the port is not in use then a second attempt is made
--using BIO_BIND_REUSEADDR.
-+using B<BIO_BIND_REUSEADDR>.
-
- BIO_do_accept() serves two functions. When it is first
- called, after the accept BIO has been setup, it will attempt
-@@ -161,33 +157,35 @@ down each and finally closes both down.
-
- BIO *abio, *cbio, *cbio2;
-
-- abio = BIO_new_accept("4444");
--
- /* First call to BIO_accept() sets up accept BIO */
-- if(BIO_do_accept(abio) <= 0) {
-- fprintf(stderr, "Error setting up accept\n");
-- ERR_print_errors_fp(stderr);
-- exit(0);
-+ abio = BIO_new_accept("4444");
-+ if (BIO_do_accept(abio) <= 0) {
-+ fprintf(stderr, "Error setting up accept\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
-
- /* Wait for incoming connection */
-- if(BIO_do_accept(abio) <= 0) {
-- fprintf(stderr, "Error accepting connection\n");
-- ERR_print_errors_fp(stderr);
-- exit(0);
-+ if (BIO_do_accept(abio) <= 0) {
-+ fprintf(stderr, "Error accepting connection\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
- fprintf(stderr, "Connection 1 established\n");
-+
- /* Retrieve BIO for connection */
- cbio = BIO_pop(abio);
- BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
- fprintf(stderr, "Sent out data on connection 1\n");
-+
- /* Wait for another connection */
-- if(BIO_do_accept(abio) <= 0) {
-- fprintf(stderr, "Error accepting connection\n");
-- ERR_print_errors_fp(stderr);
-- exit(0);
-+ if (BIO_do_accept(abio) <= 0) {
-+ fprintf(stderr, "Error accepting connection\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
- }
- fprintf(stderr, "Connection 2 established\n");
-+
- /* Close accept BIO to refuse further connections */
- cbio2 = BIO_pop(abio);
- BIO_free(abio);
-@@ -195,10 +193,18 @@ down each and finally closes both down.
- fprintf(stderr, "Sent out data on connection 2\n");
-
- BIO_puts(cbio, "Connection 1: Second connection established\n");
-+
- /* Close the two established connections */
- BIO_free(cbio);
- BIO_free(cbio2);
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_s_bio.pod
-+++ b/doc/crypto/BIO_s_bio.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
-+BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
- BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
- BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
- BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
-@@ -13,22 +13,20 @@ BIO_ctrl_get_read_request, BIO_ctrl_rese
-
- const BIO_METHOD *BIO_s_bio(void);
-
-- #define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
-- #define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-+ int BIO_make_bio_pair(BIO *b1, BIO *b2);
-+ int BIO_destroy_bio_pair(BIO *b);
-+ int BIO_shutdown_wr(BIO *b);
-
-- #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-
-- #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
-- #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-+ int BIO_set_write_buf_size(BIO *b, long size);
-+ size_t BIO_get_write_buf_size(BIO *b, long size);
-
- int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
-
-- #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
-+ int BIO_get_write_guarantee(BIO *b);
- size_t BIO_ctrl_get_write_guarantee(BIO *b);
--
-- #define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
-+ int BIO_get_read_request(BIO *b);
- size_t BIO_ctrl_get_read_request(BIO *b);
--
- int BIO_ctrl_reset_read_request(BIO *b);
-
- =head1 DESCRIPTION
-@@ -65,7 +63,7 @@ up any half of the pair will automatical
- BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
- writes on BIO B<b> are allowed (they will return an error). Reads on the other
- half of the pair will return any pending data or EOF when all pending data has
--been read.
-+been read.
-
- BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
- If the size is not initialized a default value is used. This is currently
-@@ -120,6 +118,14 @@ the application then waits for data to b
- before flushing the write buffer it will never succeed because the request was
- never sent!
-
-+BIO_eof() is true if no data is in the peer BIO and the peer BIO has been
-+shutdown.
-+
-+BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(),
-+BIO_set_write_buf_size(), BIO_get_write_buf_size(),
-+BIO_get_write_guarantee(), and BIO_get_read_request() are implemented
-+as macros.
-+
- =head1 RETURN VALUES
-
- BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
-@@ -156,7 +162,7 @@ without having to go through the SSL-int
- socket
-
- ...
-- SSL_free(ssl); /* implicitly frees internal_bio */
-+ SSL_free(ssl); /* implicitly frees internal_bio */
- BIO_free(network_bio);
- ...
-
-@@ -183,4 +189,13 @@ the peer might be waiting for the data b
- L<SSL_set_bio(3)>, L<ssl(3)>, L<bio(3)>,
- L<BIO_should_retry(3)>, L<BIO_read(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BIO_s_connect.pod
-+++ b/doc/crypto/BIO_s_connect.pod
-@@ -2,9 +2,10 @@
-
- =head1 NAME
-
-+BIO_set_conn_address, BIO_get_conn_address,
- BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port,
--BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
--BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
-+BIO_get_conn_hostname,
-+BIO_get_conn_port,
- BIO_set_nbio, BIO_do_connect - connect BIO
-
- =head1 SYNOPSIS
-@@ -81,7 +82,7 @@ This return value is an internal pointer
- BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
- zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
- is set. Blocking I/O is the default. The call to BIO_set_nbio()
--should be made before the connection is established because
-+should be made before the connection is established because
- non blocking I/O is set during the connect process.
-
- BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
-@@ -167,16 +168,17 @@ to retrieve a page and copy the result t
-
- cbio = BIO_new_connect("localhost:http");
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-- if(BIO_do_connect(cbio) <= 0) {
-- fprintf(stderr, "Error connecting to server\n");
-- ERR_print_errors_fp(stderr);
-- /* whatever ... */
-- }
-+ if (BIO_do_connect(cbio) <= 0) {
-+ fprintf(stderr, "Error connecting to server\n");
-+ ERR_print_errors_fp(stderr);
-+ exit(1);
-+ }
- BIO_puts(cbio, "GET / HTTP/1.0\n\n");
-- for(;;) {
-- len = BIO_read(cbio, tmpbuf, 1024);
-- if(len <= 0) break;
-- BIO_write(out, tmpbuf, len);
-+ for ( ; ; ) {
-+ len = BIO_read(cbio, tmpbuf, 1024);
-+ if (len <= 0)
-+ break;
-+ BIO_write(out, tmpbuf, len);
- }
- BIO_free(cbio);
- BIO_free(out);
-@@ -185,3 +187,14 @@ to retrieve a page and copy the result t
- =head1 SEE ALSO
-
- L<BIO_ADDR(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_s_fd.pod
-+++ b/doc/crypto/BIO_s_fd.pod
-@@ -8,10 +8,10 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_ne
-
- #include <openssl/bio.h>
-
-- const BIO_METHOD * BIO_s_fd(void);
-+ const BIO_METHOD *BIO_s_fd(void);
-
-- #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-- #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-+ int BIO_set_fd(BIO *b, int fd, int c);
-+ int BIO_get_fd(BIO *b, int *c);
-
- BIO *BIO_new_fd(int fd, int close_flag);
-
-@@ -27,26 +27,26 @@ If the close flag is set then close() is
- file descriptor when the BIO is freed.
-
- BIO_reset() attempts to change the file pointer to the start of file
--using lseek(fd, 0, 0).
-+such as by using B<lseek(fd, 0, 0)>.
-
- BIO_seek() sets the file pointer to position B<ofs> from start of file
--using lseek(fd, ofs, 0).
-+such as by using B<lseek(fd, ofs, 0)>.
-
--BIO_tell() returns the current file position by calling lseek(fd, 0, 1).
-+BIO_tell() returns the current file position such as by calling
-+B<lseek(fd, 0, 1)>.
-
- BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
- flag to B<c>.
-
- BIO_get_fd() places the file descriptor in B<c> if it is not NULL, it also
--returns the file descriptor. If B<c> is not NULL it should be of type
--(int *).
-+returns the file descriptor.
-
- BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
-
- =head1 NOTES
-
- The behaviour of BIO_read() and BIO_write() depends on the behavior of the
--platforms read() and write() calls on the descriptor. If the underlying
-+platforms read() and write() calls on the descriptor. If the underlying
- file descriptor is in a non blocking mode then the BIO will behave in the
- manner described in the L<BIO_read(3)> and L<BIO_should_retry(3)>
- manual pages.
-@@ -54,15 +54,12 @@ manual pages.
- File descriptor BIOs should not be used for socket I/O. Use socket BIOs
- instead.
-
-+BIO_set_fd() and BIO_get_fd() are implemented as macros.
-+
- =head1 RETURN VALUES
-
- BIO_s_fd() returns the file descriptor BIO method.
-
--BIO_reset() returns zero for success and -1 if an error occurred.
--BIO_seek() and BIO_tell() return the current file position or -1
--is an error occurred. These values reflect the underlying lseek()
--behaviour.
--
- BIO_set_fd() always returns 1.
-
- BIO_get_fd() returns the file descriptor or -1 if the BIO has not
-@@ -76,6 +73,7 @@ occurred.
- This is a file descriptor BIO version of "Hello World":
-
- BIO *out;
-+
- out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
- BIO_printf(out, "Hello World\n");
- BIO_free(out);
-@@ -87,3 +85,14 @@ L<BIO_reset(3)>, L<BIO_read(3)>,
- L<BIO_write(3)>, L<BIO_puts(3)>,
- L<BIO_gets(3)>, L<BIO_printf(3)>,
- L<BIO_set_close(3)>, L<BIO_get_close(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_s_file.pod
-+++ b/doc/crypto/BIO_s_file.pod
-@@ -10,12 +10,12 @@ BIO_rw_filename - FILE bio
-
- #include <openssl/bio.h>
-
-- const BIO_METHOD * BIO_s_file(void);
-+ const BIO_METHOD * BIO_s_file(void);
- BIO *BIO_new_file(const char *filename, const char *mode);
- BIO *BIO_new_fp(FILE *stream, int flags);
-
-- BIO_set_fp(BIO *b,FILE *fp, int flags);
-- BIO_get_fp(BIO *b,FILE **fpp);
-+ BIO_set_fp(BIO *b, FILE *fp, int flags);
-+ BIO_get_fp(BIO *b, FILE **fpp);
-
- int BIO_read_filename(BIO *b, char *name)
- int BIO_write_filename(BIO *b, char *name)
-@@ -92,15 +92,15 @@ lingual environment, encode file names i
-
- BIO *bio_out;
- bio_out = BIO_new(BIO_s_file());
-- if(bio_out == NULL) /* Error ... */
-- if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
-+ if (bio_out == NULL) /* Error ... */
-+ if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
- BIO_printf(bio_out, "Hello World\n");
-
- Write to a file:
-
- BIO *out;
- out = BIO_new_file("filename.txt", "w");
-- if(!out) /* Error occurred */
-+ if (!out) /* Error occurred */
- BIO_printf(out, "Hello World\n");
- BIO_free(out);
-
-@@ -108,8 +108,8 @@ lingual environment, encode file names i
-
- BIO *out;
- out = BIO_new(BIO_s_file());
-- if(out == NULL) /* Error ... */
-- if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
-+ if (out == NULL) /* Error ... */
-+ if (!BIO_write_filename(out, "filename.txt")) /* Error ... */
- BIO_printf(out, "Hello World\n");
- BIO_free(out);
-
-@@ -128,7 +128,7 @@ BIO_set_fp() and BIO_get_fp() return 1 f
-
- BIO_tell() returns the current file position.
-
--BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
-+BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
- BIO_rw_filename() return 1 for success or 0 for failure.
-
- =head1 BUGS
-@@ -146,3 +146,14 @@ L<BIO_read(3)>,
- L<BIO_write(3)>, L<BIO_puts(3)>,
- L<BIO_gets(3)>, L<BIO_printf(3)>,
- L<BIO_set_close(3)>, L<BIO_get_close(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_s_mem.pod
-+++ b/doc/crypto/BIO_s_mem.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+BIO_s_secmem,
- BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
- BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
-
-@@ -9,19 +10,19 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memor
-
- #include <openssl/bio.h>
-
-- const BIO_METHOD * BIO_s_mem(void);
-- const BIO_METHOD * BIO_s_secmem(void);
-+ const BIO_METHOD * BIO_s_mem(void);
-+ const BIO_METHOD * BIO_s_secmem(void);
-
-- BIO_set_mem_eof_return(BIO *b,int v)
-+ BIO_set_mem_eof_return(BIO *b, int v)
- long BIO_get_mem_data(BIO *b, char **pp)
-- BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c)
-- BIO_get_mem_ptr(BIO *b,BUF_MEM **pp)
-+ BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
-+ BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
-
- BIO *BIO_new_mem_buf(const void *buf, int len);
-
- =head1 DESCRIPTION
-
--BIO_s_mem() return the memory BIO method function.
-+BIO_s_mem() return the memory BIO method function.
-
- A memory BIO is a source/sink BIO which uses memory for its I/O. Data
- written to a memory BIO is stored in a BUF_MEM structure which is extended
-@@ -41,7 +42,7 @@ BUF_MEM structure is also freed.
-
- Calling BIO_reset() on a read write memory BIO clears any data in it if the
- flag BIO_FLAGS_NONCLEAR_RST is not set. On a read only BIO or if the flag
--BIO_FLAGS_NONCLEAR_RST is set it restores the BIO to its original state and
-+BIO_FLAGS_NONCLEAR_RST is set it restores the BIO to its original state and
- the data can be read again.
-
- BIO_eof() is true if no data is in the BIO.
-@@ -96,7 +97,7 @@ There should be an option to set the max
- Create a memory BIO and write some data to it:
-
- BIO *mem = BIO_new(BIO_s_mem());
-- BIO_puts(mem, "Hello World\n");
-+ BIO_puts(mem, "Hello World\n");
-
- Create a read only memory BIO:
-
-@@ -110,8 +111,14 @@ There should be an option to set the max
- BIO_get_mem_ptr(mem, &bptr);
- BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
- BIO_free(mem);
--
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_s_null.pod
-+++ b/doc/crypto/BIO_s_null.pod
-@@ -8,7 +8,7 @@ BIO_s_null - null data sink
-
- #include <openssl/bio.h>
-
-- const BIO_METHOD * BIO_s_null(void);
-+ const BIO_METHOD * BIO_s_null(void);
-
- =head1 DESCRIPTION
-
-@@ -32,6 +32,13 @@ by adding a null sink BIO to the end of
-
- BIO_s_null() returns the null sink BIO method.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/BIO_s_socket.pod
-+++ b/doc/crypto/BIO_s_socket.pod
-@@ -10,9 +10,6 @@ BIO_s_socket, BIO_new_socket - socket BI
-
- const BIO_METHOD *BIO_s_socket(void);
-
-- long BIO_set_fd(BIO *b, int fd, long close_flag);
-- long BIO_get_fd(BIO *b, int *c);
--
- BIO *BIO_new_socket(int sock, int close_flag);
-
- =head1 DESCRIPTION
-@@ -26,12 +23,6 @@ BIO_puts() is supported but BIO_gets() i
- If the close flag is set then the socket is shut down and closed
- when the BIO is freed.
-
--BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close
--flag to B<close_flag>.
--
--BIO_get_fd() places the socket in B<c> if it is not NULL, it also
--returns the socket. If B<c> is not NULL it should be of type (int *).
--
- BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
-
- =head1 NOTES
-@@ -44,20 +35,20 @@ platforms sockets are not file descripto
- Windows is one such platform. Any code mixing the two will not work on
- all platforms.
-
--BIO_set_fd() and BIO_get_fd() are macros.
--
- =head1 RETURN VALUES
-
- BIO_s_socket() returns the socket BIO method.
-
--BIO_set_fd() always returns 1.
--
--BIO_get_fd() returns the socket or -1 if the BIO has not been
--initialized.
--
- BIO_new_socket() returns the newly allocated BIO or NULL is an error
- occurred.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_set_callback.pod
-+++ b/doc/crypto/BIO_set_callback.pod
-@@ -9,16 +9,17 @@ BIO_debug_callback - BIO callback functi
-
- #include <openssl/bio.h>
-
-- #define BIO_set_callback(b,cb) ((b)->callback=(cb))
-- #define BIO_get_callback(b) ((b)->callback)
-- #define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg))
-- #define BIO_get_callback_arg(b) ((b)->cb_arg)
-
-- long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-- long argl,long ret);
-+ typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
-+ long argl, long ret);
-
-- typedef long (*callback)(BIO *b, int oper, const char *argp,
-- int argi, long argl, long retvalue);
-+ void BIO_set_callback(BIO *b, BIO_callack_fn cb);
-+ BIO_callack_fn BIO_get_callback(BIO *b);
-+ void BIO_set_callback_arg(BIO *b, char *arg);
-+ char *BIO_get_callback_arg(const BIO *b);
-+
-+ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
-+ long argl, long ret);
-
- =head1 DESCRIPTION
-
-@@ -32,34 +33,49 @@ used to set and retrieve an argument for
-
- BIO_debug_callback() is a standard debugging callback which prints
- out information relating to each BIO operation. If the callback
--argument is set if is interpreted as a BIO to send the information
-+argument is set it is interpreted as a BIO to send the information
- to, otherwise stderr is used.
-
--callback() is the callback function itself. The meaning of each
--argument is described below.
-+BIO_callback_fn() is the type of the callback function. The meaning of each
-+argument is described below:
-+
-+=over
-+
-+=item B<b>
-
- The BIO the callback is attached to is passed in B<b>.
-
-+=item B<oper>
-+
- B<oper> is set to the operation being performed. For some operations
- the callback is called twice, once before and once after the actual
- operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
-
-+=item B<argp> B<argi> B<argl>
-+
- The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
- the value of B<oper>, that is the operation being performed.
-
--B<retvalue> is the return value that would be returned to the
-+=item B<ret>
-+
-+B<ret> is the return value that would be returned to the
- application if no callback were present. The actual value returned
- is the return value of the callback itself. In the case of callbacks
--called before the actual BIO operation 1 is placed in retvalue, if
-+called before the actual BIO operation 1 is placed in B<ret>, if
- the return value is not positive it will be immediately returned to
- the application and the BIO operation will not be performed.
-
--The callback should normally simply return B<retvalue> when it has
--finished processing, unless if specifically wishes to modify the
-+=back
-+
-+The callback should normally simply return B<ret> when it has
-+finished processing, unless it specifically wishes to modify the
- value returned to the application.
-
- =head1 CALLBACK OPERATIONS
-
-+In the notes below, B<callback> defers to the actual callback
-+function that is called.
-+
- =over 4
-
- =item B<BIO_free(b)>
-@@ -93,8 +109,8 @@ after.
-
- =item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
-
--callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
--callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
-+callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) is called before the call and
-+callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) after.
-
- =back
-
-@@ -103,6 +119,13 @@ callback(b,BIO_CB_CTRL|BIO_CB_RETURN,par
- The BIO_debug_callback() function is a good example, its source is
- in crypto/bio/bio_cb.c
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
--TBA
-+=cut
---- a/doc/crypto/BIO_should_retry.pod
-+++ b/doc/crypto/BIO_should_retry.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--BIO_should_retry, BIO_should_read, BIO_should_write,
-+BIO_should_read, BIO_should_write,
- BIO_should_io_special, BIO_retry_type, BIO_should_retry,
- BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry
- functions
-@@ -11,17 +11,11 @@ functions
-
- #include <openssl/bio.h>
-
-- #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
-- #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
-- #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
-- #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
-- #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
--
-- #define BIO_FLAGS_READ 0x01
-- #define BIO_FLAGS_WRITE 0x02
-- #define BIO_FLAGS_IO_SPECIAL 0x04
-- #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
-- #define BIO_FLAGS_SHOULD_RETRY 0x08
-+ int BIO_should_read(BIO *b);
-+ int BIO_should_write(BIO *b);
-+ int BIO_should_io_special(iBIO *b);
-+ int BIO_retry_type(BIO *b);
-+ int BIO_should_retry(BIO *b);
-
- BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
- int BIO_get_retry_reason(BIO *bio);
-@@ -53,7 +47,7 @@ B<BIO_FLAGS_IO_SPECIAL> though current B
- these.
-
- BIO_get_retry_BIO() determines the precise reason for the special
--condition, it returns the BIO that caused this condition and if
-+condition, it returns the BIO that caused this condition and if
- B<reason> is not NULL it contains the reason code. The meaning of
- the reason code and the action that should be taken depends on
- the type of BIO that resulted in this condition.
-@@ -66,6 +60,9 @@ BIO. This would usually only be called b
-
- =head1 NOTES
-
-+BIO_should_read(), BIO_should_write(), BIO_should_io_special(),
-+BIO_retry_type(), and BIO_should_retry(), are implemented as macros.
-+
- If BIO_should_retry() returns false then the precise "error condition"
- depends on the BIO type that caused it and the return code of the BIO
- operation. For example if a call to BIO_read() on a socket BIO returns
-@@ -99,7 +96,7 @@ available and then retry the BIO operati
- conditions of several non blocking BIOs in a single select() call
- it is possible to service several BIOs in a single thread, though
- the performance may be poor if SSL BIOs are present because long delays
--can occur during the initial handshake process.
-+can occur during the initial handshake process.
-
- It is possible for a BIO to block indefinitely if the underlying I/O
- structure cannot process or return any data. This depends on the behaviour of
-@@ -123,4 +120,13 @@ L<bio>
- The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in
- OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_BLINDING_new.pod
-+++ b/doc/crypto/BN_BLINDING_new.pod
-@@ -2,26 +2,26 @@
-
- =head1 NAME
-
--BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
--BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
-+BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
-+BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
- BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread,
- BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags,
--BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions.
-+BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions
-
- =head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
-- BIGNUM *mod);
-+ BIGNUM *mod);
- void BN_BLINDING_free(BN_BLINDING *b);
-- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-+ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
-- BN_CTX *ctx);
-+ BN_CTX *ctx);
- int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
-- BN_CTX *ctx);
-+ BN_CTX *ctx);
- int BN_BLINDING_is_current_thread(BN_BLINDING *b);
- void BN_BLINDING_set_current_thread(BN_BLINDING *b);
- int BN_BLINDING_lock(BN_BLINDING *b);
-@@ -29,10 +29,10 @@ BN_BLINDING_set_flags, BN_BLINDING_creat
- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-- BN_MONT_CTX *m_ctx);
-+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-+ BN_MONT_CTX *m_ctx);
-
- =head1 DESCRIPTION
-
-@@ -102,7 +102,7 @@ succeeded or 0 on error.
- BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
- (a B<unsigned long> value).
-
--BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
-+BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
- parameters or NULL on error.
-
- =head1 SEE ALSO
-@@ -114,4 +114,13 @@ L<bn(3)>
- BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it
- deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_CTX_new.pod
-+++ b/doc/crypto/BN_CTX_new.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--BN_CTX_new, BN_CTX_secure_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
-+BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures
-
- =head1 SYNOPSIS
-
-@@ -64,4 +64,13 @@ L<BN_CTX_start(3)>
-
- BN_CTX_init() was removed in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_CTX_start.pod
-+++ b/doc/crypto/BN_CTX_start.pod
-@@ -45,4 +45,13 @@ can be obtained by L<ERR_get_error(3)>.
-
- L<BN_CTX_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_add.pod
-+++ b/doc/crypto/BN_add.pod
-@@ -115,4 +115,13 @@ The error codes can be obtained by L<ERR
- L<bn(3)>, L<ERR_get_error(3)>, L<BN_CTX_new(3)>,
- L<BN_add_word(3)>, L<BN_set_bit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_add_word.pod
-+++ b/doc/crypto/BN_add_word.pod
-@@ -49,4 +49,13 @@ B<(BN_ULONG)-1> if an error occurred.
-
- L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_bn2bin.pod
-+++ b/doc/crypto/BN_bn2bin.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+BN_bn2binpad,
- BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec,
- BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi,
- BN_mpi2bn - format conversions
-@@ -51,11 +52,12 @@ hexadecimal and decimal encoding of B<a>
- numbers, the string is prefaced with a leading '-'. The string must be
- freed later using OPENSSL_free().
-
--BN_hex2bn() converts the string B<str> containing a hexadecimal number
--to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
--B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
--length in hexadecimal digits. If the string starts with '-', the
--number is negative. BN_dec2bn() is the same using the decimal system.
-+BN_hex2bn() takes as many characters as possible from the string B<str>,
-+including the leading character '-' which means negative, to form a valid
-+hexadecimal number representation and converts them to a B<BIGNUM> and
-+stores it in **B<bn>. If *B<bn> is NULL, a new B<BIGNUM> is created. If
-+B<bn> is NULL, it only computes the length of valid representation.
-+BN_dec2bn() is the same using the decimal system.
-
- BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
- with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
-@@ -84,8 +86,9 @@ BN_bn2binpad() returns the number of byt
- buffer is too small.
-
- BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
--on error. BN_hex2bn() and BN_dec2bn() return the number's length in
--hexadecimal or decimal digits, and 0 on error.
-+on error. BN_hex2bn() and BN_dec2bn() return the the length of valid
-+representation in hexadecimal or decimal digits, and 0 on error, in which
-+case no new B<BIGNUM> will be created.
-
- BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
-
-@@ -100,4 +103,13 @@ L<bn(3)>, L<ERR_get_error(3)>, L<BN_zero
- L<ASN1_INTEGER_to_BN(3)>,
- L<BN_num_bytes(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_cmp.pod
-+++ b/doc/crypto/BN_cmp.pod
-@@ -39,4 +39,13 @@ the condition is true, 0 otherwise.
-
- L<bn(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_copy.pod
-+++ b/doc/crypto/BN_copy.pod
-@@ -57,4 +57,13 @@ by L<ERR_get_error(3)>.
-
- L<bn(3)>, L<ERR_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_generate_prime.pod
-+++ b/doc/crypto/BN_generate_prime.pod
-@@ -11,12 +11,12 @@ for primality
-
- #include <openssl/bn.h>
-
-- int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
-+ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
- const BIGNUM *rem, BN_GENCB *cb);
-
-- int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-+ int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-
-- int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
-+ int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
- int do_trial_division, BN_GENCB *cb);
-
- int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-@@ -39,7 +39,7 @@ for primality
- BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
- BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
-
-- int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
-+ int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
- void *), BN_CTX *ctx, void *cb_arg);
-
- int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-@@ -182,4 +182,13 @@ L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)
- BN_GENCB_new(), BN_GENCB_free(),
- and BN_GENCB_get_arg() were added in OpenSSL 1.1.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_mod_inverse.pod
-+++ b/doc/crypto/BN_mod_inverse.pod
-@@ -29,4 +29,13 @@ NULL on error. The error codes can be ob
-
- L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_mod_mul_montgomery.pod
-+++ b/doc/crypto/BN_mod_mul_montgomery.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
-+BN_mod_mul_montgomery, BN_MONT_CTX_new,
- BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
- BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
-
-@@ -69,26 +69,6 @@ The error codes can be obtained by L<ERR
- The inputs must be reduced modulo B<m>, otherwise the result will be
- outside the expected range.
-
--=head1 REMOVED FUNCTIONALITY
--
-- void BN_MONT_CTX_init(BN_MONT_CTX *c);
--
--BN_MONT_CTX_init() is no longer available as of OpenSSL 1.1.0. It was used to
--initialize an existing uninitialized B<BN_MONT_CTX>. Typically this would be
--done as follows:
--
-- BN_MONT_CTX ctx;
-- BN_MONT_CTX_init(&ctx);
--
--Instead applications should create a BN_MONT_CTX structure using
--BN_MONT_CTX_new:
--
-- BN_MONT_CTX *ctx;
-- ctx = BN_MONT_CTX_new();
-- if(!ctx) /* handle error */
-- ...
-- BN_MONT_CTX_free(ctx);
--
- =head1 SEE ALSO
-
- L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>,
-@@ -98,4 +78,13 @@ L<BN_CTX_new(3)>
-
- BN_MONT_CTX_init() was removed in OpenSSL 1.1.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_mod_mul_reciprocal.pod
-+++ b/doc/crypto/BN_mod_mul_reciprocal.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
-+BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new,
- BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
- reciprocal
-
-@@ -30,7 +30,6 @@ using B<recp>=1/B<m>, which is set as de
- previously allocated B<BN_CTX> used for temporary variables.
-
- BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
--BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
-
- BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
- was created by BN_RECP_CTX_new(), also the structure itself.
-@@ -51,31 +50,11 @@ The B<BN_RECP_CTX> structure cannot be s
- BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
- on error.
-
--BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
-+BN_RECP_CTX_free() has no return value.
-
- For the other functions, 1 is returned for success, 0 on error.
- The error codes can be obtained by L<ERR_get_error(3)>.
-
--=head1 REMOVED FUNCTIONALITY
--
-- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
--
--BN_RECP_CTX_init() is no longer available as of OpenSSL 1.1.0. It was used to
--initialize an existing uninitialized B<BN_RECP_CTX>. Typically this would be
--done as follows:
--
-- BN_RECP_CTX ctx;
-- BN_RECP_CTX_init(&ctx);
--
--Applications should replace use of BN_RECP_CTX_init with BN_RECP_CTX_new
--instead:
--
-- BN_RECP_CTX *ctx;
-- ctx = BN_RECP_CTX_new();
-- if(!ctx) /* Handle error */
-- ...
-- BN_RECP_CTX_free(ctx);
--
- =head1 SEE ALSO
-
- L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>,
-@@ -83,6 +62,15 @@ L<BN_CTX_new(3)>
-
- =head1 HISTORY
-
--BN_RECP_CTX_init was removed in OpenSSL 1.1.0
-+BN_RECP_CTX_init() was removed in OpenSSL 1.1.0
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/BN_new.pod
-+++ b/doc/crypto/BN_new.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--BN_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
-+BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
-
- =head1 SYNOPSIS
-
-@@ -10,6 +10,8 @@ BN_new, BN_clear, BN_free, BN_clear_free
-
- BIGNUM *BN_new(void);
-
-+ BIGNUM *BN_secure_new(void);
-+
- void BN_clear(BIGNUM *a);
-
- void BN_free(BIGNUM *a);
-@@ -19,6 +21,8 @@ BN_new, BN_clear, BN_free, BN_clear_free
- =head1 DESCRIPTION
-
- BN_new() allocates and initializes a B<BIGNUM> structure.
-+BN_secure_new() does the same except that the secure heap
-+OPENSSL_secure_malloc(3) is used to store the value.
-
- BN_clear() is used to destroy sensitive data such as keys when they
- are no longer needed. It erases the memory used by B<a> and sets it
-@@ -31,8 +35,9 @@ If B<a> is NULL, nothing is done.
-
- =head1 RETURN VALUES
-
--BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
--it returns B<NULL> and sets an error code that can be obtained
-+BN_new() and BN_secure_new()
-+return a pointer to the B<BIGNUM>. If the allocation fails,
-+they return B<NULL> and set an error code that can be obtained
- by L<ERR_get_error(3)>.
-
- BN_clear(), BN_free() and BN_clear_free() have no return values.
-@@ -45,4 +50,13 @@ L<bn(3)>, L<ERR_get_error(3)>
-
- BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_num_bytes.pod
-+++ b/doc/crypto/BN_num_bytes.pod
-@@ -49,4 +49,13 @@ more probability).
- L<bn(3)>, L<DH_size(3)>, L<DSA_size(3)>,
- L<RSA_size(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_rand.pod
-+++ b/doc/crypto/BN_rand.pod
-@@ -49,4 +49,13 @@ The error codes can be obtained by L<ERR
- L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>,
- L<RAND_add(3)>, L<RAND_bytes(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_set_bit.pod
-+++ b/doc/crypto/BN_set_bit.pod
-@@ -57,4 +57,13 @@ can be obtained by L<ERR_get_error(3)>.
-
- L<bn(3)>, L<BN_num_bytes(3)>, L<BN_add(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_swap.pod
-+++ b/doc/crypto/BN_swap.pod
-@@ -16,4 +16,13 @@ BN_swap() exchanges the values of I<a> a
-
- L<bn(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/BN_zero.pod
-+++ b/doc/crypto/BN_zero.pod
-@@ -42,7 +42,7 @@ be represented as an unsigned long.
- BN_one(), BN_set_word() and the deprecated version of BN_zero()
- return 1 on success, 0 otherwise.
- BN_value_one() returns the constant.
--The preferred version of BN_zer() never fails and returns no value.
-+The preferred version of BN_zero() never fails and returns no value.
-
- =head1 BUGS
-
-@@ -55,4 +55,13 @@ unsigned long but this value is also ret
-
- L<bn(3)>, L<BN_bn2bin(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/BUF_MEM_new.pod
-@@ -0,0 +1,77 @@
-+=pod
-+
-+=head1 NAME
-+
-+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow
-+BUF_MEM_grow_clean, BUF_reverse
-+- simple character array structure
-+
-+standard C library equivalents
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/buffer.h>
-+
-+ BUF_MEM *BUF_MEM_new(void);
-+
-+ BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
-+
-+ void BUF_MEM_free(BUF_MEM *a);
-+
-+ int BUF_MEM_grow(BUF_MEM *str, int len);
-+ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
-+
-+ void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
-+
-+=head1 DESCRIPTION
-+
-+The buffer library handles simple character arrays. Buffers are used for
-+various purposes in the library, most notably memory BIOs.
-+
-+BUF_MEM_new() allocates a new buffer of zero size.
-+
-+BUF_MEM_new_ex() allocates a buffer with the specified flags.
-+The flag B<BUF_MEM_FLAG_SECURE> specifies that the B<data> pointer
-+should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
-+
-+BUF_MEM_free() frees up an already existing buffer. The data is zeroed
-+before freeing up in case the buffer contains sensitive data.
-+
-+BUF_MEM_grow() changes the size of an already existing buffer to
-+B<len>. Any data already in the buffer is preserved if it increases in
-+size.
-+
-+BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd
-+or additionally-allocated memory to zero.
-+
-+BUF_reverse() reverses B<size> bytes at B<in> into B<out>. If B<out>
-+is NULL, the array is reversed in-place.
-+
-+=head1 RETURN VALUES
-+
-+BUF_MEM_new() returns the buffer or NULL on error.
-+
-+BUF_MEM_free() has no return value.
-+
-+BUF_MEM_grow() and BUF_MEM_grow_clean() return
-+zero on error or the new size (i.e., B<len>).
-+
-+=head1 SEE ALSO
-+
-+L<bio(3)>,
-+L<CRYPTO_secure_malloc(3)>.
-+
-+=head1 HISTORY
-+
-+BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/CMS_add0_cert.pod
-+++ b/doc/crypto/CMS_add0_cert.pod
-@@ -20,7 +20,7 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_c
- =head1 DESCRIPTION
-
- CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
--must be of type signed data or enveloped data.
-+must be of type signed data or enveloped data.
-
- CMS_get1_certs() returns all certificates in B<cms>.
-
-@@ -46,7 +46,7 @@ than once.
- =head1 RETURN VALUES
-
- CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
--1 for success and 0 for failure.
-+1 for success and 0 for failure.
-
- CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
- or NULL if there are none or an error occurs. The only error which will occur
-@@ -58,4 +58,13 @@ L<ERR_get_error(3)>,
- L<CMS_sign(3)>,
- L<CMS_encrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_add1_recipient_cert.pod
-+++ b/doc/crypto/CMS_add1_recipient_cert.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
-+CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
-
- =head1 SYNOPSIS
-
-@@ -54,4 +54,13 @@ occurs.
- L<ERR_get_error(3)>, L<CMS_decrypt(3)>,
- L<CMS_final(3)>,
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_add1_signer.pod
-+++ b/doc/crypto/CMS_add1_signer.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
-+CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure
-
- =head1 SYNOPSIS
-
-@@ -52,7 +52,7 @@ structure. An error occurs if a matchin
- The returned CMS_ContentInfo structure will be valid and finalized when this
- flag is set.
-
--If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the
-+If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the
- CMS_SignerInfo structure will not be finalized so additional attributes
- can be added. In this case an explicit call to CMS_SignerInfo_sign() is
- needed to finalize it.
-@@ -81,7 +81,7 @@ If any of these algorithms is not availa
- not loaded.
-
- CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
--structure just added, this can be used to set additional attributes
-+structure just added, this can be used to set additional attributes
- before it is finalized.
-
- =head1 RETURN VALUES
-@@ -94,4 +94,13 @@ structure just added or NULL if an error
- L<ERR_get_error(3)>, L<CMS_sign(3)>,
- L<CMS_final(3)>,
-
-+=head1 COPYRIGHT
-+
-+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_compress.pod
-+++ b/doc/crypto/CMS_compress.pod
-@@ -69,4 +69,13 @@ L<ERR_get_error(3)>, L<CMS_uncompress(3)
-
- The B<CMS_STREAM> flag was added in OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_decrypt.pod
-+++ b/doc/crypto/CMS_decrypt.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_decrypt - decrypt content from a CMS envelopedData structure
-+CMS_decrypt - decrypt content from a CMS envelopedData structure
-
- =head1 SYNOPSIS
-
-@@ -69,4 +69,13 @@ mentioned in CMS_verify() also applies t
-
- L<ERR_get_error(3)>, L<CMS_encrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_encrypt.pod
-+++ b/doc/crypto/CMS_encrypt.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_encrypt - create a CMS envelopedData structure
-+CMS_encrypt - create a CMS envelopedData structure
-
- =head1 SYNOPSIS
-
-@@ -26,7 +26,7 @@ EVP_des_ede3_cbc() (triple DES) is the a
- because most clients will support it.
-
- The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
--its parameters.
-+its parameters.
-
- Many browsers implement a "sign and encrypt" option which is simply an S/MIME
- envelopedData containing an S/MIME signed message. This can be readily produced
-@@ -92,4 +92,13 @@ L<ERR_get_error(3)>, L<CMS_decrypt(3)>
-
- The B<CMS_STREAM> flag was first supported in OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_final.pod
-+++ b/doc/crypto/CMS_final.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_final - finalise a CMS_ContentInfo structure
-+CMS_final - finalise a CMS_ContentInfo structure
-
- =head1 SYNOPSIS
-
-@@ -14,7 +14,7 @@
-
- CMS_final() finalises the structure B<cms>. It's purpose is to perform any
- operations necessary on B<cms> (digest computation for example) and set the
--appropriate fields. The parameter B<data> contains the content to be
-+appropriate fields. The parameter B<data> contains the content to be
- processed. The B<dcont> parameter contains a BIO to write content to after
- processing: this is only used with detached data and will usually be set to
- NULL.
-@@ -34,4 +34,13 @@ CMS_final() returns 1 for success or 0 f
- L<ERR_get_error(3)>, L<CMS_sign(3)>,
- L<CMS_encrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_get0_RecipientInfos.pod
-+++ b/doc/crypto/CMS_get0_RecipientInfos.pod
-@@ -2,7 +2,12 @@
-
- =head1 NAME
-
--CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines
-+CMS_get0_RecipientInfos, CMS_RecipientInfo_type,
-+CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp,
-+CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id,
-+CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key,
-+CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt
-+- CMS envelopedData RecipientInfo routines
-
- =head1 SYNOPSIS
-
-@@ -34,7 +39,7 @@ CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, o
- CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
- identifier associated with a specific CMS_RecipientInfo structure B<ri>, which
- must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
--B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
-+B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
-
- CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
- CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
-@@ -113,4 +118,13 @@ Any error can be obtained from L<ERR_get
-
- L<ERR_get_error(3)>, L<CMS_decrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_get0_SignerInfos.pod
-+++ b/doc/crypto/CMS_get0_SignerInfos.pod
-@@ -2,7 +2,10 @@
-
- =head1 NAME
-
--CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions.
-+CMS_SignerInfo_set1_signer_cert,
-+CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id,
-+CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp,
-+- CMS signedData signer functions
-
- =head1 SYNOPSIS
-
-@@ -25,7 +28,7 @@ associated with a specific CMS_SignerInf
- keyidentifier will be set in B<keyid> or B<both> issuer name and serial number
- in B<issuer> and B<sno>.
-
--CMS_SignerInfo_get0_signature() retrieves the signature associated with
-+CMS_SignerInfo_get0_signature() retrieves the signature associated with
- B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned
- corresponds to the internal signature value if B<si> so it may be read or
- modified.
-@@ -74,4 +77,13 @@ Any error can be obtained from L<ERR_get
-
- L<ERR_get_error(3)>, L<CMS_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_get0_type.pod
-+++ b/doc/crypto/CMS_get0_type.pod
-@@ -2,13 +2,13 @@
-
- =head1 NAME
-
-- CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
-+CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
-
- =head1 SYNOPSIS
-
- #include <openssl/cms.h>
-
-- const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-+ const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
- int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
- const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
- ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-@@ -69,4 +69,13 @@ error can be obtained from ERR_get_error
-
- L<ERR_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_get1_ReceiptRequest.pod
-+++ b/doc/crypto/CMS_get1_ReceiptRequest.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
-+CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions
-
- =head1 SYNOPSIS
-
-@@ -45,7 +45,7 @@ CMS_verify().
-
- =head1 RETURN VALUES
-
--CMS_ReceiptRequest_create0() returns a signed receipt request structure or
-+CMS_ReceiptRequest_create0() returns a signed receipt request structure or
- NULL if an error occurred.
-
- CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred.
-@@ -60,4 +60,13 @@ L<ERR_get_error(3)>, L<CMS_sign(3)>,
- L<CMS_sign_receipt(3)>, L<CMS_verify(3)>
- L<CMS_verify_receipt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_sign.pod
-+++ b/doc/crypto/CMS_sign.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_sign - create a CMS SignedData structure
-+CMS_sign - create a CMS SignedData structure
-
- =head1 SYNOPSIS
-
-@@ -96,7 +96,7 @@ B<certs>, B<signcert> and B<pkey> parame
- B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
- function CMS_sign_add1_signer(), non default digests can be used and custom
- attributes added. CMS_final() must then be called to finalize the
--structure if streaming is not enabled.
-+structure if streaming is not enabled.
-
- =head1 BUGS
-
-@@ -116,4 +116,13 @@ L<ERR_get_error(3)>, L<CMS_verify(3)>
- The B<CMS_STREAM> flag is only supported for detached data in OpenSSL 0.9.8,
- it is supported for embedded data in OpenSSL 1.0.0 and later.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_sign_receipt.pod
-+++ b/doc/crypto/CMS_sign_receipt.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_sign_receipt - create a CMS signed receipt
-+CMS_sign_receipt - create a CMS signed receipt
-
- =head1 SYNOPSIS
-
-@@ -38,4 +38,13 @@ L<ERR_get_error(3)>,
- L<CMS_verify_receipt(3)>,
- L<CMS_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_uncompress.pod
-+++ b/doc/crypto/CMS_uncompress.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_uncompress - uncompress a CMS CompressedData structure
-+CMS_uncompress - uncompress a CMS CompressedData structure
-
- =head1 SYNOPSIS
-
-@@ -47,4 +47,13 @@ mentioned in CMS_verify() also applies t
-
- L<ERR_get_error(3)>, L<CMS_compress(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_verify.pod
-+++ b/doc/crypto/CMS_verify.pod
-@@ -67,7 +67,7 @@ returned.
- If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
- verified.
-
--If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
-+If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
- verified.
-
- If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
-@@ -81,13 +81,13 @@ certificates supplied in B<certs> then t
- signer cannot be found.
-
- In some cases the standard techniques for looking up and validating
--certificates are not appropriate: for example an application may wish to
-+certificates are not appropriate: for example an application may wish to
- lookup certificates in a database or perform customised verification. This
--can be achieved by setting and verifying the signers certificates manually
-+can be achieved by setting and verifying the signers certificates manually
- using the signed data utility functions.
-
- Care should be taken when modifying the default verify behaviour, for example
--setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
-+setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
- and any modified content will be considered valid. This combination is however
- useful if one merely wishes to write the content to B<out> and its validity
- is not considered important.
-@@ -119,4 +119,13 @@ be held in memory if it is not detached.
-
- L<ERR_get_error(3)>, L<CMS_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CMS_verify_receipt.pod
-+++ b/doc/crypto/CMS_verify_receipt.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- CMS_verify_receipt - verify a CMS signed receipt
-+CMS_verify_receipt - verify a CMS signed receipt
-
- =head1 SYNOPSIS
-
-@@ -16,7 +16,7 @@ CMS_verify_receipt() verifies a CMS sign
- receipt to verify. B<ocms> is the original SignedData structure containing the
- receipt request. B<certs> is a set of certificates in which to search for the
- signing certificate. B<store> is a trusted certificate store (used for chain
--verification).
-+verification).
-
- B<flags> is an optional set of flags, which can be used to modify the verify
- operation.
-@@ -40,4 +40,13 @@ L<ERR_get_error(3)>,
- L<CMS_sign_receipt(3)>,
- L<CMS_verify(3)>,
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CONF_modules_free.pod
-+++ b/doc/crypto/CONF_modules_free.pod
-@@ -2,8 +2,8 @@
-
- =head1 NAME
-
-- CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
-- OpenSSL configuration cleanup functions
-+CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
-+OpenSSL configuration cleanup functions
-
- =head1 SYNOPSIS
-
-@@ -50,4 +50,13 @@ L<CONF_modules_load_file(3)>
-
- CONF_modules_free() was deprecated in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/CONF_modules_load_file.pod
-+++ b/doc/crypto/CONF_modules_load_file.pod
-@@ -2,16 +2,16 @@
-
- =head1 NAME
-
-- CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
-+CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
-
- =head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- int CONF_modules_load_file(const char *filename, const char *appname,
-- unsigned long flags);
-+ unsigned long flags);
- int CONF_modules_load(const CONF *cnf, const char *appname,
-- unsigned long flags);
-+ unsigned long flags);
-
- =head1 DESCRIPTION
-
-@@ -124,4 +124,13 @@ return value of the failing module (this
- L<conf(5)>, L<OPENSSL_config(3)>,
- L<CONF_free(3)>, L<err(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/CRYPTO_THREAD_run_once.pod
-@@ -0,0 +1,163 @@
-+=pod
-+
-+=head1 NAME
-+
-+CRYPTO_THREAD_run_once,
-+CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
-+CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/crypto.h>
-+
-+ CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
-+ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
-+
-+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
-+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
-+ int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
-+ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
-+ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
-+
-+ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
-+
-+=head1 DESCRIPTION
-+
-+OpenSSL can be safely used in multi-threaded applications provided that
-+support for the underlying OS threading API is built-in. Currently, OpenSSL
-+supports the pthread and Windows APIs. OpenSSL can also be built without
-+any multi-threading support, for example on platforms that don't provide
-+any threading support or that provide a threading API that is not yet
-+supported by OpenSSL.
-+
-+The following multi-threading function are provided:
-+
-+=over 4
-+
-+=item *
-+CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
-+The B<once> argument must be a pointer to a static object of type
-+B<CRYPTO_ONCE> that was statically initialized to the value
-+B<CRYPTO_ONCE_STATIC_INIT>.
-+The B<init> argument is a pointer to a function that performs the desired
-+exactly once initialization.
-+In particular, this can be used to allocate locks in a thread-safe manner,
-+which can then be used with the locking functions below.
-+
-+=item *
-+CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
-+lock.
-+
-+=item *
-+CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
-+
-+=item *
-+CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
-+
-+=item *
-+CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
-+
-+=item *
-+CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
-+
-+=item *
-+CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
-+result of the operation in B<ret>. B<lock> will be locked, unless atomic
-+operations are supported on the specific platform. Because of this, if a
-+variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must
-+be the only way that the variable is modified.
-+
-+=back
-+
-+=head1 RETURN VALUES
-+
-+CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.
-+
-+CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
-+
-+CRYPTO_THREAD_lock_frees() returns no value.
-+
-+The other functions return 1 on success or 0 on error.
-+
-+=head1 NOTES
-+
-+On Windows platforms the CRYPTO_THREAD_* types and functions in the
-+openssl/crypto.h header are dependent on some of the types customarily
-+made available by including windows.h. The application developer is
-+likely to require control over when the latter is included, commonly as
-+one of the first included headers. Therefore it is defined as an
-+application developer's responsibility to include windows.h prior to
-+crypto.h where use of CRYPTO_THREAD_* types and functions is required.
-+
-+=head1 EXAMPLE
-+
-+This example safely initializes and uses a lock.
-+
-+ #ifdef _WIN32
-+ # include <windows.h>
-+ #endif
-+ #include <openssl/crypto.h>
-+
-+ static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
-+ static CRYPTO_RWLOCK *lock;
-+
-+ static void myinit(void)
-+ {
-+ lock = CRYPTO_THREAD_lock_new();
-+ }
-+
-+ static int mylock(void)
-+ {
-+ if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
-+ return 0;
-+ return CRYPTO_THREAD_write_lock(lock);
-+ }
-+
-+ static int myunlock(void)
-+ {
-+ return CRYPTO_THREAD_unlock(lock);
-+ }
-+
-+ int serialized(void)
-+ {
-+ int ret = 0;
-+
-+ if (mylock()) {
-+ /* Your code here, do not return without releasing the lock! */
-+ ret = ... ;
-+ }
-+ myunlock();
-+ return ret;
-+ }
-+
-+Finalization of locks is an advanced topic, not covered in this example.
-+This can only be done at process exit or when a dynamically loaded library is
-+no longer in use and is unloaded.
-+The simplest solution is to just "leak" the lock in applications and not
-+repeatedly load/unload shared libraries that allocate locks.
-+
-+=head1 NOTES
-+
-+You can find out if OpenSSL was configured with thread support:
-+
-+ #include <openssl/opensslconf.h>
-+ #if defined(OPENSSL_THREADS)
-+ // thread support enabled
-+ #else
-+ // no thread support
-+ #endif
-+
-+=head1 SEE ALSO
-+
-+L<crypto(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/CRYPTO_get_ex_new_index.pod
-+++ b/doc/crypto/CRYPTO_get_ex_new_index.pod
-@@ -2,8 +2,9 @@
-
- =head1 NAME
-
-+CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup,
- CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data,
--CRYPTO_get_ex_data, CRYPTO_free_ex_data
-+CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data
- - functions supporting application-specific data
-
- =head1 SYNOPSIS
-@@ -12,17 +13,19 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
-
- int CRYPTO_get_ex_new_index(int class_index,
- long argl, void *argp,
-- CRYPTO_EX_new *new_func,
-- CRYPTO_EX_dup *dup_func,
-- CRYPTO_EX_free *free_func);
-+ CRYPTO_EX_new *new_func,
-+ CRYPTO_EX_dup *dup_func,
-+ CRYPTO_EX_free *free_func);
-
- typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-- typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-+ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
- void *from_d, int idx, long argl, void *argp);
-
-+ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-+
- int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
-
- void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
-@@ -59,6 +62,10 @@ The API described here is used by OpenSS
- structures. Since the application data can be anything at all it is passed
- and retrieved as a B<void *> type.
-
-+The B<CRYPTO_EX_DATA> type is opaque. To initialize the exdata part of
-+a structure, call CRYPTO_new_ex_data(). This is only necessary for
-+B<CRYPTO_EX_INDEX_APP> objects.
-+
- Exdata types are identified by an B<index>, an integer guaranteed to be
- unique within structures for the lifetime of the program. Applications
- using exdata typically call B<CRYPTO_get_ex_new_index> at startup, and
-@@ -142,4 +149,13 @@ note that NULL may be a valid value.
-
- dup_func() should return 0 for failure and 1 for success.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/DEFINE_STACK_OF.pod
-@@ -0,0 +1,233 @@
-+=pod
-+
-+=head1 NAME
-+
-+DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF,
-+DEFINE_SPECIAL_STACK_OF_CONST,
-+OPENSSL_sk_deep_copy, OPENSSL_sk_delete, OPENSSL_sk_delete_ptr,
-+OPENSSL_sk_dup, OPENSSL_sk_find, OPENSSL_sk_find_ex, OPENSSL_sk_free,
-+OPENSSL_sk_insert, OPENSSL_sk_is_sorted, OPENSSL_sk_new, OPENSSL_sk_new_null,
-+OPENSSL_sk_num, OPENSSL_sk_pop, OPENSSL_sk_pop_free, OPENSSL_sk_push,
-+OPENSSL_sk_set, OPENSSL_sk_set_cmp_func, OPENSSL_sk_shift, OPENSSL_sk_sort,
-+OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero,
-+sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_free,
-+sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push,
-+sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free,
-+sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort,
-+sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func -
-+stack container
-+
-+=for comment generic
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/safestack.h>
-+
-+ STACK_OF(TYPE)
-+ DEFINE_STACK_OF(TYPE)
-+ DEFINE_STACK_OF_CONST(TYPE)
-+ DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
-+ DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
-+
-+ typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
-+ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
-+ typedef void (*sk_TYPE_freefunc)(TYPE *a);
-+
-+ int sk_TYPE_num(const STACK_OF(TYPE) *sk);
-+ TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
-+ STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
-+ STACK_OF(TYPE) *sk_TYPE_new_null(void);
-+ void sk_TYPE_free(const STACK_OF(TYPE) *sk);
-+ void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
-+ TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
-+ TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ int sk_TYPE_push(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ int sk_TYPE_unshift(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
-+ TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
-+ void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
-+ int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
-+ TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, TYPE *ptr);
-+ int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
-+ void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
-+ int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
-+ STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
-+ STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
-+ sk_TYPE_copyfunc copyfunc,
-+ sk_TYPE_freefunc freefunc);
-+ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, sk_TYPE_compfunc compare);
-+
-+=head1 DESCRIPTION
-+
-+Applications can create and use their own stacks by placing any of the macros
-+described below in a header file. These macros define typesafe inline
-+functions that wrap around the utility B<OPENSSL_sk_> API.
-+In the description here, I<TYPE> is used
-+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
-+
-+STACK_OF() returns the name for a stack of the specified B<TYPE>.
-+DEFINE_STACK_OF() creates set of functions for a stack of B<TYPE>. This
-+will mean that type B<TYPE> is stored in each stack, the type is referenced by
-+STACK_OF(TYPE) and each function name begins with I<sk_TYPE_>. For example:
-+
-+ TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
-+
-+DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except
-+each element is constant. For example:
-+
-+ const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
-+
-+DEFINE_SPECIAL_STACK_OF() defines a stack of B<TYPE> but
-+each function uses B<FUNCNAME> in the function name. For example:
-+
-+ TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
-+
-+DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is
-+constant:
-+
-+ const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
-+
-+sk_TYPE_num() returns the number of elements in B<sk> or -1 if B<sk> is
-+B<NULL>.
-+
-+sk_TYPE_value() returns element B<idx> in B<sk>, where B<idx> starts at
-+zero. If B<idx> is out of range then B<NULL> is returned.
-+
-+sk_TYPE_new() allocates a new empty stack using comparison function B<compar>.
-+If B<compar> is B<NULL> then no comparison function is used.
-+
-+sk_TYPE_new_null() allocates a new empty stack with no comparison function.
-+
-+sk_TYPE_set_cmp_func() sets the comparison function of B<sk> to B<compar>.
-+The previous comparison function is returned or B<NULL> if there was
-+no previous comparison function.
-+
-+sk_TYPE_free() frees up the B<sk> structure. It does B<not> free up any
-+elements of B<sk>. After this call B<sk> is no longer valid.
-+
-+sk_TYPE_zero() sets the number of elements in B<sk> to zero. It does not free
-+B<sk> so after this call B<sk> is still valid.
-+
-+sk_TYPE_pop_free() frees up all elements of B<sk> and B<sk> itself. The
-+free function freefunc() is called on each element to free it.
-+
-+sk_TYPE_delete() deletes element B<i> from B<sk>. It returns the deleted
-+element or B<NULL> if B<i> is out of range.
-+
-+sk_TYPE_delete_ptr() deletes element matching B<ptr> from B<sk>. It returns
-+the deleted element or B<NULL> if no element matching B<ptr> was found.
-+
-+sk_TYPE_insert() inserts B<ptr> into B<sk> at position B<idx>. Any existing
-+elements at or after B<idx> are moved downwards. If B<idx> is out of range
-+the new element is appended to B<sk>. sk_TYPE_insert() either returns the
-+number of elements in B<sk> after the new element is inserted or zero if
-+an error (such as memory allocation failure) occurred.
-+
-+sk_TYPE_push() appends B<ptr> to B<sk> it is equivalent to:
-+
-+ sk_TYPE_insert(sk, ptr, -1);
-+
-+sk_TYPE_unshift() inserts B<ptr> at the start of B<sk> it is equivalent to:
-+
-+ sk_TYPE_insert(sk, ptr, 0);
-+
-+sk_TYPE_pop() returns and removes the last element from B<sk>.
-+
-+sk_TYPE_shift() returns and removes the first element from B<sk>.
-+
-+sk_TYPE_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
-+element. The new element value is returned or B<NULL> if an error occurred:
-+this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
-+
-+sk_TYPE_find() and sk_TYPE_find_ex() search B<sk> using the supplied
-+comparison function for an element matching B<ptr>. sk_TYPE_find() returns
-+the index of the first matching element or B<-1> if there is no match.
-+sk_TYPE_find_ex() returns a matching element or the nearest element that
-+does not match B<ptr>. Note: if a comparison function is set then B<sk> is
-+sorted before the search which may change its order. If no comparison
-+function is set then a linear search is made for a pointer matching B<ptr>
-+and the stack is not reordered.
-+
-+sk_TYPE_sort() sorts B<sk> using the supplied comparison function.
-+
-+sk_TYPE_is_sorted() returns B<1> if B<sk> is sorted and B<0> otherwise.
-+
-+sk_TYPE_dup() returns a copy of B<sk>. Note the pointers in the copy
-+are identical to the original.
-+
-+sk_TYPE_deep_copy() returns a new stack where each element has been copied.
-+Copying is performed by the supplied copyfunc() and freeing by freefunc(). The
-+function freefunc() is only called if an error occurs.
-+
-+=head1 NOTES
-+
-+Care should be taken when accessing stacks in multi-threaded environments.
-+Any operation which increases the size of a stack such as sk_TYPE_insert() or
-+sk_push() can "grow" the size of an internal array and cause race conditions
-+if the same stack is accessed in a different thread. Operations such as
-+sk_find() and sk_sort() can also reorder the stack.
-+
-+Any comparison function supplied should use a metric suitable
-+for use in a binary search operation. That is it should return zero, a
-+positive or negative value if B<a> is equal to, greater than
-+or less than B<b> respectively.
-+
-+Care should be taken when checking the return values of the functions
-+sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the
-+matching element. In particular B<0> indicates a matching first element.
-+A failed search is indicated by a B<-1> return value.
-+
-+STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and
-+DEFINE_SPECIAL_STACK_OF() are implemented as macros.
-+
-+=head1 RETURN VALUES
-+
-+sk_TYPE_num() returns the number of elements in the stack or B<-1> if the
-+passed stack is B<NULL>.
-+
-+sk_TYPE_value() returns a pointer to a stack element or B<NULL> if the
-+index is out of range.
-+
-+sk_TYPE_new() and sk_TYPE_new_null() return an empty stack or B<NULL> if
-+an error occurs.
-+
-+sk_TYPE_set_cmp_func() returns the old comparison function or B<NULL> if
-+there was no old comparison function.
-+
-+sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and sk_TYPE_sort() do
-+not return values.
-+
-+sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr()
-+return a pointer to the deleted element or B<NULL> on error.
-+
-+sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total
-+number of elements in the stack and 0 if an error occurred.
-+
-+sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on
-+error.
-+
-+sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found element
-+or B<-1> on error.
-+
-+sk_TYPE_is_sorted() returns B<1> if the stack is sorted and B<0> if it is
-+not.
-+
-+sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy of the
-+stack.
-+
-+=head1 HISTORY
-+
-+Before OpenSSL 1.1.0, this was implemented via macros and not inline functions
-+and was not a public API.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/DES_random_key.pod
-@@ -0,0 +1,310 @@
-+=pod
-+
-+=head1 NAME
-+
-+DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
-+DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
-+DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
-+DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
-+DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
-+DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
-+DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
-+DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
-+DES_fcrypt, DES_crypt - DES encryption
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/des.h>
-+
-+ void DES_random_key(DES_cblock *ret);
-+
-+ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
-+ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
-+ int DES_set_key_checked(const_DES_cblock *key,
-+ DES_key_schedule *schedule);
-+ void DES_set_key_unchecked(const_DES_cblock *key,
-+ DES_key_schedule *schedule);
-+
-+ void DES_set_odd_parity(DES_cblock *key);
-+ int DES_is_weak_key(const_DES_cblock *key);
-+
-+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-+ DES_key_schedule *ks, int enc);
-+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
-+ DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
-+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-+ DES_key_schedule *ks1, DES_key_schedule *ks2,
-+ DES_key_schedule *ks3, int enc);
-+
-+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ int enc);
-+ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
-+ int numbits, long length, DES_key_schedule *schedule,
-+ DES_cblock *ivec, int enc);
-+ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
-+ int numbits, long length, DES_key_schedule *schedule,
-+ DES_cblock *ivec);
-+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ int enc);
-+ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ int *num, int enc);
-+ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ int *num);
-+
-+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
-+ const_DES_cblock *inw, const_DES_cblock *outw, int enc);
-+
-+ void DES_ede2_cbc_encrypt(const unsigned char *input,
-+ unsigned char *output, long length, DES_key_schedule *ks1,
-+ DES_key_schedule *ks2, DES_cblock *ivec, int enc);
-+ void DES_ede2_cfb64_encrypt(const unsigned char *in,
-+ unsigned char *out, long length, DES_key_schedule *ks1,
-+ DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
-+ void DES_ede2_ofb64_encrypt(const unsigned char *in,
-+ unsigned char *out, long length, DES_key_schedule *ks1,
-+ DES_key_schedule *ks2, DES_cblock *ivec, int *num);
-+
-+ void DES_ede3_cbc_encrypt(const unsigned char *input,
-+ unsigned char *output, long length, DES_key_schedule *ks1,
-+ DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
-+ int enc);
-+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-+ DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
-+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-+ long length, DES_key_schedule *ks1,
-+ DES_key_schedule *ks2, DES_key_schedule *ks3,
-+ DES_cblock *ivec, int *num);
-+
-+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
-+ long length, DES_key_schedule *schedule,
-+ const_DES_cblock *ivec);
-+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-+ long length, int out_count, DES_cblock *seed);
-+ void DES_string_to_key(const char *str, DES_cblock *key);
-+ void DES_string_to_2keys(const char *str, DES_cblock *key1,
-+ DES_cblock *key2);
-+
-+ char *DES_fcrypt(const char *buf, const char *salt, char *ret);
-+ char *DES_crypt(const char *buf, const char *salt);
-+
-+=head1 DESCRIPTION
-+
-+This library contains a fast implementation of the DES encryption
-+algorithm.
-+
-+There are two phases to the use of DES encryption. The first is the
-+generation of a I<DES_key_schedule> from a key, the second is the
-+actual encryption. A DES key is of type I<DES_cblock>. This type is
-+consists of 8 bytes with odd parity. The least significant bit in
-+each byte is the parity bit. The key schedule is an expanded form of
-+the key; it is used to speed the encryption process.
-+
-+DES_random_key() generates a random key. The PRNG must be seeded
-+prior to using this function (see L<rand(3)>). If the PRNG
-+could not generate a secure key, 0 is returned.
-+
-+Before a DES key can be used, it must be converted into the
-+architecture dependent I<DES_key_schedule> via the
-+DES_set_key_checked() or DES_set_key_unchecked() function.
-+
-+DES_set_key_checked() will check that the key passed is of odd parity
-+and is not a week or semi-weak key. If the parity is wrong, then -1
-+is returned. If the key is a weak key, then -2 is returned. If an
-+error is returned, the key schedule is not generated.
-+
-+DES_set_key() works like
-+DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
-+otherwise like DES_set_key_unchecked(). These functions are available
-+for compatibility; it is recommended to use a function that does not
-+depend on a global variable.
-+
-+DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-+
-+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
-+is ok.
-+
-+The following routines mostly operate on an input and output stream of
-+I<DES_cblock>s.
-+
-+DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
-+decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
-+(ECB) mode. It always transforms the input data, pointed to by
-+I<input>, into the output data, pointed to by the I<output> argument.
-+If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
-+(cleartext) is encrypted in to the I<output> (ciphertext) using the
-+key_schedule specified by the I<schedule> argument, previously set via
-+I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
-+ciphertext) is decrypted into the I<output> (now cleartext). Input
-+and output may overlap. DES_ecb_encrypt() does not return a value.
-+
-+DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
-+three-key Triple-DES encryption in ECB mode. This involves encrypting
-+the input with I<ks1>, decrypting with the key schedule I<ks2>, and
-+then encrypting with I<ks3>. This routine greatly reduces the chances
-+of brute force breaking of DES and has the advantage of if I<ks1>,
-+I<ks2> and I<ks3> are the same, it is equivalent to just encryption
-+using ECB mode and I<ks1> as the key.
-+
-+The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
-+encryption by using I<ks1> for the final encryption.
-+
-+DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
-+(CBC) mode of DES. If the I<encrypt> argument is non-zero, the
-+routine cipher-block-chain encrypts the cleartext data pointed to by
-+the I<input> argument into the ciphertext pointed to by the I<output>
-+argument, using the key schedule provided by the I<schedule> argument,
-+and initialization vector provided by the I<ivec> argument. If the
-+I<length> argument is not an integral multiple of eight bytes, the
-+last block is copied to a temporary area and zero filled. The output
-+is always an integral multiple of eight bytes.
-+
-+DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and
-+I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
-+(unlike the iv) and are as such, part of the key. So the key is sort
-+of 24 bytes. This is much better than CBC DES.
-+
-+DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
-+three keys. This means that each DES operation inside the CBC mode is
-+an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
-+
-+The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
-+reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
-+This form of Triple-DES is used by the RSAREF library.
-+
-+DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
-+chaining mode used by Kerberos v4. Its parameters are the same as
-+DES_ncbc_encrypt().
-+
-+DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
-+method takes an array of characters as input and outputs and array of
-+characters. It does not require any padding to 8 character groups.
-+Note: the I<ivec> variable is changed and the new changed value needs to
-+be passed to the next call to this function. Since this function runs
-+a complete DES ECB encryption per I<numbits>, this function is only
-+suggested for use when sending small numbers of characters.
-+
-+DES_cfb64_encrypt()
-+implements CFB mode of DES with 64bit feedback. Why is this
-+useful you ask? Because this routine will allow you to encrypt an
-+arbitrary number of bytes, no 8 byte padding. Each call to this
-+routine will encrypt the input bytes to output and then update ivec
-+and num. num contains 'how far' we are though ivec. If this does
-+not make much sense, read more about cfb mode of DES :-).
-+
-+DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
-+DES_cfb64_encrypt() except that Triple-DES is used.
-+
-+DES_ofb_encrypt() encrypts using output feedback mode. This method
-+takes an array of characters as input and outputs and array of
-+characters. It does not require any padding to 8 character groups.
-+Note: the I<ivec> variable is changed and the new changed value needs to
-+be passed to the next call to this function. Since this function runs
-+a complete DES ECB encryption per numbits, this function is only
-+suggested for use when sending small numbers of characters.
-+
-+DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
-+Feed Back mode.
-+
-+DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
-+DES_ofb64_encrypt(), using Triple-DES.
-+
-+The following functions are included in the DES library for
-+compatibility with the MIT Kerberos library.
-+
-+DES_cbc_cksum() produces an 8 byte checksum based on the input stream
-+(via CBC encryption). The last 4 bytes of the checksum are returned
-+and the complete 8 bytes are placed in I<output>. This function is
-+used by Kerberos v4. Other applications should use
-+L<EVP_DigestInit(3)> etc. instead.
-+
-+DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
-+checksum from the input bytes. The algorithm can be iterated over the
-+input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is
-+non-NULL, the 8 bytes generated by each pass are written into
-+I<output>.
-+
-+The following are DES-based transformations:
-+
-+DES_fcrypt() is a fast version of the Unix crypt(3) function. This
-+version takes only a small amount of space relative to other fast
-+crypt() implementations. This is different to the normal crypt in
-+that the third parameter is the buffer that the return value is
-+written into. It needs to be at least 14 bytes long. This function
-+is thread safe, unlike the normal crypt.
-+
-+DES_crypt() is a faster replacement for the normal system crypt().
-+This function calls DES_fcrypt() with a static array passed as the
-+third parameter. This mostly emulates the normal non-thread-safe semantics
-+of crypt(3).
-+The B<salt> must be two ASCII characters.
-+
-+DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
-+buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
-+using I<sched> for the key and I<iv> as a starting vector. The actual
-+data send down I<fd> consists of 4 bytes (in network byte order)
-+containing the length of the following encrypted data. The encrypted
-+data then follows, padded with random data out to a multiple of 8
-+bytes.
-+
-+=head1 BUGS
-+
-+DES_3cbc_encrypt() is flawed and must not be used in applications.
-+
-+DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
-+instead.
-+
-+DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
-+What this means is that if you set numbits to 12, and length to 2, the
-+first 12 bits will come from the 1st input byte and the low half of
-+the second input byte. The second 12 bits will have the low 8 bits
-+taken from the 3rd input byte and the top 4 bits taken from the 4th
-+input byte. The same holds for output. This function has been
-+implemented this way because most people will be using a multiple of 8
-+and because once you get into pulling bytes input bytes apart things
-+get ugly!
-+
-+DES_string_to_key() is available for backward compatibility with the
-+MIT library. New applications should use a cryptographic hash function.
-+The same applies for DES_string_to_2key().
-+
-+=head1 NOTES
-+
-+The B<des> library was written to be source code compatible with
-+the MIT Kerberos library.
-+
-+Applications should use the higher level functions
-+L<EVP_EncryptInit(3)> etc. instead of calling these
-+functions directly.
-+
-+Single-key DES is insecure due to its short key size. ECB mode is
-+not suitable for most applications; see L<des_modes(7)>.
-+
-+=head1 HISTORY
-+
-+The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt()
-+be two ASCII characters was first enforced in
-+OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B<A>
-+if both character were not present, and could crash when given non-ASCII
-+on some platforms.
-+
-+=head1 SEE ALSO
-+
-+L<des_modes(7)>,
-+L<EVP_EncryptInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/DH_generate_key.pod
-+++ b/doc/crypto/DH_generate_key.pod
-@@ -42,4 +42,13 @@ The error codes can be obtained by L<ERR
-
- L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>, L<DH_size(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DH_generate_parameters.pod
-+++ b/doc/crypto/DH_generate_parameters.pod
-@@ -2,7 +2,6 @@
-
- =head1 NAME
-
--
- DH_generate_parameters_ex, DH_generate_parameters,
- DH_check - generate and check Diffie-Hellman parameters
-
-@@ -10,7 +9,7 @@ DH_check - generate and check Diffie-Hel
-
- #include <openssl/dh.h>
-
-- int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-+ int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
-
- int DH_check(DH *dh, int *codes);
-
-@@ -29,7 +28,7 @@ structure. The pseudo-random number gene
- seeded prior to calling DH_generate_parameters().
-
- B<prime_len> is the length in bits of the safe prime to be generated.
--B<generator> is a small number E<gt> 1, typically 2 or 5.
-+B<generator> is a small number E<gt> 1, typically 2 or 5.
-
- A callback function may be used to provide feedback about the progress
- of the key generation. If B<cb> is not B<NULL>, it will be
-@@ -38,12 +37,41 @@ number is generated, and when a prime ha
- is called. See L<BN_generate_prime(3)> for information on
- the BN_GENCB_call() function.
-
--DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
--a safe prime, and that B<g> is a suitable generator. In the case of an
--error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
--DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
--DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
--checked, i.e. it does not equal 2 or 5.
-+DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
-+value of B<*codes> is updated with any problems found. If B<*codes> is zero then
-+no problems were found, otherwise the following bits may be set:
-+
-+=over 4
-+
-+=item DH_CHECK_P_NOT_PRIME
-+
-+The parameter B<p> is not prime.
-+
-+=item DH_CHECK_P_NOT_SAFE_PRIME
-+
-+The parameter B<p> is not a safe prime and no B<q> value is present.
-+
-+=item DH_UNABLE_TO_CHECK_GENERATOR
-+
-+The generator B<g> cannot be checked for suitability.
-+
-+=item DH_NOT_SUITABLE_GENERATOR
-+
-+The generator B<g> is not suitable.
-+
-+=item DH_CHECK_Q_NOT_PRIME
-+
-+The parameter B<q> is not prime.
-+
-+=item DH_CHECK_INVALID_Q_VALUE
-+
-+The parameter B<q> is invalid.
-+
-+=item DH_CHECK_INVALID_J_VALUE
-+
-+The parameter B<j> is invalid.
-+
-+=back
-
- =head1 RETURN VALUES
-
-@@ -63,14 +91,18 @@ hours before finding a suitable prime.
- The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters()
- are not to be used in signature schemes.
-
--=head1 BUGS
--
--If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
--a usable generator.
--
- =head1 SEE ALSO
-
- L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>,
- L<DH_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DH_get0_pqg.pod
-+++ b/doc/crypto/DH_get0_pqg.pod
-@@ -10,9 +10,11 @@ DH_set_length - Routines for getting and
-
- #include <openssl/dh.h>
-
-- void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g);
-+ void DH_get0_pqg(const DH *dh,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
- int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-- void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key);
-+ void DH_get0_key(const DH *dh,
-+ const BIGNUM **pub_key, const BIGNUM **priv_key);
- int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
- void DH_clear_flags(DH *dh, int flags);
- int DH_test_flags(const DH *dh, int flags);
-@@ -47,7 +49,9 @@ be. The values point to the internal rep
- private key values. This memory should not be freed directly.
-
- The public and private key values can be set using DH_set0_key(). The public
--key must always be non-NULL. The private key may be NULL. As for DH_set0_pqg()
-+key must be non-NULL the first time this function is called on a given DH
-+object. The private key may be NULL. On subsequent calls, either may be NULL,
-+which means the corresponding DH field is left untouched. As for DH_set0_pqg()
- this function transfers the memory management of the key values to the DH
- object, and therefore they should not be freed directly after this function has
- been called.
-@@ -68,6 +72,13 @@ length parameter associated with this DH
- it is used, otherwise it is ignored. The B<length> parameter indicates the
- length of the secret exponent (private key) in bits.
-
-+=head1 NOTES
-+
-+Values retrieved with DH_get0_key() are owned by the DH object used
-+in the call and may therefore I<not> be passed to DH_set0_key(). If
-+needed, duplicate the received value using BN_dup() and pass the
-+duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg().
-+
- =head1 RETURN VALUES
-
- DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.
-@@ -89,4 +100,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/DH_get_1024_160.pod
-@@ -0,0 +1,74 @@
-+=pod
-+
-+=head1 NAME
-+
-+DH_get_1024_160,
-+DH_get_2048_224,
-+DH_get_2048_256,
-+BN_get0_nist_prime_192,
-+BN_get0_nist_prime_224,
-+BN_get0_nist_prime_256,
-+BN_get0_nist_prime_384,
-+BN_get0_nist_prime_521,
-+BN_get_rfc2409_prime_768,
-+BN_get_rfc2409_prime_1024,
-+BN_get_rfc3526_prime_1536,
-+BN_get_rfc3526_prime_2048,
-+BN_get_rfc3526_prime_3072,
-+BN_get_rfc3526_prime_4096,
-+BN_get_rfc3526_prime_6144,
-+BN_get_rfc3526_prime_8192
-+- Create standardized public primes or DH pairs
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/dh.h>
-+ DH *DH_get_1024_160(void)
-+ DH *DH_get_2048_224(void)
-+ DH *DH_get_2048_256(void)
-+
-+ const BIGNUM *BN_get0_nist_prime_192(void)
-+ const BIGNUM *BN_get0_nist_prime_224(void)
-+ const BIGNUM *BN_get0_nist_prime_256(void)
-+ const BIGNUM *BN_get0_nist_prime_384(void)
-+ const BIGNUM *BN_get0_nist_prime_521(void)
-+
-+ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
-+ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
-+
-+=head1 DESCRIPTION
-+
-+DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return
-+a DH object for the IETF RFC 5114 value.
-+
-+BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(),
-+BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return
-+a BIGNUM for the specific NIST prime curve (e.g., P-256).
-+
-+BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(),
-+BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(),
-+BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(),
-+BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions
-+return a BIGNUM for the specified size from IETF RFC 2409. If B<bn>
-+is not NULL, the BIGNUM will be set into that location as well.
-+
-+=head1 RETURN VALUES
-+
-+Defined above.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/DH_meth_new.pod
-+++ b/doc/crypto/DH_meth_new.pod
-@@ -49,8 +49,7 @@ DH_meth_set_generate_params - Routines t
-
- The B<DH_METHOD> type is a structure used for the provision of custom DH
- implementations. It provides a set of of functions used by OpenSSL for the
--implementation of the various DH capabilities. See the L<dh(3)> page for more
--information.
-+implementation of the various DH capabilities.
-
- DH_meth_new() creates a new B<DH_METHOD> structure. It should be given a
- unique B<name> and a set of B<flags>. The B<name> should be a NULL terminated
-@@ -145,4 +144,13 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DH_new.pod
-+++ b/doc/crypto/DH_new.pod
-@@ -34,4 +34,13 @@ L<dh(3)>, L<ERR_get_error(3)>,
- L<DH_generate_parameters(3)>,
- L<DH_generate_key(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DH_set_method.pod
-+++ b/doc/crypto/DH_set_method.pod
-@@ -8,7 +8,6 @@ DH_set_method, DH_new_method, DH_OpenSSL
- =head1 SYNOPSIS
-
- #include <openssl/dh.h>
-- #include <openssl/engine.h>
-
- void DH_set_default_method(const DH_METHOD *meth);
-
-@@ -74,4 +73,13 @@ returns a pointer to the newly allocated
-
- L<dh(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DH_size.pod
-+++ b/doc/crypto/DH_size.pod
-@@ -35,4 +35,13 @@ L<BN_num_bits(3)>
-
- DH_bits() was added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_SIG_new.pod
-+++ b/doc/crypto/DSA_SIG_new.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+DSA_SIG_get0, DSA_SIG_set0,
- DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
-
- =head1 SYNOPSIS
-@@ -10,7 +11,8 @@ DSA_SIG_new, DSA_SIG_free - allocate and
-
- DSA_SIG *DSA_SIG_new(void);
- void DSA_SIG_free(DSA_SIG *a);
-- void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig);
-+ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
- =head1 DESCRIPTION
-
-@@ -19,8 +21,14 @@ DSA_SIG_new() allocates and initializes
- DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
- values are erased before the memory is returned to the system.
-
--DSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
--in B<sig>. The values can then be examined or initialised.
-+DSA_SIG_get0() returns internal pointers to the B<r> and B<s> values contained
-+in B<sig>.
-+
-+The B<r> and B<s> values can be set by calling DSA_SIG_set0() and passing the
-+new values for B<r> and B<s> as parameters to the function. Calling this
-+function transfers the memory management of the values to the DSA_SIG object,
-+and therefore the values that have been passed in should not be freed directly
-+after this function has been called.
-
- =head1 RETURN VALUES
-
-@@ -31,9 +39,20 @@ to the newly allocated structure.
-
- DSA_SIG_free() returns no value.
-
-+DSA_SIG_set0() returns 1 on success or 0 on failure.
-+
- =head1 SEE ALSO
-
- L<dsa(3)>, L<ERR_get_error(3)>,
- L<DSA_do_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_do_sign.pod
-+++ b/doc/crypto/DSA_do_sign.pod
-@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA sig
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-- DSA_SIG *sig, DSA *dsa);
-+ DSA_SIG *sig, DSA *dsa);
-
- =head1 DESCRIPTION
-
-@@ -40,4 +40,13 @@ L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3
- L<DSA_SIG_new(3)>,
- L<DSA_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_dup_DH.pod
-+++ b/doc/crypto/DSA_dup_DH.pod
-@@ -29,4 +29,13 @@ Be careful to avoid small subgroup attac
-
- L<dh(3)>, L<dsa(3)>, L<ERR_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_generate_key.pod
-+++ b/doc/crypto/DSA_generate_key.pod
-@@ -27,4 +27,13 @@ The error codes can be obtained by L<ERR
- L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
- L<DSA_generate_parameters(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_generate_parameters.pod
-+++ b/doc/crypto/DSA_generate_parameters.pod
-@@ -9,15 +9,15 @@ DSA_generate_parameters_ex, DSA_generate
- #include <openssl/dsa.h>
-
- int DSA_generate_parameters_ex(DSA *dsa, int bits,
-- const unsigned char *seed,int seed_len,
-- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-+ const unsigned char *seed, int seed_len,
-+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
- Deprecated:
-
- #if OPENSSL_API_COMPAT < 0x00908000L
- DSA *DSA_generate_parameters(int bits, unsigned char *seed,
- int seed_len, int *counter_ret, unsigned long *h_ret,
-- void (*callback)(int, int, void *), void *cb_arg);
-+ void (*callback)(int, int, void *), void *cb_arg);
- #endif
-
- =head1 DESCRIPTION
-@@ -110,4 +110,13 @@ Seed lengths E<gt> 20 are not supported.
- L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
- L<DSA_free(3)>, L<BN_generate_prime(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_get0_pqg.pod
-+++ b/doc/crypto/DSA_get0_pqg.pod
-@@ -10,9 +10,11 @@ setting data in a DSA object
-
- #include <openssl/dsa.h>
-
-- void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
-+ void DSA_get0_pqg(const DSA *d,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
- int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-- void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key);
-+ void DSA_get0_key(const DSA *d,
-+ const BIGNUM **pub_key, const BIGNUM **priv_key);
- int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
- void DSA_clear_flags(DSA *d, int flags);
- int DSA_test_flags(const DSA *d, int flags);
-@@ -44,7 +46,9 @@ be. The values point to the internal rep
- private key values. This memory should not be freed directly.
-
- The public and private key values can be set using DSA_set0_key(). The public
--key must always be non-NULL. The private key may be NULL. As for DSA_set0_pqg()
-+key must be non-NULL the first time this function is called on a given DSA
-+object. The private key may be NULL. On subsequent calls, either may be NULL,
-+which means the corresponding DSA field is left untouched. As for DSA_set0_pqg()
- this function transfers the memory management of the key values to the DSA
- object, and therefore they should not be freed directly after this function has
- been called.
-@@ -60,6 +64,13 @@ within the DSA object.
- DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA
- object, or NULL if no such ENGINE has been set.
-
-+=head1 NOTES
-+
-+Values retrieved with DSA_get0_key() are owned by the DSA object used
-+in the call and may therefore I<not> be passed to DSA_set0_key(). If
-+needed, duplicate the received value using BN_dup() and pass the
-+duplicate. The same applies to DSA_get0_pqg() and DSA_set0_pqg().
-+
- =head1 RETURN VALUES
-
- DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.
-@@ -79,4 +90,13 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_me
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_meth_new.pod
-+++ b/doc/crypto/DSA_meth_new.pod
-@@ -174,11 +174,20 @@ DSA_meth_set1_name() and all DSA_meth_se
- =head1 SEE ALSO
-
- L<dsa(3)>, L<DSA_new(3)>, L<DSA_generate_parameters(3)>, L<DSA_generate_key(3)>,
--L<DSA_dup_DH(3)>, L<DSA_do_sign(3)>, L<DSA_set_method(3)>, L<DSA_SIG_new3)>,
-+L<DSA_dup_DH(3)>, L<DSA_do_sign(3)>, L<DSA_set_method(3)>, L<DSA_SIG_new(3)>,
- L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
-
- =head1 HISTORY
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_new.pod
-+++ b/doc/crypto/DSA_new.pod
-@@ -36,4 +36,13 @@ L<dsa(3)>, L<ERR_get_error(3)>,
- L<DSA_generate_parameters(3)>,
- L<DSA_generate_key(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_set_method.pod
-+++ b/doc/crypto/DSA_set_method.pod
-@@ -8,7 +8,6 @@ DSA_set_method, DSA_new_method, DSA_Open
- =head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-- #include <openssl/engine.h>
-
- void DSA_set_default_method(const DSA_METHOD *meth);
-
-@@ -37,7 +36,7 @@ been set as a default for DSA, so this f
-
- DSA_get_default_method() returns a pointer to the current default
- DSA_METHOD. However, the meaningfulness of this result is dependent on
--whether the ENGINE API is being used, so this function is no longer
-+whether the ENGINE API is being used, so this function is no longer
- recommended.
-
- DSA_set_method() selects B<meth> to perform all operations using the key
-@@ -74,4 +73,13 @@ fails. Otherwise it returns a pointer to
-
- L<dsa(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_sign.pod
-+++ b/doc/crypto/DSA_sign.pod
-@@ -8,14 +8,14 @@ DSA_sign, DSA_sign_setup, DSA_verify - D
-
- #include <openssl/dsa.h>
-
-- int DSA_sign(int type, const unsigned char *dgst, int len,
-- unsigned char *sigret, unsigned int *siglen, DSA *dsa);
-+ int DSA_sign(int type, const unsigned char *dgst, int len,
-+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
-
-- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
- BIGNUM **rp);
-
-- int DSA_verify(int type, const unsigned char *dgst, int len,
-- unsigned char *sigbuf, int siglen, DSA *dsa);
-+ int DSA_verify(int type, const unsigned char *dgst, int len,
-+ unsigned char *sigbuf, int siglen, DSA *dsa);
-
- =head1 DESCRIPTION
-
-@@ -58,4 +58,13 @@ Standard, DSS), ANSI X9.30
- L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
- L<DSA_do_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/DSA_size.pod
-+++ b/doc/crypto/DSA_size.pod
-@@ -2,28 +2,43 @@
-
- =head1 NAME
-
--DSA_size - get DSA signature size
-+DSA_size, DSA_bits - get DSA signature size or key bits
-
- =head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int DSA_size(const DSA *dsa);
-+ int DSA_bits(const DSA *dsa);
-
- =head1 DESCRIPTION
-
--This function returns the size of an ASN.1 encoded DSA signature in
--bytes. It can be used to determine how much memory must be allocated
--for a DSA signature.
-+DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
-+for key B<dsa> in bytes. It can be used to determine how much memory must
-+be allocated for a DSA signature.
-
- B<dsa-E<gt>q> must not be B<NULL>.
-
-+DSA_bits() returns the number of bits in key B<dsa>: this is the number
-+of bits in the B<p> parameter.
-+
- =head1 RETURN VALUE
-
--The size in bytes.
-+DSA_size() returns the size in bytes.
-+
-+DSA_bits() returns the number of bits in the key.
-
- =head1 SEE ALSO
-
- L<dsa(3)>, L<DSA_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/ECDSA_SIG_new.pod
-@@ -0,0 +1,207 @@
-+=pod
-+
-+=head1 NAME
-+
-+ECDSA_SIG_get0, ECDSA_SIG_set0,
-+ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size,
-+ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup,
-+ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature
-+algorithm (ECDSA) functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ecdsa.h>
-+
-+ ECDSA_SIG *ECDSA_SIG_new(void);
-+ void ECDSA_SIG_free(ECDSA_SIG *sig);
-+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-+ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-+ int ECDSA_size(const EC_KEY *eckey);
-+
-+ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
-+ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-+ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
-+ EC_KEY *eckey);
-+
-+ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
-+ const unsigned char *sig, int siglen, EC_KEY *eckey);
-+ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-+ const ECDSA_SIG *sig, EC_KEY* eckey);
-+
-+ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
-+ const BIGNUM *kinv, const BIGNUM *rp,
-+ EC_KEY *eckey);
-+ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
-+ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
-+ unsigned char *sig, unsigned int *siglen,
-+ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-+
-+=head1 DESCRIPTION
-+
-+Note: these functions provide a low level interface to ECDSA. Most
-+applications should use the higher level B<EVP> interface such as
-+L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead.
-+
-+B<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the
-+B<r> and B<s> value of an ECDSA signature (see X9.62 or FIPS 186-2).
-+
-+ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
-+function also allocates the BIGNUMs) and initializes it.
-+
-+ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
-+
-+ECDSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
-+in B<sig>.
-+
-+The B<r> and B<s> values can be set by calling ECDSA_SIG_set0() and passing the
-+new values for B<r> and B<s> as parameters to the function. Calling this
-+function transfers the memory management of the values to the ECDSA_SIG object,
-+and therefore the values that have been passed in should not be freed directly
-+after this function has been called.
-+
-+i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B<sig> and
-+writes the encoded signature to B<*pp> (note: if B<pp> is NULL i2d_ECDSA_SIG()
-+returns the expected length in bytes of the DER encoded signature).
-+i2d_ECDSA_SIG() returns the length of the DER encoded signature (or 0 on
-+error).
-+
-+d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns the decoded
-+signature in a newly allocated B<ECDSA_SIG> structure. B<*sig> points to the
-+buffer containing the DER encoded signature of size B<len>.
-+
-+ECDSA_size() returns the maximum length of a DER encoded ECDSA signature
-+created with the private EC key B<eckey>.
-+
-+ECDSA_sign() computes a digital signature of the B<dgstlen> bytes hash value
-+B<dgst> using the private EC key B<eckey>. The DER encoded signatures is
-+stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig> must
-+point to ECDSA_size(eckey) bytes of memory. The parameter B<type> is currently
-+ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with B<kinv>
-+and B<rp> set to NULL.
-+
-+ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned
-+as a newly allocated B<ECDSA_SIG> structure (or NULL on error). ECDSA_do_sign()
-+is a wrapper function for ECDSA_do_sign_ex() with B<kinv> and B<rp> set to
-+NULL.
-+
-+ECDSA_verify() verifies that the signature in B<sig> of size B<siglen> is a
-+valid ECDSA signature of the hash value B<dgst> of size B<dgstlen> using the
-+public key B<eckey>. The parameter B<type> is ignored.
-+
-+ECDSA_do_verify() is similar to ECDSA_verify() except the signature is
-+presented in the form of a pointer to an B<ECDSA_SIG> structure.
-+
-+The remaining functions utilise the internal B<kinv> and B<r> values used
-+during signature computation. Most applications will never need to call these
-+and some external ECDSA ENGINE implementations may not support them at all if
-+either B<kinv> or B<r> is not B<NULL>.
-+
-+ECDSA_sign_setup() may be used to precompute parts of the signing operation.
-+B<eckey> is the private EC key and B<ctx> is a pointer to B<BN_CTX> structure
-+(or NULL). The precomputed values or returned in B<kinv> and B<rp> and can be
-+used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
-+
-+ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes hash value
-+B<dgst> using the private EC key B<eckey> and the optional pre-computed values
-+B<kinv> and B<rp>. The DER encoded signatures is stored in B<sig> and it's
-+length is returned in B<sig_len>. Note: B<sig> must point to ECDSA_size(eckey)
-+bytes of memory. The parameter B<type> is ignored.
-+
-+ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is
-+returned as a newly allocated B<ECDSA_SIG> structure (or NULL on error).
-+
-+=head1 RETURN VALUES
-+
-+ECDSA_SIG_set0() returns 1 on success or 0 on failure.
-+
-+ECDSA_size() returns the maximum length signature or 0 on error.
-+
-+ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful
-+or 0 on error.
-+
-+ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated
-+B<ECDSA_SIG> structure or NULL on error.
-+
-+ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
-+signature, 0 for an invalid signature and -1 on error.
-+The error codes can be obtained by L<ERR_get_error(3)>.
-+
-+=head1 EXAMPLES
-+
-+Creating an ECDSA signature of a given SHA-256 hash value using the
-+named curve prime256v1 (aka P-256).
-+
-+First step: create an EC_KEY object (note: this part is B<not> ECDSA
-+specific)
-+
-+ int ret;
-+ ECDSA_SIG *sig;
-+ EC_KEY *eckey;
-+ eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-+ if (eckey == NULL) {
-+ /* error */
-+ }
-+ if (EC_KEY_generate_key(eckey) == 0) {
-+ /* error */
-+ }
-+
-+Second step: compute the ECDSA signature of a SHA-256 hash value
-+using ECDSA_do_sign():
-+
-+ sig = ECDSA_do_sign(digest, 32, eckey);
-+ if (sig == NULL) {
-+ /* error */
-+ }
-+
-+or using ECDSA_sign():
-+
-+ unsigned char *buffer, *pp;
-+ int buf_len;
-+ buf_len = ECDSA_size(eckey);
-+ buffer = OPENSSL_malloc(buf_len);
-+ pp = buffer;
-+ if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
-+ /* error */
-+ }
-+
-+Third step: verify the created ECDSA signature using ECDSA_do_verify():
-+
-+ ret = ECDSA_do_verify(digest, 32, sig, eckey);
-+
-+or using ECDSA_verify():
-+
-+ ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
-+
-+and finally evaluate the return value:
-+
-+ if (ret == 1) {
-+ /* signature ok */
-+ } else if (ret == 0) {
-+ /* incorrect signature */
-+ } else {
-+ /* error */
-+ }
-+
-+=head1 CONFORMING TO
-+
-+ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
-+(Digital Signature Standard, DSS)
-+
-+=head1 SEE ALSO
-+
-+L<dsa(3)>,
-+L<EVP_DigestSignInit(3)>,
-+L<EVP_DigestVerifyInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/ECPKParameters_print.pod
-@@ -0,0 +1,44 @@
-+=pod
-+
-+=head1 NAME
-+
-+ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and
-+encoding ASN1 representations of elliptic curve entities
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ec.h>
-+
-+ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-+ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-+
-+=head1 DESCRIPTION
-+
-+The ECPKParameters represent the public parameters for an
-+B<EC_GROUP> structure, which represents a curve.
-+
-+The ECPKParameters_print() and ECPKParameters_print_fp() functions print
-+a human-readable output of the public parameters of the EC_GROUP to B<bp>
-+or B<fp>. The output lines are indented by B<off> spaces.
-+
-+=head1 RETURN VALUES
-+
-+ECPKParameters_print() and ECPKParameters_print_fp()
-+return 1 for success and 0 if an error occurs.
-+
-+=head1 SEE ALSO
-+
-+L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
-+L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
-+L<EC_GFp_simple_method(3)>,
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/EC_GFp_simple_method.pod
-+++ b/doc/crypto/EC_GFp_simple_method.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining B<EC_METHOD> objects.
-+EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects
-
- =head1 SYNOPSIS
-
-@@ -57,4 +57,13 @@ L<EC_POINT_new(3)>, L<EC_POINT_add(3)>,
- L<d2i_ECPKParameters(3)>,
- L<BN_mod_mul_montgomery(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EC_GROUP_copy.pod
-+++ b/doc/crypto/EC_GROUP_copy.pod
-@@ -2,12 +2,21 @@
-
- =head1 NAME
-
--EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating B<EC_GROUP> objects.
-+EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor,
-+EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator,
-+EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor,
-+EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag,
-+EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form,
-+EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed,
-+EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree,
-+EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp,
-+EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis,
-+EC_GROUP_get_pentanomial_basis
-+- Functions for manipulating EC_GROUP objects
-
- =head1 SYNOPSIS
-
- #include <openssl/ec.h>
-- #include <openssl/bn.h>
-
- int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
- EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
-@@ -19,7 +28,7 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_me
-
- int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
- const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
-- const BIGNUM *EC_GROUP_order_bits(const EC_GROUP *group);
-+ int EC_GROUP_order_bits(const EC_GROUP *group);
- int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
- const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
-
-@@ -46,8 +55,8 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_me
-
- int EC_GROUP_get_basis_type(const EC_GROUP *);
- int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-- int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
-- unsigned int *k2, unsigned int *k3);
-+ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
-+ unsigned int *k2, unsigned int *k3);
-
- =head1 DESCRIPTION
-
-@@ -86,26 +95,25 @@ applications would have to explicitly se
- 1.1.0 and later the named curve form is the default.
-
- The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA).
--point_conversion_form_t is an enum defined as follows:
-+point_conversion_form_t is an enum defined as follows:
-
- typedef enum {
-- /** the point is encoded as z||x, where the octet z specifies
-- * which solution of the quadratic equation y is */
-- POINT_CONVERSION_COMPRESSED = 2,
-- /** the point is encoded as z||x||y, where z is the octet 0x02 */
-- POINT_CONVERSION_UNCOMPRESSED = 4,
-- /** the point is encoded as z||x||y, where the octet z specifies
-+ /** the point is encoded as z||x, where the octet z specifies
-+ * which solution of the quadratic equation y is */
-+ POINT_CONVERSION_COMPRESSED = 2,
-+ /** the point is encoded as z||x||y, where z is the octet 0x04 */
-+ POINT_CONVERSION_UNCOMPRESSED = 4,
-+ /** the point is encoded as z||x||y, where the octet z specifies
- * which solution of the quadratic equation y is */
-- POINT_CONVERSION_HYBRID = 6
-+ POINT_CONVERSION_HYBRID = 6
- } point_conversion_form_t;
-
--
- For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
- the octets for x, followed by the octets for y.
-
- For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For
- POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of
--the two possible solutions for y has been used, followed by the octets for x.
-+the two possible solutions for y has been used, followed by the octets for x.
-
- For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two
- possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
-@@ -186,4 +194,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3
- L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
- L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EC_GROUP_new.pod
-+++ b/doc/crypto/EC_GROUP_new.pod
-@@ -2,18 +2,18 @@
-
- =head1 NAME
-
-+EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters,
- EC_GROUP_new, EC_GROUP_new_from_ecparameters,
- EC_GROUP_new_from_ecpkparameters,
- EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp,
- EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp,
- EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m,
--EC_get_builtin_curves - Functions for creating and destroying B<EC_GROUP>
--objects.
-+EC_get_builtin_curves - Functions for creating and destroying EC_GROUP
-+objects
-
- =head1 SYNOPSIS
-
- #include <openssl/ec.h>
-- #include <openssl/bn.h>
-
- EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
- EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
-@@ -78,10 +78,10 @@ provided. The return value is the total
- not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available.
- The EC_builtin_curve structure is defined as follows:
-
-- typedef struct {
-- int nid;
-- const char *comment;
-- } EC_builtin_curve;
-+ typedef struct {
-+ int nid;
-+ const char *comment;
-+ } EC_builtin_curve;
-
- Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
-
-@@ -108,4 +108,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_copy(
- L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
- L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/EC_KEY_get_enc_flags.pod
-@@ -0,0 +1,59 @@
-+=pod
-+
-+=head1 NAME
-+
-+EC_KEY_get_enc_flags, EC_KEY_set_enc_flags
-+- Get and set flags for encoding EC_KEY structures
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ec.h>
-+
-+ unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
-+ void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-+
-+=head1 DESCRIPTION
-+
-+The format of the external representation of the public key written by
-+i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is
-+described by the point_conversion_form. See L<EC_GROUP_copy(3)>
-+for a description of point_conversion_form.
-+
-+When reading a private key encoded without an associated public key (e.g. if
-+EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates
-+the missing public key automatically. Private keys encoded without parameters
-+(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using
-+d2i_ECPrivateKey().
-+
-+The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the
-+value of the encoding flags for the B<key>. There are two encoding flags
-+currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags
-+define the behaviour of how the B<key> is converted into ASN1 in a call to
-+i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for
-+the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is
-+set then the public key is not encoded along with the private key.
-+
-+=head1 RETURN VALUES
-+
-+EC_KEY_get_enc_flags() returns the value of the current encoding flags for the
-+EC_KEY.
-+
-+=head1 SEE ALSO
-+
-+L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
-+L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
-+L<EC_POINT_add(3)>,
-+L<EC_GFp_simple_method(3)>,
-+L<d2i_ECPKParameters(3)>,
-+L<d2i_ECPrivateKey(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/EC_KEY_new.pod
-+++ b/doc/crypto/EC_KEY_new.pod
-@@ -2,21 +2,21 @@
-
- =head1 NAME
-
-+EC_KEY_get_method, EC_KEY_set_method,
- EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
- EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref,
- EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
- EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
--EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
-+EC_KEY_get_conv_form,
- EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult,
- EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates,
- EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct,
- EC_KEY_priv2buf - Functions for creating, destroying and manipulating
--EC_KEY objects.
-+EC_KEY objects
-
- =head1 SYNOPSIS
-
- #include <openssl/ec.h>
-- #include <openssl/bn.h>
-
- EC_KEY *EC_KEY_new(void);
- int EC_KEY_get_flags(const EC_KEY *key);
-@@ -49,7 +49,7 @@ EC_KEY objects.
- size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
- unsigned char **pbuf, BN_CTX *ctx);
-
-- int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len);
-+ int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
- size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
-
- size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
-@@ -171,4 +171,13 @@ L<EC_POINT_add(3)>,
- L<EC_GFp_simple_method(3)>,
- L<d2i_ECPKParameters(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EC_POINT_add.pod
-+++ b/doc/crypto/EC_POINT_add.pod
-@@ -2,12 +2,11 @@
-
- =head1 NAME
-
--EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on B<EC_POINT> objects.
-+EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects
-
- =head1 SYNOPSIS
-
- #include <openssl/ec.h>
-- #include <openssl/bn.h>
-
- int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
- int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
-@@ -69,4 +68,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3
- L<EC_POINT_new(3)>, L<EC_KEY_new(3)>,
- L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EC_POINT_new.pod
-+++ b/doc/crypto/EC_POINT_new.pod
-@@ -2,20 +2,22 @@
-
- =head1 NAME
-
--EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup,
--EC_POINT_method_of, EC_POINT_set_to_infinity,
--EC_POINT_set_Jprojective_coordinates, EC_POINT_get_Jprojective_coordinates_GFp,
--EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
--EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m,
--EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m,
--EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point,
--EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and
--manipulating B<EC_POINT> objects.
-+EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf,
-+EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
-+EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of,
-+EC_POINT_set_to_infinity,
-+EC_POINT_get_Jprojective_coordinates_GFp,
-+EC_POINT_set_affine_coordinates_GFp,
-+EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp,
-+EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m,
-+EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct,
-+EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex,
-+EC_POINT_hex2point
-+- Functions for creating, destroying and manipulating EC_POINT objects
-
- =head1 SYNOPSIS
-
- #include <openssl/ec.h>
-- #include <openssl/bn.h>
-
- EC_POINT *EC_POINT_new(const EC_GROUP *group);
- void EC_POINT_free(EC_POINT *point);
-@@ -106,7 +108,7 @@ this co-ordinate system provides more ef
- operations. A mapping exists between Jacobian projective co-ordinates and
- affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written
- as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
--projective to affine co-ordinates is simple. The co-ordinate (x, y) is mapped
-+projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped
- to (x, y, 1). To set or get the projective co-ordinates use
- EC_POINT_set_Jprojective_coordinates_GFp() and
- EC_POINT_get_Jprojective_coordinates_GFp() respectively.
-@@ -182,4 +184,13 @@ L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3
- L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
- L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/ENGINE_add.pod
-@@ -0,0 +1,611 @@
-+=pod
-+
-+=head1 NAME
-+
-+ENGINE_get_DH, ENGINE_get_DSA, ENGINE_get_ECDH, ENGINE_get_ECDSA,
-+ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH,
-+ENGINE_get_default_DSA, ENGINE_get_default_ECDH,
-+ENGINE_get_default_ECDSA, ENGINE_get_default_RAND,
-+ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first,
-+ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new,
-+ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests,
-+ENGINE_get_destroy_function, ENGINE_get_finish_function,
-+ENGINE_get_init_function, ENGINE_get_load_privkey_function,
-+ENGINE_get_load_pubkey_function, ENGINE_load_private_key,
-+ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id,
-+ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher,
-+ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable,
-+ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string,
-+ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init,
-+ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_ECDH,
-+ENGINE_register_ECDSA, ENGINE_register_RAND, ENGINE_register_RSA,
-+ENGINE_register_all_complete, ENGINE_register_ciphers,
-+ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove,
-+ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_ECDH, ENGINE_set_ECDSA,
-+ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers,
-+ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default,
-+ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_ECDH,
-+ENGINE_set_default_ECDSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA,
-+ENGINE_set_default_ciphers, ENGINE_set_default_digests,
-+ENGINE_set_default_string, ENGINE_set_destroy_function,
-+ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags,
-+ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function,
-+ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref,
-+ENGINE_get_table_flags, ENGINE_cleanup,
-+ENGINE_load_builtin_engines, ENGINE_register_all_DH,
-+ENGINE_register_all_DSA, ENGINE_register_all_ECDH,
-+ENGINE_register_all_ECDSA, ENGINE_register_all_RAND,
-+ENGINE_register_all_RSA, ENGINE_register_all_ciphers,
-+ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH,
-+ENGINE_unregister_DSA, ENGINE_unregister_ECDH, ENGINE_unregister_ECDSA,
-+ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers,
-+ENGINE_unregister_digests
-+- ENGINE cryptographic module support
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/engine.h>
-+
-+ ENGINE *ENGINE_get_first(void);
-+ ENGINE *ENGINE_get_last(void);
-+ ENGINE *ENGINE_get_next(ENGINE *e);
-+ ENGINE *ENGINE_get_prev(ENGINE *e);
-+
-+ int ENGINE_add(ENGINE *e);
-+ int ENGINE_remove(ENGINE *e);
-+
-+ ENGINE *ENGINE_by_id(const char *id);
-+
-+ int ENGINE_init(ENGINE *e);
-+ int ENGINE_finish(ENGINE *e);
-+
-+ void ENGINE_load_builtin_engines(void);
-+
-+ ENGINE *ENGINE_get_default_RSA(void);
-+ ENGINE *ENGINE_get_default_DSA(void);
-+ ENGINE *ENGINE_get_default_ECDH(void);
-+ ENGINE *ENGINE_get_default_ECDSA(void);
-+ ENGINE *ENGINE_get_default_DH(void);
-+ ENGINE *ENGINE_get_default_RAND(void);
-+ ENGINE *ENGINE_get_cipher_engine(int nid);
-+ ENGINE *ENGINE_get_digest_engine(int nid);
-+
-+ int ENGINE_set_default_RSA(ENGINE *e);
-+ int ENGINE_set_default_DSA(ENGINE *e);
-+ int ENGINE_set_default_ECDH(ENGINE *e);
-+ int ENGINE_set_default_ECDSA(ENGINE *e);
-+ int ENGINE_set_default_DH(ENGINE *e);
-+ int ENGINE_set_default_RAND(ENGINE *e);
-+ int ENGINE_set_default_ciphers(ENGINE *e);
-+ int ENGINE_set_default_digests(ENGINE *e);
-+ int ENGINE_set_default_string(ENGINE *e, const char *list);
-+
-+ int ENGINE_set_default(ENGINE *e, unsigned int flags);
-+
-+ unsigned int ENGINE_get_table_flags(void);
-+ void ENGINE_set_table_flags(unsigned int flags);
-+
-+ int ENGINE_register_RSA(ENGINE *e);
-+ void ENGINE_unregister_RSA(ENGINE *e);
-+ void ENGINE_register_all_RSA(void);
-+ int ENGINE_register_DSA(ENGINE *e);
-+ void ENGINE_unregister_DSA(ENGINE *e);
-+ void ENGINE_register_all_DSA(void);
-+ int ENGINE_register_ECDH(ENGINE *e);
-+ void ENGINE_unregister_ECDH(ENGINE *e);
-+ void ENGINE_register_all_ECDH(void);
-+ int ENGINE_register_ECDSA(ENGINE *e);
-+ void ENGINE_unregister_ECDSA(ENGINE *e);
-+ void ENGINE_register_all_ECDSA(void);
-+ int ENGINE_register_DH(ENGINE *e);
-+ void ENGINE_unregister_DH(ENGINE *e);
-+ void ENGINE_register_all_DH(void);
-+ int ENGINE_register_RAND(ENGINE *e);
-+ void ENGINE_unregister_RAND(ENGINE *e);
-+ void ENGINE_register_all_RAND(void);
-+ int ENGINE_register_ciphers(ENGINE *e);
-+ void ENGINE_unregister_ciphers(ENGINE *e);
-+ void ENGINE_register_all_ciphers(void);
-+ int ENGINE_register_digests(ENGINE *e);
-+ void ENGINE_unregister_digests(ENGINE *e);
-+ void ENGINE_register_all_digests(void);
-+ int ENGINE_register_complete(ENGINE *e);
-+ int ENGINE_register_all_complete(void);
-+
-+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-+ long i, void *p, void (*f)(void), int cmd_optional);
-+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-+ int cmd_optional);
-+
-+ ENGINE *ENGINE_new(void);
-+ int ENGINE_free(ENGINE *e);
-+ int ENGINE_up_ref(ENGINE *e);
-+
-+ int ENGINE_set_id(ENGINE *e, const char *id);
-+ int ENGINE_set_name(ENGINE *e, const char *name);
-+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-+ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
-+ int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
-+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-+ int ENGINE_set_flags(ENGINE *e, int flags);
-+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-+
-+ const char *ENGINE_get_id(const ENGINE *e);
-+ const char *ENGINE_get_name(const ENGINE *e);
-+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-+ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-+ const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
-+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-+ int ENGINE_get_flags(const ENGINE *e);
-+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-+
-+ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-+ UI_METHOD *ui_method, void *callback_data);
-+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-+ UI_METHOD *ui_method, void *callback_data);
-+
-+Deprecated:
-+
-+ #if OPENSSL_API_COMPAT < 0x10100000L
-+ void ENGINE_cleanup(void)
-+ #endif
-+
-+=head1 DESCRIPTION
-+
-+These functions create, manipulate, and use cryptographic modules in the
-+form of B<ENGINE> objects. These objects act as containers for
-+implementations of cryptographic algorithms, and support a
-+reference-counted mechanism to allow them to be dynamically loaded in and
-+out of the running application.
-+
-+The cryptographic functionality that can be provided by an B<ENGINE>
-+implementation includes the following abstractions;
-+
-+ RSA_METHOD - for providing alternative RSA implementations
-+ DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
-+ - similarly for other OpenSSL APIs
-+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
-+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
-+ key-loading - loading public and/or private EVP_PKEY keys
-+
-+=head2 Reference counting and handles
-+
-+Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
-+treated as handles - ie. not only as pointers, but also as references to
-+the underlying ENGINE object. Ie. one should obtain a new reference when
-+making copies of an ENGINE pointer if the copies will be used (and
-+released) independently.
-+
-+ENGINE objects have two levels of reference-counting to match the way in
-+which the objects are used. At the most basic level, each ENGINE pointer is
-+inherently a B<structural> reference - a structural reference is required
-+to use the pointer value at all, as this kind of reference is a guarantee
-+that the structure can not be deallocated until the reference is released.
-+
-+However, a structural reference provides no guarantee that the ENGINE is
-+initialised and able to use any of its cryptographic
-+implementations. Indeed it's quite possible that most ENGINEs will not
-+initialise at all in typical environments, as ENGINEs are typically used to
-+support specialised hardware. To use an ENGINE's functionality, you need a
-+B<functional> reference. This kind of reference can be considered a
-+specialised form of structural reference, because each functional reference
-+implicitly contains a structural reference as well - however to avoid
-+difficult-to-find programming bugs, it is recommended to treat the two
-+kinds of reference independently. If you have a functional reference to an
-+ENGINE, you have a guarantee that the ENGINE has been initialised and
-+is ready to perform cryptographic operations, and will remain initialised
-+until after you have released your reference.
-+
-+I<Structural references>
-+
-+This basic type of reference is used for instantiating new ENGINEs,
-+iterating across OpenSSL's internal linked-list of loaded
-+ENGINEs, reading information about an ENGINE, etc. Essentially a structural
-+reference is sufficient if you only need to query or manipulate the data of
-+an ENGINE implementation rather than use its functionality.
-+
-+The ENGINE_new() function returns a structural reference to a new (empty)
-+ENGINE object. There are other ENGINE API functions that return structural
-+references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
-+ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
-+released by a corresponding to call to the ENGINE_free() function - the
-+ENGINE object itself will only actually be cleaned up and deallocated when
-+the last structural reference is released.
-+
-+It should also be noted that many ENGINE API function calls that accept a
-+structural reference will internally obtain another reference - typically
-+this happens whenever the supplied ENGINE will be needed by OpenSSL after
-+the function has returned. Eg. the function to add a new ENGINE to
-+OpenSSL's internal list is ENGINE_add() - if this function returns success,
-+then OpenSSL will have stored a new structural reference internally so the
-+caller is still responsible for freeing their own reference with
-+ENGINE_free() when they are finished with it. In a similar way, some
-+functions will automatically release the structural reference passed to it
-+if part of the function's job is to do so. Eg. the ENGINE_get_next() and
-+ENGINE_get_prev() functions are used for iterating across the internal
-+ENGINE list - they will return a new structural reference to the next (or
-+previous) ENGINE in the list or NULL if at the end (or beginning) of the
-+list, but in either case the structural reference passed to the function is
-+released on behalf of the caller.
-+
-+To clarify a particular function's handling of references, one should
-+always consult that function's documentation "man" page, or failing that
-+the openssl/engine.h header file includes some hints.
-+
-+I<Functional references>
-+
-+As mentioned, functional references exist when the cryptographic
-+functionality of an ENGINE is required to be available. A functional
-+reference can be obtained in one of two ways; from an existing structural
-+reference to the required ENGINE, or by asking OpenSSL for the default
-+operational ENGINE for a given cryptographic purpose.
-+
-+To obtain a functional reference from an existing structural reference,
-+call the ENGINE_init() function. This returns zero if the ENGINE was not
-+already operational and couldn't be successfully initialised (eg. lack of
-+system drivers, no special hardware attached, etc), otherwise it will
-+return non-zero to indicate that the ENGINE is now operational and will
-+have allocated a new B<functional> reference to the ENGINE. All functional
-+references are released by calling ENGINE_finish() (which removes the
-+implicit structural reference as well).
-+
-+The second way to get a functional reference is by asking OpenSSL for a
-+default implementation for a given task, eg. by ENGINE_get_default_RSA(),
-+ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
-+section, though they are not usually required by application programmers as
-+they are used automatically when creating and using the relevant
-+algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
-+
-+=head2 Default implementations
-+
-+For each supported abstraction, the ENGINE code maintains an internal table
-+of state to control which implementations are available for a given
-+abstraction and which should be used by default. These implementations are
-+registered in the tables and indexed by an 'nid' value, because
-+abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
-+algorithms and modes, and ENGINEs can support arbitrarily many of them.
-+In the case of other abstractions like RSA, DSA, etc, there is only one
-+"algorithm" so all implementations implicitly register using the same 'nid'
-+index.
-+
-+When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
-+when calling RSA_new_method(NULL)), a "get_default" call will be made to the
-+ENGINE subsystem to process the corresponding state table and return a
-+functional reference to an initialised ENGINE whose implementation should be
-+used. If no ENGINE should (or can) be used, it will return NULL and the caller
-+will operate with a NULL ENGINE handle - this usually equates to using the
-+conventional software implementation. In the latter case, OpenSSL will from
-+then on behave the way it used to before the ENGINE API existed.
-+
-+Each state table has a flag to note whether it has processed this
-+"get_default" query since the table was last modified, because to process
-+this question it must iterate across all the registered ENGINEs in the
-+table trying to initialise each of them in turn, in case one of them is
-+operational. If it returns a functional reference to an ENGINE, it will
-+also cache another reference to speed up processing future queries (without
-+needing to iterate across the table). Likewise, it will cache a NULL
-+response if no ENGINE was available so that future queries won't repeat the
-+same iteration unless the state table changes. This behaviour can also be
-+changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
-+ENGINE_set_table_flags()), no attempted initialisations will take place,
-+instead the only way for the state table to return a non-NULL ENGINE to the
-+"get_default" query will be if one is expressly set in the table. Eg.
-+ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
-+that it also sets the state table's cached response for the "get_default"
-+query. In the case of abstractions like EVP_CIPHER, where implementations are
-+indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
-+value.
-+
-+=head2 Application requirements
-+
-+This section will explain the basic things an application programmer should
-+support to make the most useful elements of the ENGINE functionality
-+available to the user. The first thing to consider is whether the
-+programmer wishes to make alternative ENGINE modules available to the
-+application and user. OpenSSL maintains an internal linked list of
-+"visible" ENGINEs from which it has to operate - at start-up, this list is
-+empty and in fact if an application does not call any ENGINE API calls and
-+it uses static linking against openssl, then the resulting application
-+binary will not contain any alternative ENGINE code at all. So the first
-+consideration is whether any/all available ENGINE implementations should be
-+made visible to OpenSSL - this is controlled by calling the various "load"
-+functions.
-+
-+Having called any of these functions, ENGINE objects would have been
-+dynamically allocated and populated with these implementations and linked
-+into OpenSSL's internal linked list. At this point it is important to
-+mention an important API function;
-+
-+ void ENGINE_cleanup(void)
-+
-+If no ENGINE API functions are called at all in an application, then there
-+are no inherent memory leaks to worry about from the ENGINE functionality.
-+However, prior to OpenSSL 1.1.0 if any ENGINEs are loaded, even if they are
-+never registered or used, it was necessary to use the ENGINE_cleanup() function
-+to correspondingly cleanup before program exit, if the caller wishes to avoid
-+memory leaks. This mechanism used an internal callback registration table
-+so that any ENGINE API functionality that knows it requires cleanup can
-+register its cleanup details to be called during ENGINE_cleanup(). This
-+approach allowed ENGINE_cleanup() to clean up after any ENGINE functionality
-+at all that your program uses, yet doesn't automatically create linker
-+dependencies to all possible ENGINE functionality - only the cleanup
-+callbacks required by the functionality you do use will be required by the
-+linker. From OpenSSL 1.1.0 it is no longer necessary to explicitly call
-+ENGINE_cleanup and this function is deprecated. Cleanup automatically takes
-+place at program exit.
-+
-+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
-+the program and loaded into memory at run-time) does not mean they are
-+"registered" or called into use by OpenSSL automatically - that behaviour
-+is something for the application to control. Some applications
-+will want to allow the user to specify exactly which ENGINE they want used
-+if any is to be used at all. Others may prefer to load all support and have
-+OpenSSL automatically use at run-time any ENGINE that is able to
-+successfully initialise - ie. to assume that this corresponds to
-+acceleration hardware attached to the machine or some such thing. There are
-+probably numerous other ways in which applications may prefer to handle
-+things, so we will simply illustrate the consequences as they apply to a
-+couple of simple cases and leave developers to consider these and the
-+source code to openssl's builtin utilities as guides.
-+
-+I<Using a specific ENGINE implementation>
-+
-+Here we'll assume an application has been configured by its user or admin
-+to want to use the "ACME" ENGINE if it is available in the version of
-+OpenSSL the application was compiled with. If it is available, it should be
-+used by default for all RSA, DSA, and symmetric cipher operations, otherwise
-+OpenSSL should use its builtin software as per usual. The following code
-+illustrates how to approach this;
-+
-+ ENGINE *e;
-+ const char *engine_id = "ACME";
-+ ENGINE_load_builtin_engines();
-+ e = ENGINE_by_id(engine_id);
-+ if(!e)
-+ /* the engine isn't available */
-+ return;
-+ if(!ENGINE_init(e)) {
-+ /* the engine couldn't initialise, release 'e' */
-+ ENGINE_free(e);
-+ return;
-+ }
-+ if(!ENGINE_set_default_RSA(e))
-+ /* This should only happen when 'e' can't initialise, but the previous
-+ * statement suggests it did. */
-+ abort();
-+ ENGINE_set_default_DSA(e);
-+ ENGINE_set_default_ciphers(e);
-+ /* Release the functional reference from ENGINE_init() */
-+ ENGINE_finish(e);
-+ /* Release the structural reference from ENGINE_by_id() */
-+ ENGINE_free(e);
-+
-+I<Automatically using builtin ENGINE implementations>
-+
-+Here we'll assume we want to load and register all ENGINE implementations
-+bundled with OpenSSL, such that for any cryptographic algorithm required by
-+OpenSSL - if there is an ENGINE that implements it and can be initialised,
-+it should be used. The following code illustrates how this can work;
-+
-+ /* Load all bundled ENGINEs into memory and make them visible */
-+ ENGINE_load_builtin_engines();
-+ /* Register all of them for every algorithm they collectively implement */
-+ ENGINE_register_all_complete();
-+
-+That's all that's required. Eg. the next time OpenSSL tries to set up an
-+RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
-+ENGINE_init() and if any of those succeed, that ENGINE will be set as the
-+default for RSA use from then on.
-+
-+=head2 Advanced configuration support
-+
-+There is a mechanism supported by the ENGINE framework that allows each
-+ENGINE implementation to define an arbitrary set of configuration
-+"commands" and expose them to OpenSSL and any applications based on
-+OpenSSL. This mechanism is entirely based on the use of name-value pairs
-+and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
-+applications want to provide a transparent way for users to provide
-+arbitrary configuration "directives" directly to such ENGINEs. It is also
-+possible for the application to dynamically interrogate the loaded ENGINE
-+implementations for the names, descriptions, and input flags of their
-+available "control commands", providing a more flexible configuration
-+scheme. However, if the user is expected to know which ENGINE device he/she
-+is using (in the case of specialised hardware, this goes without saying)
-+then applications may not need to concern themselves with discovering the
-+supported control commands and simply prefer to pass settings into ENGINEs
-+exactly as they are provided by the user.
-+
-+Before illustrating how control commands work, it is worth mentioning what
-+they are typically used for. Broadly speaking there are two uses for
-+control commands; the first is to provide the necessary details to the
-+implementation (which may know nothing at all specific to the host system)
-+so that it can be initialised for use. This could include the path to any
-+driver or config files it needs to load, required network addresses,
-+smart-card identifiers, passwords to initialise protected devices,
-+logging information, etc etc. This class of commands typically needs to be
-+passed to an ENGINE B<before> attempting to initialise it, ie. before
-+calling ENGINE_init(). The other class of commands consist of settings or
-+operations that tweak certain behaviour or cause certain operations to take
-+place, and these commands may work either before or after ENGINE_init(), or
-+in some cases both. ENGINE implementations should provide indications of
-+this in the descriptions attached to builtin control commands and/or in
-+external product documentation.
-+
-+I<Issuing control commands to an ENGINE>
-+
-+Let's illustrate by example; a function for which the caller supplies the
-+name of the ENGINE it wishes to use, a table of string-pairs for use before
-+initialisation, and another table for use after initialisation. Note that
-+the string-pairs used for control commands consist of a command "name"
-+followed by the command "parameter" - the parameter could be NULL in some
-+cases but the name can not. This function should initialise the ENGINE
-+(issuing the "pre" commands beforehand and the "post" commands afterwards)
-+and set it as the default for everything except RAND and then return a
-+boolean success or failure.
-+
-+ int generic_load_engine_fn(const char *engine_id,
-+ const char **pre_cmds, int pre_num,
-+ const char **post_cmds, int post_num)
-+ {
-+ ENGINE *e = ENGINE_by_id(engine_id);
-+ if (!e) return 0;
-+ while (pre_num--) {
-+ if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
-+ fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-+ pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
-+ ENGINE_free(e);
-+ return 0;
-+ }
-+ pre_cmds += 2;
-+ }
-+ if (!ENGINE_init(e)) {
-+ fprintf(stderr, "Failed initialisation\n");
-+ ENGINE_free(e);
-+ return 0;
-+ }
-+ /* ENGINE_init() returned a functional reference, so free the structural
-+ * reference from ENGINE_by_id(). */
-+ ENGINE_free(e);
-+ while(post_num--) {
-+ if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
-+ fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-+ post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
-+ ENGINE_finish(e);
-+ return 0;
-+ }
-+ post_cmds += 2;
-+ }
-+ ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
-+ /* Success */
-+ return 1;
-+ }
-+
-+Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
-+relax the semantics of the function - if set non-zero it will only return
-+failure if the ENGINE supported the given command name but failed while
-+executing it, if the ENGINE doesn't support the command name it will simply
-+return success without doing anything. In this case we assume the user is
-+only supplying commands specific to the given ENGINE so we set this to
-+FALSE.
-+
-+I<Discovering supported control commands>
-+
-+It is possible to discover at run-time the names, numerical-ids, descriptions
-+and input parameters of the control commands supported by an ENGINE using a
-+structural reference. Note that some control commands are defined by OpenSSL
-+itself and it will intercept and handle these control commands on behalf of the
-+ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
-+openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
-+implemented by ENGINEs should be numbered from. Any command value lower than
-+this symbol is considered a "generic" command is handled directly by the
-+OpenSSL core routines.
-+
-+It is using these "core" control commands that one can discover the control
-+commands implemented by a given ENGINE, specifically the commands:
-+
-+ ENGINE_HAS_CTRL_FUNCTION
-+ ENGINE_CTRL_GET_FIRST_CMD_TYPE
-+ ENGINE_CTRL_GET_NEXT_CMD_TYPE
-+ ENGINE_CTRL_GET_CMD_FROM_NAME
-+ ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
-+ ENGINE_CTRL_GET_NAME_FROM_CMD
-+ ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
-+ ENGINE_CTRL_GET_DESC_FROM_CMD
-+ ENGINE_CTRL_GET_CMD_FLAGS
-+
-+Whilst these commands are automatically processed by the OpenSSL framework code,
-+they use various properties exposed by each ENGINE to process these
-+queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
-+it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
-+the ENGINE's flags, and it can expose an array of control command descriptions.
-+If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
-+simply pass all these "core" control commands directly to the ENGINE's ctrl()
-+handler (and thus, it must have supplied one), so it is up to the ENGINE to
-+reply to these "discovery" commands itself. If that flag is not set, then the
-+OpenSSL framework code will work with the following rules;
-+
-+ if no ctrl() handler supplied;
-+ ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
-+ all other commands fail.
-+ if a ctrl() handler was supplied but no array of control commands;
-+ ENGINE_HAS_CTRL_FUNCTION returns TRUE,
-+ all other commands fail.
-+ if a ctrl() handler and array of control commands was supplied;
-+ ENGINE_HAS_CTRL_FUNCTION returns TRUE,
-+ all other commands proceed processing ...
-+
-+If the ENGINE's array of control commands is empty then all other commands will
-+fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
-+the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
-+identifier of a command supported by the ENGINE and returns the next command
-+identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
-+name for a command and returns the corresponding identifier or fails if no such
-+command name exists, and the remaining commands take a command identifier and
-+return properties of the corresponding commands. All except
-+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
-+or populate a supplied character buffer with a copy of the command name or
-+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
-+possible values:
-+
-+ ENGINE_CMD_FLAG_NUMERIC
-+ ENGINE_CMD_FLAG_STRING
-+ ENGINE_CMD_FLAG_NO_INPUT
-+ ENGINE_CMD_FLAG_INTERNAL
-+
-+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
-+informational to the caller - this flag will prevent the command being usable
-+for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
-+"INTERNAL" commands are not intended to be exposed to text-based configuration
-+by applications, administrations, users, etc. These can support arbitrary
-+operations via ENGINE_ctrl(), including passing to and/or from the control
-+commands data of any arbitrary type. These commands are supported in the
-+discovery mechanisms simply to allow applications to determine if an ENGINE
-+supports certain specific commands it might want to use (eg. application "foo"
-+might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
-+and ENGINE could therefore decide whether or not to support this "foo"-specific
-+extension).
-+
-+=head1 SEE ALSO
-+
-+L<OPENSSL_init_crypto(3)>, L<RSA_new_method(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
-+
-+=head1 HISTORY
-+
-+ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and
-+ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by
-+OPENSSL_init_crypto().
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/ERR_GET_LIB.pod
-+++ b/doc/crypto/ERR_GET_LIB.pod
-@@ -48,4 +48,13 @@ L<err(3)>, L<ERR_get_error(3)>
- ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
- all versions of OpenSSL.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_clear_error.pod
-+++ b/doc/crypto/ERR_clear_error.pod
-@@ -22,4 +22,13 @@ ERR_clear_error() has no return value.
-
- L<err(3)>, L<ERR_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_error_string.pod
-+++ b/doc/crypto/ERR_error_string.pod
-@@ -62,4 +62,13 @@ none is registered for the error code.
- L<err(3)>, L<ERR_get_error(3)>,
- L<ERR_print_errors(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_get_error.pod
-+++ b/doc/crypto/ERR_get_error.pod
-@@ -67,4 +67,13 @@ The error code, or 0 if there is no erro
- L<err(3)>, L<ERR_error_string(3)>,
- L<ERR_GET_LIB(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_load_crypto_strings.pod
-+++ b/doc/crypto/ERR_load_crypto_strings.pod
-@@ -21,7 +21,7 @@ load and free error strings
- #if OPENSSL_API_COMPAT < 0x10100000L
- void SSL_load_error_strings(void);
- #endif
--
-+
- =head1 DESCRIPTION
-
- All of the following functions are deprecated from OpenSSL 1.1.0. No explicit
-@@ -50,4 +50,13 @@ The ERR_load_crypto_strings(), SSL_load_
- ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by
- OPENSSL_init_crypto() and OPENSSL_init_ssl().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_load_strings.pod
-+++ b/doc/crypto/ERR_load_strings.pod
-@@ -39,10 +39,20 @@ to user libraries at runtime.
- =head1 RETURN VALUE
-
- ERR_load_strings() returns no value. ERR_PACK() return the error code.
--ERR_get_next_error_library() returns a new library number.
-+ERR_get_next_error_library() returns zero on failure, otherwise a new
-+library number.
-
- =head1 SEE ALSO
-
- L<err(3)>, L<ERR_load_strings(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_print_errors.pod
-+++ b/doc/crypto/ERR_print_errors.pod
-@@ -2,7 +2,8 @@
-
- =head1 NAME
-
--ERR_print_errors, ERR_print_errors_fp - print error messages
-+ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb
-+- print error messages
-
- =head1 SYNOPSIS
-
-@@ -10,6 +11,9 @@ ERR_print_errors, ERR_print_errors_fp -
-
- void ERR_print_errors(BIO *bp);
- void ERR_print_errors_fp(FILE *fp);
-+ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-+ void *u)
-+
-
- =head1 DESCRIPTION
-
-@@ -20,6 +24,9 @@ emptying the error queue.
- ERR_print_errors_fp() is the same, except that the output goes to a
- B<FILE>.
-
-+ERR_print_errors_cb() is the same, except that the callback function,
-+B<cb>, is called for each error line with the string, length, and userdata
-+B<u> as the callback parameters.
-
- The error strings will have the following format:
-
-@@ -41,4 +48,13 @@ ERR_print_errors() and ERR_print_errors_
- L<err(3)>, L<ERR_error_string(3)>,
- L<ERR_get_error(3)>.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_put_error.pod
-+++ b/doc/crypto/ERR_put_error.pod
-@@ -12,6 +12,7 @@ ERR_put_error, ERR_add_error_data - reco
- int line);
-
- void ERR_add_error_data(int num, ...);
-+ void ERR_add_error_data(int num, va_list arg);
-
- =head1 DESCRIPTION
-
-@@ -22,11 +23,38 @@ This function is usually called by a mac
-
- ERR_add_error_data() associates the concatenation of its B<num> string
- arguments with the error code added last.
-+ERR_add_error_vdata() is similar except the argument is a B<va_list>.
-
- L<ERR_load_strings(3)> can be used to register
- error strings so that the application can a generate human-readable
- error messages for the error code.
-
-+=head2 Reporting errors
-+
-+Each sub-library has a specific macro XXXerr() that is used to report
-+errors. Its first argument is a function code B<XXX_F_...>, the second
-+argument is a reason code B<XXX_R_...>. Function codes are derived
-+from the function names; reason codes consist of textual error
-+descriptions. For example, the function ssl3_read_bytes() reports a
-+"handshake failure" as follows:
-+
-+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-+
-+Function and reason codes should consist of upper case characters,
-+numbers and underscores only. The error file generation script translates
-+function codes into function names by looking in the header files
-+for an appropriate function name, if none is found it just uses
-+the capitalized form such as "SSL3_READ_BYTES" in the above example.
-+
-+The trailing section of a reason code (after the "_R_") is translated
-+into lower case and underscores changed to spaces.
-+
-+Although a library will normally report errors using its own specific
-+XXXerr macro, another library's macro can be used. This is normally
-+only done when a library wants to include ASN1 code which must use
-+the ASN1err() macro.
-+
-+
- =head1 RETURN VALUES
-
- ERR_put_error() and ERR_add_error_data() return
-@@ -36,4 +64,13 @@ no values.
-
- L<err(3)>, L<ERR_load_strings(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/ERR_remove_state.pod
-+++ b/doc/crypto/ERR_remove_state.pod
-@@ -2,44 +2,52 @@
-
- =head1 NAME
-
--ERR_remove_thread_state, ERR_remove_state - free a thread's error queue
-+ERR_remove_thread_state, ERR_remove_state - DEPRECATED
-
- =head1 SYNOPSIS
-
-- #include <openssl/err.h>
--
-- void ERR_remove_thread_state(void);
--
- Deprecated:
-
- #if OPENSSL_API_COMPAT < 0x10000000L
- void ERR_remove_state(unsigned long pid);
- #endif
-
-+ #if OPENSSL_API_COMPAT < 0x10100000L
-+ void ERR_remove_thread_state(void *);
-+ #endif
-+
- =head1 DESCRIPTION
-
--ERR_remove_thread_state() frees the error queue associated with the current
--thread.
-+The functions described here were used to free the error queue
-+associated with the current or specified thread.
-
--Since error queue data structures are allocated automatically for new
--threads, they must be freed when threads are terminated in order to
--avoid memory leaks.
--
--ERR_remove_state is deprecated and has been replaced by
--ERR_remove_thread_state. Any argument to this function is ignored and
--calling ERR_remove_state is equivalent to B<ERR_remove_thread_state()>.
-+They are now deprecated and do nothing, as the OpenSSL libraries now
-+normally do all thread initialisation and deinitialisation
-+automatically (see L<OPENSSL_init_crypto(3)>).
-
- =head1 RETURN VALUE
-
--ERR_remove_thread_state and ERR_remove_state() return no value.
-+The functions described here return no value.
-
- =head1 SEE ALSO
-
--L<err(3)>
-+L<err(3)>, L<OPENSSL_init_crypto(3)>
-
- =head1 HISTORY
-
--ERR_remove_state()
--was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state() was introduced.
-+ERR_remove_state() was deprecated in OpenSSL 1.0.0 when
-+ERR_remove_thread_state() was introduced.
-+
-+ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0 when the
-+thread handling functionality was entirely rewritten.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/ERR_set_mark.pod
-+++ b/doc/crypto/ERR_set_mark.pod
-@@ -31,4 +31,13 @@ implies that the stack became empty, oth
-
- L<err(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_BytesToKey.pod
-+++ b/doc/crypto/EVP_BytesToKey.pod
-@@ -8,10 +8,10 @@ EVP_BytesToKey - password based encrypti
-
- #include <openssl/evp.h>
-
-- int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
-- const unsigned char *salt,
-- const unsigned char *data, int datal, int count,
-- unsigned char *key,unsigned char *iv);
-+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
-+ const unsigned char *salt,
-+ const unsigned char *data, int datal, int count,
-+ unsigned char *key, unsigned char *iv);
-
- =head1 DESCRIPTION
-
-@@ -44,7 +44,7 @@ defined in PKCS#5v2.1 and provided by PK
- The key and IV is derived by concatenating D_1, D_2, etc until
- enough data is available for the key and IV. D_i is defined as:
-
-- D_i = HASH^count(D_(i-1) || data || salt)
-+ D_i = HASH^count(D_(i-1) || data || salt)
-
- where || denotes concatenation, D_0 is empty, HASH is the digest
- algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
-@@ -66,6 +66,13 @@ L<evp(3)>, L<rand(3)>,
- L<PKCS5_PBKDF2_HMAC(3)>,
- L<EVP_EncryptInit(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
-+++ b/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod
-@@ -39,4 +39,13 @@ cipher data for the EVP_CIPHER_CTX.
- The EVP_CIPHER_CTX_get_cipher_data() and EVP_CIPHER_CTX_set_cipher_data()
- functions were added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_CIPHER_meth_new.pod
-+++ b/doc/crypto/EVP_CIPHER_meth_new.pod
-@@ -19,7 +19,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to
- EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
- EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
- void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
--
-+
- int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
- int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
- int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
-@@ -44,7 +44,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to
- int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
- int (*ctrl) (EVP_CIPHER_CTX *, int type,
- int arg, void *ptr));
--
-+
- int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
- const unsigned char *key,
- const unsigned char *iv,
-@@ -82,37 +82,14 @@ With the exception of cipher modes, of w
- several flags can be or'd together.
- The available flags are:
-
--=over 4
--
--=over 4
--
--=item The cipher modes:
--
--=over 4
--
--=item EVP_CIPH_STREAM_CIPHER
--
--=item EVP_CIPH_ECB_MODE
--
--=item EVP_CIPH_CBC_MODE
--
--=item EVP_CIPH_CFB_MODE
--
--=item EVP_CIPH_OFB_MODE
--
--=item EVP_CIPH_CTR_MODE
--
--=item EVP_CIPH_GCM_MODE
--
--=item EVP_CIPH_CCM_MODE
-+=over
-
--=item EVP_CIPH_XTS_MODE
-+=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
-+EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
-+EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
-+EVP_CIPH_OCB_MODE
-
--=item EVP_CIPH_WRAP_MODE
--
--=item EVP_CIPH_OCB_MODE
--
--=back
-+The cipher mode.
-
- =item EVP_CIPH_VARIABLE_LENGTH
-
-@@ -197,13 +174,8 @@ This indicates that this is an AEAD ciph
-
- =item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
-
--=begin comment
--
--I could use some help explaining this one!
--
--=end comment
--
--=back
-+Allow interleaving of crypto blocks, a particular optimization only applicable
-+to certain TLS ciphers.
-
- =back
-
-@@ -224,7 +196,7 @@ EVP_EncryptFinal(), EVP_EncryptFinal_ex(
- EVP_DecryptFinal_ex().
-
- EVP_CIPHER_meth_set_cleanup() sets the function for B<cipher> to do
--extra cleanup before the method's privata data structure is cleaned
-+extra cleanup before the method's private data structure is cleaned
- out and freed.
- Note that the cleanup function is passed a B<EVP_CIPHER_CTX *>, the
- private data structure is then available with
-@@ -234,6 +206,7 @@ EVP_CIPHER_CTX_free().
-
- EVP_CIPHER_meth_set_ctrl() sets the control function for B<cipher>.
-
-+=head1 RETURN VALUES
-
- EVP_CIPHER_meth_get_input_blocksize(), EVP_CIPHER_meth_get_result_size(),
- EVP_CIPHER_meth_get_app_datasize(), EVP_CIPHER_meth_get_flags(),
-@@ -253,4 +226,13 @@ The B<EVP_CIPHER> structure was openly a
- 1.1.
- The functions described here were added in OpenSSL version 1.1.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_DigestInit.pod
-+++ b/doc/crypto/EVP_DigestInit.pod
-@@ -3,7 +3,7 @@
- =head1 NAME
-
- EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex,
--EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MAX_MD_SIZE,
-+EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex,
- EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
- EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
- EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
-@@ -24,32 +24,23 @@ EVP_get_digestbynid, EVP_get_digestbyobj
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
-
-- int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
-+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-
- int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
-
-- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
--
-- #define EVP_MAX_MD_SIZE 64 /* SHA512 */
-+ int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
-
- int EVP_MD_type(const EVP_MD *md);
-- int EVP_MD_pkey_type(const EVP_MD *md);
-+ int EVP_MD_pkey_type(const EVP_MD *md);
- int EVP_MD_size(const EVP_MD *md);
- int EVP_MD_block_size(const EVP_MD *md);
-
- const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
-- int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
-- const void *data, size_t count);
-- void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
-- int (*update) (EVP_MD_CTX *ctx,
-- const void *data, size_t count));
- int EVP_MD_CTX_size(const EVP_MD *ctx);
- int EVP_MD_CTX_block_size(const EVP_MD *ctx);
- int EVP_MD_CTX_type(const EVP_MD *ctx);
-- EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
-- void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
-
- const EVP_MD *EVP_md_null(void);
- const EVP_MD *EVP_md2(void);
-@@ -213,15 +204,15 @@ digest name passed on the command line.
- int md_len, i;
-
- if(!argv[1]) {
-- printf("Usage: mdtest digestname\n");
-- exit(1);
-+ printf("Usage: mdtest digestname\n");
-+ exit(1);
- }
-
- md = EVP_get_digestbyname(argv[1]);
-
- if(!md) {
-- printf("Unknown message digest %s\n", argv[1]);
-- exit(1);
-+ printf("Unknown message digest %s\n", argv[1]);
-+ exit(1);
- }
-
- mdctx = EVP_MD_CTX_new();
-@@ -232,8 +223,8 @@ digest name passed on the command line.
- EVP_MD_CTX_free(mdctx);
-
- printf("Digest is: ");
-- for(i = 0; i < md_len; i++)
-- printf("%02x", md_value[i]);
-+ for (i = 0; i < md_len; i++)
-+ printf("%02x", md_value[i]);
- printf("\n");
-
- exit(0);
-@@ -256,4 +247,13 @@ The link between digests and signing alg
- later, so now EVP_sha1() can be used with RSA and DSA. The legacy EVP_dss1()
- was removed in OpenSSL 1.1.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_DigestSignInit.pod
-+++ b/doc/crypto/EVP_DigestSignInit.pod
-@@ -9,7 +9,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate
- #include <openssl/evp.h>
-
- int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
-
-@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and
- the use of clone digest is now discouraged.
-
- For some key types and parameters the random number generator must be seeded
--or the operation will fail.
-+or the operation will fail.
-
- The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
- context. This means that calls to EVP_DigestSignUpdate() and
-@@ -81,7 +81,16 @@ L<sha(3)>, L<dgst(1)>
-
- =head1 HISTORY
-
--EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
-+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
- were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_DigestVerifyInit.pod
-+++ b/doc/crypto/EVP_DigestVerifyInit.pod
-@@ -9,7 +9,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUp
- #include <openssl/evp.h>
-
- int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
-
-@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and
- the use of clone digest is now discouraged.
-
- For some key types and parameters the random number generator must be seeded
--or the operation will fail.
-+or the operation will fail.
-
- The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
- context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
-@@ -76,7 +76,16 @@ L<sha(3)>, L<dgst(1)>
-
- =head1 HISTORY
-
--EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
-+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
- were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/EVP_EncodeInit.pod
-@@ -0,0 +1,162 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy,
-+EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal,
-+EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal,
-+EVP_DecodeBlock - EVP base 64 encode/decode routines
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/evp.h>
-+
-+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
-+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
-+ int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
-+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
-+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-+ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-+ const unsigned char *in, int inl);
-+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
-+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-+
-+ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-+ const unsigned char *in, int inl);
-+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
-+ char *out, int *outl);
-+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-+
-+=head1 DESCRIPTION
-+
-+The EVP encode routines provide a high level interface to base 64 encoding and
-+decoding. Base 64 encoding converts binary data into a printable form that uses
-+the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
-+bytes of binary data provided 4 bytes of base 64 encoded data will be produced
-+plus some occasional newlines (see below). If the input data length is not a
-+multiple of 3 then the output data will be padded at the end using the "="
-+character.
-+
-+EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for
-+the encode/decode functions.
-+
-+EVP_ENCODE_CTX_free() cleans up an encode/decode context B<ctx> and frees up the
-+space allocated to it.
-+
-+Encoding of binary data is performed in blocks of 48 input bytes (or less for
-+the final block). For each 48 byte input block encoded 64 bytes of base 64 data
-+is output plus an additional newline character (i.e. 65 bytes in total). The
-+final block (which may be less than 48 bytes) will output 4 bytes for every 3
-+bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
-+still output for the final 1 or 2 bytes of input. Similarly a newline character
-+will also be output.
-+
-+EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
-+
-+EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
-+B<in>. The output is stored in the buffer B<out> and the number of bytes output
-+is stored in B<*outl>. It is the caller's responsibility to ensure that the
-+buffer at B<out> is sufficiently large to accommodate the output data. Only full
-+blocks of data (48 bytes) will be immediately processed and output by this
-+function. Any remainder is held in the B<ctx> object and will be processed by a
-+subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
-+required size of the output buffer add together the value of B<inl> with the
-+amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
-+any remainder). This gives the number of blocks of data that will be processed.
-+Ensure the output buffer contains 65 bytes of storage for each block, plus an
-+additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
-+repeatedly to process large amounts of input data. In the event of an error
-+EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 will be
-+returned.
-+
-+EVP_EncodeFinal() must be called at the end of an encoding operation. It will
-+process any partial block of data remaining in the B<ctx> object. The output
-+data will be stored in B<out> and the length of the data written will be stored
-+in B<*outl>. It is the caller's responsibility to ensure that B<out> is
-+sufficiently large to accommodate the output data which will never be more than
-+65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
-+
-+EVP_ENCODE_CTX_copy() can be used to copy a context B<sctx> to a context
-+B<dctx>. B<dctx> must be initialized before calling this function.
-+
-+EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to
-+be encoded or decoded that are pending in the B<ctx> object.
-+
-+EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
-+B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
-+output data will be produced. If B<dlen> is not divisible by 3 then the block is
-+encoded as a final block of data and the output is padded such that it is always
-+divisible by 4. Additionally a NUL terminator character will be added. For
-+example if 16 bytes of input data is provided then 24 bytes of encoded data is
-+created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
-+the data generated I<without> the NUL terminator is returned from the function.
-+
-+EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
-+
-+EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
-+to by B<in>. The output is stored in the buffer B<out> and the number of bytes
-+output is stored in B<*outl>. It is the caller's responsibility to ensure that
-+the buffer at B<out> is sufficiently large to accommodate the output data. This
-+function will attempt to decode as much data as possible in 4 byte chunks. Any
-+whitespace, newline or carriage return characters are ignored. Any partial chunk
-+of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
-+the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
-+any illegal base 64 characters are encountered or if the base 64 padding
-+character "=" is encountered in the middle of the data then the function returns
-+-1 to indicate an error. A return value of 0 or 1 indicates successful
-+processing of the data. A return value of 0 additionally indicates that the last
-+input data characters processed included the base 64 padding character "=" and
-+therefore no more non-padding character data is expected to be processed. For
-+every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
-+line feeds), 3 bytes of binary output data will be produced (or less at the end
-+of the data where the padding character "=" has been used).
-+
-+EVP_DecodeFinal() must be called at the end of a decoding operation. If there
-+is any unprocessed data still in B<ctx> then the input data must not have been
-+a multiple of 4 and therefore an error has occurred. The function will return -1
-+in this case. Otherwise the function returns 1 on success.
-+
-+EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
-+contained in B<f> and store the result in B<t>. Any leading whitespace will be
-+trimmed as will any trailing whitespace, newlines, carriage returns or EOF
-+characters. After such trimming the length of the data in B<f> must be divisible
-+by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
-+output will be padded with 0 bits if necessary to ensure that the output is
-+always 3 bytes for every 4 input bytes. This function will return the length of
-+the data decoded or -1 on error.
-+
-+=head1 RETURN VALUES
-+
-+EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX
-+object or NULL on error.
-+
-+EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in
-+B<ctx>.
-+
-+EVP_EncodeUpdate() returns 0 on error or 1 on success.
-+
-+EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
-+terminator.
-+
-+EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
-+then no more non-padding base 64 characters are expected.
-+
-+EVP_DecodeFinal() returns -1 on error or 1 on success.
-+
-+EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
-+
-+=head1 SEE ALSO
-+
-+L<evp(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/EVP_EncryptInit.pod
-+++ b/doc/crypto/EVP_EncryptInit.pod
-@@ -16,7 +16,7 @@ EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block
- EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
- EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
- EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
--EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb,
-+EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb,
- EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb,
- EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb,
- EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc,
-@@ -31,6 +31,8 @@ EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_ae
- EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm,
- EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
-
-+=for comment generic
-+
- =head1 SYNOPSIS
-
- #include <openssl/evp.h>
-@@ -40,14 +42,14 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
- void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
-
- int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-- ENGINE *impl, unsigned char *key, unsigned char *iv);
-+ ENGINE *impl, unsigned char *key, unsigned char *iv);
- int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
-
- int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-- ENGINE *impl, unsigned char *key, unsigned char *iv);
-+ ENGINE *impl, unsigned char *key, unsigned char *iv);
- int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-@@ -80,15 +82,16 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
- int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-
- const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
-- #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
-- #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-+ const EVP_CIPHER *EVP_get_cipherbynid(int nid);
-+ const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
-
-- #define EVP_CIPHER_nid(e) ((e)->nid)
-- #define EVP_CIPHER_block_size(e) ((e)->block_size)
-- #define EVP_CIPHER_key_length(e) ((e)->key_len)
-- #define EVP_CIPHER_iv_length(e) ((e)->iv_len)
-- #define EVP_CIPHER_flags(e) ((e)->flags)
-- #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE)
-+ int EVP_CIPHER_nid(const EVP_CIPHER *e);
-+ int EVP_CIPHER_block_size(const EVP_CIPHER *e);
-+ int EVP_CIPHER_key_length(const EVP_CIPHER *e)
-+ int EVP_CIPHER_key_length(const EVP_CIPHER *e);
-+ int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
-+ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
-+ unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
- int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
- const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
-@@ -99,9 +102,6 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
- void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
- void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
- int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
-- void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, int flags);
-- void EVP_CIPHER_CTX_clear_flags(const EVP_CIPHER_CTX *ctx, int flags);
-- int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
- int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
-
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-@@ -138,7 +138,9 @@ multiple times to encrypt successive blo
- of data written depends on the block alignment of the encrypted data:
- as a result the amount of data written may be anything from zero bytes
- to (inl + cipher_block_size - 1) so B<out> should contain sufficient
--room. The actual number of bytes written is placed in B<outl>.
-+room. The actual number of bytes written is placed in B<outl>. It also
-+checks if B<in> and B<out> are partially overlapping, and if they are
-+0 is returned to indicate failure.
-
- If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
- the "final" data, that is any data that remains in a partial block.
-@@ -221,7 +223,7 @@ B<EVP_MAX_IV_LENGTH> is the maximum IV l
-
- EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
- size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
--structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
-+structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the maximum block
- length for all ciphers.
-
- EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
-@@ -326,11 +328,11 @@ AES with a 256-bit key in CBC, ECB, CFB
-
- DES in CBC, ECB, CFB and OFB modes respectively.
-
--=item EVP_des_ede_cbc(), EVP_des_ede(), EVP_des_ede_ofb(), EVP_des_ede_cfb()
-+=item EVP_des_ede_cbc(), EVP_des_ede(), EVP_des_ede_ofb(), EVP_des_ede_cfb()
-
- Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
-
--=item EVP_des_ede3_cbc(), EVP_des_ede3(), EVP_des_ede3_ofb(), EVP_des_ede3_cfb()
-+=item EVP_des_ede3_cbc(), EVP_des_ede3(), EVP_des_ede3_ofb(), EVP_des_ede3_cfb()
-
- Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
-
-@@ -384,13 +386,13 @@ bits and 12 rounds.
-
- AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
- These ciphers require additional control operations to function correctly: see
--the L</GCM and OCB modes> section below for details.
-+the L</GCM and OCB Modes> section below for details.
-
- =item EVP_aes_128_ocb(void), EVP_aes_192_ocb(void), EVP_aes_256_ocb(void)
-
--Offest Codebook Mode (OCB) for 128, 192 and 256 bit keys respectively.
-+Offset Codebook Mode (OCB) for 128, 192 and 256 bit keys respectively.
- These ciphers require additional control operations to function correctly: see
--the L</GCM and OCB modes> section below for details.
-+the L</GCM and OCB Modes> section below for details.
-
- =item EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm()
-
-@@ -474,8 +476,6 @@ Sets the CCM nonce (IV) length: this cal
- an nonce value. The nonce length is given by B<15 - L> so it is 7 by default
- for AES.
-
--
--
- =head1 NOTES
-
- Where possible the B<EVP> interface to symmetric ciphers should be used in
-@@ -508,6 +508,8 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_e
- EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
- existing context without allocating and freeing it up on each call.
-
-+EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
-+
- =head1 BUGS
-
- For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
-@@ -526,46 +528,46 @@ for certain common S/MIME ciphers (RC2,
- Encrypt a string using IDEA:
-
- int do_crypt(char *outfile)
-- {
-- unsigned char outbuf[1024];
-- int outlen, tmplen;
-- /* Bogus key and IV: we'd normally set these from
-- * another source.
-- */
-- unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
-- unsigned char iv[] = {1,2,3,4,5,6,7,8};
-- char intext[] = "Some Crypto Text";
-- EVP_CIPHER_CTX ctx;
-- FILE *out;
--
-- ctx = EVP_CIPHER_CTX_new();
-- EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
--
-- if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
-- {
-- /* Error */
-- return 0;
-- }
-- /* Buffer passed to EVP_EncryptFinal() must be after data just
-- * encrypted to avoid overwriting it.
-- */
-- if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
-- {
-- /* Error */
-- return 0;
-- }
-- outlen += tmplen;
-- EVP_CIPHER_CTX_free(ctx);
-- /* Need binary mode for fopen because encrypted data is
-- * binary data. Also cannot use strlen() on it because
-+ {
-+ unsigned char outbuf[1024];
-+ int outlen, tmplen;
-+ /* Bogus key and IV: we'd normally set these from
-+ * another source.
-+ */
-+ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
-+ unsigned char iv[] = {1,2,3,4,5,6,7,8};
-+ char intext[] = "Some Crypto Text";
-+ EVP_CIPHER_CTX ctx;
-+ FILE *out;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
-+
-+ if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
-+ {
-+ /* Error */
-+ return 0;
-+ }
-+ /* Buffer passed to EVP_EncryptFinal() must be after data just
-+ * encrypted to avoid overwriting it.
-+ */
-+ if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
-+ {
-+ /* Error */
-+ return 0;
-+ }
-+ outlen += tmplen;
-+ EVP_CIPHER_CTX_free(ctx);
-+ /* Need binary mode for fopen because encrypted data is
-+ * binary data. Also cannot use strlen() on it because
- * it wont be null terminated and may contain embedded
-- * nulls.
-- */
-- out = fopen(outfile, "wb");
-- fwrite(outbuf, 1, outlen, out);
-- fclose(out);
-- return 1;
-- }
-+ * nulls.
-+ */
-+ out = fopen(outfile, "wb");
-+ fwrite(outbuf, 1, outlen, out);
-+ fclose(out);
-+ return 1;
-+ }
-
- The ciphertext from the above example can be decrypted using the B<openssl>
- utility with the command line (shown on two lines for clarity):
-@@ -577,50 +579,50 @@ General encryption and decryption functi
- with a 128-bit key:
-
- int do_crypt(FILE *in, FILE *out, int do_encrypt)
-- {
-- /* Allow enough space in output buffer for additional block */
-- unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
-- int inlen, outlen;
-- EVP_CIPHER_CTX *ctx;
-- /* Bogus key and IV: we'd normally set these from
-- * another source.
-- */
-- unsigned char key[] = "0123456789abcdeF";
-- unsigned char iv[] = "1234567887654321";
--
-- /* Don't set key or IV right away; we want to check lengths */
-- ctx = EVP_CIPHER_CTX_new();
-- EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
-- do_encrypt);
-- OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
-- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
--
-- /* Now we can set key and IV */
-- EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
--
-- for(;;)
-- {
-- inlen = fread(inbuf, 1, 1024, in);
-- if(inlen <= 0) break;
-- if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
-- {
-- /* Error */
-- EVP_CIPHER_CTX_free(ctx);
-- return 0;
-- }
-- fwrite(outbuf, 1, outlen, out);
-- }
-- if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
-- {
-- /* Error */
-- EVP_CIPHER_CTX_free(ctx);
-- return 0;
-- }
-- fwrite(outbuf, 1, outlen, out);
--
-- EVP_CIPHER_CTX_free(ctx);
-- return 1;
-- }
-+ {
-+ /* Allow enough space in output buffer for additional block */
-+ unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
-+ int inlen, outlen;
-+ EVP_CIPHER_CTX *ctx;
-+ /* Bogus key and IV: we'd normally set these from
-+ * another source.
-+ */
-+ unsigned char key[] = "0123456789abcdeF";
-+ unsigned char iv[] = "1234567887654321";
-+
-+ /* Don't set key or IV right away; we want to check lengths */
-+ ctx = EVP_CIPHER_CTX_new();
-+ EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
-+ do_encrypt);
-+ OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
-+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
-+
-+ /* Now we can set key and IV */
-+ EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
-+
-+ for(;;)
-+ {
-+ inlen = fread(inbuf, 1, 1024, in);
-+ if (inlen <= 0) break;
-+ if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
-+ {
-+ /* Error */
-+ EVP_CIPHER_CTX_free(ctx);
-+ return 0;
-+ }
-+ fwrite(outbuf, 1, outlen, out);
-+ }
-+ if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
-+ {
-+ /* Error */
-+ EVP_CIPHER_CTX_free(ctx);
-+ return 0;
-+ }
-+ fwrite(outbuf, 1, outlen, out);
-+
-+ EVP_CIPHER_CTX_free(ctx);
-+ return 1;
-+ }
-
-
- =head1 SEE ALSO
-@@ -636,4 +638,13 @@ EVP_CIPHER_CTX_reset() appeared and EVP_
- disappeared. EVP_CIPHER_CTX_init() remains as an alias for
- EVP_CIPHER_CTX_reset().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_MD_meth_new.pod
-+++ b/doc/crypto/EVP_MD_meth_new.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+EVP_MD_meth_dup,
- EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize,
- EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
- EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
-@@ -10,17 +11,16 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_in
- EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
- EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
- EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
--EVP_MD_meth_get_ctrl, EVP_MD_meth_get_pkey_types,
--EVP_MD_meth_get_sign, EVP_MD_meth_get_verify - Routines to build up
--EVP_MD methods
-+EVP_MD_meth_get_ctrl, EVP_MD_CTX_md_data
-+- Routines to build up EVP_MD methods
-
- =head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
-- EVP_MD *EVP_MD_create_method(int md_type, int pkey_type);
-+ EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
-+ void EVP_MD_meth_free(EVP_MD *md);
- EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
-- void EVP_MD_destroy_method(EVP_MD *md);
-
- int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
- int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
-@@ -34,6 +34,7 @@ EVP_MD methods
- unsigned char *md));
- int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
- const EVP_MD_CTX *from));
-+ void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
- int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
- int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
- int p1, void *p2));
-@@ -130,7 +131,7 @@ This copy function is called by EVP_MD_C
- EVP_MD_CTX_copy_ex().
-
- EVP_MD_meth_set_cleanup() sets the function for B<md> to do extra
--cleanup before the method's privata data structure is cleaned out and
-+cleanup before the method's private data structure is cleaned out and
- freed.
- Note that the cleanup function is passed a B<EVP_MD_CTX *>, the
- private data structure is then available with EVP_MD_CTX_md_data().
-@@ -157,4 +158,13 @@ L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>
- The B<EVP_MD> structure was openly available in OpenSSL before version
- 1.1. The functions described here were added in OpenSSL version 1.1.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_OpenInit.pod
-+++ b/doc/crypto/EVP_OpenInit.pod
-@@ -8,8 +8,8 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFi
-
- #include <openssl/evp.h>
-
-- int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
-- int ekl,unsigned char *iv,EVP_PKEY *priv);
-+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
-+ int ekl, unsigned char *iv, EVP_PKEY *priv);
- int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-@@ -27,7 +27,7 @@ B<ekl> bytes passed in the B<ek> paramet
- The IV is supplied in the B<iv> parameter.
-
- EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
--as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
-+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
- documented on the L<EVP_EncryptInit(3)> manual
- page.
-
-@@ -58,6 +58,13 @@ L<evp(3)>, L<rand(3)>,
- L<EVP_EncryptInit(3)>,
- L<EVP_SealInit(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod
-+++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod
-@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorith
- #include <openssl/evp.h>
-
- int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
-- int cmd, int p1, void *p2);
-+ int cmd, int p1, void *p2);
- int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-- const char *value);
-+ const char *value);
-
- #include <openssl/rsa.h>
-
-@@ -78,7 +78,8 @@ to PKCS#1 when signing and this structur
- verifying. If this control is not used with RSA and PKCS#1 padding then the
- supplied data is used directly and not encapsulated. In the case of X9.31
- padding for RSA the algorithm identifier byte is added or checked and removed
--if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.
-+if this control is called. If it is not called then the first byte of the plaintext
-+buffer is expected to be the algorithm identifier byte.
-
- The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
- B<len> as its name implies it is only supported for PSS padding. Two special
-@@ -141,4 +142,13 @@ L<EVP_PKEY_keygen(3)>
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_CTX_new.pod
-+++ b/doc/crypto/EVP_PKEY_CTX_new.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions.
-+EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions
-
- =head1 SYNOPSIS
-
-@@ -50,4 +50,13 @@ L<EVP_PKEY_new(3)>
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod
-@@ -0,0 +1,128 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
-+EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
-+HMAC-based Extract-and-Expand key derivation algorithm
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/kdf.h>
-+
-+ int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
-+
-+ int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
-+ int saltlen);
-+
-+ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
-+ int keylen);
-+
-+ int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
-+ int infolen);
-+
-+=head1 DESCRIPTION
-+
-+The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
-+HKDF follows the "extract-then-expand" paradigm, where the KDF logically
-+consists of two modules. The first stage takes the input keying material
-+and "extracts" from it a fixed-length pseudorandom key K. The second stage
-+"expands" the key K into several additional pseudorandom keys (the output
-+of the KDF).
-+
-+EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
-+
-+EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
-+buffer B<salt>. Any existing value is replaced.
-+
-+EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
-+B<key>. Any existing value is replaced.
-+
-+EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
-+buffer B<info>. If a value is already set, it is appended to the existing
-+value.
-+
-+=head1 STRING CTRLS
-+
-+HKDF also supports string based control operations via
-+L<EVP_PKEY_CTX_ctrl_str(3)>.
-+The B<type> parameter "md" uses the supplied B<value> as the name of the digest
-+algorithm to use.
-+The B<type> parameters "salt", "key" and "info" use the supplied B<value>
-+parameter as a B<seed>, B<key> or B<info> value.
-+The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
-+string which is converted to binary.
-+
-+=head1 NOTES
-+
-+All these functions are implemented as macros.
-+
-+A context for HKDF can be obtained by calling:
-+
-+ EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL);
-+
-+The digest, key, salt and info values must be set before a key is derived or
-+an error occurs.
-+
-+The total length of the info buffer cannot exceed 1024 bytes in length: this
-+should be more than enough for any normal use of HKDF.
-+
-+The output length of the KDF is specified via the length parameter to the
-+L<EVP_PKEY_derive(3)> function.
-+Since the HKDF output length is variable, passing a B<NULL> buffer as a means
-+to obtain the requisite length is not meaningful with HKDF.
-+Instead, the caller must allocate a buffer of the desired length, and pass that
-+buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
-+desired length.
-+
-+Optimised versions of HKDF can be implemented in an ENGINE.
-+
-+=head1 RETURN VALUES
-+
-+All these functions return 1 for success and 0 or a negative value for failure.
-+In particular a return value of -2 indicates the operation is not supported by
-+the public key algorithm.
-+
-+=head1 EXAMPLE
-+
-+This example derives 10 bytes using SHA-256 with the secret key "secret",
-+salt value "salt" and info value "label":
-+
-+ EVP_PKEY_CTX *pctx;
-+ unsigned char out[10];
-+ size_t outlen = sizeof(out);
-+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-+
-+ if (EVP_PKEY_derive_init(pctx) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
-+ /* Error */
-+
-+=head1 CONFORMING TO
-+
-+RFC 5869
-+
-+=head1 SEE ALSO
-+
-+L<EVP_PKEY_CTX_new(3)>,
-+L<EVP_PKEY_CTX_ctrl_str(3)>,
-+L<EVP_PKEY_derive(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md
-@@ -0,0 +1,108 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_PKEY_CTX_set_tls1_prf_md,
-+EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed -
-+TLS PRF key derivation algorithm
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/kdf.h>
-+
-+ int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
-+ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
-+ unsigned char *sec, int seclen);
-+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, seed, seedlen)
-+ unsigned char *seed, int seedlen);
-+
-+=head1 DESCRIPTION
-+
-+The B<EVP_PKEY_TLS1_PRF> algorithm implements the PRF key derivation function for
-+TLS. It has no associated private key and only implements key derivation
-+using EVP_PKEY_derive().
-+
-+EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
-+TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
-+algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
-+
-+EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF
-+to B<seclen> bytes of the buffer B<sec>. Any existing secret value is replaced
-+and any seed is reset.
-+
-+EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
-+If a seed is already set it is appended to the existing value.
-+
-+=head1 STRING CTRLS
-+
-+The TLS PRF also supports string based control operations using
-+L<EVP_PKEY_CTX_ctrl_str(3)>.
-+The B<type> parameter "md" uses the supplied B<value> as the name of the digest
-+algorithm to use.
-+The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
-+as a secret or seed value.
-+The names "hexsecret" and "hexseed" are similar except they take a hex string
-+which is converted to binary.
-+
-+=head1 NOTES
-+
-+All these functions are implemented as macros.
-+
-+A context for the TLS PRF can be obtained by calling:
-+
-+ EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL);
-+
-+The digest, secret value and seed must be set before a key is derived or an
-+error occurs.
-+
-+The total length of all seeds cannot exceed 1024 bytes in length: this should
-+be more than enough for any normal use of the TLS PRF.
-+
-+The output length of the PRF is specified by the length parameter in the
-+EVP_PKEY_derive() function. Since the output length is variable, setting
-+the buffer to B<NULL> is not meaningful for the TLS PRF.
-+
-+Optimised versions of the TLS PRF can be implemented in an ENGINE.
-+
-+=head1 RETURN VALUES
-+
-+All these functions return 1 for success and 0 or a negative value for failure.
-+In particular a return value of -2 indicates the operation is not supported by
-+the public key algorithm.
-+
-+=head1 EXAMPLE
-+
-+This example derives 10 bytes using SHA-256 with the secret key "secret"
-+and seed value "seed":
-+
-+ EVP_PKEY_CTX *pctx;
-+ unsigned char out[10];
-+ size_t outlen = sizeof(out);
-+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
-+ if (EVP_PKEY_derive_init(pctx) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
-+ /* Error */
-+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
-+ /* Error */
-+
-+=head1 SEE ALSO
-+
-+L<EVP_PKEY_CTX_new(3)>,
-+L<EVP_PKEY_CTX_ctrl_str(3)>,
-+L<EVP_PKEY_derive(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/EVP_PKEY_HKDF.pod
-+++ /dev/null
-@@ -1,119 +0,0 @@
--=pod
--
--=head1 NAME
--
--EVP_PKEY_HKDF, EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
--EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
--HMAC-based Extract-and-Expand key derivation algorithm
--
--=head1 SYNOPSIS
--
-- #include <openssl/kdf.h>
--
-- int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
--
-- int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
-- int saltlen);
--
-- int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
-- int keylen);
--
-- int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
-- int infolen);
--
--=head1 DESCRIPTION
--
--The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
--HKDF follows the "extract-then-expand" paradigm, where the KDF logically
--consists of two modules. The first stage takes the input keying material
--and "extracts" from it a fixed-length pseudorandom key K. The second stage
--"expands" the key K into several additional pseudorandom keys (the output
--of the KDF).
--
--EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
--
--EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
--buffer B<salt>. Any existing value is replaced.
--
--EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
--B<key>. Any existing value is replaced.
--
--EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
--buffer B<info>. If a value is already set, it is appended to the existing
--value.
--
--=head1 STRING CTRLS
--
--HKDF also supports string based control operations via
--L<EVP_PKEY_CTX_ctrl_str(3)>.
--The B<type> parameter "md" uses the supplied B<value> as the name of the digest
--algorithm to use.
--The B<type> parameters "salt", "key" and "info" use the supplied B<value>
--parameter as a B<seed>, B<key> or B<info> value.
--The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
--string which is converted to binary.
--
--=head1 NOTES
--
--All these functions are implemented as macros.
--
--A context for HKDF can be obtained by calling:
--
-- EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL);
--
--The digest, key, salt and info values must be set before a key is derived or
--an error occurs.
--
--The total length of the info buffer cannot exceed 1024 bytes in length: this
--should be more than enough for any normal use of HKDF.
--
--The output length of the KDF is specified via the length parameter to the
--L<EVP_PKEY_derive(3)> function.
--Since the HKDF output length is variable, passing a B<NULL> buffer as a means
--to obtain the requisite length is not meaningful with HKDF.
--Instead, the caller must allocate a buffer of the desired length, and pass that
--buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
--desired length.
--
--Optimised versions of HKDF can be implemented in an ENGINE.
--
--=head1 RETURN VALUES
--
--All these functions return 1 for success and 0 or a negative value for failure.
--In particular a return value of -2 indicates the operation is not supported by
--the public key algorithm.
--
--=head1 EXAMPLE
--
--This example derives 10 bytes using SHA-256 with the secret key "secret",
--salt value "salt" and info value "label":
--
-- EVP_PKEY_CTX *pctx;
-- unsigned char out[10];
-- size_t outlen = sizeof(out);
-- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
--
-- if (EVP_PKEY_derive_init(pctx) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
-- /* Error */
-- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
-- /* Error */
--
--=head1 CONFORMING TO
--
--RFC 5869
--
--=head1 SEE ALSO
--
--L<EVP_PKEY_CTX_new(3)>,
--L<EVP_PKEY_CTX_ctrl_str(3)>,
--L<EVP_PKEY_derive(3)>
--
--=cut
---- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
-+++ /dev/null
-@@ -1,99 +0,0 @@
--=pod
--
--=head1 NAME
--
--EVP_PKEY_TLS1_PRF, EVP_PKEY_CTX_set_tls1_prf_md,
--EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed -
--TLS PRF key derivation algorithm
--
--=head1 SYNOPSIS
--
-- #include <openssl/kdf.h>
--
-- int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
-- int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
-- unsigned char *sec, int seclen);
-- int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, seed, seedlen)
-- unsigned char *seed, int seedlen);
--
--=head1 DESCRIPTION
--
--The EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for
--TLS. It has no associated private key and only implements key derivation
--using EVP_PKEY_derive().
--
--EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the
--TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF
--algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
--
--EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF
--to B<seclen> bytes of the buffer B<sec>. Any existing secret value is replaced
--and any seed is reset.
--
--EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
--If a seed is already set it is appended to the existing value.
--
--=head1 STRING CTRLS
--
--The TLS PRF also supports string based control operations using
--L<EVP_PKEY_CTX_ctrl_str(3)>.
--The B<type> parameter "md" uses the supplied B<value> as the name of the digest
--algorithm to use.
--The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
--as a secret or seed value.
--The names "hexsecret" and "hexseed" are similar except they take a hex string
--which is converted to binary.
--
--=head1 NOTES
--
--All these functions are implemented as macros.
--
--A context for the TLS PRF can be obtained by calling:
--
-- EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL);
--
--The digest, secret value and seed must be set before a key is derived or an
--error occurs.
--
--The total length of all seeds cannot exceed 1024 bytes in length: this should
--be more than enough for any normal use of the TLS PRF.
--
--The output length of the PRF is specified by the length parameter in the
--EVP_PKEY_derive() function. Since the output length is variable, setting
--the buffer to B<NULL> is not meaningful for the TLS PRF.
--
--Optimised versions of the TLS PRF can be implemented in an ENGINE.
--
--=head1 RETURN VALUES
--
--All these functions return 1 for success and 0 or a negative value for failure.
--In particular a return value of -2 indicates the operation is not supported by
--the public key algorithm.
--
--=head1 EXAMPLE
--
--This example derives 10 bytes using SHA-256 with the secret key "secret"
--and seed value "seed":
--
-- EVP_PKEY_CTX *pctx;
-- unsigned char out[10];
-- size_t outlen = sizeof(out);
-- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
-- if (EVP_PKEY_derive_init(pctx) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
-- /* Error */
-- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
-- /* Error */
-- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
-- /* Error */
--
--=head1 SEE ALSO
--
--L<EVP_PKEY_CTX_new(3)>,
--L<EVP_PKEY_CTX_ctrl_str(3)>,
--L<EVP_PKEY_derive(3)>
--
--=cut
---- a/doc/crypto/EVP_PKEY_cmp.pod
-+++ b/doc/crypto/EVP_PKEY_cmp.pod
-@@ -2,7 +2,8 @@
-
- =head1 NAME
-
--EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions
-+EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters,
-+EVP_PKEY_cmp - public key parameter and comparison functions
-
- =head1 SYNOPSIS
-
-@@ -21,7 +22,9 @@ parameters of B<pkey> are missing and 0
- doesn't use parameters.
-
- The function EVP_PKEY_copy_parameters() copies the parameters from key
--B<from> to key B<to>.
-+B<from> to key B<to>. An error is returned if the parameters are missing in
-+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
-+in B<from> and B<to> are both present and match this function has no effect.
-
- The function EVP_PKEY_cmp_parameters() compares the parameters of keys
- B<a> and B<b>.
-@@ -56,6 +59,15 @@ keys match, 0 if they don't match, -1 if
- =head1 SEE ALSO
-
- L<EVP_PKEY_CTX_new(3)>,
--L<EVP_PKEY_keygen(3)>
-+L<EVP_PKEY_keygen(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/EVP_PKEY_decrypt.pod
-+++ b/doc/crypto/EVP_PKEY_decrypt.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt
-
- int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
-- unsigned char *out, size_t *outlen,
-- const unsigned char *in, size_t inlen);
-+ unsigned char *out, size_t *outlen,
-+ const unsigned char *in, size_t inlen);
-
- =head1 DESCRIPTION
-
-@@ -50,30 +50,30 @@ indicates the operation is not supported
-
- EVP_PKEY_CTX *ctx;
- unsigned char *out, *in;
-- size_t outlen, inlen;
-+ size_t outlen, inlen;
- EVP_PKEY *key;
- /* NB: assumes key in, inlen are already set up
- * and that key is an RSA private key
- */
- ctx = EVP_PKEY_CTX_new(key);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_decrypt_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Determine buffer length */
- if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
-- /* Error */
-+ /* Error */
-
- out = OPENSSL_malloc(outlen);
-
- if (!out)
-- /* malloc failure */
--
-+ /* malloc failure */
-+
- if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Decrypted data is outlen bytes written to buffer out */
-
-@@ -84,10 +84,19 @@ L<EVP_PKEY_encrypt(3)>,
- L<EVP_PKEY_sign(3)>,
- L<EVP_PKEY_verify(3)>,
- L<EVP_PKEY_verify_recover(3)>,
--L<EVP_PKEY_derive(3)>
-+L<EVP_PKEY_derive(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_derive.pod
-+++ b/doc/crypto/EVP_PKEY_derive.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret.
-+EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret
-
- =head1 SYNOPSIS
-
-@@ -57,23 +57,23 @@ indicates the operation is not supported
-
- ctx = EVP_PKEY_CTX_new(pkey);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_derive_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Determine buffer length */
- if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
-- /* Error */
-+ /* Error */
-
- skey = OPENSSL_malloc(skeylen);
-
- if (!skey)
-- /* malloc failure */
--
-+ /* malloc failure */
-+
- if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Shared secret is skey bytes written to buffer skey */
-
-@@ -90,4 +90,13 @@ L<EVP_PKEY_verify_recover(3)>,
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_encrypt.pod
-+++ b/doc/crypto/EVP_PKEY_encrypt.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt
-
- int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
-- unsigned char *out, size_t *outlen,
-- const unsigned char *in, size_t inlen);
-+ unsigned char *out, size_t *outlen,
-+ const unsigned char *in, size_t inlen);
-
- =head1 DESCRIPTION
-
-@@ -43,7 +43,7 @@ indicates the operation is not supported
-
- =head1 EXAMPLE
-
--Encrypt data using OAEP (for RSA keys). See also L<pem(3)> or
-+Encrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)> or
- L<d2i_X509(3)> for means to load a public key. You may also simply
- set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
-
-@@ -54,30 +54,30 @@ L<d2i_X509(3)> for means to load a publi
- EVP_PKEY_CTX *ctx;
- ENGINE *eng;
- unsigned char *out, *in;
-- size_t outlen, inlen;
-+ size_t outlen, inlen;
- EVP_PKEY *key;
- /* NB: assumes eng, key, in, inlen are already set up,
- * and that key is an RSA public key
- */
-- ctx = EVP_PKEY_CTX_new(key,eng);
-+ ctx = EVP_PKEY_CTX_new(key, eng);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_encrypt_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Determine buffer length */
- if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
-- /* Error */
-+ /* Error */
-
- out = OPENSSL_malloc(outlen);
-
- if (!out)
-- /* malloc failure */
--
-+ /* malloc failure */
-+
- if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Encrypted data is outlen bytes written to buffer out */
-
-@@ -90,10 +90,19 @@ L<EVP_PKEY_decrypt(3)>,
- L<EVP_PKEY_sign(3)>,
- L<EVP_PKEY_verify(3)>,
- L<EVP_PKEY_verify_recover(3)>,
--L<EVP_PKEY_derive(3)>
-+L<EVP_PKEY_derive(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_get_default_digest.pod
-+++ /dev/null
-@@ -1,41 +0,0 @@
--=pod
--
--=head1 NAME
--
--EVP_PKEY_get_default_digest_nid - get default signature digest
--
--=head1 SYNOPSIS
--
-- #include <openssl/evp.h>
-- int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
--
--=head1 DESCRIPTION
--
--The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
--message digest NID for the public key signature operations associated with key
--B<pkey>.
--
--=head1 NOTES
--
--For all current standard OpenSSL public key algorithms SHA1 is returned.
--
--=head1 RETURN VALUES
--
--The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
--is advisory (that is other digests can be used) and 2 if it is mandatory (other
--digests can not be used). It returns 0 or a negative value for failure. In
--particular a return value of -2 indicates the operation is not supported by the
--public key algorithm.
--
--=head1 SEE ALSO
--
--L<EVP_PKEY_CTX_new(3)>,
--L<EVP_PKEY_sign(3)>,
--L<EVP_PKEY_verify(3)>,
--L<EVP_PKEY_verify_recover(3)>,
--
--=head1 HISTORY
--
--This function was first added to OpenSSL 1.0.0.
--
--=cut
---- /dev/null
-+++ b/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
-@@ -0,0 +1,50 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_PKEY_get_default_digest_nid - get default signature digest
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/evp.h>
-+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
-+
-+=head1 DESCRIPTION
-+
-+The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
-+message digest NID for the public key signature operations associated with key
-+B<pkey>.
-+
-+=head1 NOTES
-+
-+For all current standard OpenSSL public key algorithms SHA1 is returned.
-+
-+=head1 RETURN VALUES
-+
-+The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
-+is advisory (that is other digests can be used) and 2 if it is mandatory (other
-+digests can not be used). It returns 0 or a negative value for failure. In
-+particular a return value of -2 indicates the operation is not supported by the
-+public key algorithm.
-+
-+=head1 SEE ALSO
-+
-+L<EVP_PKEY_CTX_new(3)>,
-+L<EVP_PKEY_sign(3)>,
-+L<EVP_PKEY_verify(3)>,
-+L<EVP_PKEY_verify_recover(3)>,
-+
-+=head1 HISTORY
-+
-+This function was first added to OpenSSL 1.0.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/EVP_PKEY_keygen.pod
-+++ b/doc/crypto/EVP_PKEY_keygen.pod
-@@ -2,7 +2,10 @@
-
- =head1 NAME
-
--EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions
-+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
-+EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
-+EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
-+EVP_PKEY_CTX_get_app_data - key and parameter generation functions
-
- =head1 SYNOPSIS
-
-@@ -28,7 +31,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, E
- The EVP_PKEY_keygen_init() function initializes a public key algorithm
- context using key B<pkey> for a key generation operation.
-
--The EVP_PKEY_keygen() function performs a key generation operation, the
-+The EVP_PKEY_keygen() function performs a key generation operation, the
- generated key is written to B<ppkey>.
-
- The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
-@@ -95,15 +98,15 @@ the public key algorithm.
- EVP_PKEY *pkey = NULL;
- ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_keygen_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Generate key */
- if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-- /* Error */
-+ /* Error */
-
- Generate a key from a set of parameters:
-
-@@ -115,13 +118,13 @@ the public key algorithm.
- /* Assumed param is set up already */
- ctx = EVP_PKEY_CTX_new(param);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_keygen_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Generate key */
- if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-- /* Error */
-+ /* Error */
-
- Example of generation callback for OpenSSL public key implementations:
-
-@@ -130,19 +133,19 @@ the public key algorithm.
- EVP_PKEY_CTX_set_app_data(ctx, status_bio);
-
- static int genpkey_cb(EVP_PKEY_CTX *ctx)
-- {
-- char c='*';
-- BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-- int p;
-- p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-- if (p == 0) c='.';
-- if (p == 1) c='+';
-- if (p == 2) c='*';
-- if (p == 3) c='\n';
-- BIO_write(b,&c,1);
-- (void)BIO_flush(b);
-- return 1;
-- }
-+ {
-+ char c = '*';
-+ BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-+ int p;
-+ p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-+ if (p == 0) c = '.';
-+ if (p == 1) c = '+';
-+ if (p == 2) c = '*';
-+ if (p == 3) c = '\n';
-+ BIO_write(b, &c, 1);
-+ (void)BIO_flush(b);
-+ return 1;
-+ }
-
- =head1 SEE ALSO
-
-@@ -152,10 +155,19 @@ L<EVP_PKEY_decrypt(3)>,
- L<EVP_PKEY_sign(3)>,
- L<EVP_PKEY_verify(3)>,
- L<EVP_PKEY_verify_recover(3)>,
--L<EVP_PKEY_derive(3)>
-+L<EVP_PKEY_derive(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_new.pod
-+++ b/doc/crypto/EVP_PKEY_new.pod
-@@ -2,14 +2,14 @@
-
- =head1 NAME
-
--EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions.
-+EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions
-
- =head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- EVP_PKEY *EVP_PKEY_new(void);
-- void EVP_PKEY_up_ref(EVP_PKEY *key);
-+ int EVP_PKEY_up_ref(EVP_PKEY *key);
- void EVP_PKEY_free(EVP_PKEY *key);
-
-
-@@ -37,7 +37,7 @@ used.
- EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY> structure or
- B<NULL> if an error occurred.
-
--EVP_PKEY_up_ref() and EVP_PKEY_free() do not return a value.
-+EVP_PKEY_up_ref() returns 1 for success and 0 for failure.
-
- =head1 SEE ALSO
-
-@@ -49,4 +49,13 @@ EVP_PKEY_new() and EVP_PKEY_free() exist
-
- EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_print_private.pod
-+++ b/doc/crypto/EVP_PKEY_print_private.pod
-@@ -2,18 +2,18 @@
-
- =head1 NAME
-
--EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines.
-+EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines
-
- =head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
-- int indent, ASN1_PCTX *pctx);
-+ int indent, ASN1_PCTX *pctx);
- int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
-- int indent, ASN1_PCTX *pctx);
-+ int indent, ASN1_PCTX *pctx);
- int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
-- int indent, ASN1_PCTX *pctx);
-+ int indent, ASN1_PCTX *pctx);
-
- =head1 DESCRIPTION
-
-@@ -28,7 +28,7 @@ be used.
-
- =head1 NOTES
-
--Currently no public key algorithms include any options in the B<pctx> parameter
-+Currently no public key algorithms include any options in the B<pctx> parameter
- parameter.
-
- If the key does not include all the components indicated by the function then
-@@ -44,10 +44,19 @@ the public key algorithm.
- =head1 SEE ALSO
-
- L<EVP_PKEY_CTX_new(3)>,
--L<EVP_PKEY_keygen(3)>
-+L<EVP_PKEY_keygen(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_set1_RSA.pod
-+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
-@@ -6,31 +6,34 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EV
- EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
- EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
- EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
--EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions.
-+EVP_PKEY_get0_hmac,
-+EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id
-+- EVP_PKEY assignment functions
-
- =head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
-- int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
-- int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
-- int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
-- int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
-+ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
-+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
-+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
-+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
-
- RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
- DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
- DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
- EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-
-+ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
- RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
- DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
- DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
- EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
-
-- int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
-- int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
-- int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
-- int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
-+ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
-+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
-+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
-+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
-
- int EVP_PKEY_id(const EVP_PKEY *pkey);
- int EVP_PKEY_base_id(const EVP_PKEY *pkey);
-@@ -45,11 +48,11 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA()
- EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
- B<NULL> if the key is not of the correct type.
-
--EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
--EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or
--B<NULL> if the key is not of the correct type but the reference
--count of the returned key is B<not> incremented and so must not
--be freed up after use.
-+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
-+EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
-+referenced key in B<pkey> or B<NULL> if the key is not of the
-+correct type but the reference count of the returned key is
-+B<not> incremented and so must not be freed up after use.
-
- EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
- and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
-@@ -105,4 +108,13 @@ type or B<NID_undef> (equivalently B<EVP
-
- L<EVP_PKEY_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_sign.pod
-+++ b/doc/crypto/EVP_PKEY_sign.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign
-
- int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
-- unsigned char *sig, size_t *siglen,
-- const unsigned char *tbs, size_t tbslen);
-+ unsigned char *sig, size_t *siglen,
-+ const unsigned char *tbs, size_t tbslen);
-
- =head1 DESCRIPTION
-
-@@ -66,25 +66,25 @@ indicates the operation is not supported
- */
- ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_sign_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Determine buffer length */
- if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
-- /* Error */
-+ /* Error */
-
- sig = OPENSSL_malloc(siglen);
-
- if (!sig)
-- /* malloc failure */
--
-+ /* malloc failure */
-+
- if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Signature is siglen bytes written to buffer sig */
-
-@@ -97,10 +97,19 @@ L<EVP_PKEY_encrypt(3)>,
- L<EVP_PKEY_decrypt(3)>,
- L<EVP_PKEY_verify(3)>,
- L<EVP_PKEY_verify_recover(3)>,
--L<EVP_PKEY_derive(3)>
-+L<EVP_PKEY_derive(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_verify.pod
-+++ b/doc/crypto/EVP_PKEY_verify.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify -
-
- int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
-- const unsigned char *sig, size_t siglen,
-- const unsigned char *tbs, size_t tbslen);
-+ const unsigned char *sig, size_t siglen,
-+ const unsigned char *tbs, size_t tbslen);
-
- =head1 DESCRIPTION
-
-@@ -53,20 +53,20 @@ the public key algorithm.
-
- EVP_PKEY_CTX *ctx;
- unsigned char *md, *sig;
-- size_t mdlen, siglen;
-+ size_t mdlen, siglen;
- EVP_PKEY *verify_key;
- /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
- * and that verify_key is an RSA public key
- */
- ctx = EVP_PKEY_CTX_new(verify_key);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_verify_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Perform operation */
- ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
-@@ -82,10 +82,19 @@ L<EVP_PKEY_encrypt(3)>,
- L<EVP_PKEY_decrypt(3)>,
- L<EVP_PKEY_sign(3)>,
- L<EVP_PKEY_verify_recover(3)>,
--L<EVP_PKEY_derive(3)>
-+L<EVP_PKEY_derive(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_PKEY_verify_recover.pod
-+++ b/doc/crypto/EVP_PKEY_verify_recover.pod
-@@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_v
-
- int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
-- unsigned char *rout, size_t *routlen,
-- const unsigned char *sig, size_t siglen);
-+ unsigned char *rout, size_t *routlen,
-+ const unsigned char *sig, size_t siglen);
-
- =head1 DESCRIPTION
-
-@@ -29,7 +29,7 @@ B<rout> and the amount of data written t
- =head1 NOTES
-
- Normally an application is only interested in whether a signature verification
--operation is successful in those cases the EVP_verify() function should be
-+operation is successful in those cases the EVP_verify() function should be
- used.
-
- Sometimes however it is useful to obtain the data originally signed using a
-@@ -58,32 +58,32 @@ indicates the operation is not supported
-
- EVP_PKEY_CTX *ctx;
- unsigned char *rout, *sig;
-- size_t routlen, siglen;
-+ size_t routlen, siglen;
- EVP_PKEY *verify_key;
- /* NB: assumes verify_key, sig and siglen are already set up
- * and that verify_key is an RSA public key
- */
- ctx = EVP_PKEY_CTX_new(verify_key);
- if (!ctx)
-- /* Error occurred */
-+ /* Error occurred */
- if (EVP_PKEY_verify_recover_init(ctx) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-- /* Error */
-+ /* Error */
- if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Determine buffer length */
- if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
-- /* Error */
-+ /* Error */
-
- rout = OPENSSL_malloc(routlen);
-
- if (!rout)
-- /* malloc failure */
--
-+ /* malloc failure */
-+
- if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
-- /* Error */
-+ /* Error */
-
- /* Recovered data is routlen bytes written to buffer rout */
-
-@@ -94,10 +94,19 @@ L<EVP_PKEY_encrypt(3)>,
- L<EVP_PKEY_decrypt(3)>,
- L<EVP_PKEY_sign(3)>,
- L<EVP_PKEY_verify(3)>,
--L<EVP_PKEY_derive(3)>
-+L<EVP_PKEY_derive(3)>
-
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_SealInit.pod
-+++ b/doc/crypto/EVP_SealInit.pod
-@@ -42,9 +42,9 @@ If the cipher does not require an IV the
- and can be B<NULL>.
-
- EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
--as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
-+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
- documented on the L<EVP_EncryptInit(3)> manual
--page.
-+page.
-
- =head1 RETURN VALUES
-
-@@ -78,4 +78,13 @@ L<evp(3)>, L<rand(3)>,
- L<EVP_EncryptInit(3)>,
- L<EVP_OpenInit(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_SignInit.pod
-+++ b/doc/crypto/EVP_SignInit.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+EVP_PKEY_size,
- EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing
- functions
-
-@@ -11,7 +12,7 @@ functions
-
- int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
-- int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
-+ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
-
- void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-
-@@ -60,7 +61,7 @@ transparent to the algorithm used and mu
-
- Due to the link between message digests and public key algorithms the correct
- digest algorithm must be used with the correct public key type. A list of
--algorithms and associated public key algorithms appears in
-+algorithms and associated public key algorithms appears in
- L<EVP_DigestInit(3)>.
-
- When signing with DSA private keys the random number generator must be seeded
-@@ -77,7 +78,7 @@ will occur.
-
- =head1 BUGS
-
--Older versions of this documentation wrongly stated that calls to
-+Older versions of this documentation wrongly stated that calls to
- EVP_SignUpdate() could not be made after calling EVP_SignFinal().
-
- Since the private key is passed in the call to EVP_SignFinal() any error
-@@ -97,4 +98,13 @@ L<evp(3)>, L<hmac(3)>, L<md2(3)>,
- L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>,
- L<sha(3)>, L<dgst(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/EVP_VerifyInit.pod
-+++ b/doc/crypto/EVP_VerifyInit.pod
-@@ -2,7 +2,9 @@
-
- =head1 NAME
-
--EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
-+EVP_VerifyInit_ex,
-+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal
-+- EVP signature verification functions
-
- =head1 SYNOPSIS
-
-@@ -10,7 +12,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_Ve
-
- int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
-- int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
-+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey);
-
- int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-
-@@ -51,7 +53,7 @@ transparent to the algorithm used and mu
-
- Due to the link between message digests and public key algorithms the correct
- digest algorithm must be used with the correct public key type. A list of
--algorithms and associated public key algorithms appears in
-+algorithms and associated public key algorithms appears in
- L<EVP_DigestInit(3)>.
-
- The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
-@@ -64,7 +66,7 @@ will occur.
-
- =head1 BUGS
-
--Older versions of this documentation wrongly stated that calls to
-+Older versions of this documentation wrongly stated that calls to
- EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
-
- Since the public key is passed in the call to EVP_SignFinal() any error
-@@ -85,4 +87,13 @@ L<evp(3)>, L<hmac(3)>, L<md2(3)>,
- L<md5(3)>, L<mdc2(3)>, L<ripemd(3)>,
- L<sha(3)>, L<dgst(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/HMAC.pod
-@@ -0,0 +1,151 @@
-+=pod
-+
-+=head1 NAME
-+
-+HMAC,
-+HMAC_CTX_new,
-+HMAC_CTX_reset,
-+HMAC_CTX_free,
-+HMAC_Init,
-+HMAC_Init_ex,
-+HMAC_Update,
-+HMAC_Final,
-+HMAC_CTX_copy,
-+HMAC_CTX_set_flags,
-+HMAC_CTX_get_md
-+- HMAC message authentication code
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/hmac.h>
-+
-+ unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
-+ int key_len, const unsigned char *d, int n,
-+ unsigned char *md, unsigned int *md_len);
-+
-+ HMAC_CTX *HMAC_CTX_new(void);
-+ int HMAC_CTX_reset(HMAC_CTX *ctx);
-+
-+ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
-+ const EVP_MD *md, ENGINE *impl);
-+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
-+ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-+
-+ void HMAC_CTX_free(HMAC_CTX *ctx);
-+
-+ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-+ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-+ const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
-+
-+Deprecated:
-+
-+ #if OPENSSL_API_COMPAT < 0x10100000L
-+ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
-+ const EVP_MD *md);
-+ #endif
-+
-+=head1 DESCRIPTION
-+
-+HMAC is a MAC (message authentication code), i.e. a keyed hash
-+function used for message authentication, which is based on a hash
-+function.
-+
-+HMAC() computes the message authentication code of the B<n> bytes at
-+B<d> using the hash function B<evp_md> and the key B<key> which is
-+B<key_len> bytes long.
-+
-+It places the result in B<md> (which must have space for the output of
-+the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
-+If B<md> is NULL, the digest is placed in a static array. The size of
-+the output is placed in B<md_len>, unless it is B<NULL>.
-+
-+B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
-+
-+HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
-+
-+HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
-+resources, making it suitable for new computations as if it was newly
-+created with HMAC_CTX_new().
-+
-+HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
-+releases any associated resources and finally frees the B<HMAC_CTX>
-+itself.
-+
-+The following functions may be used if the message is not completely
-+stored in memory:
-+
-+HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
-+function B<evp_md> and the key B<key> which is B<key_len> bytes
-+long. It is deprecated and only included for backward compatibility
-+with OpenSSL 0.9.6b.
-+
-+HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
-+function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
-+as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
-+reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
-+of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
-+behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
-+in programs that expect it will cause them to stop working>.
-+
-+B<NOTE:> If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
-+same as the previous digest used by B<ctx> then an error is returned
-+because reuse of an existing key with a different digest is not supported.
-+
-+HMAC_Update() can be called repeatedly with chunks of the message to
-+be authenticated (B<len> bytes at B<data>).
-+
-+HMAC_Final() places the message authentication code in B<md>, which
-+must have space for the hash function output.
-+
-+HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
-+
-+HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
-+These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
-+
-+HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
-+supplied HMAC_CTX.
-+
-+=head1 RETURN VALUES
-+
-+HMAC() returns a pointer to the message authentication code or NULL if
-+an error occurred.
-+
-+HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
-+B<NULL> if an error occurred.
-+
-+HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
-+HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
-+
-+HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
-+NULL if no EVP_MD has been set.
-+
-+=head1 CONFORMING TO
-+
-+RFC 2104
-+
-+=head1 SEE ALSO
-+
-+L<sha(3)>, L<evp(3)>
-+
-+=head1 HISTORY
-+
-+HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.0.
-+
-+HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.0.
-+
-+HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL version
-+1.1.0.
-+
-+HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
-+versions of OpenSSL before 1.0.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/MD5.pod
-@@ -0,0 +1,101 @@
-+=pod
-+
-+=head1 NAME
-+
-+MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
-+MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/md2.h>
-+
-+ unsigned char *MD2(const unsigned char *d, unsigned long n,
-+ unsigned char *md);
-+
-+ int MD2_Init(MD2_CTX *c);
-+ int MD2_Update(MD2_CTX *c, const unsigned char *data,
-+ unsigned long len);
-+ int MD2_Final(unsigned char *md, MD2_CTX *c);
-+
-+
-+ #include <openssl/md4.h>
-+
-+ unsigned char *MD4(const unsigned char *d, unsigned long n,
-+ unsigned char *md);
-+
-+ int MD4_Init(MD4_CTX *c);
-+ int MD4_Update(MD4_CTX *c, const void *data,
-+ unsigned long len);
-+ int MD4_Final(unsigned char *md, MD4_CTX *c);
-+
-+
-+ #include <openssl/md5.h>
-+
-+ unsigned char *MD5(const unsigned char *d, unsigned long n,
-+ unsigned char *md);
-+
-+ int MD5_Init(MD5_CTX *c);
-+ int MD5_Update(MD5_CTX *c, const void *data,
-+ unsigned long len);
-+ int MD5_Final(unsigned char *md, MD5_CTX *c);
-+
-+=head1 DESCRIPTION
-+
-+MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
-+
-+MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
-+of the B<n> bytes at B<d> and place it in B<md> (which must have space
-+for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
-+bytes of output). If B<md> is NULL, the digest is placed in a static
-+array.
-+
-+The following functions may be used if the message is not completely
-+stored in memory:
-+
-+MD2_Init() initializes a B<MD2_CTX> structure.
-+
-+MD2_Update() can be called repeatedly with chunks of the message to
-+be hashed (B<len> bytes at B<data>).
-+
-+MD2_Final() places the message digest in B<md>, which must have space
-+for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
-+
-+MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
-+MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
-+
-+Applications should use the higher level functions
-+L<EVP_DigestInit(3)>
-+etc. instead of calling the hash functions directly.
-+
-+=head1 NOTE
-+
-+MD2, MD4, and MD5 are recommended only for compatibility with existing
-+applications. In new applications, SHA-1 or RIPEMD-160 should be
-+preferred.
-+
-+=head1 RETURN VALUES
-+
-+MD2(), MD4(), and MD5() return pointers to the hash value.
-+
-+MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
-+MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
-+success, 0 otherwise.
-+
-+=head1 CONFORMING TO
-+
-+RFC 1319, RFC 1320, RFC 1321
-+
-+=head1 SEE ALSO
-+
-+L<EVP_DigestInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/MDC2_Init.pod
-@@ -0,0 +1,68 @@
-+=pod
-+
-+=head1 NAME
-+
-+MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/mdc2.h>
-+
-+ unsigned char *MDC2(const unsigned char *d, unsigned long n,
-+ unsigned char *md);
-+
-+ int MDC2_Init(MDC2_CTX *c);
-+ int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
-+ unsigned long len);
-+ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-+
-+=head1 DESCRIPTION
-+
-+MDC2 is a method to construct hash functions with 128 bit output from
-+block ciphers. These functions are an implementation of MDC2 with
-+DES.
-+
-+MDC2() computes the MDC2 message digest of the B<n>
-+bytes at B<d> and places it in B<md> (which must have space for
-+MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
-+is placed in a static array.
-+
-+The following functions may be used if the message is not completely
-+stored in memory:
-+
-+MDC2_Init() initializes a B<MDC2_CTX> structure.
-+
-+MDC2_Update() can be called repeatedly with chunks of the message to
-+be hashed (B<len> bytes at B<data>).
-+
-+MDC2_Final() places the message digest in B<md>, which must have space
-+for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
-+
-+Applications should use the higher level functions
-+L<EVP_DigestInit(3)> etc. instead of calling the
-+hash functions directly.
-+
-+=head1 RETURN VALUES
-+
-+MDC2() returns a pointer to the hash value.
-+
-+MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
-+
-+=head1 CONFORMING TO
-+
-+ISO/IEC 10118-2, with DES
-+
-+=head1 SEE ALSO
-+
-+L<EVP_DigestInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/OBJ_nid2obj.pod
-+++ b/doc/crypto/OBJ_nid2obj.pod
-@@ -2,17 +2,19 @@
-
- =head1 NAME
-
--OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
--OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
--functions
-+i2t_ASN1_OBJECT,
-+OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln,
-+OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp,
-+OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup
-+- ASN1 object utility functions
-
- =head1 SYNOPSIS
-
- #include <openssl/objects.h>
-
-- ASN1_OBJECT * OBJ_nid2obj(int n);
-- const char * OBJ_nid2ln(int n);
-- const char * OBJ_nid2sn(int n);
-+ ASN1_OBJECT *OBJ_nid2obj(int n);
-+ const char *OBJ_nid2ln(int n);
-+ const char *OBJ_nid2sn(int n);
-
- int OBJ_obj2nid(const ASN1_OBJECT *o);
- int OBJ_ln2nid(const char *ln);
-@@ -20,13 +22,15 @@ functions
-
- int OBJ_txt2nid(const char *s);
-
-- ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
-+ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
- int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-
-- int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-- ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
-+ int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
-
-- int OBJ_create(const char *oid,const char *sn,const char *ln);
-+ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
-+ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
-+
-+ int OBJ_create(const char *oid, const char *sn, const char *ln);
-
- size_t OBJ_length(const ASN1_OBJECT *obj);
- const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
-@@ -41,8 +45,14 @@ functions
-
- The ASN1 object utility functions process ASN1_OBJECT structures which are
- a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
-+For convenience, OIDs are usually represented in source code as numeric
-+identifiers, or B<NID>s. OpenSSL has an internal table of OIDs that
-+are generated when the library is built, and their corresponding NIDs
-+are available as defined constants. For the functions below, application
-+code should treat all returned values -- OIDs, NIDs, or names -- as
-+constants.
-
--OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
-+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
- an ASN1_OBJECT structure, its long name and its short name respectively,
- or B<NULL> is an error occurred.
-
-@@ -66,11 +76,13 @@ if the object has a long or short name t
- the numerical form will be used. If B<no_name> is 1 then the numerical
- form will always be used.
-
-+i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the B<no_name> set to zero.
-+
- OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
-
- OBJ_dup() returns a copy of B<o>.
-
--OBJ_create() adds a new object to the internal table. B<oid> is the
-+OBJ_create() adds a new object to the internal table. B<oid> is the
- numerical form of the object, B<sn> the short name and B<ln> the
- long name. A new NID is returned for the created object.
-
-@@ -117,6 +129,10 @@ exists for a particular algorithm). As a
- decoded as part of ASN.1 structures. Applications can determine if there
- is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
-
-+These functions cannot return B<const> because an B<ASN1_OBJECT> can
-+represent both an internal, constant, OID and a dynamically-created one.
-+The latter cannot be constant because it needs to be freed after use.
-+
- =head1 EXAMPLES
-
- Create an object for B<commonName>:
-@@ -127,23 +143,24 @@ is a corresponding OBJECT IDENTIFIER by
- Check if an object is B<commonName>
-
- if (OBJ_obj2nid(obj) == NID_commonName)
-- /* Do something */
-+ /* Do something */
-
- Create a new NID and initialize an object from it:
-
- int new_nid;
- ASN1_OBJECT *obj;
-+
- new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
-
- obj = OBJ_nid2obj(new_nid);
--
-+
- Create a new object directly:
-
- obj = OBJ_txt2obj("1.2.3.4", 1);
-
- =head1 BUGS
-
--OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
-+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
- convention of other OpenSSL functions where the buffer can be set
- to B<NULL> to determine the amount of data that should be written.
- Instead B<buf> must point to a valid buffer and B<buf_len> should
-@@ -169,4 +186,13 @@ L<ERR_get_error(3)>
-
- OBJ_cleanup() was deprecated in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OCSP_REQUEST_new.pod
-+++ b/doc/crypto/OCSP_REQUEST_new.pod
-@@ -1,8 +1,10 @@
- =pod
-
-+=head1 NAME
-+
- OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign,
- OCSP_request_add1_cert, OCSP_request_onereq_count,
--OCSP_request_onereq_get0 - OCSP request functions.
-+OCSP_request_onereq_get0 - OCSP request functions
-
- =head1 SYNOPSIS
-
-@@ -104,4 +106,13 @@ L<OCSP_response_find_status(3)>,
- L<OCSP_response_status(3)>,
- L<OCSP_sendreq_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OCSP_cert_to_id.pod
-+++ b/doc/crypto/OCSP_cert_to_id.pod
-@@ -1,7 +1,9 @@
- =pod
-
-+=head1 NAME
-+
- OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp,
--OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions.
-+OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions
-
- =head1 SYNOPSIS
-
-@@ -75,4 +77,13 @@ L<OCSP_response_find_status(3)>,
- L<OCSP_response_status(3)>,
- L<OCSP_sendreq_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OCSP_request_add1_nonce.pod
-+++ b/doc/crypto/OCSP_request_add1_nonce.pod
-@@ -1,6 +1,8 @@
- =pod
-
--OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions.
-+=head1 NAME
-+
-+OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions
-
- =head1 SYNOPSIS
-
-@@ -70,4 +72,13 @@ L<OCSP_response_find_status(3)>,
- L<OCSP_response_status(3)>,
- L<OCSP_sendreq_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/OCSP_resp_find_status.pod
-@@ -0,0 +1,138 @@
-+=pod
-+
-+=head1 NAME
-+
-+OCSP_resp_get0_certs,
-+OCSP_resp_get0_id,
-+OCSP_resp_get0_produced_at,
-+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
-+OCSP_single_get0_status, OCSP_check_validity
-+- OCSP response utility functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ocsp.h>
-+
-+ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-+ int *reason,
-+ ASN1_GENERALIZEDTIME **revtime,
-+ ASN1_GENERALIZEDTIME **thisupd,
-+ ASN1_GENERALIZEDTIME **nextupd);
-+
-+ int OCSP_resp_count(OCSP_BASICRESP *bs);
-+ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-+ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-+ ASN1_GENERALIZEDTIME **revtime,
-+ ASN1_GENERALIZEDTIME **thisupd,
-+ ASN1_GENERALIZEDTIME **nextupd);
-+
-+ ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* single);
-+
-+ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
-+
-+ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
-+ const ASN1_OCTET_STRING **pid,
-+ const X509_NAME **pname);
-+
-+ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-+ ASN1_GENERALIZEDTIME *nextupd,
-+ long sec, long maxsec);
-+
-+=head1 DESCRIPTION
-+
-+OCSP_resp_find_status() searches B<bs> for an OCSP response for B<id>. If it is
-+successful the fields of the response are returned in B<*status>, B<*reason>,
-+B<*revtime>, B<*thisupd> and B<*nextupd>. The B<*status> value will be one of
-+B<V_OCSP_CERTSTATUS_GOOD>, B<V_OCSP_CERTSTATUS_REVOKED> or
-+B<V_OCSP_CERTSTATUS_UNKNOWN>. The B<*reason> and B<*revtime> fields are only
-+set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the B<*reason> field
-+will be set to the revocation reason which will be one of
-+B<OCSP_REVOKED_STATUS_NOSTATUS>, B<OCSP_REVOKED_STATUS_UNSPECIFIED>,
-+B<OCSP_REVOKED_STATUS_KEYCOMPROMISE>, B<OCSP_REVOKED_STATUS_CACOMPROMISE>,
-+B<OCSP_REVOKED_STATUS_AFFILIATIONCHANGED>, B<OCSP_REVOKED_STATUS_SUPERSEDED>,
-+B<OCSP_REVOKED_STATUS_CESSATIONOFOPERATION>,
-+B<OCSP_REVOKED_STATUS_CERTIFICATEHOLD> or B<OCSP_REVOKED_STATUS_REMOVEFROMCRL>.
-+
-+OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in B<bs>.
-+
-+OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in B<bs>
-+corresponding to index B<idx>. Where B<idx> runs from 0 to
-+OCSP_resp_count(bs) - 1.
-+
-+OCSP_resp_find() searches B<bs> for B<id> and returns the index of the first
-+matching entry after B<last> or starting from the beginning if B<last> is -1.
-+
-+OCSP_single_get0_status() extracts the fields of B<single> in B<*reason>,
-+B<*revtime>, B<*thisupd> and B<*nextupd>.
-+
-+OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
-+single response B<bs>.
-+
-+OCSP_resp_get0_certs() returns any certificates included in B<bs>.
-+
-+OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
-+a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
-+responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
-+is set to NULL.
-+
-+OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
-+which will be typically obtained from OCSP_resp_find_status() or
-+OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
-+leeway should be allowed in the check. If B<maxsec> is positive it indicates
-+the maximum age of B<thisupd> in seconds.
-+
-+=head1 RETURN VALUES
-+
-+OCSP_resp_find_status() returns 1 if B<id> is found in B<bs> and 0 otherwise.
-+
-+OCSP_resp_count() returns the total number of B<OCSP_SINGLERESP> fields in
-+B<bs>.
-+
-+OCSP_resp_get0() returns a pointer to an B<OCSP_SINGLERESP> structure or
-+B<NULL> if B<idx> is out of range.
-+
-+OCSP_resp_find() returns the index of B<id> in B<bs> (which may be 0) or -1 if
-+B<id> was not found.
-+
-+OCSP_single_get0_status() returns the status of B<single> or -1 if an error
-+occurred.
-+
-+=head1 NOTES
-+
-+Applications will typically call OCSP_resp_find_status() using the certificate
-+ID of interest and then check its validity using OCSP_check_validity(). They
-+can then take appropriate action based on the status of the certificate.
-+
-+An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate>
-+fields. Normally the current time should be between these two values. To
-+account for clock skew the B<maxsec> field can be set to non-zero in
-+OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this
-+would otherwise mean an ancient response would be considered valid: the
-+B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted
-+age of responses.
-+
-+The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by
-+OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers
-+which B<MUST NOT> be freed up by the calling application. Any or all of these
-+parameters can be set to NULL if their value is not required.
-+
-+=head1 SEE ALSO
-+
-+L<crypto(3)>,
-+L<OCSP_cert_to_id(3)>,
-+L<OCSP_request_add1_nonce(3)>,
-+L<OCSP_REQUEST_new(3)>,
-+L<OCSP_response_status(3)>,
-+L<OCSP_sendreq_new(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/OCSP_response_find_status.pod
-+++ /dev/null
-@@ -1,109 +0,0 @@
--=pod
--
--OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/ocsp.h>
--
-- int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-- int *reason,
-- ASN1_GENERALIZEDTIME **revtime,
-- ASN1_GENERALIZEDTIME **thisupd,
-- ASN1_GENERALIZEDTIME **nextupd);
--
-- int OCSP_resp_count(OCSP_BASICRESP *bs);
-- OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-- int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-- int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-- ASN1_GENERALIZEDTIME **revtime,
-- ASN1_GENERALIZEDTIME **thisupd,
-- ASN1_GENERALIZEDTIME **nextupd);
--
-- ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* single);
--
-- int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-- ASN1_GENERALIZEDTIME *nextupd,
-- long sec, long maxsec);
--
--=head1 DESCRIPTION
--
--OCSP_resp_find_status() searches B<bs> for an OCSP response for B<id>. If it is
--successful the fields of the response are returned in B<*status>, B<*reason>,
--B<*revtime>, B<*thisupd> and B<*nextupd>. The B<*status> value will be one of
--B<V_OCSP_CERTSTATUS_GOOD>, B<V_OCSP_CERTSTATUS_REVOKED> or
--B<V_OCSP_CERTSTATUS_UNKNOWN>. The B<*reason> and B<*revtime> fields are only
--set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the B<*reason> field
--will be set to the revocation reason which will be one of
--B<OCSP_REVOKED_STATUS_NOSTATUS>, B<OCSP_REVOKED_STATUS_UNSPECIFIED>,
--B<OCSP_REVOKED_STATUS_KEYCOMPROMISE>, B<OCSP_REVOKED_STATUS_CACOMPROMISE>,
--B<OCSP_REVOKED_STATUS_AFFILIATIONCHANGED>, B<OCSP_REVOKED_STATUS_SUPERSEDED>,
--B<OCSP_REVOKED_STATUS_CESSATIONOFOPERATION>,
--B<OCSP_REVOKED_STATUS_CERTIFICATEHOLD> or B<OCSP_REVOKED_STATUS_REMOVEFROMCRL>.
--
--OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in B<bs>.
--
--OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in B<bs>
--corresponding to index B<idx>. Where B<idx> runs from 0 to
--OCSP_resp_count(bs) - 1.
--
--OCSP_resp_find() searches B<bs> for B<id> and returns the index of the first
--matching entry after B<last> or starting from the beginning if B<last> is -1.
--
--OCSP_single_get0_status() extracts the fields of B<single> in B<*reason>,
--B<*revtime>, B<*thisupd> and B<*nextupd>.
--
--OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
--single response B<bs>.
--
--OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
--which will be typically obtained from OCSP_resp_find_status() or
--OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
--leeway should be allowed in the check. If B<maxsec> is positive it indicates
--the maximum age of B<thisupd> in seconds.
--
--=head1 RETURN VALUES
--
--OCSP_resp_find_status() returns 1 if B<id> is found in B<bs> and 0 otherwise.
--
--OCSP_resp_count() returns the total number of B<OCSP_SINGLERESP> fields in
--B<bs>.
--
--OCSP_resp_get0() returns a pointer to an B<OCSP_SINGLERESP> structure or
--B<NULL> if B<idx> is out of range.
--
--OCSP_resp_find() returns the index of B<id> in B<bs> (which may be 0) or -1 if
--B<id> was not found.
--
--OCSP_single_get0_status() returns the status of B<single> or -1 if an error
--occurred.
--
--=head1 NOTES
--
--Applications will typically call OCSP_resp_find_status() using the certificate
--ID of interest and then check its validity using OCSP_check_validity(). They
--can then take appropriate action based on the status of the certificate.
--
--An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate>
--fields. Normally the current time should be between these two values. To
--account for clock skew the B<maxsec> field can be set to non-zero in
--OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this
--would otherwise mean an ancient response would be considered valid: the
--B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted
--age of responses.
--
--The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by
--OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers
--which B<MUST NOT> be freed up by the calling application. Any or all of these
--parameters can be set to NULL if their value is not required.
--
--=head1 SEE ALSO
--
--L<crypto(3)>,
--L<OCSP_cert_to_id(3)>,
--L<OCSP_request_add1_nonce(3)>,
--L<OCSP_REQUEST_new(3)>,
--L<OCSP_response_status(3)>,
--L<OCSP_sendreq_new(3)>
--
--=cut
---- a/doc/crypto/OCSP_response_status.pod
-+++ b/doc/crypto/OCSP_response_status.pod
-@@ -1,7 +1,9 @@
- =pod
-
-+=head1 NAME
-+
- OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
--OCSP_RESPONSE_free - OCSP response functions.
-+OCSP_RESPONSE_free - OCSP response functions
-
- =head1 SYNOPSIS
-
-@@ -21,7 +23,7 @@ B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B
- B<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or B<OCSP_RESPONSE_STATUS_UNAUTHORIZED>.
-
- OCSP_response_get1_basic() decodes and returns the B<OCSP_BASICRESP> structure
--contained in B<resp>.
-+contained in B<resp>.
-
- OCSP_response_create() creates and returns an B<OCSP_RESPONSE> structure for
- B<status> and optionally including basic response B<bs>.
-@@ -54,4 +56,13 @@ L<OCSP_REQUEST_new(3)>
- L<OCSP_response_find_status(3)>
- L<OCSP_sendreq_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OCSP_sendreq_new.pod
-+++ b/doc/crypto/OCSP_sendreq_new.pod
-@@ -110,4 +110,13 @@ L<OCSP_REQUEST_new(3)>,
- L<OCSP_response_find_status(3)>,
- L<OCSP_response_status(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OPENSSL_Applink.pod
-+++ b/doc/crypto/OPENSSL_Applink.pod
-@@ -16,6 +16,16 @@ Even though it appears at application si
- private interface. For this reason application developers are not
- expected to implement it, but to compile provided module with
- compiler of their choice and link it into the target application.
--The referred module is available as <openssl>/ms/applink.c.
-+The referred module is available as F<applink.c>, located alongside
-+the public header files (only on the platforms where applicable).
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- /dev/null
-+++ b/doc/crypto/OPENSSL_LH_COMPFUNC.pod
-@@ -0,0 +1,239 @@
-+=pod
-+
-+=head1 NAME
-+
-+DECLARE_LHASH_OF,
-+OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC,
-+LHASH_DOALL_ARG_FN_TYPE,
-+IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN,
-+lh_TYPE_new, lh_TYPE_free,
-+lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,
-+lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table
-+
-+=for comment generic
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/lhash.h>
-+
-+ DECLARE_LHASH_OF(TYPE);
-+
-+ LHASH *lh_TYPE_new();
-+ void lh_TYPE_free(LHASH_OF(TYPE *table);
-+
-+ TYPE *lh_TYPE_insert(LHASH_OF(TYPE *table, TYPE *data);
-+ TYPE *lh_TYPE_delete(LHASH_OF(TYPE *table, TYPE *data);
-+ TYPE *lh_retrieve(LHASH_OFTYPE *table, TYPE *data);
-+
-+ void lh_TYPE_doall(LHASH_OF(TYPE *table, OPENSSL_LH_DOALL_FUNC func);
-+ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
-+ TYPE, TYPE *arg);
-+
-+ int lh_TYPE_error(LHASH_OF(TYPE) *table);
-+
-+ typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
-+ typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
-+ typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
-+ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
-+
-+=head1 DESCRIPTION
-+
-+This library implements type-checked dynamic hash tables. The hash
-+table entries can be arbitrary structures. Usually they consist of key
-+and value fields. In the description here, I<TYPE> is used a placeholder
-+for any of the OpenSSL datatypes, such as I<SSL_SESSION>.
-+
-+lh_TYPE_new() creates a new B<LHASH_OF(TYPE)> structure to store
-+arbitrary data entries, and specifies the 'hash' and 'compare'
-+callbacks to be used in organising the table's entries. The B<hash>
-+callback takes a pointer to a table entry as its argument and returns
-+an unsigned long hash value for its key field. The hash value is
-+normally truncated to a power of 2, so make sure that your hash
-+function returns well mixed low order bits. The B<compare> callback
-+takes two arguments (pointers to two hash table entries), and returns
-+0 if their keys are equal, non-zero otherwise.
-+
-+If your hash table
-+will contain items of some particular type and the B<hash> and
-+B<compare> callbacks hash/compare these types, then the
-+B<IMPLEMENT_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
-+used to create callback wrappers of the prototypes required by
-+lh_TYPE_new() as shown in this example:
-+
-+ /*
-+ * Implement the hash and compare functions; "stuff" can be any word.
-+ */
-+ static unsigned long stuff_hash(const TYPE *a)
-+ {
-+ ...
-+ }
-+ static int stuff_cmp(const TYPE *a, const TYPE *b)
-+ {
-+ ...
-+ }
-+
-+ /*
-+ * Implement the wrapper functions.
-+ */
-+ static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
-+ static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
-+
-+If the type is going to be used in several places, the following macros
-+can be used in a common header file to declare the function wrappers:
-+
-+ DECLARE_LHASH_HASH_FN(stuff, TYPE)
-+ DECLARE_LHASH_COMP_FN(stuff, TYPE)
-+
-+Then a hash table of TYPE objects can be created using this:
-+
-+ LHASH_OF(TYPE) *htable;
-+
-+ htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
-+
-+lh_TYPE_free() frees the B<LHASH_OF(TYPE)> structure
-+B<table>. Allocated hash table entries will not be freed; consider
-+using lh_TYPE_doall() to deallocate any remaining entries in the
-+hash table (see below).
-+
-+lh_TYPE_insert() inserts the structure pointed to by B<data> into
-+B<table>. If there already is an entry with the same key, the old
-+value is replaced. Note that lh_TYPE_insert() stores pointers, the
-+data are not copied.
-+
-+lh_TYPE_delete() deletes an entry from B<table>.
-+
-+lh_TYPE_retrieve() looks up an entry in B<table>. Normally, B<data>
-+is a structure with the key field(s) set; the function will return a
-+pointer to a fully populated structure.
-+
-+lh_TYPE_doall() will, for every entry in the hash table, call
-+B<func> with the data item as its parameter.
-+For example:
-+
-+ /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
-+ void TYPE_cleanup_doall(TYPE *a);
-+
-+ /* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
-+ IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
-+
-+ /* Call "TYPE_cleanup" against all items in a hash table. */
-+ lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
-+
-+ /* Then the hash table itself can be deallocated */
-+ lh_TYPE_free(hashtable);
-+
-+When doing this, be careful if you delete entries from the hash table
-+in your callbacks: the table may decrease in size, moving the item
-+that you are currently on down lower in the hash table - this could
-+cause some entries to be skipped during the iteration. The second
-+best solution to this problem is to set hash-E<gt>down_load=0 before
-+you start (which will stop the hash table ever decreasing in size).
-+The best solution is probably to avoid deleting items from the hash
-+table inside a "doall" callback!
-+
-+lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that
-+B<func> will be called with B<arg> as the second argument and B<func>
-+should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
-+that is passed both the table entry and an extra argument). As with
-+lh_doall(), you can instead choose to declare your callback with a
-+prototype matching the types you are dealing with and use the
-+declare/implement macros to create compatible wrappers that cast
-+variables before calling your type-specific callbacks. An example of
-+this is demonstrated here (printing all hash table entries to a BIO
-+that is provided by the caller):
-+
-+ /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
-+ void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
-+
-+ /* Implement a prototype-compatible wrapper for "TYPE_print" */
-+ static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
-+
-+ /* Print out the entire hashtable to a particular BIO */
-+ lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
-+ logging_bio);
-+
-+
-+lh_TYPE_error() can be used to determine if an error occurred in the last
-+operation.
-+
-+=head1 RETURN VALUES
-+
-+lh_TYPE_new() returns B<NULL> on error, otherwise a pointer to the new
-+B<LHASH> structure.
-+
-+When a hash table entry is replaced, lh_TYPE_insert() returns the value
-+being replaced. B<NULL> is returned on normal operation and on error.
-+
-+lh_TYPE_delete() returns the entry being deleted. B<NULL> is returned if
-+there is no such value in the hash table.
-+
-+lh_TYPE_retrieve() returns the hash table entry if it has been found,
-+B<NULL> otherwise.
-+
-+lh_TYPE_error() returns 1 if an error occurred in the last operation, 0
-+otherwise.
-+
-+lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values.
-+
-+=head1 NOTE
-+
-+The various LHASH macros and callback types exist to make it possible
-+to write type-checked code without resorting to function-prototype
-+casting - an evil that makes application code much harder to
-+audit/verify and also opens the window of opportunity for stack
-+corruption and other hard-to-find bugs. It also, apparently, violates
-+ANSI-C.
-+
-+The LHASH code regards table entries as constant data. As such, it
-+internally represents lh_insert()'d items with a "const void *"
-+pointer type. This is why callbacks such as those used by lh_doall()
-+and lh_doall_arg() declare their prototypes with "const", even for the
-+parameters that pass back the table items' data pointers - for
-+consistency, user-provided data is "const" at all times as far as the
-+LHASH code is concerned. However, as callers are themselves providing
-+these pointers, they can choose whether they too should be treating
-+all such parameters as constant.
-+
-+As an example, a hash table may be maintained by code that, for
-+reasons of encapsulation, has only "const" access to the data being
-+indexed in the hash table (ie. it is returned as "const" from
-+elsewhere in their code) - in this case the LHASH prototypes are
-+appropriate as-is. Conversely, if the caller is responsible for the
-+life-time of the data in question, then they may well wish to make
-+modifications to table item passed back in the lh_doall() or
-+lh_doall_arg() callbacks (see the "TYPE_cleanup" example above). If
-+so, the caller can either cast the "const" away (if they're providing
-+the raw callbacks themselves) or use the macros to declare/implement
-+the wrapper functions without "const" types.
-+
-+Callers that only have "const" access to data they're indexing in a
-+table, yet declare callbacks without constant types (or cast the
-+"const" away themselves), are therefore creating their own risks/bugs
-+without being encouraged to do so by the API. On a related note,
-+those auditing code should pay special attention to any instances of
-+DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
-+without any "const" qualifiers.
-+
-+=head1 BUGS
-+
-+lh_TYPE_insert() returns B<NULL> both for success and error.
-+
-+=head1 SEE ALSO
-+
-+L<lh_stats(3)>
-+
-+=head1 HISTORY
-+
-+In OpenSSL 1.0.0, the lhash interface was revamped for better
-+type checking.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/OPENSSL_LH_stats.pod
-@@ -0,0 +1,64 @@
-+=pod
-+
-+=head1 NAME
-+
-+OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats,
-+OPENSSL_LH_stats_bio,
-+OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/lhash.h>
-+
-+ void OPENSSL_LH_stats(LHASH *table, FILE *out);
-+ void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
-+ void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
-+
-+ void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
-+ void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
-+ void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
-+
-+=head1 DESCRIPTION
-+
-+The B<LHASH> structure records statistics about most aspects of
-+accessing the hash table. This is mostly a legacy of Eric Young
-+writing this library for the reasons of implementing what looked like
-+a nice algorithm rather than for a particular software product.
-+
-+OPENSSL_LH_stats() prints out statistics on the size of the hash table, how
-+many entries are in it, and the number and result of calls to the
-+routines in this library.
-+
-+OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the
-+hash table.
-+
-+OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the
-+hash table. It prints the 'load' and the 'actual load'. The load is
-+the average number of data items per 'bucket' in the hash table. The
-+'actual load' is the average number of items per 'bucket', but only
-+for buckets which contain entries. So the 'actual load' is the
-+average number of searches that will need to find an item in the hash
-+table, while the 'load' is the average number that will be done to
-+record a miss.
-+
-+OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio()
-+are the same as the above, except that the output goes to a B<BIO>.
-+
-+=head1 RETURN VALUES
-+
-+These functions do not return values.
-+
-+=head1 SEE ALSO
-+
-+L<bio(3)>, L<lhash(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod
-+++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
-@@ -94,4 +94,13 @@ The version number.
-
- L<crypto(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OPENSSL_config.pod
-+++ b/doc/crypto/OPENSSL_config.pod
-@@ -8,15 +8,16 @@ OPENSSL_config, OPENSSL_no_config - simp
-
- #include <openssl/conf.h>
-
-- void OPENSSL_config(const char *config_name);
-+ #if OPENSSL_API_COMPAT < 0x10100000L
-+ void OPENSSL_config(const char *appname);
- void OPENSSL_no_config(void);
-+ #endif
-
- =head1 DESCRIPTION
-
--OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
--configuration file name using B<config_name>. If B<config_name> is NULL then
--the file specified in the environment variable B<OPENSSL_CONF> will be used,
--and if that is not set then a system default location is used.
-+OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
-+reads from the application section B<appname>. If B<appname> is NULL then
-+the default section, B<openssl_conf>, will be used.
- Errors are silently ignored.
- Multiple calls have no effect.
-
-@@ -61,4 +62,13 @@ L<CONF_modules_load_file(3)>
- The OPENSSL_no_config() and OPENSSL_config() functions were
- deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OPENSSL_ia32cap.pod
-+++ b/doc/crypto/OPENSSL_ia32cap.pod
-@@ -2,23 +2,22 @@
-
- =head1 NAME
-
--OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector
-+OPENSSL_ia32cap - the x86[_64] processor capabilities vector
-
- =head1 SYNOPSIS
-
-- unsigned int *OPENSSL_ia32cap_loc(void);
-- #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
-+ env OPENSSL_ia32cap=... <application>
-
- =head1 DESCRIPTION
-
--Value returned by OPENSSL_ia32cap_loc() is address of a variable
--containing IA-32 processor capabilities bit vector as it appears in
--EDX:ECX register pair after executing CPUID instruction with EAX=1
--input value (see Intel Application Note #241618). Naturally it's
--meaningful on x86 and x86_64 platforms only. The variable is normally
--set up automatically upon toolkit initialization, but can be
--manipulated afterwards to modify crypto library behaviour. For the
--moment of this writing following bits are significant:
-+OpenSSL supports a range of x86[_64] instruction set extensions. These
-+extensions are denoted by individual bits in capability vector returned
-+by processor in EDX:ECX register pair after executing CPUID instruction
-+with EAX=1 input value (see Intel Application Note #241618). This vector
-+is copied to memory upon toolkit initialization and used to choose
-+between different code paths to provide optimal performance across wide
-+range of processors. For the moment of this writing following bits are
-+significant:
-
- =over
-
-@@ -47,8 +46,13 @@ cores with shared cache;
-
- =item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
-
-+=item bit #54 denoting availability of MOVBE instruction;
-+
- =item bit #57 denoting AES-NI instruction set extension;
-
-+=item bit #58, XSAVE bit, lack of which in combination with MOVBE is used
-+to identify Atom Silvermont core;
-+
- =item bit #59, OSXSAVE bit, denoting availability of YMM registers;
-
- =item bit #60 denoting AVX extension;
-@@ -57,28 +61,30 @@ cores with shared cache;
-
- =back
-
--For example, clearing bit #26 at run-time disables high-performance
--SSE2 code present in the crypto library, while clearing bit #24
--disables SSE2 code operating on 128-bit XMM register bank. You might
--have to do the latter if target OpenSSL application is executed on SSE2
--capable CPU, but under control of OS that does not enable XMM
--registers. Even though you can manipulate the value programmatically,
--you most likely will find it more appropriate to set up an environment
--variable with the same name prior starting target application, e.g. on
--Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or
--better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' to achieve same
--effect without modifying the application source code. Alternatively you
--can reconfigure the toolkit with no-sse2 option and recompile.
--
--Less intuitive is clearing bit #28. The truth is that it's not copied
--from CPUID output verbatim, but is adjusted to reflect whether or not
--the data cache is actually shared between logical cores. This in turn
--affects the decision on whether or not expensive countermeasures
--against cache-timing attacks are applied, most notably in AES assembler
--module.
-+For example, in 32-bit application context clearing bit #26 at run-time
-+disables high-performance SSE2 code present in the crypto library, while
-+clearing bit #24 disables SSE2 code operating on 128-bit XMM register
-+bank. You might have to do the latter if target OpenSSL application is
-+executed on SSE2 capable CPU, but under control of OS that does not
-+enable XMM registers. Historically address of the capability vector copy
-+was exposed to application through OPENSSL_ia32cap_loc(), but not
-+anymore. Now the only way to affect the capability detection is to set
-+OPENSSL_ia32cap environment variable prior target application start. To
-+give a specific example, on Intel P4 processor 'env
-+OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env
-+OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired
-+effect. Alternatively you can reconfigure the toolkit with no-sse2
-+option and recompile.
-+
-+Less intuitive is clearing bit #28, or ~0x10000000 in the "environment
-+variable" terms. The truth is that it's not copied from CPUID output
-+verbatim, but is adjusted to reflect whether or not the data cache is
-+actually shared between logical cores. This in turn affects the decision
-+on whether or not expensive countermeasures against cache-timing attacks
-+are applied, most notably in AES assembler module.
-
--The vector is further extended with EBX value returned by CPUID with
--EAX=7 and ECX=0 as input. Following bits are significant:
-+The capability vector is further extended with EBX value returned by
-+CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
-
- =over
-
-@@ -86,11 +92,49 @@ The vector is further extended with EBX
-
- =item bit #64+5 denoting availability of AVX2 instructions;
-
--=item bit #64+8 denoting availability of BMI2 instructions, e.g. MUXL
-+=item bit #64+8 denoting availability of BMI2 instructions, e.g. MULX
- and RORX;
-
-+=item bit #64+16 denoting availability of AVX512F extension;
-+
- =item bit #64+18 denoting availability of RDSEED instruction;
-
- =item bit #64+19 denoting availability of ADCX and ADOX instructions;
-
-+=item bit #64+29 denoting availability of SHA extension;
-+
-+=item bit #64+30 denoting availability of AVX512BW extension;
-+
-+=item bit #64+31 denoting availability of AVX512VL extension;
-+
- =back
-+
-+To control this extended capability word use ':' as delimiter when
-+setting up OPENSSL_ia32cap environment variable. For example assigning
-+':~0x20' would disable AVX2 code paths, and ':0' - all post-AVX
-+extensions.
-+
-+It should be noted that whether or not some of the most "fancy"
-+extension code paths are actually assembled depends on current assembler
-+version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code
-+paths are always assembled. Besides that, minimum assembler version
-+requirements are summarized in below table:
-+
-+ Extension | GNU as | nasm | llvm
-+ ------------+--------+--------+--------
-+ AVX | 2.19 | 2.09 | 3.0
-+ AVX2 | 2.22 | 2.10 | 3.1
-+ AVX512 | 2.25 | 2.11.8 | 3.6
-+
-+B<OPENSSL_ia32cap> is a macro returning the first word of the vector.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/OPENSSL_init_crypto.pod
-+++ b/doc/crypto/OPENSSL_init_crypto.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+OPENSSL_init_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
- OPENSSL_init_crypto, OPENSSL_cleanup,
- OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
- initialisation and deinitialisation functions
-@@ -16,8 +17,9 @@ initialisation and deinitialisation func
- void OPENSSL_thread_stop(void);
-
- OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
-- OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, const char* name);
-- OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
-+ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
-+ const char* name);
-+ void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
-
- =head1 DESCRIPTION
-
-@@ -190,8 +192,8 @@ described in the NOTES section below.
- The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
- file. To specify a different file, an B<OPENSSL_INIT_SETTINGS> must
- be created and used. The routines
--OPENSSL_init_new() and OPENSSL_INIT_set_config_filename() can be used to
--allocate the object and set the configuration filename, and then the
-+OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can be used to
-+allocate the object and set the application name, and then the
- object can be released with OPENSSL_INIT_free() when done.
-
- =head1 NOTES
-@@ -202,14 +204,24 @@ platforms this is done in response to a
- the libcrypto32.dll entry point. Some windows functions may cause threads to exit
- without sending this message (for example ExitProcess()). If the application
- uses such functions, then the application must free up OpenSSL resources
--directly via a call to OPENSSL_thread_stop(). Similarly this message will
--also not be sent if OpenSSL is linked statically, and therefore applications
--using static linking should also call OPENSSL_thread_stop().
-+directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
-+message will also not be sent if OpenSSL is linked statically, and therefore
-+applications using static linking should also call OPENSSL_thread_stop() on each
-+thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
-+threads are not destroyed until after FreeLibrary() is called then each thread
-+should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
-+
-+On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
-+multi-threaded and if dlclose() is subsequently called prior to the threads
-+being destroyed then OpenSSL will not be able to deallocate resources associated
-+with those threads. The application should either call OPENSSL_thread_stop() on
-+each thread prior to the dlclose() call, or alternatively the original dlopen()
-+call should use the RTLD_NODELETE flag (where available on the platform).
-
- =head1 RETURN VALUES
-
--The functions OPENSSL_init_crypto and OPENSSL_atexit() returns 1 on success or
--0 on error.
-+The functions OPENSSL_init_crypto, OPENSSL_atexit() and
-+OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
-
- =head1 SEE ALSO
-
-@@ -218,6 +230,16 @@ L<OPENSSL_init_ssl(3)>
- =head1 HISTORY
-
- The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
--and OPENSSL_thread_stop() functions were added in OpenSSL 1.1.0.
-+OPENSSL_thread_stop(), OPENSSL_init_new(), OPENSSL_INIT_set_config_appname()
-+and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/OPENSSL_instrument_bus.pod
-+++ b/doc/crypto/OPENSSL_instrument_bus.pod
-@@ -7,8 +7,8 @@ OPENSSL_instrument_bus, OPENSSL_instrume
- =head1 SYNOPSIS
-
- #ifdef OPENSSL_CPUID_OBJ
-- size_t OPENSSL_instrument_bus (int *vector,size_t num);
-- size_t OPENSSL_instrument_bus2(int *vector,size_t num,size_t max);
-+ size_t OPENSSL_instrument_bus(int *vector, size_t num);
-+ size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
- #endif
-
- =head1 DESCRIPTION
-@@ -23,10 +23,10 @@ interlocked manner, which should contrib
- multi-processor systems. This also means that B<vector[num]> should be
- zeroed upon invocation (if you want to retrieve actual probe values).
-
--OPENSSL_instrument_bus performs B<num> probes and records the number of
-+OPENSSL_instrument_bus() performs B<num> probes and records the number of
- oscillator cycles every probe took.
-
--OPENSSL_instrument_bus2 on the other hand B<accumulates> consecutive
-+OPENSSL_instrument_bus2() on the other hand B<accumulates> consecutive
- probes with the same value, i.e. in a way it records duration of
- periods when probe values appeared deterministic. The subroutine
- performs at most B<max> probes in attempt to fill the B<vector[num]>,
-@@ -40,3 +40,14 @@ not available on current platform. For r
- line' was introduced with the SSE2 extensions.
-
- Otherwise number of recorded values is returned.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/OPENSSL_load_builtin_modules.pod
-+++ b/doc/crypto/OPENSSL_load_builtin_modules.pod
-@@ -24,15 +24,15 @@ ENGINE_add_conf_module() adds just the E
-
- =head1 NOTES
-
--If the simple configuration function OPENSSL_config() is called then
-+If the simple configuration function OPENSSL_config() is called then
- OPENSSL_load_builtin_modules() is called automatically.
-
- Applications which use the configuration functions directly will need to
--call OPENSSL_load_builtin_modules() themselves I<before> any other
-+call OPENSSL_load_builtin_modules() themselves I<before> any other
- configuration code.
-
- Applications should call OPENSSL_load_builtin_modules() to load all
--configuration modules instead of adding modules selectively: otherwise
-+configuration modules instead of adding modules selectively: otherwise
- functionality may be missing from the application if an when new
- modules are added.
-
-@@ -44,4 +44,13 @@ None of the functions return a value.
-
- L<conf(3)>, L<OPENSSL_config(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OPENSSL_malloc.pod
-+++ b/doc/crypto/OPENSSL_malloc.pod
-@@ -4,16 +4,17 @@
-
- OPENSSL_malloc_init,
- OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free,
--OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse
-+OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse,
- CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free,
- OPENSSL_strdup, OPENSSL_strndup,
- OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat,
- OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int,
-+CRYPTO_strdup, CRYPTO_strndup,
-+OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop,
-+CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop,
- CRYPTO_clear_realloc, CRYPTO_clear_free,
- CRYPTO_get_mem_functions, CRYPTO_set_mem_functions,
- CRYPTO_set_mem_debug, CRYPTO_mem_ctrl,
--OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop,
--CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop,
- CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
-
- =head1 SYNOPSIS
-@@ -28,6 +29,9 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp -
- void OPENSSL_free(void *addr)
- char *OPENSSL_strdup(const char *str)
- char *OPENSSL_strndup(const char *str, size_t s)
-+ size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
-+ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
-+ void *OPENSSL_memdup(void *data, size_t s)
- void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num)
- void OPENSSL_clear_free(void *str, size_t num)
- void OPENSSL_cleanse(void *ptr, size_t len);
-@@ -56,20 +60,16 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp -
-
- int CRYPTO_set_mem_debug(int onoff)
-
-- #define CRYPTO_MEM_CHECK_OFF
-- #define CRYPTO_MEM_CHECK_ON
-- #define CRYPTO_MEM_CHECK_DISABLE
-- #define CRYPTO_MEM_CHECK_ENABLE
--
- int CRYPTO_mem_ctrl(int mode);
-
- int OPENSSL_mem_debug_push(const char *info)
-- int OPENSLS_mem_debug_pop)(void)
-+ int OPENSSL_mem_debug_pop(void);
-
- int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
-+ int CRYPTO_mem_debug_pop(void);
-
- void CRYPTO_mem_leaks(BIO *b);
-- void CRYPTO_mem_leaks(FILE *fp);
-+ void CRYPTO_mem_leaks_fp(FILE *fp);
-
- =head1 DESCRIPTION
-
-@@ -94,15 +94,15 @@ before ultimately calling OPENSSL_free()
-
- OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
- Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
--If the storage controller uses write compression, then its possible
--that sensitive tail bytes will survive zeroization because the block of
--zeros will be compressed. If the storage controller uses wear leveling,
--then the old sensitive data will not be overwritten; rather, a block of
-+If the storage controller uses write compression, then its possible
-+that sensitive tail bytes will survive zeroization because the block of
-+zeros will be compressed. If the storage controller uses wear leveling,
-+then the old sensitive data will not be overwritten; rather, a block of
- 0's will be written at a new physical location.
-
- OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the
- equivalent C functions, except that memory is allocated by calling the
--OPENSSL_malloc() and should be releaed by calling OPENSSL_free().
-+OPENSSL_malloc() and should be released by calling OPENSSL_free().
-
- OPENSSL_strlcpy(),
- OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C
-@@ -117,7 +117,7 @@ An odd number of hex digits is an error.
-
- OPENSSL_buf2hexstr() takes the specified buffer and length, and returns
- a hex string for value, or NULL on error.
--B<Buffer> cannot be NULL; if B<len> is NULL an empty string is returned.
-+B<Buffer> cannot be NULL; if B<len> is 0 an empty string is returned.
-
- OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent,
- or returns -1 on error.
-@@ -143,9 +143,6 @@ To enable tracking call CRYPTO_mem_ctrl(
- the B<CRYPTO_MEM_CHECK_ON>.
- To disable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
- the B<CRYPTO_MEM_CHECK_OFF>.
--The B<CRYPTO_MEM_CHECK_DISABLE> and B<CRYPTO_MEM_CHECK_ENABLE> modes
--are used internally within OpenSSL to temporarily suspend and resume
--tracking.
-
- While checking memory, it can be useful to store additional context
- about what is being done.
-@@ -182,7 +179,8 @@ CRYPTO_set_mem_functions() and CRYPTO_se
- return 1 on success or 0 on failure (almost
- always because allocations have already happened).
-
--CRYPTO_mem_ctrl() returns the previous value of the mode.
-+CRYPTO_mem_ctrl() returns -1 if an error occured, otherwise the
-+previous value of the mode.
-
- OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop()
- return 1 on success or 0 on failure.
-@@ -195,4 +193,13 @@ at once. I<This applies specially if Op
- configuration option> C<crypto-mdebug> I<enabled. In case, swapping out
- only, say, the malloc() implementation is outright dangerous.>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OPENSSL_secure_malloc.pod
-+++ b/doc/crypto/OPENSSL_secure_malloc.pod
-@@ -6,7 +6,7 @@ CRYPTO_secure_malloc_init, CRYPTO_secure
- CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
- OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
- CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated,
--CYRPTO_secure_malloc_used - secure heap storage
-+CYRPTO_secure_used - secure heap storage
-
- =head1 SYNOPSIS
-
-@@ -16,13 +16,13 @@ CYRPTO_secure_malloc_used - secure heap
-
- int CRYPTO_secure_malloc_initialized();
-
-- void CRYPTO_secure_malloc_done();
-+ int CRYPTO_secure_malloc_done();
-
-- void *OPENSSL_secure_malloc(int num);
-- void *CRYPTO_secure_malloc(int num, const char *file, int line);
-+ void *OPENSSL_secure_malloc(size_t num);
-+ void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
-
-- void *OPENSSL_secure_zalloc(int num);
-- void *CRYPTO_secure_zalloc(int num, const char *file, int line);
-+ void *OPENSSL_secure_zalloc(size_t num);
-+ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
-
- void OPENSSL_secure_free(void* ptr);
- void CRYPTO_secure_free(void *ptr, const char *, int);
-@@ -30,7 +30,7 @@ CYRPTO_secure_malloc_used - secure heap
- size_t OPENSSL_secure_actual_size(const void *ptr);
- int OPENSSL_secure_allocated(const void *ptr);
-
-- size_t CYRPTO_secure_malloc_used();
-+ size_t CYRPTO_secure_used();
-
- =head1 DESCRIPTION
-
-@@ -49,14 +49,14 @@ put all intermediate values and computat
- CRYPTO_secure_malloc_init() creates the secure heap, with the specified
- C<size> in bytes. The C<minsize> parameter is the minimum size to
- allocate from the heap. Both C<size> and C<minsize> must be a power
--of two. It is an error to call this after any OPENSSL_secure_malloc()
--calls have been made.
-+of two.
-
- CRYPTO_secure_malloc_initialized() indicates whether or not the secure
- heap as been initialized and is available.
-
- CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable
--to the process. It can take noticeably long to complete.
-+to the process if all secure memory has been freed.
-+It can take noticeably long to complete.
-
- OPENSSL_secure_malloc() allocates C<num> bytes from the heap.
- If CRYPTO_secure_malloc_init() is not called, this is equivalent to
-@@ -83,7 +83,7 @@ OPENSSL_secure_actual_size() tells the a
- pointer; implementations may allocate more space than initially
- requested, in order to "round up" and reduce secure heap fragmentation.
-
--CRYPTO_secure_malloc_used() returns the number of bytes allocated in the
-+CRYPTO_secure_used() returns the number of bytes allocated in the
- secure heap.
-
- =head1 RETURN VALUES
-@@ -94,7 +94,7 @@ mapping.
-
- CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is
- available (that is, if CRYPTO_secure_malloc_init() has been called,
--but CRYPTO_secure_malloc_done() has not) or 0 if not.
-+but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.
-
- OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into
- the secure heap of the requested size, or C<NULL> if memory could not be
-@@ -102,13 +102,9 @@ allocated.
-
- CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
-
--CRYPTO_secure_malloc_done() and OPENSSL_secure_free()
--return no values.
-+CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
-
--=head1 BUGS
--
--The size parameters should be B<size_t> not B<int> and will be changed
--in a future release.
-+OPENSSL_secure_free() returns no values.
-
- =head1 SEE ALSO
-
-@@ -116,4 +112,13 @@ L<OPENSSL_malloc(3)>,
- L<BN_new(3)>,
- L<bn_internal(3)>.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/OpenSSL_add_all_algorithms.pod
-+++ b/doc/crypto/OpenSSL_add_all_algorithms.pod
-@@ -78,4 +78,13 @@ The OpenSSL_add_all_algorithms(), OpenSS
- OpenSSL_add_all_digests(), and EVP_cleanup(), functions
- were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/PEM_read.pod
-@@ -0,0 +1,127 @@
-+=pod
-+
-+=head1 NAME
-+
-+PEM_write, PEM_write_bio,
-+PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO
-+- PEM encoding routines
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/pem.h>
-+
-+ int PEM_write(FILE *fp, const char *name, const char *header,
-+ const unsigned char *data, long len)
-+ int PEM_write_bio(BIO *bp, const char *name, const char *header,
-+ const unsigned char *data, long len)
-+
-+ int PEM_read(FILE *fp, char **name, char **header,
-+ unsigned char **data, long *len);
-+ int PEM_read_bio(BIO *bp, char **name, char **header,
-+ unsigned char **data, long *len);
-+
-+ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
-+ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
-+ pem_password_cb *cb, void *u);
-+
-+=head1 DESCRIPTION
-+
-+These functions read and write PEM-encoded objects, using the PEM
-+type B<name>, any additional B<header> information, and the raw
-+B<data> of length B<len>.
-+
-+PEM is the term used for binary content encoding first defined in IETF
-+RFC 1421. The content is a series of base64-encoded lines, surrounded
-+by begin/end markers each on their own line. For example:
-+
-+ -----BEGIN PRIVATE KEY-----
-+ MIICdg....
-+ ... bhTQ==
-+ -----END PRIVATE KEY-----
-+
-+Optional header line(s) may appear after the begin line, and their
-+existence depends on the type of object being written or read.
-+
-+PEM_write() writes to the file B<fp>, while PEM_write_bio() writes to
-+the BIO B<bp>. The B<name> is the name to use in the marker, the
-+B<header> is the header value or NULL, and B<data> and B<len> specify
-+the data and its length.
-+
-+The final B<data> buffer is typically an ASN.1 object which can be decoded with
-+the B<d2i> function appropriate to the type B<name>; see L<d2i_X509(3)>
-+for examples.
-+
-+PEM_read() reads from the file B<fp>, while PEM_read_bio() reads
-+from the BIO B<bp>.
-+Both skip any non-PEM data that precedes the start of the next PEM object.
-+When an object is successfully retrieved, the type name from the "----BEGIN
-+<type>-----" is returned via the B<name> argument, any encapsulation headers
-+are returned in B<header> and the base64-decoded content and its length are
-+returned via B<data> and B<len> respectively.
-+The B<name>, B<header> and B<data> pointers are allocated via OPENSSL_malloc()
-+and should be freed by the caller via OPENSSL_free() when no longer needed.
-+
-+PEM_get_EVP_CIPHER_INFO() can be used to determine the B<data> returned by
-+PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher
-+and IV.
-+The caller passes a pointer to structure of type B<EVP_CIPHER_INFO> via the
-+B<cinfo> argument and the B<header> returned via PEM_read() or PEM_read_bio().
-+If the call is successful 1 is returned and the cipher and IV are stored at the
-+address pointed to by B<cinfo>.
-+When the header is malformed, or not supported or when the cipher is unknown
-+or some internal error happens 0 is returned.
-+This function is deprecated, see B<NOTES> below.
-+
-+PEM_do_header() can then be used to decrypt the data if the header
-+indicates encryption.
-+The B<cinfo> argument is a pointer to the structure initialized by the previous
-+call to PEM_get_EVP_CIPHER_INFO().
-+The B<data> and B<len> arguments are those returned by the previous call to
-+PEM_read() or PEM_read_bio().
-+The B<cb> and B<u> arguments make it possible to override the default password
-+prompt function as described in L<PEM_read_PrivateKey(3)>.
-+On successful completion the B<data> is decrypted in place, and B<len> is
-+updated to indicate the plaintext length.
-+This function is deprecated, see B<NOTES> below.
-+
-+If the data is a priori known to not be encrypted, then neither PEM_do_header()
-+nor PEM_get_EVP_CIPHER_INFO() need be called.
-+
-+=head1 RETURN VALUES
-+
-+PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter
-+includes the case when no more PEM objects remain in the input file.
-+To distinguish end of file from more serious errors the caller must peek at the
-+error stack and check for B<PEM_R_NO_START_LINE>, which indicates that no more
-+PEM objects were found. See L<ERR_peek_last_error(3)>, L<ERR_GET_REASON(3)>.
-+
-+PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on
-+failure.
-+The B<data> is likely meaningless if these functions fail.
-+
-+=head1 NOTES
-+
-+The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated.
-+This is because the underlying PEM encryption format is obsolete, and should
-+be avoided.
-+It uses an encryption format with an OpenSSL-specific key-derivation function,
-+which employs MD5 with an iteration count of 1!
-+Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5
-+v2.0 PBE.
-+See L<PEM_write_PrivateKey(3)> and L<d2i_PKCS8PrivateKey_bio(3)>.
-+
-+=head1 SEE ALSO
-+
-+L<ERR_peek_last_error(3)>, L<ERR_GET_LIB(3)>,
-+L<d2i_PKCS8PrivateKey_bio(3)>.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/PEM_read_CMS.pod
-@@ -0,0 +1,97 @@
-+=pod
-+
-+=head1 NAME
-+
-+DECLARE_PEM_rw,
-+PEM_read_CMS,
-+PEM_read_bio_CMS,
-+PEM_write_CMS,
-+PEM_write_bio_CMS,
-+PEM_write_DHxparams,
-+PEM_write_bio_DHxparams,
-+PEM_read_ECPKParameters,
-+PEM_read_bio_ECPKParameters,
-+PEM_write_ECPKParameters,
-+PEM_write_bio_ECPKParameters,
-+PEM_read_ECPrivateKey,
-+PEM_write_ECPrivateKey,
-+PEM_write_bio_ECPrivateKey,
-+PEM_read_EC_PUBKEY,
-+PEM_read_bio_EC_PUBKEY,
-+PEM_write_EC_PUBKEY,
-+PEM_write_bio_EC_PUBKEY,
-+PEM_read_NETSCAPE_CERT_SEQUENCE,
-+PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
-+PEM_write_NETSCAPE_CERT_SEQUENCE,
-+PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
-+PEM_read_PKCS8,
-+PEM_read_bio_PKCS8,
-+PEM_write_PKCS8,
-+PEM_write_bio_PKCS8,
-+PEM_write_PKCS8_PRIV_KEY_INFO,
-+PEM_read_bio_PKCS8_PRIV_KEY_INFO,
-+PEM_read_PKCS8_PRIV_KEY_INFO,
-+PEM_write_bio_PKCS8_PRIV_KEY_INFO,
-+PEM_read_SSL_SESSION,
-+PEM_read_bio_SSL_SESSION,
-+PEM_write_SSL_SESSION,
-+PEM_write_bio_SSL_SESSION
-+- PEM object encoding routines
-+
-+=for comment generic
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/pem.h>
-+
-+ DECLARE_PEM_rw(name, TYPE)
-+
-+ TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
-+ TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
-+ int PEM_write_TYPE(FILE *fp, const TYPE *a);
-+ int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
-+
-+=head1 DESCRIPTION
-+
-+In the description below, I<TYPE> is used
-+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
-+The macro B<DECLARE_PEM_rw> expands to the set of declarations shown in
-+the next four lines of the synopsis.
-+
-+These routines convert between local instances of ASN1 datatypes and
-+the PEM encoding. For more information on the templates, see
-+L<ASN1_ITEM(3)>. For more information on the lower-level routines used
-+by the functions here, see L<PEM_read(3)>.
-+
-+PEM_read_TYPE() reads a PEM-encoded object of I<TYPE> from the file B<fp>
-+and returns it. The B<cb> and B<u> parameters are as described in
-+L<pem_password_cb(3)>.
-+
-+PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from the BIO B<bp>.
-+
-+PEM_write_TYPE() writes the PEM encoding of the object B<a> to the file B<fp>.
-+
-+PEM_write_bio_TYPE() similarly writes to the BIO B<bp>.
-+
-+=head1 RETURN VALUES
-+
-+PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated
-+object, which should be released by calling TYPE_free(), or NULL on error.
-+
-+PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes written
-+or zero on error.
-+
-+=head1 SEE ALSO
-+
-+L<PEM_read(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/PEM_read_bio_PrivateKey.pod
-@@ -0,0 +1,481 @@
-+=pod
-+
-+=head1 NAME
-+
-+pem_password_cb,
-+PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
-+PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
-+PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
-+PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
-+PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
-+PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
-+PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
-+PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
-+PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
-+PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
-+PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
-+PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
-+PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
-+PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
-+PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
-+PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
-+PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
-+PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
-+PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
-+PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
-+PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
-+PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/pem.h>
-+
-+ typedef int (*pem_password_cb)(char *buf, int size, int rwflag, void *u);
-+
-+ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
-+ pem_password_cb *cb, void *u);
-+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
-+ const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
-+ pem_password_cb *cb, void *u);
-+ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
-+ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
-+
-+ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
-+ pem_password_cb *cb, void *u);
-+ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
-+ pem_password_cb *cb, void *u);
-+ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
-+ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
-+
-+ RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
-+ pem_password_cb *cb, void *u);
-+ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
-+ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
-+
-+ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
-+ pem_password_cb *cb, void *u);
-+ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
-+ pem_password_cb *cb, void *u);
-+ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
-+ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
-+
-+ DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
-+ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
-+ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
-+ int PEM_write_DSAparams(FILE *fp, DSA *x);
-+
-+ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
-+ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
-+ int PEM_write_bio_DHparams(BIO *bp, DH *x);
-+ int PEM_write_DHparams(FILE *fp, DH *x);
-+
-+ X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
-+ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
-+ int PEM_write_bio_X509(BIO *bp, X509 *x);
-+ int PEM_write_X509(FILE *fp, X509 *x);
-+
-+ X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
-+ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
-+ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
-+ int PEM_write_X509_AUX(FILE *fp, X509 *x);
-+
-+ X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
-+ pem_password_cb *cb, void *u);
-+ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
-+ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
-+ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
-+ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
-+
-+ X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
-+ pem_password_cb *cb, void *u);
-+ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
-+ pem_password_cb *cb, void *u);
-+ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
-+ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
-+
-+ PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
-+ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
-+ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
-+ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
-+
-+=head1 DESCRIPTION
-+
-+The PEM functions read or write structures in PEM format. In
-+this sense PEM format is simply base64 encoded data surrounded
-+by header lines.
-+
-+For more details about the meaning of arguments see the
-+B<PEM FUNCTION ARGUMENTS> section.
-+
-+Each operation has four functions associated with it. For
-+clarity the term "B<foobar> functions" will be used to collectively
-+refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
-+PEM_write_bio_foobar() and PEM_write_foobar() functions.
-+
-+The B<PrivateKey> functions read or write a private key in PEM format using an
-+EVP_PKEY structure. The write routines use PKCS#8 private key format and are
-+equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
-+handle traditional and PKCS#8 format encrypted and unencrypted keys.
-+
-+PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy
-+"traditional" format.
-+
-+PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
-+key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
-+PKCS#5 v2.0 password based encryption algorithms. The B<cipher> argument
-+specifies the encryption algorithm to use: unlike some other PEM routines the
-+encryption is applied at the PKCS#8 level and not in the PEM headers. If
-+B<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
-+structure is used instead.
-+
-+PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
-+also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
-+it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
-+to use is specified in the B<nid> parameter and should be the NID of the
-+corresponding OBJECT IDENTIFIER (see NOTES section).
-+
-+The B<PUBKEY> functions process a public key using an EVP_PKEY
-+structure. The public key is encoded as a SubjectPublicKeyInfo
-+structure.
-+
-+The B<RSAPrivateKey> functions process an RSA private key using an
-+RSA structure. The write routines uses traditional format. The read
-+routines handles the same formats as the B<PrivateKey>
-+functions but an error occurs if the private key is not RSA.
-+
-+The B<RSAPublicKey> functions process an RSA public key using an
-+RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
-+structure.
-+
-+The B<RSA_PUBKEY> functions also process an RSA public key using
-+an RSA structure. However the public key is encoded using a
-+SubjectPublicKeyInfo structure and an error occurs if the public
-+key is not RSA.
-+
-+The B<DSAPrivateKey> functions process a DSA private key using a
-+DSA structure. The write routines uses traditional format. The read
-+routines handles the same formats as the B<PrivateKey>
-+functions but an error occurs if the private key is not DSA.
-+
-+The B<DSA_PUBKEY> functions process a DSA public key using
-+a DSA structure. The public key is encoded using a
-+SubjectPublicKeyInfo structure and an error occurs if the public
-+key is not DSA.
-+
-+The B<DSAparams> functions process DSA parameters using a DSA
-+structure. The parameters are encoded using a Dss-Parms structure
-+as defined in RFC2459.
-+
-+The B<DHparams> functions process DH parameters using a DH
-+structure. The parameters are encoded using a PKCS#3 DHparameter
-+structure.
-+
-+The B<X509> functions process an X509 certificate using an X509
-+structure. They will also process a trusted X509 certificate but
-+any trust settings are discarded.
-+
-+The B<X509_AUX> functions process a trusted X509 certificate using
-+an X509 structure.
-+
-+The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
-+certificate request using an X509_REQ structure. The B<X509_REQ>
-+write functions use B<CERTIFICATE REQUEST> in the header whereas
-+the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
-+(as required by some CAs). The B<X509_REQ> read functions will
-+handle either form so there are no B<X509_REQ_NEW> read functions.
-+
-+The B<X509_CRL> functions process an X509 CRL using an X509_CRL
-+structure.
-+
-+The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
-+structure.
-+
-+=head1 PEM FUNCTION ARGUMENTS
-+
-+The PEM functions have many common arguments.
-+
-+The B<bp> BIO parameter (if present) specifies the BIO to read from
-+or write to.
-+
-+The B<fp> FILE parameter (if present) specifies the FILE pointer to
-+read from or write to.
-+
-+The PEM read functions all take an argument B<TYPE **x> and return
-+a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
-+uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
-+NULL but B<*x> is NULL then the structure returned will be written
-+to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
-+to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
-+Irrespective of the value of B<x> a pointer to the structure is always
-+returned (or NULL if an error occurred).
-+
-+The PEM functions which write private keys take an B<enc> parameter
-+which specifies the encryption algorithm to use, encryption is done
-+at the PEM level. If this parameter is set to NULL then the private
-+key is written in unencrypted form.
-+
-+The B<cb> argument is the callback to use when querying for the pass
-+phrase used for encrypted PEM structures (normally only private keys).
-+
-+For the PEM write routines if the B<kstr> parameter is not NULL then
-+B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
-+ignored.
-+
-+If the B<cb> parameters is set to NULL and the B<u> parameter is not
-+NULL then the B<u> parameter is interpreted as a null terminated string
-+to use as the passphrase. If both B<cb> and B<u> are NULL then the
-+default callback routine is used which will typically prompt for the
-+passphrase on the current terminal with echoing turned off.
-+
-+The default passphrase callback is sometimes inappropriate (for example
-+in a GUI application) so an alternative can be supplied. The callback
-+routine has the following form:
-+
-+ int cb(char *buf, int size, int rwflag, void *u);
-+
-+B<buf> is the buffer to write the passphrase to. B<size> is the maximum
-+length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
-+which is set to 0 when reading and 1 when writing. A typical routine
-+will ask the user to verify the passphrase (for example by prompting
-+for it twice) if B<rwflag> is 1. The B<u> parameter has the same
-+value as the B<u> parameter passed to the PEM routine. It allows
-+arbitrary data to be passed to the callback by the application
-+(for example a window handle in a GUI application). The callback
-+B<must> return the number of characters in the passphrase or 0 if
-+an error occurred.
-+
-+=head1 EXAMPLES
-+
-+Although the PEM routines take several arguments in almost all applications
-+most of them are set to 0 or NULL.
-+
-+Read a certificate in PEM format from a BIO:
-+
-+ X509 *x;
-+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-+ if (x == NULL) {
-+ /* Error */
-+ }
-+
-+Alternative method:
-+
-+ X509 *x = NULL;
-+ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
-+ /* Error */
-+ }
-+
-+Write a certificate to a BIO:
-+
-+ if (!PEM_write_bio_X509(bp, x)) {
-+ /* Error */
-+ }
-+
-+Write a private key (using traditional format) to a BIO using
-+triple DES encryption, the pass phrase is prompted for:
-+
-+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
-+ /* Error */
-+ }
-+
-+Write a private key (using PKCS#8 format) to a BIO using triple
-+DES encryption, using the pass phrase "hello":
-+
-+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
-+ /* Error */
-+ }
-+
-+Read a private key from a BIO using a pass phrase callback:
-+
-+ key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
-+ if (key == NULL) {
-+ /* Error */
-+ }
-+
-+Skeleton pass phrase callback:
-+
-+ int pass_cb(char *buf, int size, int rwflag, void *u)
-+ {
-+ int len;
-+ char *tmp;
-+
-+ /* We'd probably do something else if 'rwflag' is 1 */
-+ printf("Enter pass phrase for \"%s\"\n", (char *)u);
-+
-+ /* get pass phrase, length 'len' into 'tmp' */
-+ tmp = "hello";
-+ len = strlen(tmp);
-+ if (len <= 0)
-+ return 0;
-+
-+ if (len > size)
-+ len = size;
-+ memcpy(buf, tmp, len);
-+ return len;
-+ }
-+
-+=head1 NOTES
-+
-+The old B<PrivateKey> write routines are retained for compatibility.
-+New applications should write private keys using the
-+PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
-+because they are more secure (they use an iteration count of 2048 whereas
-+the traditional routines use a count of 1) unless compatibility with older
-+versions of OpenSSL is important.
-+
-+The B<PrivateKey> read routines can be used in all applications because
-+they handle all formats transparently.
-+
-+A frequent cause of problems is attempting to use the PEM routines like
-+this:
-+
-+ X509 *x;
-+ PEM_read_bio_X509(bp, &x, 0, NULL);
-+
-+this is a bug because an attempt will be made to reuse the data at B<x>
-+which is an uninitialised pointer.
-+
-+=head1 PEM ENCRYPTION FORMAT
-+
-+These old B<PrivateKey> routines use a non standard technique for encryption.
-+
-+The private key (or other data) takes the following form:
-+
-+ -----BEGIN RSA PRIVATE KEY-----
-+ Proc-Type: 4,ENCRYPTED
-+ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
-+
-+ ...base64 encoded data...
-+ -----END RSA PRIVATE KEY-----
-+
-+The line beginning with I<Proc-Type> contains the version and the
-+protection on the encapsulated data. The line beginning I<DEK-Info>
-+contains two comma separated values: the encryption algorithm name as
-+used by EVP_get_cipherbyname() and an initialization vector used by the
-+cipher encoded as a set of hexadecimal digits. After those two lines is
-+the base64-encoded encrypted data.
-+
-+The encryption key is derived using EVP_BytesToKey(). The cipher's
-+initialization vector is passed to EVP_BytesToKey() as the B<salt>
-+parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
-+(regardless of the size of the initialization vector). The user's
-+password is passed to EVP_BytesToKey() using the B<data> and B<datal>
-+parameters. Finally, the library uses an iteration count of 1 for
-+EVP_BytesToKey().
-+
-+The B<key> derived by EVP_BytesToKey() along with the original initialization
-+vector is then used to decrypt the encrypted data. The B<iv> produced by
-+EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
-+the function.
-+
-+The pseudo code to derive the key would look similar to:
-+
-+ EVP_CIPHER* cipher = EVP_des_ede3_cbc();
-+ EVP_MD* md = EVP_md5();
-+
-+ unsigned int nkey = EVP_CIPHER_key_length(cipher);
-+ unsigned int niv = EVP_CIPHER_iv_length(cipher);
-+ unsigned char key[nkey];
-+ unsigned char iv[niv];
-+
-+ memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
-+ rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
-+ if (rc != nkey) {
-+ /* Error */
-+ }
-+
-+ /* On success, use key and iv to initialize the cipher */
-+
-+=head1 BUGS
-+
-+The PEM read routines in some versions of OpenSSL will not correctly reuse
-+an existing structure. Therefore the following:
-+
-+ PEM_read_bio_X509(bp, &x, 0, NULL);
-+
-+where B<x> already contains a valid certificate, may not work, whereas:
-+
-+ X509_free(x);
-+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-+
-+is guaranteed to work.
-+
-+=head1 RETURN CODES
-+
-+The read routines return either a pointer to the structure read or NULL
-+if an error occurred.
-+
-+The write routines return 1 for success or 0 for failure.
-+
-+=head1 HISTORY
-+
-+The old Netscape certificate sequences were no longer documented
-+in OpenSSL 1.1; applications should use the PKCS7 standard instead
-+as they will be formally deprecated in a future releases.
-+
-+=head1 SEE ALSO
-+
-+L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/PEM_write_bio_CMS_stream.pod
-+++ b/doc/crypto/PEM_write_bio_CMS_stream.pod
-@@ -2,12 +2,11 @@
-
- =head1 NAME
-
-- PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
-+PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format
-
- =head1 SYNOPSIS
-
- #include <openssl/cms.h>
-- #include <openssl/pem.h>
-
- int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
-
-@@ -31,6 +30,7 @@ PEM_write_bio_CMS_stream() returns 1 for
- L<ERR_get_error(3)>, L<CMS_sign(3)>,
- L<CMS_verify(3)>, L<CMS_encrypt(3)>
- L<CMS_decrypt(3)>,
-+L<PEM_write(3)>,
- L<SMIME_write_CMS(3)>,
- L<i2d_CMS_bio_stream(3)>
-
-@@ -38,4 +38,13 @@ L<i2d_CMS_bio_stream(3)>
-
- PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PEM_write_bio_PKCS7_stream.pod
-+++ b/doc/crypto/PEM_write_bio_PKCS7_stream.pod
-@@ -2,12 +2,11 @@
-
- =head1 NAME
-
--PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format.
-+PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format
-
- =head1 SYNOPSIS
-
- #include <openssl/pkcs7.h>
-- #include <openssl/pem.h>
-
- int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
-
-@@ -38,4 +37,13 @@ L<i2d_PKCS7_bio_stream(3)>
-
- PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PKCS12_create.pod
-+++ b/doc/crypto/PKCS12_create.pod
-@@ -8,8 +8,9 @@ PKCS12_create - create a PKCS#12 structu
-
- #include <openssl/pkcs12.h>
-
-- PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
-- int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
-+ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
-+ X509 *cert, STACK_OF(X509) *ca,
-+ int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
-
- =head1 DESCRIPTION
-
-@@ -55,7 +56,7 @@ certificate is required. In previous ver
- a fatal error is returned.
-
- B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
--should be used.
-+should be used.
-
- B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
-
-@@ -63,4 +64,13 @@ B<mac_iter> can be set to -1 and the MAC
-
- L<d2i_PKCS12(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/PKCS12_newpass.pod
-@@ -0,0 +1,103 @@
-+=pod
-+
-+=head1 NAME
-+
-+PKCS12_newpass - change the password of a PKCS12 structure
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/pkcs12.h>
-+
-+ int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
-+
-+=head1 DESCRIPTION
-+
-+PKCS12_newpass() changes the password of a PKCS12 structure.
-+
-+B<p12> is a pointer to a PKCS12 structure. B<oldpass> is the existing password
-+and B<newpass> is the new password.
-+
-+=head1 RETURN VALUES
-+
-+PKCS12_newpass() returns 1 on success or 0 on failure. Applications can
-+retrieve the most recent error from PKCS12_newpass() with ERR_get_error().
-+
-+=head1 EXAMPLE
-+
-+This example loads a PKCS#12 file, changes its password and writes out
-+the result to a new file.
-+
-+ #include <stdio.h>
-+ #include <stdlib.h>
-+ #include <openssl/pem.h>
-+ #include <openssl/err.h>
-+ #include <openssl/pkcs12.h>
-+
-+ int main(int argc, char **argv)
-+ {
-+ FILE *fp;
-+ PKCS12 *p12;
-+ if (argc != 5) {
-+ fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
-+ return 1;
-+ }
-+ if ((fp = fopen(argv[1], "rb")) == NULL) {
-+ fprintf(stderr, "Error opening file %s\n", argv[1]);
-+ return 1;
-+ }
-+ p12 = d2i_PKCS12_fp(fp, NULL);
-+ fclose(fp);
-+ if (p12 == NULL) {
-+ fprintf(stderr, "Error reading PKCS#12 file\n");
-+ ERR_print_errors_fp(stderr);
-+ return 1;
-+ }
-+ if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
-+ fprintf(stderr, "Error changing password\n");
-+ ERR_print_errors_fp(stderr);
-+ PKCS12_free(p12);
-+ return 1;
-+ }
-+ if ((fp = fopen(argv[4], "wb")) == NULL) {
-+ fprintf(stderr, "Error opening file %s\n", argv[4]);
-+ PKCS12_free(p12);
-+ return 1;
-+ }
-+ i2d_PKCS12_fp(fp, p12);
-+ PKCS12_free(p12);
-+ fclose(fp);
-+ return 0;
-+ }
-+
-+
-+=head1 NOTES
-+
-+If the PKCS#12 structure does not have a password, then you must use the empty
-+string "" for B<oldpass>. Using NULL for B<oldpass> will result in a
-+PKCS12_newpass() failure.
-+
-+If the wrong password is used for B<oldpass> then the function will fail,
-+with a MAC verification error. In rare cases the PKCS12 structure does not
-+contain a MAC: in this case it will usually fail with a decryption padding
-+error.
-+
-+=head1 BUGS
-+
-+The password format is a NULL terminated ASCII string which is converted to
-+Unicode form internally. As a result some passwords cannot be supplied to
-+this function.
-+
-+=head1 SEE ALSO
-+
-+L<PKCS12_create(3)>, L<ERR_get_error(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/PKCS12_parse.pod
-+++ b/doc/crypto/PKCS12_parse.pod
-@@ -50,4 +50,13 @@ Attributes currently cannot be stored in
-
- L<d2i_PKCS12(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PKCS5_PBKDF2_HMAC.pod
-+++ b/doc/crypto/PKCS5_PBKDF2_HMAC.pod
-@@ -14,8 +14,8 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA
- int keylen, unsigned char *out);
-
- int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-- const unsigned char *salt, int saltlen, int iter,
-- int keylen, unsigned char *out);
-+ const unsigned char *salt, int saltlen, int iter,
-+ int keylen, unsigned char *out);
-
- =head1 DESCRIPTION
-
-@@ -31,7 +31,7 @@ B<salt> is NULL, then B<saltlen> must be
- attempt to calculate the length of the B<salt> because it is not assumed to
- be NULL terminated.
-
--B<iter> is the iteration count and its value should be greater than or
-+B<iter> is the iteration count and its value should be greater than or
- equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
- B<iter> less than 1 is treated as a single iteration.
-
-@@ -61,6 +61,13 @@ PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HM
- L<evp(3)>, L<rand(3)>,
- L<EVP_BytesToKey(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/PKCS7_decrypt.pod
-+++ b/doc/crypto/PKCS7_decrypt.pod
-@@ -45,4 +45,13 @@ mentioned in PKCS7_sign() also applies t
-
- L<ERR_get_error(3)>, L<PKCS7_encrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PKCS7_encrypt.pod
-+++ b/doc/crypto/PKCS7_encrypt.pod
-@@ -30,7 +30,7 @@ bit RC2. These can be used by passing EV
- respectively.
-
- The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
--its parameters.
-+its parameters.
-
- Many browsers implement a "sign and encrypt" option which is simply an S/MIME
- envelopedData containing an S/MIME signed message. This can be readily produced
-@@ -55,7 +55,7 @@ suitable for streaming I/O: no data is r
-
- If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
- complete and outputting its contents via a function that does not
--properly finalize the B<PKCS7> structure will give unpredictable
-+properly finalize the B<PKCS7> structure will give unpredictable
- results.
-
- Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
-@@ -76,4 +76,13 @@ L<ERR_get_error(3)>, L<PKCS7_decrypt(3)>
-
- The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PKCS7_sign.pod
-+++ b/doc/crypto/PKCS7_sign.pod
-@@ -15,7 +15,7 @@ PKCS7_sign - create a PKCS#7 signedData
- PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
- the certificate to sign with, B<pkey> is the corresponding private key.
- B<certs> is an optional additional set of certificates to include in the PKCS#7
--structure (for example any intermediate CAs in the chain).
-+structure (for example any intermediate CAs in the chain).
-
- The data to be signed is read from BIO B<data>.
-
-@@ -112,4 +112,13 @@ and B<pkey> parameters to be B<NULL> to
-
- The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PKCS7_sign_add_signer.pod
-+++ b/doc/crypto/PKCS7_sign_add_signer.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--PKCS7_sign_add_signer - add a signer PKCS7 signed data structure.
-+PKCS7_sign_add_signer - add a signer PKCS7 signed data structure
-
- =head1 SYNOPSIS
-
-@@ -44,7 +44,7 @@ digest value from the PKCS7 structure: t
- An error occurs if a matching digest value cannot be found to copy. The
- returned PKCS7 structure will be valid and finalized when this flag is set.
-
--If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the
-+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the
- B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
- can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
- needed to finalize it.
-@@ -67,7 +67,7 @@ these algorithms is disabled then it wil
-
-
- PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
--structure just added, this can be used to set additional attributes
-+structure just added, this can be used to set additional attributes
- before it is finalized.
-
- =head1 RETURN VALUES
-@@ -84,4 +84,13 @@ L<PKCS7_final(3)>,
-
- PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/PKCS7_verify.pod
-+++ b/doc/crypto/PKCS7_verify.pod
-@@ -8,8 +8,6 @@ PKCS7_verify, PKCS7_get0_signers - verif
-
- #include <openssl/pkcs7.h>
-
-- #define PKCS7_NO_DUAL_CONTENT
--
- int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-
- STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-@@ -61,7 +59,7 @@ Any of the following flags (ored togethe
- to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
- meaningful to PKCS7_get0_signers().
-
--If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
-+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
- searched when locating the signer's certificate. This means that all the signers
- certificates must be in the B<certs> parameter.
-
-@@ -86,7 +84,7 @@ certificates supplied in B<certs> then t
- signer cannot be found.
-
- Care should be taken when modifying the default verify behaviour, for example
--setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
-+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
- and any signed message will be considered valid. This combination is however
- useful if one merely wishes to write the content to B<out> and its validity
- is not considered important.
-@@ -118,4 +116,13 @@ mentioned in PKCS7_sign() also applies t
-
- L<ERR_get_error(3)>, L<PKCS7_sign(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RAND_add.pod
-+++ b/doc/crypto/RAND_add.pod
-@@ -15,8 +15,10 @@ entropy to the PRNG
-
- int RAND_status(void);
-
-+ #if OPENSSL_API_COMPAT < 0x10100000L
- int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
- void RAND_screen(void);
-+ #endif
-
- =head1 DESCRIPTION
-
-@@ -42,30 +44,36 @@ or L<RAND_load_file(3)>.
-
- RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
-
--RAND_event() collects the entropy from Windows events such as mouse
--movements and other user interaction. It should be called with the
--B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
--the window procedure. It will estimate the entropy contained in the
--event message (if any), and add it to the PRNG. The program can then
--process the messages as usual.
--
--The RAND_screen() function is available for the convenience of Windows
--programmers. It adds the current contents of the screen to the PRNG.
--For applications that can catch Windows events, seeding the PRNG by
--calling RAND_event() is a significantly better source of
--randomness. It should be noted that both methods cannot be used on
--servers that run without user interaction.
-+RAND_event() and RAND_screen() are deprecated and should not be called.
-
- =head1 RETURN VALUES
-
--RAND_status() and RAND_event() return 1 if the PRNG has been seeded
-+RAND_status() returns 1 if the PRNG has been seeded
- with enough data, 0 otherwise.
-
-+RAND_event() calls RAND_poll() and returns RAND_status().
-+
-+RAND_screen calls RAND_poll().
-+
- The other functions do not return values.
-
-+=head1 HISTORY
-+
-+RAND_event() and RAND_screen() are deprecated since OpenSSL
-+1.1.0. Use the functions described above instead.
-+
- =head1 SEE ALSO
-
- L<rand(3)>, L<RAND_egd(3)>,
- L<RAND_load_file(3)>, L<RAND_cleanup(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RAND_bytes.pod
-+++ b/doc/crypto/RAND_bytes.pod
-@@ -46,4 +46,13 @@ method.
- L<rand(3)>, L<ERR_get_error(3)>,
- L<RAND_add(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RAND_cleanup.pod
-+++ b/doc/crypto/RAND_cleanup.pod
-@@ -30,4 +30,13 @@ L<rand(3)>
-
- RAND_cleanup() was deprecated in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RAND_egd.pod
-+++ b/doc/crypto/RAND_egd.pod
-@@ -75,4 +75,13 @@ success, and -1 if the connection failed
- L<rand(3)>, L<RAND_add(3)>,
- L<RAND_cleanup(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RAND_load_file.pod
-+++ b/doc/crypto/RAND_load_file.pod
-@@ -18,9 +18,31 @@ RAND_load_file, RAND_write_file, RAND_fi
-
- RAND_file_name() generates a default path for the random seed
- file. B<buf> points to a buffer of size B<num> in which to store the
--filename. The seed file is $RANDFILE if that environment variable is
--set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
--too small for the path name, an error occurs.
-+filename.
-+
-+On all systems, if the environment variable B<RANDFILE> is set, its
-+value will be used as the seed file name.
-+
-+Otherwise, the file is called ".rnd", found in platform dependent locations:
-+
-+=over 4
-+
-+=item On Windows (in order of preference)
-+
-+%HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\
-+
-+=item On VMS
-+
-+SYS$LOGIN:
-+
-+=item On all other systems
-+
-+$HOME
-+
-+=back
-+
-+If C<$HOME> (on non-Windows and non-VMS system) is not set either, or
-+B<num> is too small for the path name, an error occurs.
-
- RAND_load_file() reads a number of bytes from file B<filename> and
- adds them to the PRNG. If B<max_bytes> is non-negative,
-@@ -45,4 +67,13 @@ error.
-
- L<rand(3)>, L<RAND_add(3)>, L<RAND_cleanup(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RAND_set_rand_method.pod
-+++ b/doc/crypto/RAND_set_rand_method.pod
-@@ -42,7 +42,7 @@ API is being used, so this function is n
- void (*cleanup)(void);
- void (*add)(const void *buf, int num, int entropy);
- int (*pseudorand)(unsigned char *buf, int num);
-- int (*status)(void);
-+ int (*status)(void);
- } RAND_METHOD;
-
- The components point to method implementations used by (or called by), in order,
-@@ -69,4 +69,13 @@ algorithms.
-
- L<rand(3)>, L<engine(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/RC4_set_key.pod
-@@ -0,0 +1,66 @@
-+=pod
-+
-+=head1 NAME
-+
-+RC4_set_key, RC4 - RC4 encryption
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/rc4.h>
-+
-+ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-+
-+ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
-+ unsigned char *outdata);
-+
-+=head1 DESCRIPTION
-+
-+This library implements the Alleged RC4 cipher, which is described for
-+example in I<Applied Cryptography>. It is believed to be compatible
-+with RC4[TM], a proprietary cipher of RSA Security Inc.
-+
-+RC4 is a stream cipher with variable key length. Typically, 128 bit
-+(16 byte) keys are used for strong encryption, but shorter insecure
-+key sizes have been widely used due to export restrictions.
-+
-+RC4 consists of a key setup phase and the actual encryption or
-+decryption phase.
-+
-+RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
-+key at B<data>.
-+
-+RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
-+B<key> and places the result at B<outdata>. Repeated RC4() calls with
-+the same B<key> yield a continuous key stream.
-+
-+Since RC4 is a stream cipher (the input is XORed with a pseudo-random
-+key stream to produce the output), decryption uses the same function
-+calls as encryption.
-+
-+=head1 RETURN VALUES
-+
-+RC4_set_key() and RC4() do not return values.
-+
-+=head1 NOTE
-+
-+Applications should use the higher level functions
-+L<EVP_EncryptInit(3)> etc. instead of calling these
-+functions directly.
-+
-+It is difficult to securely use stream ciphers. For example, do not perform
-+multiple encryptions using the same key stream.
-+
-+=head1 SEE ALSO
-+
-+L<EVP_EncryptInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/RIPEMD160_Init.pod
-@@ -0,0 +1,72 @@
-+=pod
-+
-+=head1 NAME
-+
-+RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
-+RIPEMD-160 hash function
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ripemd.h>
-+
-+ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
-+ unsigned char *md);
-+
-+ int RIPEMD160_Init(RIPEMD160_CTX *c);
-+ int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
-+ unsigned long len);
-+ int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-+
-+=head1 DESCRIPTION
-+
-+RIPEMD-160 is a cryptographic hash function with a
-+160 bit output.
-+
-+RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
-+bytes at B<d> and places it in B<md> (which must have space for
-+RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
-+is placed in a static array.
-+
-+The following functions may be used if the message is not completely
-+stored in memory:
-+
-+RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
-+
-+RIPEMD160_Update() can be called repeatedly with chunks of the message to
-+be hashed (B<len> bytes at B<data>).
-+
-+RIPEMD160_Final() places the message digest in B<md>, which must have
-+space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
-+the B<RIPEMD160_CTX>.
-+
-+=head1 RETURN VALUES
-+
-+RIPEMD160() returns a pointer to the hash value.
-+
-+RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
-+success, 0 otherwise.
-+
-+=head1 NOTE
-+
-+Applications should use the higher level functions
-+L<EVP_DigestInit(3)> etc. instead of calling these
-+functions directly.
-+
-+=head1 CONFORMING TO
-+
-+ISO/IEC 10118-3 (draft) (??)
-+
-+=head1 SEE ALSO
-+
-+L<EVP_DigestInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/RSA_blinding_on.pod
-+++ b/doc/crypto/RSA_blinding_on.pod
-@@ -32,8 +32,13 @@ RSA_blinding_on() returns 1 on success,
-
- RSA_blinding_off() returns no value.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--L<rsa(3)>, L<rand(3)>
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/RSA_check_key.pod
-+++ b/doc/crypto/RSA_check_key.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--RSA_check_key - validate private RSA keys
-+RSA_check_key_ex, RSA_check_key - validate private RSA keys
-
- =head1 SYNOPSIS
-
-@@ -66,11 +66,19 @@ provide their own verifiers.
- =head1 SEE ALSO
-
- L<BN_is_prime_ex(3)>,
--L<rsa(3)>,
- L<ERR_get_error(3)>
-
- =head1 HISTORY
-
- RSA_check_key_ex() appeared after OpenSSL 1.0.2.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_generate_key.pod
-+++ b/doc/crypto/RSA_generate_key.pod
-@@ -14,7 +14,7 @@ RSA_generate_key_ex, RSA_generate_key -
-
- #if OPENSSL_API_COMPAT < 0x00908000L
- RSA *RSA_generate_key(int num, unsigned long e,
-- void (*callback)(int,int,void *), void *cb_arg);
-+ void (*callback)(int, int, void *), void *cb_arg);
- #endif
-
- =head1 DESCRIPTION
-@@ -72,7 +72,16 @@ RSA_generate_key() goes into an infinite
-
- =head1 SEE ALSO
-
--L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
--L<RSA_free(3)>, L<BN_generate_prime(3)>
-+L<ERR_get_error(3)>, L<rand(3)>,
-+L<RSA_generate_key(3)>, L<BN_generate_prime(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/RSA_get0_key.pod
-+++ b/doc/crypto/RSA_get0_key.pod
-@@ -13,11 +13,13 @@ and setting data in an RSA object
-
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
- int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-- int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-- void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d);
-- void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q);
-+ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-+ void RSA_get0_key(const RSA *r,
-+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
- void RSA_get0_crt_params(const RSA *r,
-- BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp);
-+ const BIGNUM **dmp1, const BIGNUM **dmq1,
-+ const BIGNUM **iqmp);
- void RSA_clear_flags(RSA *r, int flags);
- int RSA_test_flags(const RSA *r, int flags);
- void RSA_set_flags(RSA *r, int flags);
-@@ -43,10 +45,13 @@ by the caller.
-
- The B<n>, B<e> and B<d> parameter values can be set by calling
- RSA_set0_key() and passing the new values for B<n>, B<e> and B<d> as
--parameters to the function. Calling this function transfers the memory
--management of the values to the RSA object, and therefore the values
--that have been passed in should not be freed by the caller after this
--function has been called.
-+parameters to the function. The values B<n> and B<e> must be non-NULL
-+the first time this function is called on a given RSA object. The
-+value B<d> may be NULL. On subsequent calls any of these values may be
-+NULL which means the corresponding RSA field is left untouched.
-+Calling this function transfers the memory management of the values to
-+the RSA object, and therefore the values that have been passed in
-+should not be freed by the caller after this function has been called.
-
- In a similar fashion, the B<p> and B<q> parameters can be obtained and
- set with RSA_get0_factors() and RSA_set0_factors(), and the B<dmp1>,
-@@ -65,6 +70,14 @@ RSA object.
- RSA_get0_engine() returns a handle to the ENGINE that has been set for
- this RSA object, or NULL if no such ENGINE has been set.
-
-+=head1 NOTES
-+
-+Values retrieved with RSA_get0_key() are owned by the RSA object used
-+in the call and may therefore I<not> be passed to RSA_set0_key(). If
-+needed, duplicate the received value using BN_dup() and pass the
-+duplicate. The same applies to RSA_get0_factors() and RSA_set0_factors()
-+as well as RSA_get0_crt_params() and RSA_set0_crt_params().
-+
- =head1 RETURN VALUES
-
- RSA_set0_key(), RSA_set0_factors and RSA_set0_crt_params() return 1 on
-@@ -83,4 +96,13 @@ L<rsa(3)>, L<RSA_new(3)>, L<RSA_size(3)>
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_meth_new.pod
-+++ b/doc/crypto/RSA_meth_new.pod
-@@ -2,9 +2,10 @@
-
- =head1 NAME
-
-+RSA_meth_get0_app_data, RSA_meth_set0_app_data,
- RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
- RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
--RSA_meth_get_app_data, RSA_meth_set_app_data, RSA_meth_get_pub_enc,
-+RSA_meth_get_pub_enc,
- RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
- RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
- RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
-@@ -215,11 +216,20 @@ success or 0 on failure.
-
- =head1 SEE ALSO
-
--L<rsa(3)>, L<RSA_new(3)>, L<RSA_generate_key(3)>, L<RSA_sign(3)>,
-+L<RSA_new(3)>, L<RSA_generate_key(3)>, L<RSA_sign(3)>,
- L<RSA_set_method(3)>, L<RSA_size(3)>, L<RSA_get0_key(3)>
-
- =head1 HISTORY
-
- The functions described here were added in OpenSSL version 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_new.pod
-+++ b/doc/crypto/RSA_new.pod
-@@ -31,8 +31,17 @@ RSA_free() returns no value.
-
- =head1 SEE ALSO
-
--L<ERR_get_error(3)>, L<rsa(3)>,
-+L<ERR_get_error(3)>,
- L<RSA_generate_key(3)>,
- L<RSA_new_method(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
-+++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
-@@ -110,4 +110,13 @@ L<RSA_public_encrypt(3)>,
- L<RSA_private_decrypt(3)>,
- L<RSA_sign(3)>, L<RSA_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_print.pod
-+++ b/doc/crypto/RSA_print.pod
-@@ -38,6 +38,15 @@ These functions return 1 on success, 0 o
-
- =head1 SEE ALSO
-
--L<dh(3)>, L<dsa(3)>, L<rsa(3)>, L<BN_bn2bin(3)>
-+L<BN_bn2bin(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/RSA_private_encrypt.pod
-+++ b/doc/crypto/RSA_private_encrypt.pod
-@@ -11,7 +11,7 @@ RSA_private_encrypt, RSA_public_decrypt
- int RSA_private_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
-- int RSA_public_decrypt(int flen, unsigned char *from,
-+ int RSA_public_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- =head1 DESCRIPTION
-@@ -59,7 +59,16 @@ obtained by L<ERR_get_error(3)>.
-
- =head1 SEE ALSO
-
--L<ERR_get_error(3)>, L<rsa(3)>,
-+L<ERR_get_error(3)>,
- L<RSA_sign(3)>, L<RSA_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_public_encrypt.pod
-+++ b/doc/crypto/RSA_public_encrypt.pod
-@@ -73,7 +73,16 @@ SSL, PKCS #1 v2.0
-
- =head1 SEE ALSO
-
--L<ERR_get_error(3)>, L<rand(3)>, L<rsa(3)>,
-+L<ERR_get_error(3)>, L<rand(3)>,
- L<RSA_size(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_set_method.pod
-+++ b/doc/crypto/RSA_set_method.pod
-@@ -43,7 +43,7 @@ been set as a default for RSA, so this f
-
- RSA_get_default_method() returns a pointer to the current default
- RSA_METHOD. However, the meaningfulness of this result is dependent on
--whether the ENGINE API is being used, so this function is no longer
-+whether the ENGINE API is being used, so this function is no longer
- recommended.
-
- RSA_set_method() selects B<meth> to perform all operations using the key
-@@ -80,56 +80,56 @@ the default method is used.
- typedef struct rsa_meth_st
- {
- /* name of the implementation */
-- const char *name;
-+ const char *name;
-
- /* encrypt */
-- int (*rsa_pub_enc)(int flen, unsigned char *from,
-+ int (*rsa_pub_enc)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* verify arbitrary data */
-- int (*rsa_pub_dec)(int flen, unsigned char *from,
-+ int (*rsa_pub_dec)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* sign arbitrary data */
-- int (*rsa_priv_enc)(int flen, unsigned char *from,
-+ int (*rsa_priv_enc)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* decrypt */
-- int (*rsa_priv_dec)(int flen, unsigned char *from,
-+ int (*rsa_priv_dec)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
- implementations) */
-- int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-+ int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-
- /* compute r = a ^ p mod m (May be NULL for some implementations) */
-- int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-+ int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
- /* called at RSA_new */
-- int (*init)(RSA *rsa);
-+ int (*init)(RSA *rsa);
-
- /* called at RSA_free */
-- int (*finish)(RSA *rsa);
-+ int (*finish)(RSA *rsa);
-
- /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
- * operations, even if p,q,dmp1,dmq1,iqmp
- * are NULL
- * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
- */
-- int flags;
-+ int flags;
-
-- char *app_data; /* ?? */
-+ char *app_data; /* ?? */
-
-- int (*rsa_sign)(int type,
-- const unsigned char *m, unsigned int m_length,
-- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-- int (*rsa_verify)(int dtype,
-- const unsigned char *m, unsigned int m_length,
-- const unsigned char *sigbuf, unsigned int siglen,
-- const RSA *rsa);
-+ int (*rsa_sign)(int type,
-+ const unsigned char *m, unsigned int m_length,
-+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-+ int (*rsa_verify)(int dtype,
-+ const unsigned char *m, unsigned int m_length,
-+ const unsigned char *sigbuf, unsigned int siglen,
-+ const RSA *rsa);
- /* keygen. If NULL builtin RSA key generation will be used */
-- int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-+ int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-
- } RSA_METHOD;
-
-@@ -166,6 +166,15 @@ not currently exist).
-
- =head1 SEE ALSO
-
--L<rsa(3)>, L<RSA_new(3)>
-+L<RSA_new(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/RSA_sign.pod
-+++ b/doc/crypto/RSA_sign.pod
-@@ -50,7 +50,16 @@ SSL, PKCS #1 v2.0
- =head1 SEE ALSO
-
- L<ERR_get_error(3)>,
--L<rsa(3)>, L<RSA_private_encrypt(3)>,
--L<RSA_public_decrypt(3)>
-+L<RSA_private_encrypt(3)>,
-+L<RSA_public_decrypt(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
-+++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
-@@ -48,7 +48,16 @@ These functions serve no recognizable pu
- =head1 SEE ALSO
-
- L<ERR_get_error(3)>,
--L<rand(3)>, L<rsa(3)>, L<RSA_sign(3)>,
-+L<rand(3)>, L<RSA_sign(3)>,
- L<RSA_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/RSA_size.pod
-+++ b/doc/crypto/RSA_size.pod
-@@ -28,10 +28,19 @@ The size.
-
- =head1 SEE ALSO
-
--L<rsa(3)>, L<BN_num_bits(3)>
-+L<BN_num_bits(3)>
-
- =head1 HISTORY
-
- RSA_bits() was added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/SHA256_Init.pod
-@@ -0,0 +1,108 @@
-+=pod
-+
-+=head1 NAME
-+
-+SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update,
-+SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384,
-+SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
-+SHA512_Final - Secure Hash Algorithm
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/sha.h>
-+
-+ int SHA1_Init(SHA_CTX *c);
-+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
-+ unsigned char *SHA1(const unsigned char *d, size_t n,
-+ unsigned char *md);
-+
-+ int SHA224_Init(SHA256_CTX *c);
-+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-+ unsigned char *SHA224(const unsigned char *d, size_t n,
-+ unsigned char *md);
-+
-+ int SHA256_Init(SHA256_CTX *c);
-+ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-+ int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-+ unsigned char *SHA256(const unsigned char *d, size_t n,
-+ unsigned char *md);
-+
-+ int SHA384_Init(SHA512_CTX *c);
-+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-+ unsigned char *SHA384(const unsigned char *d, size_t n,
-+ unsigned char *md);
-+
-+ int SHA512_Init(SHA512_CTX *c);
-+ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-+ int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-+ unsigned char *SHA512(const unsigned char *d, size_t n,
-+ unsigned char *md);
-+
-+=head1 DESCRIPTION
-+
-+Applications should use the higher level functions
-+L<EVP_DigestInit(3)> etc. instead of calling the hash
-+functions directly.
-+
-+SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
-+160 bit output.
-+
-+SHA1() computes the SHA-1 message digest of the B<n>
-+bytes at B<d> and places it in B<md> (which must have space for
-+SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
-+is placed in a static array. Note: setting B<md> to NULL is B<not thread safe>.
-+
-+The following functions may be used if the message is not completely
-+stored in memory:
-+
-+SHA1_Init() initializes a B<SHA_CTX> structure.
-+
-+SHA1_Update() can be called repeatedly with chunks of the message to
-+be hashed (B<len> bytes at B<data>).
-+
-+SHA1_Final() places the message digest in B<md>, which must have space
-+for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
-+
-+The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the
-+same way as for the SHA1 functions. Note that SHA224 and SHA256 use a
-+B<SHA256_CTX> object instead of B<SHA_CTX>. SHA384 and SHA512 use B<SHA512_CTX>.
-+The buffer B<md> must have space for the output from the SHA variant being used
-+(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and
-+SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the
-+SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if
-+B<md> is NULL.
-+
-+The predecessor of SHA-1, SHA, is also implemented, but it should be
-+used only when backward compatibility is required.
-+
-+=head1 RETURN VALUES
-+
-+SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
-+value.
-+
-+SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256,
-+SHA384 and SHA512 functions return 1 for success, 0 otherwise.
-+
-+=head1 CONFORMING TO
-+
-+US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash
-+Standard),
-+ANSI X9.30
-+
-+=head1 SEE ALSO
-+
-+L<EVP_DigestInit(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/SMIME_read_CMS.pod
-+++ b/doc/crypto/SMIME_read_CMS.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- SMIME_read_CMS - parse S/MIME message.
-+SMIME_read_CMS - parse S/MIME message
-
- =head1 SYNOPSIS
-
-@@ -63,4 +63,13 @@ L<SMIME_read_CMS(3)>, L<CMS_sign(3)>,
- L<CMS_verify(3)>, L<CMS_encrypt(3)>
- L<CMS_decrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/SMIME_read_PKCS7.pod
-+++ b/doc/crypto/SMIME_read_PKCS7.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SMIME_read_PKCS7 - parse S/MIME message.
-+SMIME_read_PKCS7 - parse S/MIME message
-
- =head1 SYNOPSIS
-
-@@ -66,4 +66,13 @@ L<SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)>
- L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
- L<PKCS7_decrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/SMIME_write_CMS.pod
-+++ b/doc/crypto/SMIME_write_CMS.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- SMIME_write_CMS - convert CMS structure to S/MIME format.
-+SMIME_write_CMS - convert CMS structure to S/MIME format
-
- =head1 SYNOPSIS
-
-@@ -57,4 +57,13 @@ L<ERR_get_error(3)>, L<CMS_sign(3)>,
- L<CMS_verify(3)>, L<CMS_encrypt(3)>
- L<CMS_decrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/SMIME_write_PKCS7.pod
-+++ b/doc/crypto/SMIME_write_PKCS7.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
-+SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format
-
- =head1 SYNOPSIS
-
-@@ -58,4 +58,13 @@ L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
- L<PKCS7_verify(3)>, L<PKCS7_encrypt(3)>
- L<PKCS7_decrypt(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/UI_new.pod
-@@ -0,0 +1,186 @@
-+=pod
-+
-+=head1 NAME
-+
-+UI, UI_METHOD,
-+UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
-+UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
-+UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
-+UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
-+UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
-+UI_set_method, UI_OpenSSL, - user interface
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ui.h>
-+
-+ typedef struct ui_st UI;
-+ typedef struct ui_method_st UI_METHOD;
-+
-+ UI *UI_new(void);
-+ UI *UI_new_method(const UI_METHOD *method);
-+ void UI_free(UI *ui);
-+
-+ int UI_add_input_string(UI *ui, const char *prompt, int flags,
-+ char *result_buf, int minsize, int maxsize);
-+ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-+ char *result_buf, int minsize, int maxsize);
-+ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-+ char *result_buf, int minsize, int maxsize, const char *test_buf);
-+ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-+ char *result_buf, int minsize, int maxsize, const char *test_buf);
-+ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-+ const char *ok_chars, const char *cancel_chars,
-+ int flags, char *result_buf);
-+ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-+ const char *ok_chars, const char *cancel_chars,
-+ int flags, char *result_buf);
-+ int UI_add_info_string(UI *ui, const char *text);
-+ int UI_dup_info_string(UI *ui, const char *text);
-+ int UI_add_error_string(UI *ui, const char *text);
-+ int UI_dup_error_string(UI *ui, const char *text);
-+
-+ char *UI_construct_prompt(UI *ui_method,
-+ const char *object_desc, const char *object_name);
-+
-+ void *UI_add_user_data(UI *ui, void *user_data);
-+ void *UI_get0_user_data(UI *ui);
-+
-+ const char *UI_get0_result(UI *ui, int i);
-+
-+ int UI_process(UI *ui);
-+
-+ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
-+
-+ void UI_set_default_method(const UI_METHOD *meth);
-+ const UI_METHOD *UI_get_default_method(void);
-+ const UI_METHOD *UI_get_method(UI *ui);
-+ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-+
-+ UI_METHOD *UI_OpenSSL(void);
-+
-+=head1 DESCRIPTION
-+
-+UI stands for User Interface, and is general purpose set of routines to
-+prompt the user for text-based information. Through user-written methods
-+(see L<ui_create(3)>), prompting can be done in any way
-+imaginable, be it plain text prompting, through dialog boxes or from a
-+cell phone.
-+
-+All the functions work through a context of the type UI. This context
-+contains all the information needed to prompt correctly as well as a
-+reference to a UI_METHOD, which is an ordered vector of functions that
-+carry out the actual prompting.
-+
-+The first thing to do is to create a UI with UI_new() or UI_new_method(),
-+then add information to it with the UI_add or UI_dup functions. Also,
-+user-defined random data can be passed down to the underlying method
-+through calls to UI_add_user_data. The default UI method doesn't care
-+about these data, but other methods might. Finally, use UI_process()
-+to actually perform the prompting and UI_get0_result() to find the result
-+to the prompt.
-+
-+A UI can contain more than one prompt, which are performed in the given
-+sequence. Each prompt gets an index number which is returned by the
-+UI_add and UI_dup functions, and has to be used to get the corresponding
-+result with UI_get0_result().
-+
-+The functions are as follows:
-+
-+UI_new() creates a new UI using the default UI method. When done with
-+this UI, it should be freed using UI_free().
-+
-+UI_new_method() creates a new UI using the given UI method. When done with
-+this UI, it should be freed using UI_free().
-+
-+UI_OpenSSL() returns the built-in UI method (note: not the default one,
-+since the default can be changed. See further on). This method is the
-+most machine/OS dependent part of OpenSSL and normally generates the
-+most problems when porting.
-+
-+UI_free() removes a UI from memory, along with all other pieces of memory
-+that's connected to it, like duplicated input strings, results and others.
-+If B<ui> is NULL nothing is done.
-+
-+UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
-+as well as flags and a result buffer and the desired minimum and maximum
-+sizes of the result, not counting the final NUL character. The given
-+information is used to prompt for information, for example a password,
-+and to verify a password (i.e. having the user enter it twice and check
-+that the same string was entered twice). UI_add_verify_string() takes
-+and extra argument that should be a pointer to the result buffer of the
-+input string that it's supposed to verify, or verification will fail.
-+
-+UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
-+in a boolean way, with a single character for yes and a different character
-+for no. A set of characters that can be used to cancel the prompt is given
-+as well. The prompt itself is divided in two, one part being the
-+descriptive text (given through the I<prompt> argument) and one describing
-+the possible answers (given through the I<action_desc> argument).
-+
-+UI_add_info_string() and UI_add_error_string() add strings that are shown at
-+the same time as the prompt for extra information or to show an error string.
-+The difference between the two is only conceptual. With the builtin method,
-+there's no technical difference between them. Other methods may make a
-+difference between them, however.
-+
-+The flags currently supported are B<UI_INPUT_FLAG_ECHO>, which is relevant for
-+UI_add_input_string() and will have the users response be echoed (when
-+prompting for a password, this flag should obviously not be used, and
-+B<UI_INPUT_FLAG_DEFAULT_PWD>, which means that a default password of some
-+sort will be used (completely depending on the application and the UI
-+method).
-+
-+UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
-+UI_dup_info_string() and UI_dup_error_string() are basically the same
-+as their UI_add counterparts, except that they make their own copies
-+of all strings.
-+
-+UI_construct_prompt() is a helper function that can be used to create
-+a prompt from two pieces of information: an description and a name.
-+The default constructor (if there is none provided by the method used)
-+creates a string "Enter I<description> for I<name>:". With the
-+description "pass phrase" and the file name "foo.key", that becomes
-+"Enter pass phrase for foo.key:". Other methods may create whatever
-+string and may include encodings that will be processed by the other
-+method functions.
-+
-+UI_add_user_data() adds a piece of memory for the method to use at any
-+time. The builtin UI method doesn't care about this info. Note that several
-+calls to this function doesn't add data, it replaces the previous blob
-+with the one given as argument.
-+
-+UI_get0_user_data() retrieves the data that has last been given to the
-+UI with UI_add_user_data().
-+
-+UI_get0_result() returns a pointer to the result buffer associated with
-+the information indexed by I<i>.
-+
-+UI_process() goes through the information given so far, does all the printing
-+and prompting and returns.
-+
-+UI_ctrl() adds extra control for the application author. For now, it
-+understands two commands: B<UI_CTRL_PRINT_ERRORS>, which makes UI_process()
-+print the OpenSSL error stack as part of processing the UI, and
-+B<UI_CTRL_IS_REDOABLE>, which returns a flag saying if the used UI can
-+be used again or not.
-+
-+UI_set_default_method() changes the default UI method to the one given.
-+
-+UI_get_default_method() returns a pointer to the current default UI method.
-+
-+UI_get_method() returns the UI method associated with a given UI.
-+
-+UI_set_method() changes the UI method associated with a given UI.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509V3_get_d2i.pod
-+++ b/doc/crypto/X509V3_get_d2i.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
- X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
- X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
- X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
-@@ -11,7 +12,7 @@ X509_REVOKED_add1_ext_i2d - X509 extensi
-
- #include <openssl/x509v3.h>
-
-- void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
-+ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
- int *idx);
- int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
- int crit, unsigned long flags);
-@@ -19,21 +20,21 @@ X509_REVOKED_add1_ext_i2d - X509 extensi
- void *X509V3_EXT_d2i(X509_EXTENSION *ext);
- X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
-
-- void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-+ void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
- int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
- unsigned long flags);
-
-- void *X509_CRL_get_ext_d2i(X509_CRL *crl, int nid, int *crit, int *idx);
-+ void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
- int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
- unsigned long flags);
-
-- void *X509_REVOKED_get_ext_d2i(X509_REVOKED *r, int nid, int *crit, int *idx);
-+ void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
- int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
- unsigned long flags);
-
- STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
- STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
-- STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
-+ STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
-
- =head1 DESCRIPTION
-
-@@ -88,7 +89,7 @@ exist.
- B<X509V3_ADD_APPEND> appends a new extension, ignoring whether the extension
- already exists.
-
--B<X509V3_ADD_REPLACE> replaces an extension if it exists otherwise apppends
-+B<X509V3_ADD_REPLACE> replaces an extension if it exists otherwise appends
- a new extension.
-
- B<X509V3_ADD_REPLACE_EXISTING> replaces an existing extension if it exists
-@@ -98,7 +99,7 @@ B<X509V3_ADD_KEEP_EXISTING> appends a ne
- not already exist. An error B<is not> returned if the extension does already
- exist.
-
--B<X509V3_ADD_DELETE> extension B<nid> is deleted: no new extenion is added.
-+B<X509V3_ADD_DELETE> extension B<nid> is deleted: no new extension is added.
-
- If B<X509V3_ADD_SILENT> is ored with B<flags>: any error returned will not
- be added to the error queue.
-@@ -112,7 +113,7 @@ determine the precise reason by checking
- The following sections contain a list of all supported extensions
- including their name and NID.
-
--=head2 PKIX CERTIFICATE EXTENSIONS
-+=head2 PKIX Certificate Extensions
-
- The following certificate extensions are defined in PKIX standards such as
- RFC5280.
-@@ -141,7 +142,7 @@ RFC5280.
-
- TLS Feature NID_tlsfeature
-
--=head2 NETSCAPE CERTIFICATE EXTENSIONS
-+=head2 Netscape Certificate Extensions
-
- The following are (largely obsolete) Netscape certificate extensions.
-
-@@ -154,12 +155,12 @@ The following are (largely obsolete) Net
- Netscape SSL Server Name NID_netscape_ssl_server_name
- Netscape Comment NID_netscape_comment
-
--=head2 MISCELLANEOUS CERTIFICATE EXTENSIONS
-+=head2 Miscellaneous Certificate Extensions
-
- Strong Extranet ID NID_sxnet
- Proxy Certificate Information NID_proxyCertInfo
-
--=head2 PKIX CRL EXTENSIONS
-+=head2 PKIX CRL Extensions
-
- The following are CRL extensions from PKIX standards such as RFC5280.
-
-@@ -175,7 +176,7 @@ The following are CRL entry extensions f
- CRL Reason Code NID_crl_reason
- Certificate Issuer NID_certificate_issuer
-
--=head2 OCSP EXTENSIONS
-+=head2 OCSP Extensions
-
- OCSP Nonce NID_id_pkix_OCSP_Nonce
- OCSP CRL ID NID_id_pkix_OCSP_CrlID
-@@ -185,7 +186,7 @@ The following are CRL entry extensions f
- OCSP Service Locator NID_id_pkix_OCSP_serviceLocator
- Hold Instruction Code NID_hold_instruction_code
-
--=head2 CERTIFICATE TRANSPARENCY EXTENSIONS
-+=head2 Certificate Transparency Extensions
-
- The following extensions are used by certificate transparency, RFC6962
-
-@@ -206,7 +207,7 @@ cannot be encoded) or -1 due to a fatal
- failure.
-
- X509_get0_extensions(), X509_CRL_get0_extensions() and
--X509_REVOKED_get0_extensions() return a stack of extensions. They can return
-+X509_REVOKED_get0_extensions() return a stack of extensions. They return
- NULL if no extensions are present.
-
- =head1 SEE ALSO
-@@ -228,4 +229,13 @@ L<X509_new(3)>,
- L<X509_sign(3)>,
- L<X509_verify_cert(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/X509_ALGOR_dup.pod
-@@ -0,0 +1,48 @@
-+=pod
-+
-+=head1 NAME
-+
-+X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
-+ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-+ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-+ X509_ALGOR *alg);
-+ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
-+ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
-+
-+=head1 DESCRIPTION
-+
-+X509_ALGOR_dup() returns a copy of B<alg>.
-+
-+X509_ALGOR_set0() sets the algorithm OID of B<alg> to B<aobj> and the
-+associated parameter type to B<ptype> with value B<pval>. If B<ptype> is
-+B<V_ASN1_UNDEF> the parameter is omitted, otherwise B<ptype> and B<pval> have
-+the same meaning as the B<type> and B<value> parameters to ASN1_TYPE_set().
-+All the supplied parameters are used internally so must B<NOT> be freed after
-+this call.
-+
-+X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the
-+algorithm OID in B<*paobj> and the associated parameter in B<*pptype>
-+and B<*ppval> from the B<AlgorithmIdentifier> B<alg>.
-+
-+X509_ALGOR_set_md() sets the B<AlgorithmIdentifier> B<alg> to appropriate
-+values for the message digest B<md>.
-+
-+X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
-+encodings and non-zero otherwise.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_CRL_get0_by_serial.pod
-+++ b/doc/crypto/X509_CRL_get0_by_serial.pod
-@@ -6,7 +6,7 @@ X509_CRL_get0_by_serial, X509_CRL_get0_b
- X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate,
- X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate,
- X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility
--functions.
-+functions
-
- =head1 SYNOPSIS
-
-@@ -100,4 +100,13 @@ L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_EXTENSION_set_object.pod
-+++ b/doc/crypto/X509_EXTENSION_set_object.pod
-@@ -1,10 +1,12 @@
-+=pod
-+
- =head1 NAME
-
- X509_EXTENSION_set_object, X509_EXTENSION_set_critical,
- X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID,
- X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object,
- X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility
--functions.
-+functions
-
- =head1 SYNOPSIS
-
-@@ -20,7 +22,7 @@ functions.
- ASN1_OCTET_STRING *data);
-
- ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
-- int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-+ int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
- ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-
- =head1 DESCRIPTION
-@@ -81,3 +83,14 @@ X509_EXTENSION_get_data() returns an B<A
- =head1 SEE ALSO
-
- L<X509V3_get_d2i(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_LOOKUP_hash_dir.pod
-+++ b/doc/crypto/X509_LOOKUP_hash_dir.pod
-@@ -51,7 +51,7 @@ L<X509_STORE_set_default_paths(3)>.
-
-
- Functions return number of objects loaded from file or 0 in case of
--error.
-+error.
-
- Both methods support adding several certificate locations into one
- B<X509_STORE>.
-@@ -59,7 +59,7 @@ B<X509_STORE>.
- This page documents certificate store formats used by these methods and
- caching policy.
-
--=head2 FILE METHOD
-+=head2 File Method
-
- The B<X509_LOOKUP_file> method loads all the certificates or CRLs
- present in a file into memory at the time the file is added as a
-@@ -71,7 +71,7 @@ and CRLs.
- This method should be used by applications which work with a small
- set of CAs.
-
--=head2 HASHED DIR METHOD
-+=head2 Hashed Directory Method
-
- B<X509_LOOKUP_hash_dir> is a more advanced method, which loads
- certificates and CRLs on demand, and caches them in memory once
-@@ -113,10 +113,19 @@ hashed names for all files with .pem suf
-
- =head1 SEE ALSO
-
--L<pem(3)>, L<d2i_X509_bio(3)>,
-+L<PEM_read_PrivateKey(3)>,
-+L<d2i_X509_bio(3)>,
- L<X509_STORE_load_locations(3)>,
- L<X609_store_add_lookup(3)>,
- L<SSL_CTX_load_verify_locations(3)>,
-
--=cut
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_NAME_ENTRY_get_object.pod
-+++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod
-@@ -14,12 +14,12 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAM
- ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
- ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-- int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
- int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
-- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
-- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type, unsigned char *bytes, int len);
-+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-
- =head1 DESCRIPTION
-
-@@ -35,17 +35,17 @@ X509_NAME_ENTRY_set_data() sets the fiel
- B<type> and value determined by B<bytes> and B<len>.
-
- X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
--and X509_NAME_ENTRY_create_by_OBJ() create and return an
-+and X509_NAME_ENTRY_create_by_OBJ() create and return an
- B<X509_NAME_ENTRY> structure.
-
- =head1 NOTES
-
- X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
--used to examine an B<X509_NAME_ENTRY> function as returned by
-+used to examine an B<X509_NAME_ENTRY> function as returned by
- X509_NAME_get_entry() for example.
-
- X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
--and X509_NAME_ENTRY_create_by_OBJ() create and return an
-+and X509_NAME_ENTRY_create_by_OBJ() create and return an
-
- X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
- X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
-@@ -60,15 +60,18 @@ X509_NAME_add_entry_by_txt(). So for exa
- B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
- set first so the relevant field information can be looked up internally.
-
--=head1 RETURN VALUES
--
- =head1 SEE ALSO
-
- L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>,
- L<OBJ_nid2obj(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-
--TBA
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_NAME_add_entry_by_txt.pod
-+++ b/doc/crypto/X509_NAME_add_entry_by_txt.pod
-@@ -11,11 +11,11 @@ X509_NAME_add_entry, X509_NAME_delete_en
-
- int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
-
-- int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-
- int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
-
-- int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
-+ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set);
-
- X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-
-@@ -61,7 +61,7 @@ to 0. This adds a new entry to the end o
- RelativeDistinguishedName (RDN).
-
- B<loc> actually determines the index where the new entry is inserted:
--if it is -1 it is appended.
-+if it is -1 it is appended.
-
- B<set> determines how the new type is added. If it is zero a
- new RDN is created.
-@@ -80,16 +80,16 @@ always set to zero.
- X509_NAME *nm;
- nm = X509_NAME_new();
- if (nm == NULL)
-- /* Some error */
-- if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
-- "UK", -1, -1, 0))
-- /* Error */
-+ /* Some error */
-+ if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
-+ "UK", -1, -1, 0))
-+ /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
-- "Disorganized Organization", -1, -1, 0))
-- /* Error */
-+ "Disorganized Organization", -1, -1, 0))
-+ /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
-- "Joe Bloggs", -1, -1, 0))
-- /* Error */
-+ "Joe Bloggs", -1, -1, 0))
-+ /* Error */
-
- =head1 RETURN VALUES
-
-@@ -111,6 +111,13 @@ can result in invalid field types its us
-
- L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- /dev/null
-+++ b/doc/crypto/X509_NAME_get0_der.pod
-@@ -0,0 +1,40 @@
-+=pod
-+
-+=head1 NAME
-+
-+X509_NAME_get0_der - get X509_NAME DER encoding
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
-+ X509_NAME *nm)
-+
-+
-+=head1 DESCRIPTION
-+
-+The function X509_NAME_get0_der() returns an internal pointer to the
-+encoding of an B<X509_NAME> structure in B<*pder> and consisting of
-+B<*pderlen> bytes. It is useful for applications that wish to examine
-+the encoding of an B<X509_NAME> structure without copying it.
-+
-+=head1 RETURN VALUES
-+
-+The function X509_NAME_get0_der() returns 1 for success and 0 if an error
-+occurred.
-+
-+=head1 SEE ALSO
-+
-+L<d2i_X509(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_NAME_get_index_by_NID.pod
-+++ b/doc/crypto/X509_NAME_get_index_by_NID.pod
-@@ -10,14 +10,14 @@ X509_NAME lookup and enumeration functio
-
- #include <openssl/x509.h>
-
-- int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-- int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-+ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
-+ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos);
-
-- int X509_NAME_entry_count(X509_NAME *name);
-+ int X509_NAME_entry_count(const X509_NAME *name);
- X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-
-- int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
-- int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
-+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
-+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, int len);
-
- =head1 DESCRIPTION
-
-@@ -44,7 +44,7 @@ B<obj>, if no such entry exists -1 is re
- will be written and the text written to B<buf> will be null
- terminated. The length of the output string written is returned
- excluding the terminating null. If B<buf> is <NULL> then the amount
--of space needed in B<buf> (excluding the final null) is returned.
-+of space needed in B<buf> (excluding the final null) is returned.
-
- =head1 NOTES
-
-@@ -76,10 +76,10 @@ can be determined first by checking OBJ_
- X509_NAME_ENTRY *e;
-
- for (i = 0; i < X509_NAME_entry_count(nm); i++)
-- {
-- e = X509_NAME_get_entry(nm, i);
-- /* Do something with e */
-- }
-+ {
-+ e = X509_NAME_get_entry(nm, i);
-+ /* Do something with e */
-+ }
-
- Process all commonName entries:
-
-@@ -88,13 +88,13 @@ can be determined first by checking OBJ_
-
- loc = -1;
- for (;;)
-- {
-- lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
-- if (lastpos == -1)
-- break;
-- e = X509_NAME_get_entry(nm, lastpos);
-- /* Do something with e */
-- }
-+ {
-+ lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
-+ if (lastpos == -1)
-+ break;
-+ e = X509_NAME_get_entry(nm, lastpos);
-+ /* Do something with e */
-+ }
-
- =head1 RETURN VALUES
-
-@@ -112,8 +112,13 @@ requested entry or B<NULL> if the index
-
- L<ERR_get_error(3)>, L<d2i_X509_NAME(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_NAME_print_ex.pod
-+++ b/doc/crypto/X509_NAME_print_ex.pod
-@@ -3,7 +3,7 @@
- =head1 NAME
-
- X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
--X509_NAME_oneline - X509_NAME printing routines.
-+X509_NAME_oneline - X509_NAME printing routines
-
- =head1 SYNOPSIS
-
-@@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing r
-
- int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
- int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
-- char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-+ char * X509_NAME_oneline(X509_NAME *a, char *buf, int size);
- int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-
- =head1 DESCRIPTION
-@@ -27,7 +27,7 @@ X509_NAME_oneline() prints an ASCII vers
- bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
- and returned, otherwise B<buf> is returned.
-
--X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
-+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
- characters. Multiple lines are used if the output (including indent) exceeds
- 80 characters.
-
-@@ -76,7 +76,7 @@ printed instead of the values.
- If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
- is only of use for multiline format.
-
--Additionally all the options supported by ASN1_STRING_print_ex() can be used to
-+Additionally all the options supported by ASN1_STRING_print_ex() can be used to
- control how each field value is displayed.
-
- In addition a number options can be set for commonly used formats.
-@@ -98,8 +98,13 @@ B<XN_FLAG_COMPAT> uses a format identica
-
- L<ASN1_STRING_print_ex(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_PUBKEY.pod
-+++ /dev/null
-@@ -1,111 +0,0 @@
--=pod
--
--=head1 NAME
--
--X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0,
--X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
--i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
--X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509_PUBKEY *X509_PUBKEY_new(void);
-- void X509_PUBKEY_free(X509_PUBKEY *a);
--
-- int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-- EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
-- EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
--
-- EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
-- int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
--
-- EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-- EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
--
-- int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-- int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
--
-- int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-- int ptype, void *pval,
-- unsigned char *penc, int penclen);
-- int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-- const unsigned char **pk, int *ppklen,
-- X509_ALGOR **pa, X509_PUBKEY *pub);
--
--=head1 DESCRIPTION
--
--The B<X509_PUBKEY> structure represents the ASN.1 B<SubjectPublicKeyInfo>
--structure defined in RFC5280 and used in certificates and certificate requests.
--
--X509_PUBKEY_new() allocates and initializes an B<X509_PUBKEY> structure.
--
--X509_PUBKEY_free() frees up B<X509_PUBKEY> structure B<a>. If B<a> is NULL
--nothing is done.
--
--X509_PUBKEY_set() sets the public key in B<*x> to the public key contained
--in the B<EVP_PKEY> structure B<pkey>. If B<*x> is not NULL any existing
--public key structure will be freed.
--
--X509_PUBKEY_get0() returns the public key contained in B<key>. The returned
--value is an internal pointer which B<MUST NOT> be freed after use.
--
--X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference
--count on the returned key is incremented so it B<MUST> be freed using
--EVP_PKEY_free() after use.
--
--d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
--using B<SubjectPublicKeyInfo> format. They otherise follow the conventions of
--other ASN.1 functions such as d2i_X509().
--
--d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
--similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a
--B<BIO> or B<FILE> pointer.
--
--X509_PUBKEY_set0_param() sets the public key parameters of B<pub>. The
--OID associated with the algorithm is set to B<aobj>. The type of the
--algorithm parameters is set to B<type> using the structure B<pval>.
--The encoding of the public key itself is set to the B<penclen>
--bytes contained in buffer B<penc>. On success ownership of all the supplied
--parameters is passed to B<pub> so they must not be freed after the
--call.
--
--X509_PUBKEY_get0_param() retrieves the public key parameters from B<pub>,
--B<*ppkalg> is set to the associated OID and the encoding consists of
--B<*ppklen> bytes at B<*pk>, B<*pa> is set to the associated
--AlgorithmIdentifier for the public key. If the value of any of these
--parameters is not required it can be set to B<NULL>. All of the
--retrieved pointers are internal and must not be freed after the
--call.
--
--=head1 NOTES
--
--The B<X509_PUBKEY> functions can be used to encode and decode public keys
--in a standard format.
--
--In many cases applications will not call the B<X509_PUBKEY> functions
--directly: they will instead call wrapper functions such as X509_get0_pubkey().
--
--=head1 RETURN VALUES
--
--If the allocation fails, X509_PUBKEY_new() returns B<NULL> and sets an error
--code that can be obtained by L<ERR_get_error(3)>.
--
--Otherwise it returns a pointer to the newly allocated structure.
--
--X509_PUBKEY_free() does not return a value.
--
--X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an B<EVP_PKEY>
--structure or B<NULL> if an error occurs.
--
--X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
--return 1 for success and 0 if an error occurred.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>,
--L<ERR_get_error(3)>,
--L<X509_get_pubkey(3)>,
--
--=cut
---- /dev/null
-+++ b/doc/crypto/X509_PUBKEY_new.pod
-@@ -0,0 +1,120 @@
-+=pod
-+
-+=head1 NAME
-+
-+X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0,
-+X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
-+i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
-+X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ X509_PUBKEY *X509_PUBKEY_new(void);
-+ void X509_PUBKEY_free(X509_PUBKEY *a);
-+
-+ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-+ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
-+ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
-+
-+ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
-+ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
-+
-+ EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-+ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
-+
-+ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-+ int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-+
-+ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-+ int ptype, void *pval,
-+ unsigned char *penc, int penclen);
-+ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-+ const unsigned char **pk, int *ppklen,
-+ X509_ALGOR **pa, X509_PUBKEY *pub);
-+
-+=head1 DESCRIPTION
-+
-+The B<X509_PUBKEY> structure represents the ASN.1 B<SubjectPublicKeyInfo>
-+structure defined in RFC5280 and used in certificates and certificate requests.
-+
-+X509_PUBKEY_new() allocates and initializes an B<X509_PUBKEY> structure.
-+
-+X509_PUBKEY_free() frees up B<X509_PUBKEY> structure B<a>. If B<a> is NULL
-+nothing is done.
-+
-+X509_PUBKEY_set() sets the public key in B<*x> to the public key contained
-+in the B<EVP_PKEY> structure B<pkey>. If B<*x> is not NULL any existing
-+public key structure will be freed.
-+
-+X509_PUBKEY_get0() returns the public key contained in B<key>. The returned
-+value is an internal pointer which B<MUST NOT> be freed after use.
-+
-+X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference
-+count on the returned key is incremented so it B<MUST> be freed using
-+EVP_PKEY_free() after use.
-+
-+d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
-+using B<SubjectPublicKeyInfo> format. They otherwise follow the conventions of
-+other ASN.1 functions such as d2i_X509().
-+
-+d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
-+similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a
-+B<BIO> or B<FILE> pointer.
-+
-+X509_PUBKEY_set0_param() sets the public key parameters of B<pub>. The
-+OID associated with the algorithm is set to B<aobj>. The type of the
-+algorithm parameters is set to B<type> using the structure B<pval>.
-+The encoding of the public key itself is set to the B<penclen>
-+bytes contained in buffer B<penc>. On success ownership of all the supplied
-+parameters is passed to B<pub> so they must not be freed after the
-+call.
-+
-+X509_PUBKEY_get0_param() retrieves the public key parameters from B<pub>,
-+B<*ppkalg> is set to the associated OID and the encoding consists of
-+B<*ppklen> bytes at B<*pk>, B<*pa> is set to the associated
-+AlgorithmIdentifier for the public key. If the value of any of these
-+parameters is not required it can be set to B<NULL>. All of the
-+retrieved pointers are internal and must not be freed after the
-+call.
-+
-+=head1 NOTES
-+
-+The B<X509_PUBKEY> functions can be used to encode and decode public keys
-+in a standard format.
-+
-+In many cases applications will not call the B<X509_PUBKEY> functions
-+directly: they will instead call wrapper functions such as X509_get0_pubkey().
-+
-+=head1 RETURN VALUES
-+
-+If the allocation fails, X509_PUBKEY_new() returns B<NULL> and sets an error
-+code that can be obtained by L<ERR_get_error(3)>.
-+
-+Otherwise it returns a pointer to the newly allocated structure.
-+
-+X509_PUBKEY_free() does not return a value.
-+
-+X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an B<EVP_PKEY>
-+structure or B<NULL> if an error occurs.
-+
-+X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
-+return 1 for success and 0 if an error occurred.
-+
-+=head1 SEE ALSO
-+
-+L<d2i_X509(3)>,
-+L<ERR_get_error(3)>,
-+L<X509_get_pubkey(3)>,
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/X509_SIG_get0.pod
-@@ -0,0 +1,32 @@
-+=pod
-+
-+=head1 NAME
-+
-+X509_SIG_get0 - Get DigestInfo functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
-+ X509_SIG *sig);
-+
-+=head1 DESCRIPTION
-+
-+X509_SIG_get0() returns pointers to the algorithm identifier and digest
-+value in B<sig>. These values can then be examined or initialised.
-+
-+=head1 SEE ALSO
-+
-+L<d2i_X509(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_STORE_CTX_get_error.pod
-+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
-@@ -3,20 +3,23 @@
- =head1 NAME
-
- X509_STORE_CTX_get_error, X509_STORE_CTX_set_error,
--X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert,
--X509_STORE_CTX_get0_cert,
--X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information
-+X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth,
-+X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert,
-+X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain,
-+X509_verify_cert_error_string - get or set certificate verification status
-+information
-
- =head1 SYNOPSIS
-
- #include <openssl/x509.h>
-- #include <openssl/x509_vfy.h>
-
-- int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-- void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
-- int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-- X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-- X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
-+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
-+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-+ void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
-+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-+ void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
-+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
-
- STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-
-@@ -39,11 +42,28 @@ non-negative integer representing where
- occurred. If it is zero it occurred in the end entity certificate, one if
- it is the certificate which signed the end entity certificate and so on.
-
--X509_STORE_CTX_get0_cert() returns the leaf certificate being verified.
-+X509_STORE_CTX_set_error_depth() sets the error B<depth>.
-+This can be used in combination with X509_STORE_CTX_set_error() to set the
-+depth at which an error condition was detected.
-
- X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
- caused the error or B<NULL> if no certificate is relevant.
-
-+X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which
-+caused the error.
-+This value is not intended to remain valid for very long, and remains owned by
-+the caller.
-+It may be examined by a verification callback invoked to handle each error
-+encountered during chain verification and is no longer required after such a
-+callback.
-+If a callback wishes the save the certificate for use after it returns, it
-+needs to increment its reference count via L<X509_up_ref(3)>.
-+Once such a I<saved> certificate is no longer needed it can be freed with
-+L<X509_free(3)>.
-+
-+X509_STORE_CTX_get0_cert() retrieves an internal pointer to the
-+certificate being verified by the B<ctx>.
-+
- X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
- call to X509_verify_cert() is successful. If the call to X509_verify_cert()
- is B<not> successful the returned chain may be incomplete or invalid. The
-@@ -183,7 +203,7 @@ consistent with the supplied purpose.
-
- =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
-
--the basicConstraints pathlength parameter has been exceeded.
-+the basicConstraints path-length parameter has been exceeded.
-
- =item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
-
-@@ -302,10 +322,17 @@ thread safe but will never happen unless
-
- =head1 SEE ALSO
-
--L<X509_verify_cert(3)>
--
--=head1 HISTORY
--
--TBA
-+L<X509_verify_cert(3)>,
-+L<X509_up_ref(3)>,
-+L<X509_free(3)>.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_STORE_CTX_new.pod
-+++ b/doc/crypto/X509_STORE_CTX_new.pod
-@@ -7,12 +7,11 @@ X509_STORE_CTX_init, X509_STORE_CTX_set0
- X509_STORE_CTX_set0_crls,
- X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
- X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param,
--X509_STORE_CTX_get0_cert,
- X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,
- X509_STORE_CTX_get_num_untrusted,
- X509_STORE_CTX_set_default,
--X509_STORE_CTX_get_verify_cb,
- X509_STORE_CTX_set_verify,
-+X509_STORE_set_verify,
- X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
-
- =head1 SYNOPSIS
-@@ -24,11 +23,11 @@ X509_STORE_CTX_get_verify - X509_STORE_C
- void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-
- int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-- X509 *x509, STACK_OF(X509) *chain);
-+ X509 *x509, STACK_OF(X509) *chain);
-
- void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-
-- void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
-+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx);
- void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
- void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
-@@ -37,7 +36,6 @@ X509_STORE_CTX_get_verify - X509_STORE_C
- void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
- int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-
-- X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
- STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-
-@@ -47,6 +45,7 @@ X509_STORE_CTX_get_verify - X509_STORE_C
- X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify);
-
-+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
-
- =head1 DESCRIPTION
-
-@@ -96,14 +95,11 @@ for example in a PKCS#7 structure.
- X509_STORE_CTX_get0_param() retrieves an internal pointer
- to the verification parameters associated with B<ctx>.
-
--X509_STORE_CTX_get0_cert() retrieves an internal pointer to the
--certificate being verified by the B<ctx>.
--
- X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the
--stack of untrusted certifieds associated with B<ctx>.
-+stack of untrusted certificates associated with B<ctx>.
-
- X509_STORE_CTX_set0_untrusted() sets the internal point to the stack
--of unstrusted certificates associated with B<ctx> to B<sk>.
-+of untrusted certificates associated with B<ctx> to B<sk>.
-
- X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
- to B<param>. After this call B<param> should not be used.
-@@ -115,6 +111,23 @@ find an appropriate set of parameters fr
- X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
- that were used in building the chain following a call to X509_verify_cert().
-
-+X509_STORE_CTX_set_verify() provides the capability for overriding the default
-+verify function. This function is responsible for verifying chain signatures and
-+expiration times. X509_STORE_CTX_get_verify() obtains the current verify
-+function being used.
-+
-+X509_STORE_set_verify() works in the same way as for X509_STORE_CTX_set_verify()
-+but sets the default verify function to be used by all X509_STORE_CTX objects
-+created for this X509_STORE.
-+
-+A verify function is defined as an X509_STORE_CTX_verify type which has the
-+following signature:
-+
-+ int (*verify)(X509_STORE_CTX *);
-+
-+This function should receive the current X509_STORE_CTX as a parameter and
-+return 1 on success or 0 on failure.
-+
- =head1 NOTES
-
- The certificates and CRLs in a store are used internally and should B<not>
-@@ -147,6 +160,9 @@ X509_STORE_CTX_set_default() returns 1 f
- X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
- used.
-
-+X509_STORE_CTX_get_verify() returns the current verify function in use for this
-+X509_STORE_CTX.
-+
- =head1 SEE ALSO
-
- L<X509_verify_cert(3)>
-@@ -156,5 +172,17 @@ L<X509_VERIFY_PARAM_set_flags(3)>
-
- X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
- X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
-+X509_STORE_set_verify() was first added to OpenSSL 1.1.0. It was previously
-+available as a macro X509_STORE_set_verify_func(). This macro still exists but
-+simply calls this function.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
-+++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod
-@@ -2,6 +2,17 @@
-
- =head1 NAME
-
-+X509_STORE_CTX_get_cleanup,
-+X509_STORE_CTX_get_lookup_crls,
-+X509_STORE_CTX_get_lookup_certs,
-+X509_STORE_CTX_get_check_policy,
-+X509_STORE_CTX_get_cert_crl,
-+X509_STORE_CTX_get_check_crl,
-+X509_STORE_CTX_get_get_crl,
-+X509_STORE_CTX_get_check_revocation,
-+X509_STORE_CTX_get_check_issued,
-+X509_STORE_CTX_get_get_issuer,
-+X509_STORE_CTX_get_verify,
- X509_STORE_CTX_get_verify_cb,
- X509_STORE_CTX_set_verify_cb - get and set verification callback
-
-@@ -14,7 +25,19 @@ X509_STORE_CTX_set_verify_cb - get and s
- X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
-
- void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-- X509_STORE_CTX_verify_cb verify_cb);
-+ X509_STORE_CTX_verify_cb verify_cb);
-+
-+ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
-+ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
-
- =head1 DESCRIPTION
-
-@@ -29,7 +52,7 @@ However a verification callback is B<not
- is often sufficient.
-
- The B<ok> parameter to the callback indicates the value the callback should
--return to retain the default behaviour. If it is zero then and error condition
-+return to retain the default behaviour. If it is zero then an error condition
- is indicated. If it is 1 then no error occurred. If the flag
- B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
- policy checking is complete.
-@@ -43,6 +66,16 @@ be passed to the callback via the B<ex_d
- X509_STORE_CTX_get_verify_cb() returns the value of the current callback
- for the specific B<ctx>.
-
-+X509_STORE_CTX_get_verify(), X509_STORE_CTX_get_get_issuer(),
-+X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
-+X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
-+X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
-+X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
-+and X509_STORE_CTX_get_cleanup() return the function pointers cached
-+from the corresponding B<X509_STORE>, please see
-+L<X509_STORE_set_verify(3)> for more information.
-+
-+
- =head1 WARNING
-
- In general a verification callback should B<NOT> unconditionally return 1 in
-@@ -68,92 +101,92 @@ X509_STORE_CTX_set_verify_cb() does not
- Default callback operation:
-
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-- {
-- return ok;
-- }
-+ {
-+ return ok;
-+ }
-
- Simple example, suppose a certificate in the chain is expired and we wish
- to continue after this error:
-
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-- {
-- /* Tolerate certificate expiration */
-- if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
-- return 1;
-- /* Otherwise don't override */
-- return ok;
-- }
-+ {
-+ /* Tolerate certificate expiration */
-+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
-+ return 1;
-+ /* Otherwise don't override */
-+ return ok;
-+ }
-
- More complex example, we don't wish to continue after B<any> certificate has
- expired just one specific case:
-
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-- {
-- int err = X509_STORE_CTX_get_error(ctx);
-- X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-- if (err == X509_V_ERR_CERT_HAS_EXPIRED)
-- {
-- if (check_is_acceptable_expired_cert(err_cert)
-- return 1;
-- }
-- return ok;
-- }
-+ {
-+ int err = X509_STORE_CTX_get_error(ctx);
-+ X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-+ if (err == X509_V_ERR_CERT_HAS_EXPIRED)
-+ {
-+ if (check_is_acceptable_expired_cert(err_cert)
-+ return 1;
-+ }
-+ return ok;
-+ }
-
- Full featured logging callback. In this case the B<bio_err> is assumed to be
- a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
- B<ex_data>.
--
-+
- int verify_callback(int ok, X509_STORE_CTX *ctx)
-- {
-- X509 *err_cert;
-- int err,depth;
--
-- err_cert = X509_STORE_CTX_get_current_cert(ctx);
-- err = X509_STORE_CTX_get_error(ctx);
-- depth = X509_STORE_CTX_get_error_depth(ctx);
--
-- BIO_printf(bio_err,"depth=%d ",depth);
-- if (err_cert)
-- {
-- X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
-- 0, XN_FLAG_ONELINE);
-- BIO_puts(bio_err, "\n");
-- }
-- else
-- BIO_puts(bio_err, "<no cert>\n");
-- if (!ok)
-- BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-- X509_verify_cert_error_string(err));
-- switch (err)
-- {
-- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-- BIO_puts(bio_err,"issuer= ");
-- X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-- 0, XN_FLAG_ONELINE);
-- BIO_puts(bio_err, "\n");
-- break;
-- case X509_V_ERR_CERT_NOT_YET_VALID:
-- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-- BIO_printf(bio_err,"notBefore=");
-- ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
-- BIO_printf(bio_err,"\n");
-- break;
-- case X509_V_ERR_CERT_HAS_EXPIRED:
-- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-- BIO_printf(bio_err,"notAfter=");
-- ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
-- BIO_printf(bio_err,"\n");
-- break;
-- case X509_V_ERR_NO_EXPLICIT_POLICY:
-- policies_print(bio_err, ctx);
-- break;
-- }
-- if (err == X509_V_OK && ok == 2)
-- /* print out policies */
--
-- BIO_printf(bio_err,"verify return:%d\n",ok);
-- return(ok);
-- }
-+ {
-+ X509 *err_cert;
-+ int err, depth;
-+
-+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
-+ err = X509_STORE_CTX_get_error(ctx);
-+ depth = X509_STORE_CTX_get_error_depth(ctx);
-+
-+ BIO_printf(bio_err, "depth=%d ", depth);
-+ if (err_cert)
-+ {
-+ X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
-+ 0, XN_FLAG_ONELINE);
-+ BIO_puts(bio_err, "\n");
-+ }
-+ else
-+ BIO_puts(bio_err, "<no cert>\n");
-+ if (!ok)
-+ BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
-+ X509_verify_cert_error_string(err));
-+ switch (err)
-+ {
-+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-+ BIO_puts(bio_err, "issuer= ");
-+ X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-+ 0, XN_FLAG_ONELINE);
-+ BIO_puts(bio_err, "\n");
-+ break;
-+ case X509_V_ERR_CERT_NOT_YET_VALID:
-+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-+ BIO_printf(bio_err, "notBefore=");
-+ ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
-+ BIO_printf(bio_err, "\n");
-+ break;
-+ case X509_V_ERR_CERT_HAS_EXPIRED:
-+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-+ BIO_printf(bio_err, "notAfter=");
-+ ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
-+ BIO_printf(bio_err, "\n");
-+ break;
-+ case X509_V_ERR_NO_EXPLICIT_POLICY:
-+ policies_print(bio_err, ctx);
-+ break;
-+ }
-+ if (err == X509_V_OK && ok == 2)
-+ /* print out policies */
-+
-+ BIO_printf(bio_err, "verify return:%d\n", ok);
-+ return(ok);
-+ }
-
- =head1 SEE ALSO
-
-@@ -161,4 +194,22 @@ L<X509_STORE_CTX_get_error(3)>
- L<X509_STORE_set_verify_cb_func(3)>
- L<X509_STORE_CTX_get_ex_new_index(3)>
-
-+=head1 HISTORY
-+
-+X509_STORE_CTX_get_verify(), X509_STORE_CTX_get_get_issuer(),
-+X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
-+X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
-+X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
-+X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
-+and X509_STORE_CTX_get_cleanup() were addded in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/X509_STORE_get0_param.pod
-@@ -0,0 +1,57 @@
-+=pod
-+
-+=head1 NAME
-+
-+X509_STORE_get0_param, X509_STORE_set1_param,
-+X509_STORE_get0_objects - X509_STORE setter and getter functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509_vfy.h>
-+
-+ X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
-+ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-+ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx);
-+
-+=head1 DESCRIPTION
-+
-+X509_STORE_set1_param() sets the verification parameters
-+to B<pm> for B<ctx>.
-+
-+X509_STORE_get0_param() retrieves an internal pointer to the verification
-+parameters for B<ctx>. The returned pointer must not be freed by the
-+calling application
-+
-+X509_STORE_get0_objects() retrieve an internal pointer to the store's
-+X509 object cache. The cache contains B<X509> and B<X509_CRL> objects. The
-+returned pointer must not be freed by the calling application.
-+
-+
-+=head1 RETURN VALUES
-+
-+X509_STORE_get0_param() returns a pointer to an
-+B<X509_VERIFY_PARAM> structure.
-+
-+X509_STORE_set1_param() returns 1 for success and 0 for failure.
-+
-+X509_STORE_get0_objects() returns a pointer to a stack of B<X509_OBJECT>.
-+
-+=head1 SEE ALSO
-+
-+L<X509_STORE_new(3)>
-+
-+=head1 HISTORY
-+
-+B<X509_STORE_get0_param> and B<X509_STORE_get0_objects> were added in
-+OpenSSL version 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_STORE_new.pod
-+++ b/doc/crypto/X509_STORE_new.pod
-@@ -2,7 +2,8 @@
-
- =head1 NAME
-
--X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and freeing functions
-+X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,
-+X509_STORE_unlock - X509_STORE allocation, freeing and locking functions
-
- =head1 SYNOPSIS
-
-@@ -10,6 +11,8 @@ X509_STORE_new, X509_STORE_up_ref, X509_
-
- X509_STORE *X509_STORE_new(void);
- void X509_STORE_free(X509_STORE *v);
-+ int X509_STORE_lock(X509_STORE *v);
-+ int X509_STORE_unlock(X509_STORE *v);
- int X509_STORE_up_ref(X509_STORE *v);
-
- =head1 DESCRIPTION
-@@ -19,18 +22,37 @@ The X509_STORE_new() function returns a
- X509_STORE_up_ref() increments the reference count associated with the
- X509_STORE object.
-
-+X509_STORE_lock() locks the store from modification by other threads,
-+X509_STORE_unlock() locks it.
-+
- X509_STORE_free() frees up a single X509_STORE object.
-
- =head1 RETURN VALUES
-
- X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.
-
--X509_STORE_up_ref() returns 1 for success and 0 for failure.
-+X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return
-+1 for success and 0 for failure.
-
- X509_STORE_free() does not return values.
-
- =head1 SEE ALSO
-
- L<X509_STORE_set_verify_cb_func(3)>
-+L<X509_STORE_get0_param(3)>
-+
-+=head1 HISTORY
-+
-+The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock()
-+functions were added in OpenSSL 1.1.0
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_STORE_set_verify_cb_func.pod
-+++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod
-@@ -2,50 +2,260 @@
-
- =head1 NAME
-
--X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback
-+X509_STORE_set_lookup_crls_cb,
-+X509_STORE_set_verify_func,
-+X509_STORE_get_cleanup,
-+X509_STORE_set_cleanup,
-+X509_STORE_get_lookup_crls,
-+X509_STORE_set_lookup_crls,
-+X509_STORE_get_lookup_certs,
-+X509_STORE_set_lookup_certs,
-+X509_STORE_get_check_policy,
-+X509_STORE_set_check_policy,
-+X509_STORE_get_cert_crl,
-+X509_STORE_set_cert_crl,
-+X509_STORE_get_check_crl,
-+X509_STORE_set_check_crl,
-+X509_STORE_get_get_crl,
-+X509_STORE_set_get_crl,
-+X509_STORE_get_check_revocation,
-+X509_STORE_set_check_revocation,
-+X509_STORE_get_check_issued,
-+X509_STORE_set_check_issued,
-+X509_STORE_get_get_issuer,
-+X509_STORE_set_get_issuer,
-+X509_STORE_CTX_get_verify,
-+X509_STORE_set_verify,
-+X509_STORE_get_verify_cb,
-+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb
-+- set verification callback
-
- =head1 SYNOPSIS
-
- #include <openssl/x509_vfy.h>
-
-- void X509_STORE_set_verify_cb(X509_STORE *st,
-- int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
-+ typedef int (*X509_STORE_CTX_verify_cb)(int ok, X509_STORE_CTX *ctx);
-+ typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *ctx);
-+ typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
-+ X509_STORE_CTX *ctx, X509 *x);
-+ typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
-+ X509 *x, X509 *issuer);
-+ typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
-+ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
-+ X509_CRL **crl, X509 *x);
-+ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
-+ typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
-+ X509_CRL *crl, X509 *x);
-+ typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
-+ typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
-+ X509_NAME *nm);
-+ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
-+ X509_NAME *nm);
-+ typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_verify_cb(X509_STORE *ctx,
-+ X509_STORE_CTX_verify_cb verify_cb);
-+ X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
-+ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_get_issuer(X509_STORE *ctx,
-+ X509_STORE_CTX_get_issuer_fn get_issuer);
-+ X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_check_issued(X509_STORE *ctx,
-+ X509_STORE_CTX_check_issued_fn check_issued);
-+ X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_check_revocation(X509_STORE *ctx,
-+ X509_STORE_CTX_check_revocation_fn check_revocation);
-+ X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_get_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_get_crl_fn get_crl);
-+ X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_check_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_check_crl_fn check_crl);
-+ X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_cert_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_cert_crl_fn cert_crl);
-+ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_check_policy(X509_STORE *ctx,
-+ X509_STORE_CTX_check_policy_fn check_policy);
-+ X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_lookup_certs(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_certs_fn lookup_certs);
-+ X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_lookup_crls(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_crls_fn lookup_crls);
-+ X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
-+
-+ void X509_STORE_set_cleanup(X509_STORE *ctx,
-+ X509_STORE_CTX_cleanup_fn cleanup);
-+ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
-
-+ /* Aliases */
- void X509_STORE_set_verify_cb_func(X509_STORE *st,
-- int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
-+ X509_STORE_CTX_verify_cb verify_cb);
-+ void X509_STORE_set_verify_func(X509_STORE *ctx,
-+ X509_STORE_CTX_verify_fn verify);
-+ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_crls_fn lookup_crls);
-
- =head1 DESCRIPTION
-
- X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
--B<verify_cb> overwriting any existing callback.
--
--X509_STORE_set_verify_cb_func() also sets the verification callback but it
--is implemented as a macro.
-+B<verify_cb> overwriting the previous callback.
-+The callback assigned with this function becomes a default for the one
-+that can be assigned directly to the corresponding B<X509_STORE_CTX>,
-+please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
-+
-+X509_STORE_set_verify() sets the final chain verification function for
-+B<ctx> to B<verify>.
-+Its purpose is to go through the chain of certificates and check that
-+all signatures are valid and that the current time is within the
-+limits of each certificate's first and last validity time.
-+The final chain verification functions must return 0 on failure and 1
-+on success.
-+I<If no chain verification function is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_get_issuer() sets the function to get the issuer
-+certificate that verifies the given certificate B<x>.
-+When found, the issuer certificate must be assigned to B<*issuer>.
-+This function must return 0 on failure and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_check_issued() sets the function to check that a given
-+certificate B<x> is issued with the issuer certificate B<issuer>.
-+This function must return 0 on failure (among others if B<x> hasn't
-+been issued with B<issuer>) and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_check_revocation() sets the revocation checking
-+function.
-+Its purpose is to look through the final chain and check the
-+revocation status for each certificate.
-+It must return 0 on failure and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_get_crl() sets the function to get the crl for a given
-+certificate B<x>.
-+When found, the crl must be assigned to B<*crl>.
-+This function must return 0 on failure and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_check_crl() sets the function to check the validity of
-+the given B<crl>.
-+This function must return 0 on failure and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_cert_crl() sets the function to check the revocation
-+status of the given certificate B<x> against the given B<crl>.
-+This function must return 0 on failure and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_check_policy() sets the function to check the policies
-+of all the certificates in the final chain..
-+This function must return 0 on failure and 1 on success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
-+functions to look up all the certs or all the CRLs that match the
-+given name B<nm>.
-+These functions return NULL on failure and a pointer to a stack of
-+certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
-+success.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_set_cleanup() sets the final cleanup function, which is
-+called when the context (B<X509_STORE_CTX>) is being torn down.
-+This function doesn't return any value.
-+I<If no function to get the issuer is provided, the internal default
-+function will be used instead.>
-+
-+X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
-+X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
-+X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
-+X509_STORE_get_check_crl(), X509_STORE_set_verify(),
-+X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
-+X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
-+X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
-+the function pointer assigned with X509_STORE_set_check_issued(),
-+X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
-+X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
-+X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
-+X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
-+no assignment has been made.
-+
-+X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
-+X509_STORE_set_lookup_crls_cb() are aliases for
-+X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
-+X509_STORE_set_lookup_crls, available as macros for backward
-+compatibility.
-
- =head1 NOTES
-
--The verification callback from an B<X509_STORE> is inherited by
--the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
--be used to set the verification callback when the B<X509_STORE_CTX> is
--otherwise inaccessible (for example during S/MIME verification).
-+All the callbacks from a B<X509_STORE> are inherited by the
-+corresponding B<X509_STORE_CTX> structure when it is initialized.
-+See L<X509_STORE_CTX_set_verify_cb(3)> for further details.
-
- =head1 BUGS
-
--The macro version of this function was the only one available before
-+The macro version of this function was the only one available before
- OpenSSL 1.0.0.
-
- =head1 RETURN VALUES
-
--X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return
--a value.
-+The X509_STORE_set_*() functions do not return a value.
-+
-+The X509_STORE_get_*() functions return a pointer of the appropriate
-+function type.
-
- =head1 SEE ALSO
-
--L<X509_STORE_CTX_set_verify_cb(3)>
-+L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
- L<CMS_verify(3)>
-
- =head1 HISTORY
-
- X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
-
-+X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
-+X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
-+X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
-+X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
-+X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
-+X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
-+X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
-+X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
-+X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
-+X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
-+X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
-+X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were addded in
-+OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-@@ -11,7 +11,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY
- int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
- unsigned long flags);
- int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
-- unsigned long flags);
-+ unsigned long flags);
- unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
-
- int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-@@ -20,9 +20,9 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY
- void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
-
- int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
-- ASN1_OBJECT *policy);
-- int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
-- STACK_OF(ASN1_OBJECT) *policies);
-+ ASN1_OBJECT *policy);
-+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
-+ STACK_OF(ASN1_OBJECT) *policies);
-
- void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
- int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-@@ -32,22 +32,22 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY
- int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
-
- int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-- const char *name, size_t namelen);
-+ const char *name, size_t namelen);
- int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
- const char *name, size_t namelen);
- void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
-- unsigned int flags);
-+ unsigned int flags);
- char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
- int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-- const char *email, size_t emaillen);
-+ const char *email, size_t emaillen);
- int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
-- const unsigned char *ip, size_t iplen);
-+ const unsigned char *ip, size_t iplen);
- int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
-
- =head1 DESCRIPTION
-
- These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
--a certificate verification operation.
-+a certificate verification operation.
-
- The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
- it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
-@@ -61,7 +61,7 @@ X509_VERIFY_PARAM_set_purpose() sets the
- to B<purpose>. This determines the acceptable purpose of the certificate
- chain, for example SSL client or SSL server.
-
--X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
-+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
- B<trust>.
-
- X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
-@@ -79,7 +79,7 @@ X509_VERIFY_PARAM_set_depth() sets the m
- That is the maximum number of intermediate CA certificates that can appear in a
- chain.
- A maximal depth chain contains 2 more certificates than the limit, since
--neither the end-entity ceritificate nor the trust-anchor count against this
-+neither the end-entity certificate nor the trust-anchor count against this
- limit.
- Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
- directly by the trust-anchor, while with a B<depth> limit of 1 there can be one
-@@ -177,7 +177,7 @@ The verification flags consists of zero
- ored together.
-
- B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
--certificate. An error occurs if a suitable CRL cannot be found.
-+certificate. An error occurs if a suitable CRL cannot be found.
-
- B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
- chain.
-@@ -251,7 +251,7 @@ X509_STORE_CTX_set_flags().
- =head1 BUGS
-
- Delta CRL checking is currently primitive. Only a single delta can be used and
--(partly due to limitations of B<X509_STORE>) constructed CRLs are not
-+(partly due to limitations of B<X509_STORE>) constructed CRLs are not
- maintained.
-
- If CRLs checking is enable CRLs are expected to be available in the
-@@ -260,7 +260,7 @@ CRLs from the CRL distribution points ex
-
- =head1 EXAMPLE
-
--Enable CRL checking when performing certificate verification during SSL
-+Enable CRL checking when performing certificate verification during SSL
- connections associated with an B<SSL_CTX> structure B<ctx>:
-
- X509_VERIFY_PARAM *param;
-@@ -282,4 +282,13 @@ The B<X509_V_FLAG_NO_ALT_CHAINS> flag wa
- The legacy B<X509_V_FLAG_CB_ISSUER_CHECK> flag is deprecated as of
- OpenSSL 1.1.0, and has no effect.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_check_ca.pod
-+++ b/doc/crypto/X509_check_ca.pod
-@@ -19,7 +19,7 @@ to sign other certificates).
-
- Function return 0, if it is not CA certificate, 1 if it is proper X509v3
- CA certificate with B<basicConstraints> extension CA:TRUE,
--3, if it is selfsigned X509 v1 certificate, 4, if it is certificate with
-+3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
- B<keyUsage> extension with bit B<keyCertSign> set, but without
- B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
- extension telling that it is CA certificate.
-@@ -33,4 +33,13 @@ L<X509_verify_cert(3)>,
- L<X509_check_issued(3)>,
- L<X509_check_purpose(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_check_host.pod
-+++ b/doc/crypto/X509_check_host.pod
-@@ -9,11 +9,11 @@ X509_check_host, X509_check_email, X509_
- #include <openssl/x509.h>
-
- int X509_check_host(X509 *, const char *name, size_t namelen,
-- unsigned int flags, char **peername);
-+ unsigned int flags, char **peername);
- int X509_check_email(X509 *, const char *address, size_t addresslen,
-- unsigned int flags);
-+ unsigned int flags);
- int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
-- unsigned int flags);
-+ unsigned int flags);
- int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
-
- =head1 DESCRIPTION
-@@ -145,4 +145,13 @@ L<X509_VERIFY_PARAM_set1_ipasc(3)>
-
- These functions were added in OpenSSL 1.0.2.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_check_issued.pod
-+++ b/doc/crypto/X509_check_issued.pod
-@@ -15,7 +15,7 @@ certificate
- =head1 DESCRIPTION
-
- This function checks if certificate I<subject> was issued using CA
--certificate I<issuer>. This function takes into account not only
-+certificate I<issuer>. This function takes into account not only
- matching of issuer field of I<subject> with subject field of I<issuer>,
- but also compares B<authorityKeyIdentifier> extension of I<subject> with
- B<subjectKeyIdentifier> of I<issuer> if B<authorityKeyIdentifier>
-@@ -33,4 +33,13 @@ L<X509_verify_cert(3)>,
- L<X509_check_ca(3)>,
- L<verify(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/X509_dup.pod
-@@ -0,0 +1,301 @@
-+=pod
-+
-+=head1 NAME
-+
-+DECLARE_ASN1_FUNCTIONS,
-+IMPLEMENT_ASN1_FUNCTIONS,
-+ASN1_ITEM,
-+ACCESS_DESCRIPTION_free,
-+ACCESS_DESCRIPTION_new,
-+ASIdOrRange_free,
-+ASIdOrRange_new,
-+ASIdentifierChoice_free,
-+ASIdentifierChoice_new,
-+ASIdentifiers_free,
-+ASIdentifiers_new,
-+ASRange_free,
-+ASRange_new,
-+AUTHORITY_INFO_ACCESS_free,
-+AUTHORITY_INFO_ACCESS_new,
-+AUTHORITY_KEYID_free,
-+AUTHORITY_KEYID_new,
-+BASIC_CONSTRAINTS_free,
-+BASIC_CONSTRAINTS_new,
-+CERTIFICATEPOLICIES_free,
-+CERTIFICATEPOLICIES_new,
-+CMS_ContentInfo_free,
-+CMS_ContentInfo_new,
-+CMS_ContentInfo_print_ctx,
-+CMS_ReceiptRequest_free,
-+CMS_ReceiptRequest_new,
-+CRL_DIST_POINTS_free,
-+CRL_DIST_POINTS_new,
-+DIRECTORYSTRING_free,
-+DIRECTORYSTRING_new,
-+DISPLAYTEXT_free,
-+DISPLAYTEXT_new,
-+DIST_POINT_NAME_free,
-+DIST_POINT_NAME_new,
-+DIST_POINT_free,
-+DIST_POINT_new,
-+DSAparams_dup,
-+EDIPARTYNAME_free,
-+EDIPARTYNAME_new,
-+ESS_CERT_ID_dup,
-+ESS_CERT_ID_free,
-+ESS_CERT_ID_new,
-+ESS_ISSUER_SERIAL_dup,
-+ESS_ISSUER_SERIAL_free,
-+ESS_ISSUER_SERIAL_new,
-+ESS_SIGNING_CERT_dup,
-+ESS_SIGNING_CERT_free,
-+ESS_SIGNING_CERT_new,
-+EXTENDED_KEY_USAGE_free,
-+EXTENDED_KEY_USAGE_new,
-+GENERAL_NAMES_free,
-+GENERAL_NAMES_new,
-+GENERAL_NAME_dup,
-+GENERAL_NAME_free,
-+GENERAL_NAME_new,
-+GENERAL_SUBTREE_free,
-+GENERAL_SUBTREE_new,
-+IPAddressChoice_free,
-+IPAddressChoice_new,
-+IPAddressFamily_free,
-+IPAddressFamily_new,
-+IPAddressOrRange_free,
-+IPAddressOrRange_new,
-+IPAddressRange_free,
-+IPAddressRange_new,
-+ISSUING_DIST_POINT_free,
-+ISSUING_DIST_POINT_new,
-+NAME_CONSTRAINTS_free,
-+NAME_CONSTRAINTS_new,
-+NETSCAPE_CERT_SEQUENCE_free,
-+NETSCAPE_CERT_SEQUENCE_new,
-+NETSCAPE_SPKAC_free,
-+NETSCAPE_SPKAC_new,
-+NETSCAPE_SPKI_free,
-+NETSCAPE_SPKI_new,
-+NOTICEREF_free,
-+NOTICEREF_new,
-+OCSP_BASICRESP_free,
-+OCSP_BASICRESP_new,
-+OCSP_CERTID_dup,
-+OCSP_CERTID_new,
-+OCSP_CERTSTATUS_free,
-+OCSP_CERTSTATUS_new,
-+OCSP_CRLID_free,
-+OCSP_CRLID_new,
-+OCSP_ONEREQ_free,
-+OCSP_ONEREQ_new,
-+OCSP_REQINFO_free,
-+OCSP_REQINFO_new,
-+OCSP_RESPBYTES_free,
-+OCSP_RESPBYTES_new,
-+OCSP_RESPDATA_free,
-+OCSP_RESPDATA_new,
-+OCSP_RESPID_free,
-+OCSP_RESPID_new,
-+OCSP_RESPONSE_new,
-+OCSP_REVOKEDINFO_free,
-+OCSP_REVOKEDINFO_new,
-+OCSP_SERVICELOC_free,
-+OCSP_SERVICELOC_new,
-+OCSP_SIGNATURE_free,
-+OCSP_SIGNATURE_new,
-+OCSP_SINGLERESP_free,
-+OCSP_SINGLERESP_new,
-+OTHERNAME_free,
-+OTHERNAME_new,
-+PBE2PARAM_free,
-+PBE2PARAM_new,
-+PBEPARAM_free,
-+PBEPARAM_new,
-+PBKDF2PARAM_free,
-+PBKDF2PARAM_new,
-+PKCS12_BAGS_free,
-+PKCS12_BAGS_new,
-+PKCS12_MAC_DATA_free,
-+PKCS12_MAC_DATA_new,
-+PKCS12_SAFEBAG_free,
-+PKCS12_SAFEBAG_new,
-+PKCS12_free,
-+PKCS12_new,
-+PKCS7_DIGEST_free,
-+PKCS7_DIGEST_new,
-+PKCS7_ENCRYPT_free,
-+PKCS7_ENCRYPT_new,
-+PKCS7_ENC_CONTENT_free,
-+PKCS7_ENC_CONTENT_new,
-+PKCS7_ENVELOPE_free,
-+PKCS7_ENVELOPE_new,
-+PKCS7_ISSUER_AND_SERIAL_free,
-+PKCS7_ISSUER_AND_SERIAL_new,
-+PKCS7_RECIP_INFO_free,
-+PKCS7_RECIP_INFO_new,
-+PKCS7_SIGNED_free,
-+PKCS7_SIGNED_new,
-+PKCS7_SIGNER_INFO_free,
-+PKCS7_SIGNER_INFO_new,
-+PKCS7_SIGN_ENVELOPE_free,
-+PKCS7_SIGN_ENVELOPE_new,
-+PKCS7_dup,
-+PKCS7_free,
-+PKCS7_new,
-+PKCS7_print_ctx,
-+PKCS8_PRIV_KEY_INFO_free,
-+PKCS8_PRIV_KEY_INFO_new,
-+PKEY_USAGE_PERIOD_free,
-+PKEY_USAGE_PERIOD_new,
-+POLICYINFO_free,
-+POLICYINFO_new,
-+POLICYQUALINFO_free,
-+POLICYQUALINFO_new,
-+POLICY_CONSTRAINTS_free,
-+POLICY_CONSTRAINTS_new,
-+POLICY_MAPPING_free,
-+POLICY_MAPPING_new,
-+PROXY_CERT_INFO_EXTENSION_free,
-+PROXY_CERT_INFO_EXTENSION_new,
-+PROXY_POLICY_free,
-+PROXY_POLICY_new,
-+RSAPrivateKey_dup,
-+RSAPublicKey_dup,
-+RSA_OAEP_PARAMS_free,
-+RSA_OAEP_PARAMS_new,
-+RSA_PSS_PARAMS_free,
-+RSA_PSS_PARAMS_new,
-+SCT_LIST_free,
-+SXNETID_free,
-+SXNETID_new,
-+SXNET_free,
-+SXNET_new,
-+TLS_FEATURE_free,
-+TLS_FEATURE_new,
-+TS_ACCURACY_dup,
-+TS_ACCURACY_free,
-+TS_ACCURACY_new,
-+TS_MSG_IMPRINT_dup,
-+TS_MSG_IMPRINT_free,
-+TS_MSG_IMPRINT_new,
-+TS_REQ_dup,
-+TS_REQ_free,
-+TS_REQ_new,
-+TS_RESP_dup,
-+TS_RESP_free,
-+TS_RESP_new,
-+TS_STATUS_INFO_dup,
-+TS_STATUS_INFO_free,
-+TS_STATUS_INFO_new,
-+TS_TST_INFO_dup,
-+TS_TST_INFO_free,
-+TS_TST_INFO_new,
-+USERNOTICE_free,
-+USERNOTICE_new,
-+X509_ALGOR_free,
-+X509_ALGOR_new,
-+X509_ATTRIBUTE_dup,
-+X509_ATTRIBUTE_free,
-+X509_ATTRIBUTE_new,
-+X509_CERT_AUX_free,
-+X509_CERT_AUX_new,
-+X509_CINF_free,
-+X509_CINF_new,
-+X509_CRL_INFO_free,
-+X509_CRL_INFO_new,
-+X509_CRL_METHOD_free,
-+X509_CRL_METHOD_new,
-+X509_CRL_dup,
-+X509_CRL_free,
-+X509_CRL_new,
-+X509_EXTENSION_dup,
-+X509_EXTENSION_free,
-+X509_EXTENSION_new,
-+X509_NAME_ENTRY_dup,
-+X509_NAME_ENTRY_free,
-+X509_NAME_ENTRY_new,
-+X509_NAME_dup,
-+X509_NAME_free,
-+X509_NAME_new,
-+X509_REQ_INFO_free,
-+X509_REQ_INFO_new,
-+X509_REQ_dup,
-+X509_REQ_free,
-+X509_REQ_new,
-+X509_REVOKED_dup,
-+X509_REVOKED_free,
-+X509_REVOKED_new,
-+X509_SIG_free,
-+X509_SIG_new,
-+X509_VAL_free,
-+X509_VAL_new,
-+X509_dup,
-+- ASN1 object utilities
-+
-+=for comment generic
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/asn1t.h>
-+
-+ DECLARE_ASN1_FUNCTIONS(type)
-+ IMPLEMENT_ASN1_FUNCTIONS(stname)
-+
-+ typedef struct ASN1_ITEM_st ASN1_ITEM;
-+
-+ extern const ASN1_ITEM TYPE_it;
-+ TYPE *TYPE_new(void);
-+ TYPE *TYPE_dup(TYPE *a);
-+ void TYPE_free(TYPE *a);
-+ int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
-+
-+=head1 DESCRIPTION
-+
-+In the description below, I<TYPE> is used
-+as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
-+
-+The OpenSSL ASN1 parsing library templates are like a data-driven bytecode
-+interpreter.
-+Every ASN1 object as a global variable, TYPE_it, that describes the item
-+such as its fields. (On systems which cannot export variables from shared
-+libraries, the global is instead a function which returns a pointer to a
-+static variable.
-+
-+The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files
-+to generate the function declarations.
-+
-+The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file
-+to generate the function bodies.
-+
-+
-+TYPE_new() allocates an empty object of the indicated type.
-+The object returned must be released by calling TYPE_free().
-+
-+TYPE_dup() copies an existing object.
-+
-+TYPE_free() releases the object and all pointers and sub-objects
-+within it.
-+
-+TYPE_print_ctx() prints the object B<a> on the specified BIO B<out>.
-+Each line will be prefixed with B<indent> spaces.
-+The B<pctx> specifies the printing context and is for internal
-+use; use NULL to get the default behavior. If a print function is
-+user-defined, then pass in any B<pctx> down to any nested calls.
-+
-+=head1 RETURN VALUES
-+
-+TYPE_new() and TYPE_dup() return a pointer to the object or NULL on failure.
-+
-+TYPE_print_ctx() returns 1 on success or zero on failure.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_get0_signature.pod
-+++ b/doc/crypto/X509_get0_signature.pod
-@@ -4,7 +4,7 @@
-
- X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
- X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
--X509_CRL_get_signature_nid - signature information.
-+X509_CRL_get_signature_nid - signature information
-
- =head1 SYNOPSIS
-
-@@ -82,4 +82,13 @@ X509_REQ_get0_signature(), X509_REQ_get_
- X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added
- to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_get0_uids.pod
-+++ b/doc/crypto/X509_get0_uids.pod
-@@ -44,4 +44,13 @@ L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_get_extension_flags.pod
-+++ b/doc/crypto/X509_get_extension_flags.pod
-@@ -2,21 +2,35 @@
-
- =head1 NAME
-
--X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
--retrieve certificate extension flags.
-+X509_get0_subject_key_id,
-+X509_get_pathlen,
-+X509_get_extension_flags,
-+X509_get_key_usage,
-+X509_get_extended_key_usage,
-+X509_set_proxy_flag,
-+X509_set_proxy_pathlen,
-+X509_get_proxy_pathlen - retrieve certificate extension data
-
- =head1 SYNOPSIS
-
- #include <openssl/x509v3.h>
-
-+ long X509_get_pathlen(X509 *x);
- uint32_t X509_get_extension_flags(X509 *x);
- uint32_t X509_get_key_usage(X509 *x);
- uint32_t X509_get_extended_key_usage(X509 *x);
- const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
-+ void X509_set_proxy_flag(X509 *x);
-+ void X509_set_proxy_pathlen(int l);
-+ long X509_get_proxy_pathlen(X509 *x);
-
- =head1 DESCRIPTION
-
--These functions retrieve flags related to commonly used certificate extensions.
-+These functions retrieve information related to commonly used certificate extensions.
-+
-+X509_get_pathlen() retrieves the path length extension from a certificate.
-+This extension is used to limit the length of a cert chain that may be
-+issued from that CA.
-
- X509_get_extension_flags() retrieves general information about a certificate,
- it will return one or more of the following flags ored together.
-@@ -95,6 +109,17 @@ X509_get_extended_key_usage() return an
- identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
- is not present or cannot be parsed.
-
-+X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
-+This is for the users who need to mark non-RFC3820 proxy certificates as
-+such, as OpenSSL only detects RFC3820 compliant ones.
-+
-+X509_set_proxy_pathlen() sets the proxy certificate path length for the given
-+certificate B<x>. This is for the users who need to mark non-RFC3820 proxy
-+certificates as such, as OpenSSL only detects RFC3820 compliant ones.
-+
-+X509_get_proxy_pathlen() returns the proxy certificate path length for the
-+given certificate B<x> if it is a proxy certicate.
-+
- =head1 NOTES
-
- The value of the flags correspond to extension values which are cached
-@@ -115,6 +140,9 @@ X509_get_ext_d2i().
-
- =head1 RETURN VALUE
-
-+X509_get_pathlen() returns the path length value, or -1 if the extension
-+is not present.
-+
- X509_get_extension_flags(), X509_get_key_usage() and
- X509_get_extended_key_usage() return sets of flags corresponding to the
- certificate extension values.
-@@ -123,8 +151,25 @@ X509_get0_subject_key_id() returns the s
- pointer to an B<ASN1_OCTET_STRING> structure or B<NULL> if the extension
- is absent or an error occurred during parsing.
-
-+X509_get_proxy_pathlen() returns the path length value if the given
-+certificate is a proxy one and has a path length set, and -1 otherwise.
-+
- =head1 SEE ALSO
-
- L<X509_check_purpose(3)>
-
-+=head1 HISTORY
-+
-+X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and
-+X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/X509_get_notBefore.pod
-@@ -0,0 +1,92 @@
-+=pod
-+
-+=head1 NAME
-+
-+X509_get_notBefore, X509_get_notAfter, X509_set_notBefore,
-+X509_set_notAfter, X509_CRL_get_lastUpdate, X509_CRL_get_nextUpdate,
-+X509_CRL_set_lastUpdate, X509_CRL_set_nextUpdate - get or set certificate
-+or CRL dates
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ ASN1_TIME *X509_get_notBefore(const X509 *x);
-+ ASN1_TIME *X509_get_notAfter(const X509 *x);
-+
-+ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-+ int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
-+
-+ ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl);
-+ ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl);
-+
-+ int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-+ int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
-+
-+=head1 DESCRIPTION
-+
-+X509_get_notBefore() and X509_get_notAfter() return the B<notBefore>
-+and B<notAfter> fields of certificate B<x> respectively. The value
-+returned is an internal pointer which must not be freed up after
-+the call.
-+
-+X509_set_notBefore() and X509_set_notAfter() set the B<notBefore>
-+and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
-+parameter B<tm> is not transferred by these functions so it must
-+be freed up after the call.
-+
-+X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() return the
-+B<lastUpdate> and B<nextUpdate> fields of B<crl>. The value
-+returned is an internal pointer which must not be freed up after
-+the call. If the B<nextUpdate> field is absent from B<crl> then
-+B<NULL> is returned.
-+
-+X509_CRL_set_lastUpdate() and X509_CRL_set_nextUpdate() set the B<lastUpdate>
-+and B<nextUpdate> fields of B<crl> to B<tm>. Ownership of the passed parameter
-+B<tm> is not transferred by these functions so it must be freed up after the
-+call.
-+
-+=head1 RETURN VALUES
-+
-+X509_get_notBefore(), X509_get_notAfter() and X509_CRL_get_lastUpdate()
-+return a pointer to an B<ASN1_TIME> structure.
-+
-+X509_CRL_get_lastUpdate() return a pointer to an B<ASN1_TIME> structure
-+or NULL if the B<lastUpdate> field is absent.
-+
-+X509_set_notBefore(), X509_set_notAfter(), X509_CRL_set_lastUpdate() and
-+X509_CRL_set_nextUpdate() return 1 for success or 0 for failure.
-+
-+=head1 SEE ALSO
-+
-+L<d2i_X509(3)>,
-+L<ERR_get_error(3)>,
-+L<X509_CRL_get0_by_serial(3)>,
-+L<X509_get0_signature(3)>,
-+L<X509_get_ext_d2i(3)>,
-+L<X509_get_extension_flags(3)>,
-+L<X509_get_pubkey(3)>,
-+L<X509_get_subject_name(3)>,
-+L<X509_NAME_add_entry_by_txt(3)>,
-+L<X509_NAME_ENTRY_get_object(3)>,
-+L<X509_NAME_get_index_by_NID(3)>,
-+L<X509_NAME_print_ex(3)>,
-+L<X509_new(3)>,
-+L<X509_sign(3)>,
-+L<X509V3_get_d2i(3)>,
-+L<X509_verify_cert(3)>
-+
-+=head1 HISTORY
-+
-+These functions are available in all versions of OpenSSL.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/X509_get_pubkey.pod
-+++ b/doc/crypto/X509_get_pubkey.pod
-@@ -3,16 +3,16 @@
- =head1 NAME
-
- X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY,
--X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey,
--X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request
--public key.
-+X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey,
-+X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request
-+public key
-
- =head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- EVP_PKEY *X509_get_pubkey(X509 *x);
-- EVP_PKEY *X509_get0_pubkey(X509 *x);
-+ EVP_PKEY *X509_get0_pubkey(const X509 *x);
- int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
- X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
-
-@@ -37,7 +37,7 @@ must not be freed up after use.
- X509_set_pubkey() attempts to set the public key for certificate B<x> to
- B<pkey>. The key B<pkey> should be freed up after use.
-
--X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and
-+X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and
- X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request B<req>.
-
- =head1 NOTES
-@@ -75,6 +75,13 @@ L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/X509_get_serialNumber.pod
-+++ b/doc/crypto/X509_get_serialNumber.pod
-@@ -3,7 +3,7 @@
- =head1 NAME
-
- X509_get_serialNumber, X509_set_serialNumber - get or set certificate serial
--number.
-+number
-
- =head1 SYNOPSIS
-
-@@ -52,4 +52,13 @@ L<X509_verify_cert(3)>
- X509_get_serialNumber() and X509_set_serialNumber() are available in
- all versions of OpenSSL.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_get_subject_name.pod
-+++ b/doc/crypto/X509_get_subject_name.pod
-@@ -5,22 +5,22 @@
- X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name,
- X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name,
- X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or
--subject names.
-+subject names
-
- =head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
-- X509_NAME *X509_get_subject_name(X509 *x);
-+ X509_NAME *X509_get_subject_name(const X509 *x);
- int X509_set_subject_name(X509 *x, X509_NAME *name);
-
-- X509_NAME *X509_get_issuer_name(X509 *x);
-+ X509_NAME *X509_get_issuer_name(const X509 *x);
- int X509_set_issuer_name(X509 *x, X509_NAME *name);
-
-- X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
-+ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
- int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
-
-- X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
-+ X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
- int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-
- =head1 DESCRIPTION
-@@ -34,11 +34,11 @@ up when it is no longer needed.
-
- X509_get_issuer_name() and X509_set_issuer_name() are identical to
- X509_get_subject_name() and X509_set_subject_name() except the get and
--set the isssuer name of B<x>.
-+set the issuer name of B<x>.
-
- Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(),
- X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject
--or issuer names of certifcate requests of CRLs respectively.
-+or issuer names of certificate requests of CRLs respectively.
-
- =head1 RETURN VALUES
-
-@@ -74,4 +74,13 @@ L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_get_version.pod
-+++ b/doc/crypto/X509_get_version.pod
-@@ -4,26 +4,26 @@
-
- X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version,
- X509_CRL_get_version, X509_CRL_set_version - get or set certificate,
--certificate request or CRL version.
-+certificate request or CRL version
-
- =head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
-- long X509_get_version(X509 *x);
-+ long X509_get_version(const X509 *x);
- int X509_set_version(X509 *x, long version);
-
-- long X509_REQ_get_version(X509_REQ *req);
-+ long X509_REQ_get_version(const X509_REQ *req);
- int X509_REQ_set_version(X509_REQ *x, long version);
-
-- long X509_CRL_get_version(X509_CRL *crl);
-+ long X509_CRL_get_version(const X509_CRL *crl);
- int X509_CRL_set_version(X509_CRL *x, long version);
-
- =head1 DESCRIPTION
-
- X509_get_version() returns the numerical value of the version field of
- certificate B<x>. Note: this is defined by standards (X.509 et al) to be one
--less than the certificate version. So a verson 3 certificate will return 2 and
-+less than the certificate version. So a version 3 certificate will return 2 and
- a version 1 certificate will return 0.
-
- X509_set_version() sets the numerical value of the version field of certificate
-@@ -71,4 +71,13 @@ L<X509_verify_cert(3)>
- X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are
- functions in OpenSSL 1.1.0, in previous versions they were macros.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_new.pod
-+++ b/doc/crypto/X509_new.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+X509_chain_up_ref,
- X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
-
- =head1 SYNOPSIS
-@@ -10,7 +11,7 @@ X509_new, X509_free, X509_up_ref - X509
-
- X509 *X509_new(void);
- void X509_free(X509 *a);
-- void X509_up_ref(X509 *a);
-+ int X509_up_ref(X509 *a);
- STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
-
- =head1 DESCRIPTION
-@@ -46,7 +47,7 @@ If the allocation fails, X509_new() retu
- code that can be obtained by L<ERR_get_error(3)>.
- Otherwise it returns a pointer to the newly allocated structure.
-
--X509_free() and X509_up_ref() do not return a value.
-+X509_up_ref() returns 1 for success and 0 for failure.
-
- X509_chain_up_ref() returns a copy of the stack or B<NULL> if an error
- occurred.
-@@ -70,4 +71,13 @@ L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_sign.pod
-+++ b/doc/crypto/X509_sign.pod
-@@ -4,7 +4,7 @@
-
- X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx,
- X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify -
--sign or verify certificate, certificate request or CRL signature.
-+sign or verify certificate, certificate request or CRL signature
-
- =head1 SYNOPSIS
-
-@@ -30,7 +30,7 @@ certificate B<x> but uses the parameters
-
- X509_verify() verifies the signature of certificate B<x> using public key
- B<pkey>. Only the signature is checked: no other checks (such as certificate
--chain validity) are perfored.
-+chain validity) are performed.
-
- X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(),
- X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify
-@@ -87,4 +87,13 @@ versions of OpenSSL.
- X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added
- to OpenSSL 1.0.1.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509_verify_cert.pod
-+++ b/doc/crypto/X509_verify_cert.pod
-@@ -31,12 +31,13 @@ Applications rarely call this function d
- OpenSSL internally for certificate validation, in both the S/MIME and
- SSL/TLS code.
-
--The negative return value from X509_verify_cert() can only occur if no
--certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
--twice without reinitialising B<ctx> in between; or if a retry
--operation is requested during internal lookups (which never happens with
--standard lookup methods). It is however recommended that application check
--for <= 0 return value on error.
-+A negative return value from X509_verify_cert() can occur if it is invoked
-+incorrectly, such as with no certificate set in B<ctx>, or when it is called
-+twice in succession without reinitialising B<ctx> for the second call.
-+A negative return value can also happen due to internal resource problems or if
-+a retry operation is requested during internal lookups (which never happens
-+with standard lookup methods).
-+Applications must check for <= 0 return value on error.
-
- =head1 BUGS
-
-@@ -47,4 +48,13 @@ functions which use B<x509_vfy.h>.
-
- L<X509_STORE_CTX_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/X509v3_get_ext_by_NID.pod
-+++ b/doc/crypto/X509v3_get_ext_by_NID.pod
-@@ -4,15 +4,14 @@
-
- X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID,
- X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext,
--X509v3_add_ext, X509_get0_extensions, X509_CRL_get0_extensions,
--X509_REVOKED_get0_extensions, X509_get_ext_count, X509_get_ext,
-+X509v3_add_ext, X509_get_ext_count, X509_get_ext,
- X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical,
- X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext,
- X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical,
- X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count,
- X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ,
- X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext,
--X509_REVOKED_add_ext - extension stack utility functions.
-+X509_REVOKED_add_ext - extension stack utility functions
-
- =head1 SYNOPSIS
-
-@@ -31,32 +30,28 @@ X509_REVOKED_add_ext - extension stack u
- STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
- X509_EXTENSION *ex, int loc);
-
-- STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
-- STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
-- STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
--
-- int X509_get_ext_count(X509 *x);
-- X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-- int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-- int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
-- int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-+ int X509_get_ext_count(const X509 *x);
-+ X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
-+ int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
-+ int X509_get_ext_by_OBJ(const X509 *x, ASN1_OBJECT *obj, int lastpos);
-+ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
- X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
- int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-
-- int X509_CRL_get_ext_count(X509_CRL *x);
-- X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-- int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-- int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
-- int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-+ int X509_CRL_get_ext_count(const X509_CRL *x);
-+ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
-+ int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
-+ int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
-+ int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
- X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
- int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-
-- int X509_REVOKED_get_ext_count(X509_REVOKED *x);
-- X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-- int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-- int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-+ int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
-+ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
-+ int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
-+ int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, ASN1_OBJECT *obj,
- int lastpos);
-- int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-+ int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
- X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
- int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-
-@@ -75,7 +70,7 @@ extension after B<lastpos> or from the b
- the extension is found its index is returned otherwise B<-1> is returned.
-
- X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it
--looks for an extension of criticality B<crit>. A zero value for B<crit>
-+looks for an extension of criticality B<crit>. A zero value for B<crit>
- looks for a non-critical extension a non-zero value looks for a critical
- extension.
-
-@@ -88,10 +83,6 @@ B<loc> is B<-1> the new extension is add
- a new stack will be allocated. The passed extension B<ex> is duplicated
- internally so it must be freed after use.
-
--X509_get0_extensions(), X509_CRL_get0_extensions() and
--X509_REVOKED_get0_extensions() retrieve the extensions from a certificate
--a CRL or a CRL entry respectively.
--
- X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(),
- X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext()
- and X509_add_ext() operate on the extensions of certificate B<x> they are
-@@ -133,10 +124,17 @@ error occurs.
-
- X509v3_add_ext() returns a stack of extensions or B<NULL> on error.
-
--X509_get0_extensions(), X509_CRL_get0_extensions() and
--X509_REVOKED_get0_extensions() return a stack of extensions. If the extensions
--field is absent it will return B<NULL>: this is B<not> an error condition.
--
- =head1 SEE ALSO
-
- L<X509V3_get_d2i(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/bio.pod
-+++ b/doc/crypto/bio.pod
-@@ -1,16 +1,17 @@
- =pod
-
-+=for comment openssl_manual_section 7
-+
- =head1 NAME
-
--bio - I/O abstraction
-+bio - Basic I/O abstraction
-+
-+=for comment generic
-
- =head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
--TBA
--
--
- =head1 DESCRIPTION
-
- A BIO is an I/O abstraction, it hides many of the underlying I/O
-@@ -37,6 +38,28 @@ BIO and one or more filter BIOs. Data re
- first BIO then traverses the chain to the end (normally a source/sink
- BIO).
-
-+
-+Some BIOs (such as memory BIOs) can be used immediately after calling
-+BIO_new(). Others (such as file BIOs) need some additional initialization,
-+and frequently a utility function exists to create and initialize such BIOs.
-+
-+If BIO_free() is called on a BIO chain it will only free one BIO resulting
-+in a memory leak.
-+
-+Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
-+on it other than the discarded return value.
-+
-+Normally the B<type> argument is supplied by a function which returns a
-+pointer to a BIO_METHOD. There is a naming convention for such functions:
-+a source/sink BIO is normally called BIO_s_*() and a filter BIO
-+BIO_f_*();
-+
-+=head1 EXAMPLE
-+
-+Create a memory BIO:
-+
-+ BIO *mem = BIO_new(BIO_s_mem());
-+
- =head1 SEE ALSO
-
- L<BIO_ctrl(3)>,
-@@ -53,3 +76,15 @@ L<BIO_s_mem(3)>,
- L<BIO_s_null(3)>, L<BIO_s_socket(3)>,
- L<BIO_set_callback(3)>,
- L<BIO_should_retry(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-+
---- a/doc/crypto/blowfish.pod
-+++ /dev/null
-@@ -1,108 +0,0 @@
--=pod
--
--=head1 NAME
--
--blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
--BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
--
--=head1 SYNOPSIS
--
-- #include <openssl/blowfish.h>
--
-- void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
--
-- void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-- BF_KEY *key, int enc);
-- void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
-- long length, BF_KEY *schedule, unsigned char *ivec, int enc);
-- void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-- long length, BF_KEY *schedule, unsigned char *ivec, int *num,
-- int enc);
-- void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-- long length, BF_KEY *schedule, unsigned char *ivec, int *num);
-- const char *BF_options(void);
--
-- void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-- void BF_decrypt(BF_LONG *data,const BF_KEY *key);
--
--=head1 DESCRIPTION
--
--This library implements the Blowfish cipher, which was invented and described
--by Counterpane (see http://www.counterpane.com/blowfish.html ).
--
--Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
--It uses a variable size key, but typically, 128 bit (16 byte) keys are
--considered good for strong encryption. Blowfish can be used in the same
--modes as DES (see L<des_modes(7)>). Blowfish is currently one
--of the faster block ciphers. It is quite a bit faster than DES, and much
--faster than IDEA or RC2.
--
--Blowfish consists of a key setup phase and the actual encryption or decryption
--phase.
--
--BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
--at B<data>.
--
--BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
--It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
--putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
--or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
--B<in> and B<out> must be 64 bits in length, no less. If they are larger,
--everything after the first 64 bits is ignored.
--
--The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
--all operate on variable length data. They all take an initialization vector
--B<ivec> which needs to be passed along into the next call of the same function
--for the same message. B<ivec> may be initialized with anything, but the
--recipient needs to know what it was initialized with, or it won't be able
--to decrypt. Some programs and protocols simplify this, like SSH, where
--B<ivec> is simply initialized to zero.
--BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
--BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
--number of bytes (the amount does not have to be an exact multiple of 8). The
--purpose of the latter two is to simulate stream ciphers, and therefore, they
--need the parameter B<num>, which is a pointer to an integer where the current
--offset in B<ivec> is stored between calls. This integer must be initialized
--to zero when B<ivec> is initialized.
--
--BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
--encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
--putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
--decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
--long initialization vector.
--
--BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
--It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
--putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
--or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
--8 byte long initialization vector. B<num> must point at an integer which must
--be initially zero.
--
--BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
--It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
--the same way.
--
--BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
--encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
--B<data>, using the key B<key>. These functions should not be used unless you
--implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt().
--If you still want to use these functions, you should be aware that they take
--each 32-bit chunk in host-byte order, which is little-endian on little-endian
--platforms and big-endian on big-endian ones.
--
--=head1 RETURN VALUES
--
--None of the functions presented here return any value.
--
--=head1 NOTE
--
--Applications should use the higher level functions
--L<EVP_EncryptInit(3)> etc. instead of calling these
--functions directly.
--
--=head1 SEE ALSO
--
--L<EVP_EncryptInit(3)>,
--L<des_modes(7)>
--
--=cut
---- a/doc/crypto/bn.pod
-+++ /dev/null
-@@ -1,188 +0,0 @@
--=pod
--
--=head1 NAME
--
--bn - multiprecision integer arithmetics
--
--=head1 SYNOPSIS
--
-- #include <openssl/bn.h>
--
-- BIGNUM *BN_new(void);
-- void BN_free(BIGNUM *a);
-- void BN_clear(BIGNUM *a);
-- void BN_clear_free(BIGNUM *a);
--
-- BN_CTX *BN_CTX_new(void);
-- BN_CTX *BN_CTX_secure_new(void);
-- void BN_CTX_free(BN_CTX *c);
--
-- BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-- BIGNUM *BN_dup(const BIGNUM *a);
--
-- BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
--
-- int BN_num_bytes(const BIGNUM *a);
-- int BN_num_bits(const BIGNUM *a);
-- int BN_num_bits_word(BN_ULONG w);
--
-- void BN_set_negative(BIGNUM *a, int n);
-- int BN_is_negative(const BIGNUM *a);
--
-- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
-- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
-- BN_CTX *ctx);
-- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-- int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-- int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-- BN_CTX *ctx);
-- int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-- BN_CTX *ctx);
-- int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-- BN_CTX *ctx);
-- int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
-- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx);
-- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
--
-- int BN_add_word(BIGNUM *a, BN_ULONG w);
-- int BN_sub_word(BIGNUM *a, BN_ULONG w);
-- int BN_mul_word(BIGNUM *a, BN_ULONG w);
-- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
--
-- int BN_cmp(BIGNUM *a, BIGNUM *b);
-- int BN_ucmp(BIGNUM *a, BIGNUM *b);
-- int BN_is_zero(BIGNUM *a);
-- int BN_is_one(BIGNUM *a);
-- int BN_is_word(BIGNUM *a, BN_ULONG w);
-- int BN_is_odd(BIGNUM *a);
--
-- int BN_zero(BIGNUM *a);
-- int BN_one(BIGNUM *a);
-- const BIGNUM *BN_value_one(void);
-- int BN_set_word(BIGNUM *a, unsigned long w);
-- unsigned long BN_get_word(BIGNUM *a);
--
-- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-- int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
-- int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
--
-- int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
-- const BIGNUM *rem, BN_GENCB *cb);
--
-- int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
--
-- int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
-- int do_trial_division, BN_GENCB *cb);
--
-- int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-- BN_GENCB *BN_GENCB_new(void);
-- void BN_GENCB_free(BN_GENCB *cb);
-- void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), void *cb_arg);
-- void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), void *cb_arg);
-- void *BN_GENCB_get_arg(BN_GENCB *cb);
--
-- int BN_set_bit(BIGNUM *a, int n);
-- int BN_clear_bit(BIGNUM *a, int n);
-- int BN_is_bit_set(const BIGNUM *a, int n);
-- int BN_mask_bits(BIGNUM *a, int n);
-- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-- int BN_lshift1(BIGNUM *r, BIGNUM *a);
-- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
-- int BN_rshift1(BIGNUM *r, BIGNUM *a);
--
-- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
-- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
-- char *BN_bn2hex(const BIGNUM *a);
-- char *BN_bn2dec(const BIGNUM *a);
-- int BN_hex2bn(BIGNUM **a, const char *str);
-- int BN_dec2bn(BIGNUM **a, const char *str);
-- int BN_print(BIO *fp, const BIGNUM *a);
-- int BN_print_fp(FILE *fp, const BIGNUM *a);
-- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
--
-- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
-- BN_CTX *ctx);
--
-- BN_RECP_CTX *BN_RECP_CTX_new(void);
-- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
-- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-- BN_RECP_CTX *recp, BN_CTX *ctx);
--
-- BN_MONT_CTX *BN_MONT_CTX_new(void);
-- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
-- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
-- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-- BN_MONT_CTX *mont, BN_CTX *ctx);
-- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-- BN_CTX *ctx);
-- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-- BN_CTX *ctx);
--
-- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
-- BIGNUM *mod);
-- void BN_BLINDING_free(BN_BLINDING *b);
-- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
-- BN_CTX *ctx);
-- int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
-- BN_CTX *ctx);
-- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-- BN_MONT_CTX *m_ctx);
--
--=head1 DESCRIPTION
--
--This library performs arithmetic operations on integers of arbitrary
--size. It was written for use in public key cryptography, such as RSA
--and Diffie-Hellman.
--
--It uses dynamic memory allocation for storing its data structures.
--That means that there is no limit on the size of the numbers
--manipulated by these functions, but return values must always be
--checked in case a memory allocation error has occurred.
--
--The basic object in this library is a B<BIGNUM>. It is used to hold a
--single large integer. This type should be considered opaque and fields
--should not be modified or accessed directly.
--
--The creation of B<BIGNUM> objects is described in L<BN_new(3)>;
--L<BN_add(3)> describes most of the arithmetic operations.
--Comparison is described in L<BN_cmp(3)>; L<BN_zero(3)>
--describes certain assignments, L<BN_rand(3)> the generation of
--random numbers, L<BN_generate_prime(3)> deals with prime
--numbers and L<BN_set_bit(3)> with bit operations. The conversion
--of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)>.
--
--=head1 SEE ALSO
--
--L<bn_internal(3)>,
--L<dh(3)>, L<err(3)>, L<rand(3)>, L<rsa(3)>,
--L<BN_new(3)>, L<BN_CTX_new(3)>,
--L<BN_copy(3)>, L<BN_swap(3)>, L<BN_num_bytes(3)>,
--L<BN_add(3)>, L<BN_add_word(3)>,
--L<BN_cmp(3)>, L<BN_zero(3)>, L<BN_rand(3)>,
--L<BN_generate_prime(3)>, L<BN_set_bit(3)>,
--L<BN_bn2bin(3)>, L<BN_mod_inverse(3)>,
--L<BN_mod_mul_reciprocal(3)>,
--L<BN_mod_mul_montgomery(3)>,
--L<BN_BLINDING_new(3)>
--
--=cut
---- a/doc/crypto/bn_internal.pod
-+++ /dev/null
-@@ -1,238 +0,0 @@
--=pod
--
--=head1 NAME
--
--bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
--bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
--bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
--bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
--bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
--bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
--bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
--library internal functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/bn.h>
--
-- BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-- BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
-- BN_ULONG w);
-- void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
-- BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-- BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
-- int num);
-- BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
-- int num);
--
-- void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
-- void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
-- void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
-- void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
--
-- int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
--
-- void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
-- int nb);
-- void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
-- void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-- int dna,int dnb,BN_ULONG *tmp);
-- void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
-- int n, int tna,int tnb, BN_ULONG *tmp);
-- void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
-- int n2, BN_ULONG *tmp);
-- void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
-- int n2, BN_ULONG *tmp);
--
-- void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
-- void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
--
-- void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
-- void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
-- void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
--
-- BIGNUM *bn_expand(BIGNUM *a, int bits);
-- BIGNUM *bn_wexpand(BIGNUM *a, int n);
-- BIGNUM *bn_expand2(BIGNUM *a, int n);
-- void bn_fix_top(BIGNUM *a);
--
-- void bn_check_top(BIGNUM *a);
-- void bn_print(BIGNUM *a);
-- void bn_dump(BN_ULONG *d, int n);
-- void bn_set_max(BIGNUM *a);
-- void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
-- void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
--
--=head1 DESCRIPTION
--
--This page documents the internal functions used by the OpenSSL
--B<BIGNUM> implementation. They are described here to facilitate
--debugging and extending the library. They are I<not> to be used by
--applications.
--
--=head2 The BIGNUM structure
--
-- typedef struct bignum_st BIGNUM;
--
-- struct bignum_st
-- {
-- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
-- int top; /* Index of last used d +1. */
-- /* The next are internal book keeping for bn_expand. */
-- int dmax; /* Size of the d array. */
-- int neg; /* one if the number is negative */
-- int flags;
-- };
--
--
--The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
--least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
--in size, depending on the 'number of bits' (B<BITS2>) specified in
--C<openssl/bn.h>.
--
--B<dmax> is the size of the B<d> array that has been allocated. B<top>
--is the number of words being used, so for a value of 4, bn.d[0]=4 and
--bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
--B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
--
--B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
--flags begin with B<BN_FLG_>. The macros BN_set_flags(b,n) and
--BN_get_flags(b,n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
--structure B<b>.
--
--Various routines in this library require the use of temporary
--B<BIGNUM> variables during their execution. Since dynamic memory
--allocation to create B<BIGNUM>s is rather expensive when used in
--conjunction with repeated subroutine calls, the B<BN_CTX> structure is
--used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
--L<BN_CTX_start(3)>.
--
--=head2 Low-level arithmetic operations
--
--These functions are implemented in C and for several platforms in
--assembly language:
--
--bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
--arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
--in B<rp>, and returns the high word (carry).
--
--bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
--word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
--the result in B<rp>, and returns the high word (carry).
--
--bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
--B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
--word-wise, and places the low and high bytes of the result in B<rp>.
--
--bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
--by B<d> and returns the result.
--
--bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
--arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
--result in B<rp>, and returns the high word (carry).
--
--bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
--arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
--result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
--otherwise).
--
--bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
--B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
--result in B<r>.
--
--bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
--B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
--result in B<r>.
--
--bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
--B<b> and the 8 word array B<r>.
--
--bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
--B<b> and the 16 word array B<r>.
--
--The following functions are implemented in C:
--
--bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
--and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
--less than B<b>.
--
--bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
--word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
--array B<r>. It computes B<a>*B<b> and places the result in B<r>.
--
--bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
--arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
--B<a>*B<b> and places the result in B<r>.
--
--bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
--on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
--(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
--word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
--B<a>*B<b> and places the result in B<r>.
--
--bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
--operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
--B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
--
--bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
--B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
--and B<b>.
--
--bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
--B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
--array B<tmp>.
--
--BN_mul() calls bn_mul_normal(), or an optimized implementation if the
--factors have the same size: bn_mul_comba8() is used if they are 8
--words long, bn_mul_recursive() if they are larger than
--B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
--size, and bn_mul_part_recursive() for others that are larger than
--B<BN_MULL_SIZE_NORMAL>.
--
--bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
--B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
--
--The implementations use the following macros which, depending on the
--architecture, may use "long long" C operations or inline assembler.
--They are defined in C<bn_lcl.h>.
--
--mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
--low word of the result in B<r> and the high word in B<c>.
--
--mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
--places the low word of the result in B<r> and the high word in B<c>.
--
--sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
--of the result in B<r0> and the high word in B<r1>.
--
--=head2 Size changes
--
--bn_expand() ensures that B<b> has enough space for a B<bits> bit
--number. bn_wexpand() ensures that B<b> has enough space for an
--B<n> word number. If the number has to be expanded, both macros
--call bn_expand2(), which allocates a new B<d> array and copies the
--data. They return B<NULL> on error, B<b> otherwise.
--
--The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
--significant non-zero word plus one when B<a> has shrunk.
--
--=head2 Debugging
--
--bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
--E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort.
--
--bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
--(in reverse order, i.e. most significant word first) to stderr.
--
--bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
--This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
--B<BIGNUM> that contains the B<n> low or high words of B<a>.
--
--If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
--and bn_set_max() are defined as empty macros.
--
--=head1 SEE ALSO
--
--L<bn(3)>
--
--=cut
---- a/doc/crypto/buffer.pod
-+++ /dev/null
-@@ -1,59 +0,0 @@
--=pod
--
--=head1 NAME
--
--BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
--character array structure
--
--standard C library equivalents
--
--=head1 SYNOPSIS
--
-- #include <openssl/buffer.h>
--
-- BUF_MEM *BUF_MEM_new(void);
--
-- #define BUF_MEM_FLAG_SECURE
--
-- BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
--
-- void BUF_MEM_free(BUF_MEM *a);
--
-- int BUF_MEM_grow(BUF_MEM *str, int len);
--
--=head1 DESCRIPTION
--
--The buffer library handles simple character arrays. Buffers are used for
--various purposes in the library, most notably memory BIOs.
--
--BUF_MEM_new() allocates a new buffer of zero size.
--
--BUF_MEM_new_ex() allocates a buffer with the specified flags.
--The flag B<BUF_MEM_FLAG_SECURE> specifies that the B<data> pointer
--should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
--
--BUF_MEM_free() frees up an already existing buffer. The data is zeroed
--before freeing up in case the buffer contains sensitive data.
--
--BUF_MEM_grow() changes the size of an already existing buffer to
--B<len>. Any data already in the buffer is preserved if it increases in
--size.
--
--=head1 RETURN VALUES
--
--BUF_MEM_new() returns the buffer or NULL on error.
--
--BUF_MEM_free() has no return value.
--
--BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
--
--=head1 SEE ALSO
--
--L<bio(3)>,
--L<CRYPTO_secure_malloc(3)>.
--
--=head1 HISTORY
--
--BUF_MEM_new_ex() was added in OpenSSL 1.1.0.
--
--=cut
---- a/doc/crypto/crypto.pod
-+++ b/doc/crypto/crypto.pod
-@@ -1,11 +1,15 @@
- =pod
-
-+=for comment openssl_manual_section:7
-+
- =head1 NAME
-
- crypto - OpenSSL cryptographic library
-
- =head1 SYNOPSIS
-
-+See the individual manual pages for details.
-+
- =head1 DESCRIPTION
-
- The OpenSSL B<crypto> library implements a wide range of cryptographic
-@@ -14,8 +18,6 @@ by this library are used by the OpenSSL
- and S/MIME, and they have also been used to implement SSH, OpenPGP, and
- other cryptographic standards.
-
--=head1 OVERVIEW
--
- B<libcrypto> consists of a number of sub-libraries that implement the
- individual algorithms.
-
-@@ -24,8 +26,6 @@ cryptography and key agreement, certific
- hash functions, cryptographic pseudo-random number generator, and
- various utilities.
-
--See the individual manual pages for details.
--
- =head1 NOTES
-
- Some of the newer functions follow a naming convention using the numbers
-@@ -42,8 +42,21 @@ The B<1> function uses a copy of the sup
- (or in some cases increases its link count) in the parent and
- so both (B<x> and B<obj> above) should be freed up.
-
-+=head1 RETURN VALUES
-+
-+See the individual manual pages for details.
-+
- =head1 SEE ALSO
-
- L<openssl(1)>, L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/d2i_ASN1_OBJECT.pod
-+++ /dev/null
-@@ -1,29 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/objects.h>
--
-- ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
-- int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
--
--=head1 DESCRIPTION
--
--These functions decode and encode an ASN1 OBJECT IDENTIFIER.
--
--Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/d2i_CMS_ContentInfo.pod
-+++ /dev/null
-@@ -1,25 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_CMS_ContentInfo, i2d_CMS_ContentInfo - CMS ContentInfo functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/cms.h>
--
-- CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, unsigned char **pp, long length);
-- int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **pp);
--
--=head1 DESCRIPTION
--
--These functions decode and encode an CMS ContentInfo structure.
--
--Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=cut
---- a/doc/crypto/d2i_DHparams.pod
-+++ b/doc/crypto/d2i_DHparams.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
-+d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions
-
- =head1 SYNOPSIS
-
-@@ -23,8 +23,13 @@ described in the L<d2i_X509(3)> manual p
-
- L<d2i_X509(3)>
-
--=head1 HISTORY
-+=head1 COPYRIGHT
-
--TBA
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/d2i_DSAPublicKey.pod
-+++ /dev/null
-@@ -1,91 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
--d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSAparams, i2d_DSAparams,
--d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding and parsing functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/dsa.h>
-- #include <openssl/x509.h>
--
-- DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
--
-- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
--
-- DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
--
-- int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
--
-- DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
-- DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
--
-- int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
-- int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
--
-- DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
--
-- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
--
-- DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
--
-- int i2d_DSAparams(const DSA *a, unsigned char **pp);
--
-- DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
--
-- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
--
--=head1 DESCRIPTION
--
--d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
--components structure.
--
--d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
--a SubjectPublicKeyInfo (certificate public key) structure.
--
--d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), i2d_DSA_PUBKEY_bio() and
--i2d_DSA_PUBKEY_fp() are similar to d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY()
--except they decode or encode using a B<BIO> or B<FILE> pointer.
--
--d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
--components.
--
--d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
--a B<Dss-Parms> structure as defined in RFC2459.
--
--d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
--B<Dss-Sig-Value> structure as defined in RFC2459.
--
--The usage of all of these functions is similar to the d2i_X509() and
--i2d_X509() described in the L<d2i_X509(3)> manual page.
--
--=head1 NOTES
--
--The B<DSA> structure passed to the private key encoding functions should have
--all the private key components present.
--
--The data encoded by the private key functions is unencrypted and therefore
--offers no private key security.
--
--The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
--functions when encoding public keys because they use a standard format.
--
--The B<DSAPublicKey> functions use a non standard format which is a
--B<SEQUENCE> consisting of the B<p>, B<q>, B<g> and B<pub_key> fields
--respectively.
--
--The B<DSAPrivateKey> functions also use a non standard structure consisting
--consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
--B<priv_key> fields respectively.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/d2i_ECPKParameters.pod
-+++ /dev/null
-@@ -1,84 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp, ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities
--
--=head1 SYNOPSIS
--
-- #include <openssl/ec.h>
--
-- EC_GROUP *d2i_ECPKParameters(EC_GROUP **px, const unsigned char **in, long len);
-- int i2d_ECPKParameters(const EC_GROUP *x, unsigned char **out);
-- #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-- #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-- #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
-- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-- #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
-- (unsigned char *)(x))
-- int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-- int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
--
--
--=head1 DESCRIPTION
--
--The ECPKParameters encode and decode routines encode and parse the public parameters for an
--B<EC_GROUP> structure, which represents a curve.
--
--d2i_ECPKParameters() attempts to decode B<len> bytes at B<*in>. If
--successful a pointer to the B<EC_GROUP> structure is returned. If an error
--occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
--returned structure is written to B<*px>. If B<*px> is not B<NULL>
--then it is assumed that B<*px> contains a valid B<EC_GROUP>
--structure and an attempt is made to reuse it. If the call is
--successful B<*in> is incremented to the byte following the
--parsed data.
--
--i2d_ECPKParameters() encodes the structure pointed to by B<x> into DER format.
--If B<out> is not B<NULL> is writes the DER encoded data to the buffer
--at B<*out>, and increments it to point after the data just written.
--If the return value is negative an error occurred, otherwise it
--returns the length of the encoded data.
--
--If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded
--data written to it. In this case B<*out> is not incremented and it points to
--the start of the data just written.
--
--d2i_ECPKParameters_bio() is similar to d2i_ECPKParameters() except it attempts
--to parse data from BIO B<bp>.
--
--d2i_ECPKParameters_fp() is similar to d2i_ECPKParameters() except it attempts
--to parse data from FILE pointer B<fp>.
--
--i2d_ECPKParameters_bio() is similar to i2d_ECPKParameters() except it writes
--the encoding of the structure B<x> to BIO B<bp> and it
--returns 1 for success and 0 for failure.
--
--i2d_ECPKParameters_fp() is similar to i2d_ECPKParameters() except it writes
--the encoding of the structure B<x> to BIO B<bp> and it
--returns 1 for success and 0 for failure.
--
--These functions are very similar to the X509 functions described in L<d2i_X509(3)>,
--where further notes and examples are available.
--
--The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output
--of the public parameters of the EC_GROUP to B<bp> or B<fp>. The output lines are indented by B<off> spaces.
--
--=head1 RETURN VALUES
--
--d2i_ECPKParameters(), d2i_ECPKParameters_bio() and d2i_ECPKParameters_fp() return a valid B<EC_GROUP> structure
--or B<NULL> if an error occurs.
--
--i2d_ECPKParameters() returns the number of bytes successfully encoded or a negative
--value if an error occurs.
--
--i2d_ECPKParameters_bio(), i2d_ECPKParameters_fp(), ECPKParameters_print and ECPKParameters_print_fp
--return 1 for success and 0 if an error occurs.
--
--=head1 SEE ALSO
--
--L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
--L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
--L<EC_GFp_simple_method(3)>, L<d2i_X509(3)>
--
--=cut
---- a/doc/crypto/d2i_ECPrivateKey.pod
-+++ /dev/null
-@@ -1,67 +0,0 @@
--=pod
--
--=head1 NAME
--
--i2d_ECPrivateKey, d2i_ECPrivate_key - Encode and decode functions for saving and
--reading EC_KEY structures
--
--=head1 SYNOPSIS
--
-- #include <openssl/ec.h>
--
-- EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
-- int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
--
-- unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
-- void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
--
--=head1 DESCRIPTION
--
--The ECPrivateKey encode and decode routines encode and parse an
--B<EC_KEY> structure into a binary format (ASN.1 DER) and back again.
--
--These functions are similar to the d2i_X509() functions, and you should refer to
--that page for a detailed description (see L<d2i_X509(3)>).
--
--The format of the external representation of the public key written by
--i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is
--described by the point_conversion_form. See L<EC_GROUP_copy(3)>
--for a description of point_conversion_form.
--
--When reading a private key encoded without an associated public key (e.g. if
--EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey generates
--the missing public key automatically. Private keys encoded without parameters
--(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using
--d2i_ECPrivateKey.
--
--The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the
--value of the encoding flags for the B<key>. There are two encoding flags
--currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags
--define the behaviour of how the B<key> is converted into ASN1 in a call to
--i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for
--the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is
--set then the public key is not encoded along with the private key.
--
--=head1 RETURN VALUES
--
--d2i_ECPrivateKey() returns a valid B<EC_KEY> structure or B<NULL> if an error
--occurs. The error code that can be obtained by
--L<ERR_get_error(3)>.
--
--i2d_ECPrivateKey() returns the number of bytes successfully encoded or a
--negative value if an error occurs. The error code can be obtained by
--L<ERR_get_error(3)>.
--
--EC_KEY_get_enc_flags returns the value of the current encoding flags for the
--EC_KEY.
--
--=head1 SEE ALSO
--
--L<crypto(3)>, L<ec(3)>, L<EC_GROUP_new(3)>,
--L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
--L<EC_POINT_add(3)>,
--L<EC_GFp_simple_method(3)>,
--L<d2i_ECPKParameters(3)>,
--L<d2i_ECPrivateKey(3)>
--
--=cut
---- /dev/null
-+++ b/doc/crypto/d2i_Netscape_RSA.pod
-@@ -0,0 +1,38 @@
-+=pod
-+
-+=head1 NAME
-+
-+i2d_Netscape_RSA,
-+d2i_Netscape_RSA
-+- insecure RSA public and private key encoding functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/rsa.h>
-+
-+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
-+
-+=head1 DESCRIPTION
-+
-+These functions decode and encode an RSA private
-+key in NET format. These functions are present to provide compatibility
-+with very old software. This format has some severe security weaknesses
-+and should be avoided if possible.
-+
-+These functions are similar to the B<d2i_RSAPrivateKey> functions.
-+
-+=head1 SEE ALSO
-+
-+L<d2i_RSAPrivateKey(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/d2i_PKCS8PrivateKey.pod
-+++ /dev/null
-@@ -1,52 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
--i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
--i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/evp.h>
--
-- EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-- EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
--
-- int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
--=head1 DESCRIPTION
--
--The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
--PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
--
--Other than the use of DER as opposed to PEM these functions are identical to the
--corresponding B<PEM> function as described in the L<pem(3)> manual page.
--
--=head1 NOTES
--
--These functions are currently the only way to store encrypted private keys using DER format.
--
--Currently all the functions use BIOs or FILE pointers, there are no functions which
--work directly on memory: this can be readily worked around by converting the buffers
--to memory BIOs, see L<BIO_s_mem(3)> for details.
--
--=head1 SEE ALSO
--
--L<pem(3)>
--
--=cut
---- /dev/null
-+++ b/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
-@@ -0,0 +1,61 @@
-+=pod
-+
-+=head1 NAME
-+
-+d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
-+i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
-+i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/evp.h>
-+
-+ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-+ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-+
-+ int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+ int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-+ char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
-+=head1 DESCRIPTION
-+
-+The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
-+PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
-+
-+Other than the use of DER as opposed to PEM these functions are identical to the
-+corresponding B<PEM> function as described in L<PEM_read_PrivateKey(3)>.
-+
-+=head1 NOTES
-+
-+These functions are currently the only way to store encrypted private keys using DER format.
-+
-+Currently all the functions use BIOs or FILE pointers, there are no functions which
-+work directly on memory: this can be readily worked around by converting the buffers
-+to memory BIOs, see L<BIO_s_mem(3)> for details.
-+
-+=head1 SEE ALSO
-+
-+L<PEM_read_PrivateKey(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- /dev/null
-+++ b/doc/crypto/d2i_PrivateKey.pod
-@@ -0,0 +1,71 @@
-+=pod
-+
-+=head1 NAME
-+
-+d2i_PrivateKey, d2i_AutoPrivateKey, i2d_PrivateKey,
-+d2i_PrivateKey_bio, d2i_PrivateKey_fp
-+- decode and encode functions for reading and saving EVP_PKEY structures
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/evp.h>
-+
-+ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
-+ long length);
-+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-+ long length);
-+ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-+
-+ EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-+ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
-+
-+=head1 DESCRIPTION
-+
-+d2i_PrivateKey() decodes a private key using algorithm B<type>. It attempts to
-+use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The
-+B<type> parameter should be a public key algorithm constant such as
-+B<EVP_PKEY_RSA>. An error occurs if the decoded key does not match B<type>.
-+
-+d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to
-+automatically detect the private key format.
-+
-+i2d_PrivateKey() encodes B<key>. It uses a key specific format or, if none is
-+defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
-+
-+These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>.
-+
-+=head1 NOTES
-+
-+All these functions use DER format and unencrypted keys. Applications wishing
-+to encrypt or decrypt private keys should use other functions such as
-+d2i_PKC8PrivateKey() instead.
-+
-+If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
-+(i.e. an existing structure is being reused) and the key format is PKCS#8
-+then B<*a> will be freed and replaced on a successful call.
-+
-+=head1 RETURN VALUES
-+
-+d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
-+or B<NULL> if an error occurs. The error code can be obtained by calling
-+L<ERR_get_error(3)>.
-+
-+i2d_PrivateKey() returns the number of bytes successfully encoded or a
-+negative value if an error occurs. The error code can be obtained by calling
-+L<ERR_get_error(3)>.
-+
-+=head1 SEE ALSO
-+
-+L<crypto(3)>,
-+L<d2i_PKCS8PrivateKey(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/d2i_RSAPublicKey.pod
-+++ /dev/null
-@@ -1,78 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
--d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp,
--i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_Netscape_RSA,
--d2i_Netscape_RSA - RSA public and private key encoding functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/rsa.h>
-- #include <openssl/x509.h>
--
-- RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
--
-- int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
--
-- RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
--
-- int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
--
-- RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
-- RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
--
-- int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
-- int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
--
-- RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
--
-- int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
--
-- int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
--
-- RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
--
--=head1 DESCRIPTION
--
--d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1
--RSAPublicKey structure.
--
--d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
--a SubjectPublicKeyInfo (certificate public key) structure.
--
--d2i_RSA_PUBKEY_bio(), d2i_RSA_PUBKEY_fp(), i2d_RSA_PUBKEY_bio() and
--i2d_RSA_PUBKEY_fp() are similar to d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY()
--except they decode or encode using a B<BIO> or B<FILE> pointer.
--
--d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1
--RSAPrivateKey structure.
--
--d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
--NET format.
--
--The usage of all of these functions is similar to the d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--=head1 NOTES
--
--The B<RSA> structure passed to the private key encoding functions should have
--all the PKCS#1 private key components present.
--
--The data encoded by the private key functions is unencrypted and therefore
--offers no private key security.
--
--The NET format functions are present to provide compatibility with certain very
--old software. This format has some severe security weaknesses and should be
--avoided if possible.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/d2i_X509.pod
-+++ b/doc/crypto/d2i_X509.pod
-@@ -2,83 +2,425 @@
-
- =head1 NAME
-
--d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
--i2d_X509_fp - X509 encode and decode functions
-+d2i_ACCESS_DESCRIPTION,
-+d2i_ASIdOrRange,
-+d2i_ASIdentifierChoice,
-+d2i_ASIdentifiers,
-+d2i_ASN1_BIT_STRING,
-+d2i_ASN1_BMPSTRING,
-+d2i_ASN1_ENUMERATED,
-+d2i_ASN1_GENERALIZEDTIME,
-+d2i_ASN1_GENERALSTRING,
-+d2i_ASN1_IA5STRING,
-+d2i_ASN1_INTEGER,
-+d2i_ASN1_NULL,
-+d2i_ASN1_OBJECT,
-+d2i_ASN1_OCTET_STRING,
-+d2i_ASN1_PRINTABLE,
-+d2i_ASN1_PRINTABLESTRING,
-+d2i_ASN1_SEQUENCE_ANY,
-+d2i_ASN1_SET_ANY,
-+d2i_ASN1_T61STRING,
-+d2i_ASN1_TIME,
-+d2i_ASN1_TYPE,
-+d2i_ASN1_UINTEGER,
-+d2i_ASN1_UNIVERSALSTRING,
-+d2i_ASN1_UTCTIME,
-+d2i_ASN1_UTF8STRING,
-+d2i_ASN1_VISIBLESTRING,
-+d2i_ASRange,
-+d2i_AUTHORITY_INFO_ACCESS,
-+d2i_AUTHORITY_KEYID,
-+d2i_BASIC_CONSTRAINTS,
-+d2i_CERTIFICATEPOLICIES,
-+d2i_CMS_ContentInfo,
-+d2i_CMS_ReceiptRequest,
-+d2i_CMS_bio,
-+d2i_CRL_DIST_POINTS,
-+d2i_DHxparams,
-+d2i_DIRECTORYSTRING,
-+d2i_DISPLAYTEXT,
-+d2i_DIST_POINT,
-+d2i_DIST_POINT_NAME,
-+d2i_DSAPrivateKey,
-+d2i_DSAPrivateKey_bio,
-+d2i_DSAPrivateKey_fp,
-+d2i_DSAPublicKey,
-+d2i_DSA_PUBKEY_bio,
-+d2i_DSA_PUBKEY_fp,
-+d2i_DSA_SIG,
-+d2i_DSAparams,
-+d2i_ECPKParameters,
-+d2i_ECParameters,
-+d2i_ECPrivateKey,
-+d2i_ECPrivateKey_bio,
-+d2i_ECPrivateKey_fp,
-+d2i_EC_PUBKEY,
-+d2i_EC_PUBKEY_bio,
-+d2i_EC_PUBKEY_fp,
-+d2i_EDIPARTYNAME,
-+d2i_ESS_CERT_ID,
-+d2i_ESS_ISSUER_SERIAL,
-+d2i_ESS_SIGNING_CERT,
-+d2i_EXTENDED_KEY_USAGE,
-+d2i_GENERAL_NAME,
-+d2i_GENERAL_NAMES,
-+d2i_IPAddressChoice,
-+d2i_IPAddressFamily,
-+d2i_IPAddressOrRange,
-+d2i_IPAddressRange,
-+d2i_ISSUING_DIST_POINT,
-+d2i_NETSCAPE_CERT_SEQUENCE,
-+d2i_NETSCAPE_SPKAC,
-+d2i_NETSCAPE_SPKI,
-+d2i_NOTICEREF,
-+d2i_OCSP_BASICRESP,
-+d2i_OCSP_CERTID,
-+d2i_OCSP_CERTSTATUS,
-+d2i_OCSP_CRLID,
-+d2i_OCSP_ONEREQ,
-+d2i_OCSP_REQINFO,
-+d2i_OCSP_REQUEST,
-+d2i_OCSP_RESPBYTES,
-+d2i_OCSP_RESPDATA,
-+d2i_OCSP_RESPID,
-+d2i_OCSP_RESPONSE,
-+d2i_OCSP_REVOKEDINFO,
-+d2i_OCSP_SERVICELOC,
-+d2i_OCSP_SIGNATURE,
-+d2i_OCSP_SINGLERESP,
-+d2i_OTHERNAME,
-+d2i_PBE2PARAM,
-+d2i_PBEPARAM,
-+d2i_PBKDF2PARAM,
-+d2i_PKCS12,
-+d2i_PKCS12_BAGS,
-+d2i_PKCS12_MAC_DATA,
-+d2i_PKCS12_SAFEBAG,
-+d2i_PKCS12_bio,
-+d2i_PKCS12_fp,
-+d2i_PKCS7,
-+d2i_PKCS7_DIGEST,
-+d2i_PKCS7_ENCRYPT,
-+d2i_PKCS7_ENC_CONTENT,
-+d2i_PKCS7_ENVELOPE,
-+d2i_PKCS7_ISSUER_AND_SERIAL,
-+d2i_PKCS7_RECIP_INFO,
-+d2i_PKCS7_SIGNED,
-+d2i_PKCS7_SIGNER_INFO,
-+d2i_PKCS7_SIGN_ENVELOPE,
-+d2i_PKCS7_bio,
-+d2i_PKCS7_fp,
-+d2i_PKCS8_PRIV_KEY_INFO,
-+d2i_PKCS8_PRIV_KEY_INFO_bio,
-+d2i_PKCS8_PRIV_KEY_INFO_fp,
-+d2i_PKCS8_bio,
-+d2i_PKCS8_fp,
-+d2i_PKEY_USAGE_PERIOD,
-+d2i_POLICYINFO,
-+d2i_POLICYQUALINFO,
-+d2i_PROXY_CERT_INFO_EXTENSION,
-+d2i_PROXY_POLICY,
-+d2i_PublicKey,
-+d2i_RSAPrivateKey,
-+d2i_RSAPrivateKey_bio,
-+d2i_RSAPrivateKey_fp,
-+d2i_RSAPublicKey,
-+d2i_RSAPublicKey_bio,
-+d2i_RSAPublicKey_fp,
-+d2i_RSA_OAEP_PARAMS,
-+d2i_RSA_PSS_PARAMS,
-+d2i_RSA_PUBKEY,
-+d2i_RSA_PUBKEY_bio,
-+d2i_RSA_PUBKEY_fp,
-+d2i_SCT_LIST,
-+d2i_SXNET,
-+d2i_SXNETID,
-+d2i_TS_ACCURACY,
-+d2i_TS_MSG_IMPRINT,
-+d2i_TS_MSG_IMPRINT_bio,
-+d2i_TS_MSG_IMPRINT_fp,
-+d2i_TS_REQ,
-+d2i_TS_REQ_bio,
-+d2i_TS_REQ_fp,
-+d2i_TS_RESP,
-+d2i_TS_RESP_bio,
-+d2i_TS_RESP_fp,
-+d2i_TS_STATUS_INFO,
-+d2i_TS_TST_INFO,
-+d2i_TS_TST_INFO_bio,
-+d2i_TS_TST_INFO_fp,
-+d2i_USERNOTICE,
-+d2i_X509,
-+d2i_X509_ALGOR,
-+d2i_X509_ALGORS,
-+d2i_X509_ATTRIBUTE,
-+d2i_X509_CERT_AUX,
-+d2i_X509_CINF,
-+d2i_X509_CRL,
-+d2i_X509_CRL_INFO,
-+d2i_X509_CRL_bio,
-+d2i_X509_CRL_fp,
-+d2i_X509_EXTENSION,
-+d2i_X509_EXTENSIONS,
-+d2i_X509_NAME,
-+d2i_X509_NAME_ENTRY,
-+d2i_X509_PUBKEY,
-+d2i_X509_REQ,
-+d2i_X509_REQ_INFO,
-+d2i_X509_REQ_bio,
-+d2i_X509_REQ_fp,
-+d2i_X509_REVOKED,
-+d2i_X509_SIG,
-+d2i_X509_VAL,
-+i2d_ACCESS_DESCRIPTION,
-+i2d_ASIdOrRange,
-+i2d_ASIdentifierChoice,
-+i2d_ASIdentifiers,
-+i2d_ASN1_BIT_STRING,
-+i2d_ASN1_BMPSTRING,
-+i2d_ASN1_ENUMERATED,
-+i2d_ASN1_GENERALIZEDTIME,
-+i2d_ASN1_GENERALSTRING,
-+i2d_ASN1_IA5STRING,
-+i2d_ASN1_INTEGER,
-+i2d_ASN1_NULL,
-+i2d_ASN1_OBJECT,
-+i2d_ASN1_OCTET_STRING,
-+i2d_ASN1_PRINTABLE,
-+i2d_ASN1_PRINTABLESTRING,
-+i2d_ASN1_SEQUENCE_ANY,
-+i2d_ASN1_SET_ANY,
-+i2d_ASN1_T61STRING,
-+i2d_ASN1_TIME,
-+i2d_ASN1_TYPE,
-+i2d_ASN1_UNIVERSALSTRING,
-+i2d_ASN1_UTCTIME,
-+i2d_ASN1_UTF8STRING,
-+i2d_ASN1_VISIBLESTRING,
-+i2d_ASN1_bio_stream,
-+i2d_ASRange,
-+i2d_AUTHORITY_INFO_ACCESS,
-+i2d_AUTHORITY_KEYID,
-+i2d_BASIC_CONSTRAINTS,
-+i2d_CERTIFICATEPOLICIES,
-+i2d_CMS_ContentInfo,
-+i2d_CMS_ReceiptRequest,
-+i2d_CMS_bio,
-+i2d_CRL_DIST_POINTS,
-+i2d_DHxparams,
-+i2d_DIRECTORYSTRING,
-+i2d_DISPLAYTEXT,
-+i2d_DIST_POINT,
-+i2d_DIST_POINT_NAME,
-+i2d_DSAPrivateKey,
-+i2d_DSAPrivateKey_bio,
-+i2d_DSAPrivateKey_fp,
-+i2d_DSAPublicKey,
-+i2d_DSA_PUBKEY_bio,
-+i2d_DSA_PUBKEY_fp,
-+i2d_DSA_SIG,
-+i2d_DSAparams,
-+i2d_ECPKParameters,
-+i2d_ECParameters,
-+i2d_ECPrivateKey,
-+i2d_ECPrivateKey_bio,
-+i2d_ECPrivateKey_fp,
-+i2d_EC_PUBKEY,
-+i2d_EC_PUBKEY_bio,
-+i2d_EC_PUBKEY_fp,
-+i2d_EDIPARTYNAME,
-+i2d_ESS_CERT_ID,
-+i2d_ESS_ISSUER_SERIAL,
-+i2d_ESS_SIGNING_CERT,
-+i2d_EXTENDED_KEY_USAGE,
-+i2d_GENERAL_NAME,
-+i2d_GENERAL_NAMES,
-+i2d_IPAddressChoice,
-+i2d_IPAddressFamily,
-+i2d_IPAddressOrRange,
-+i2d_IPAddressRange,
-+i2d_ISSUING_DIST_POINT,
-+i2d_NETSCAPE_CERT_SEQUENCE,
-+i2d_NETSCAPE_SPKAC,
-+i2d_NETSCAPE_SPKI,
-+i2d_NOTICEREF,
-+i2d_OCSP_BASICRESP,
-+i2d_OCSP_CERTID,
-+i2d_OCSP_CERTSTATUS,
-+i2d_OCSP_CRLID,
-+i2d_OCSP_ONEREQ,
-+i2d_OCSP_REQINFO,
-+i2d_OCSP_REQUEST,
-+i2d_OCSP_RESPBYTES,
-+i2d_OCSP_RESPDATA,
-+i2d_OCSP_RESPID,
-+i2d_OCSP_RESPONSE,
-+i2d_OCSP_REVOKEDINFO,
-+i2d_OCSP_SERVICELOC,
-+i2d_OCSP_SIGNATURE,
-+i2d_OCSP_SINGLERESP,
-+i2d_OTHERNAME,
-+i2d_PBE2PARAM,
-+i2d_PBEPARAM,
-+i2d_PBKDF2PARAM,
-+i2d_PKCS12,
-+i2d_PKCS12_BAGS,
-+i2d_PKCS12_MAC_DATA,
-+i2d_PKCS12_SAFEBAG,
-+i2d_PKCS12_bio,
-+i2d_PKCS12_fp,
-+i2d_PKCS7,
-+i2d_PKCS7_DIGEST,
-+i2d_PKCS7_ENCRYPT,
-+i2d_PKCS7_ENC_CONTENT,
-+i2d_PKCS7_ENVELOPE,
-+i2d_PKCS7_ISSUER_AND_SERIAL,
-+i2d_PKCS7_NDEF,
-+i2d_PKCS7_RECIP_INFO,
-+i2d_PKCS7_SIGNED,
-+i2d_PKCS7_SIGNER_INFO,
-+i2d_PKCS7_SIGN_ENVELOPE,
-+i2d_PKCS7_bio,
-+i2d_PKCS7_fp,
-+i2d_PKCS8PrivateKeyInfo_bio,
-+i2d_PKCS8PrivateKeyInfo_fp,
-+i2d_PKCS8_PRIV_KEY_INFO,
-+i2d_PKCS8_PRIV_KEY_INFO_bio,
-+i2d_PKCS8_PRIV_KEY_INFO_fp,
-+i2d_PKCS8_bio,
-+i2d_PKCS8_fp,
-+i2d_PKEY_USAGE_PERIOD,
-+i2d_POLICYINFO,
-+i2d_POLICYQUALINFO,
-+i2d_PROXY_CERT_INFO_EXTENSION,
-+i2d_PROXY_POLICY,
-+i2d_PublicKey,
-+i2d_RSAPrivateKey,
-+i2d_RSAPrivateKey_bio,
-+i2d_RSAPrivateKey_fp,
-+i2d_RSAPublicKey,
-+i2d_RSAPublicKey_bio,
-+i2d_RSAPublicKey_fp,
-+i2d_RSA_OAEP_PARAMS,
-+i2d_RSA_PSS_PARAMS,
-+i2d_RSA_PUBKEY,
-+i2d_RSA_PUBKEY_bio,
-+i2d_RSA_PUBKEY_fp,
-+i2d_SCT_LIST,
-+i2d_SXNET,
-+i2d_SXNETID,
-+i2d_TS_ACCURACY,
-+i2d_TS_MSG_IMPRINT,
-+i2d_TS_MSG_IMPRINT_bio,
-+i2d_TS_MSG_IMPRINT_fp,
-+i2d_TS_REQ,
-+i2d_TS_REQ_bio,
-+i2d_TS_REQ_fp,
-+i2d_TS_RESP,
-+i2d_TS_RESP_bio,
-+i2d_TS_RESP_fp,
-+i2d_TS_STATUS_INFO,
-+i2d_TS_TST_INFO,
-+i2d_TS_TST_INFO_bio,
-+i2d_TS_TST_INFO_fp,
-+i2d_USERNOTICE,
-+i2d_X509,
-+i2d_X509_ALGOR,
-+i2d_X509_ALGORS,
-+i2d_X509_ATTRIBUTE,
-+i2d_X509_CERT_AUX,
-+i2d_X509_CINF,
-+i2d_X509_CRL,
-+i2d_X509_CRL_INFO,
-+i2d_X509_CRL_bio,
-+i2d_X509_CRL_fp,
-+i2d_X509_EXTENSION,
-+i2d_X509_EXTENSIONS,
-+i2d_X509_NAME,
-+i2d_X509_NAME_ENTRY,
-+i2d_X509_PUBKEY,
-+i2d_X509_REQ,
-+i2d_X509_REQ_INFO,
-+i2d_X509_REQ_bio,
-+i2d_X509_REQ_fp,
-+i2d_X509_REVOKED,
-+i2d_X509_SIG,
-+i2d_X509_VAL,
-+- convert objects from/to ASN.1/DER representation
-
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
-- int i2d_X509(X509 *x, unsigned char **out);
-+=for comment generic
-
-- X509 *d2i_X509_bio(BIO *bp, X509 **x);
-- X509 *d2i_X509_fp(FILE *fp, X509 **x);
--
-- int i2d_X509_bio(BIO *bp, X509 *x);
-- int i2d_X509_fp(FILE *fp, X509 *x);
-+=head1 SYNOPSIS
-
-- int i2d_re_X509_tbs(X509 *x, unsigned char **out);
-+ TYPE *d2i_TYPE(TYPE **a, unsigned char **pp, long length);
-+ TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
-+ TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
-+
-+ int i2d_TYPE(TYPE *a, unsigned char **pp);
-+ int i2d_TYPE_fp(FILE *fp, TYPE *a);
-+ int i2d_TYPE_bio(BIO *bp, TYPE *a);
-
- =head1 DESCRIPTION
-
--The X509 encode and decode routines encode and parse an
--B<X509> structure, which represents an X509 certificate.
-+In the description here, I<TYPE> is used a placeholder
-+for any of the OpenSSL datatypes, such as I<X509_CRL>.
-
--d2i_X509() attempts to decode B<len> bytes at B<*in>. If
--successful a pointer to the B<X509> structure is returned. If an error
--occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
--returned structure is written to B<*px>. If B<*px> is not B<NULL>
--then it is assumed that B<*px> contains a valid B<X509>
--structure and an attempt is made to reuse it. This "reuse" capability is present
--for historical compatibility but its use is B<strongly discouraged> (see BUGS
--below, and the discussion in the RETURN VALUES section).
-+These functions convert OpenSSL objects to and from their ASN.1/DER
-+encoding. Unlike the C structures which can have pointers to sub-objects
-+within, the DER is a serialized encoding, suitable for sending over the
-+network, writing to a file, and so on.
-+
-+d2i_TYPE() attempts to decode B<len> bytes at B<*in>. If successful a
-+pointer to the B<TYPE> structure is returned and B<*in> is incremented to
-+the byte following the parsed data. If B<a> is not B<NULL> then a pointer
-+to the returned structure is also written to B<*a>. If an error occurred
-+then B<NULL> is returned.
-+
-+On a successful return, if B<*a> is not B<NULL> then it is assumed that B<*a>
-+contains a valid B<TYPE> structure and an attempt is made to reuse it. This
-+"reuse" capability is present for historical compatibility but its use is
-+B<strongly discouraged> (see BUGS below, and the discussion in the RETURN
-+VALUES section).
-
--If the call is successful B<*in> is incremented to the byte following the
--parsed data.
-+d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts
-+to parse data from BIO B<bp>.
-
--i2d_X509() encodes the structure pointed to by B<x> into DER format.
--If B<out> is not B<NULL> is writes the DER encoded data to the buffer
-+d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts
-+to parse data from FILE pointer B<fp>.
-+
-+i2d_TYPE() encodes the structure pointed to by B<a> into DER format.
-+If B<out> is not B<NULL>, it writes the DER encoded data to the buffer
- at B<*out>, and increments it to point after the data just written.
- If the return value is negative an error occurred, otherwise it
--returns the length of the encoded data.
--
--If B<*out> is B<NULL> memory will be
--allocated for a buffer and the encoded data written to it. In this
--case B<*out> is not incremented and it points to the start of the
--data just written.
--
--d2i_X509_bio() is similar to d2i_X509() except it attempts
--to parse data from BIO B<bp>.
-+returns the length of the encoded data.
-
--d2i_X509_fp() is similar to d2i_X509() except it attempts
--to parse data from FILE pointer B<fp>.
-+If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded
-+data written to it. In this case B<*out> is not incremented and it points
-+to the start of the data just written.
-
--i2d_X509_bio() is similar to i2d_X509() except it writes
--the encoding of the structure B<x> to BIO B<bp> and it
-+i2d_TYPE_bio() is similar to i2d_TYPE() except it writes
-+the encoding of the structure B<a> to BIO B<bp> and it
- returns 1 for success and 0 for failure.
-
--i2d_X509_fp() is similar to i2d_X509() except it writes
--the encoding of the structure B<x> to BIO B<bp> and it
-+i2d_TYPE_fp() is similar to i2d_TYPE() except it writes
-+the encoding of the structure B<a> to BIO B<bp> and it
- returns 1 for success and 0 for failure.
-
--i2d_re_X509_tbs() is similar to i2d_X509() except it encodes
--only the TBSCertificate portion of the certificate.
-+These routines do not encrypt private keys and therefore offer no
-+security; use L<PEM_write_PrivateKey(3)> or similar for writing to files.
-
- =head1 NOTES
-
--The letters B<i> and B<d> in for example B<i2d_X509> stand for
--"internal" (that is an internal C structure) and "DER". So
--B<i2d_X509> converts from internal to DER. The "re" in
--B<i2d_re_X509_tbs> stands for "re-encode", and ensures that a fresh
--encoding is generated in case the object has been modified after
--creation (see the BUGS section).
-+The letters B<i> and B<d> in B<i2d_TYPE> stand for
-+"internal" (that is, an internal C structure) and "DER" respectively.
-+So B<i2d_TYPE> converts from internal to DER.
-
- The functions can also understand B<BER> forms.
-
--The actual X509 structure passed to i2d_X509() must be a valid
--populated B<X509> structure it can B<not> simply be fed with an
--empty structure such as that returned by X509_new().
-+The actual TYPE structure passed to i2d_TYPE() must be a valid
-+populated B<TYPE> structure -- it B<cannot> simply be fed with an
-+empty structure such as that returned by TYPE_new().
-
- The encoded data is in binary form and may contain embedded zeroes.
- Therefore any FILE pointers or BIOs should be opened in binary mode.
-@@ -88,10 +430,58 @@ of the encoded structure.
- The ways that B<*in> and B<*out> are incremented after the operation
- can trap the unwary. See the B<WARNINGS> section for some common
- errors.
--
--The reason for the auto increment behaviour is to reflect a typical
-+The reason for this-auto increment behaviour is to reflect a typical
- usage of ASN1 functions: after one structure is encoded or decoded
--another will processed after it.
-+another will be processed after it.
-+
-+The following points about the data types might be useful:
-+
-+=over
-+
-+=item B<ASN1_OBJECT>
-+
-+Represents an ASN1 OBJECT IDENTIFIER.
-+
-+=item B<DHparams>
-+
-+Represents a PKCS#3 DH parameters structure.
-+
-+=item B<DHparamx>
-+
-+Represents a ANSI X9.42 DH parameters structure.
-+
-+=item B<DSA_PUBKEY>
-+
-+Represents a DSA public key using a B<SubjectPublicKeyInfo> structure.
-+
-+=item B<DSAPublicKey, DSAPrivateKey>
-+
-+Use a non-standard OpenSSL format and should be avoided; use B<DSA_PUBKEY>,
-+B<PEM_write_PrivateKey(3)>, or similar instead.
-+
-+=item B<RSAPublicKey>
-+
-+Represents a PKCS#1 RSA public key structure.
-+
-+=item B<X509_ALGOR>
-+
-+Represents an B<AlogrithmIdentifier> structure as used in IETF RFC 6960 and
-+elsewhere.
-+
-+=item B<X509_Name>
-+
-+Represents a B<Name> type as used for subject and issuer names in
-+IETF RFC 6960 and elsewhere.
-+
-+=item B<X509_REQ>
-+
-+Represents a PKCS#10 certificate request.
-+
-+=item B<X509_SIG>
-+
-+Represents the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
-+
-+=back
-
- =head1 EXAMPLES
-
-@@ -103,7 +493,7 @@ another will processed after it.
- buf = NULL;
- len = i2d_X509(x, &buf);
- if (len < 0)
-- /* error */
-+ /* error */
-
- Attempt to decode a buffer:
-
-@@ -111,12 +501,11 @@ another will processed after it.
- unsigned char *buf, *p;
- int len;
-
-- /* Something to setup buf and len */
-+ /* Set up buf and len to point to the input buffer. */
- p = buf;
- x = d2i_X509(NULL, &p, len);
--
- if (x == NULL)
-- /* Some error */
-+ /* error */
-
- Alternative technique:
-
-@@ -124,17 +513,16 @@ another will processed after it.
- unsigned char *buf, *p;
- int len;
-
-- /* Something to setup buf and len */
-+ /* Set up buf and len to point to the input buffer. */
- p = buf;
- x = NULL;
-
-- if (!d2i_X509(&x, &p, len))
-- /* Some error */
--
-+ if (d2i_X509(&x, &p, len) == NULL)
-+ /* error */
-
- =head1 WARNINGS
-
--The use of temporary variable is mandatory. A common
-+Using a temporary variable is mandatory. A common
- mistake is to attempt to use a buffer directly as follows:
-
- int len;
-@@ -142,24 +530,22 @@ The use of temporary variable is mandato
-
- len = i2d_X509(x, NULL);
- buf = OPENSSL_malloc(len);
-- if (buf == NULL)
-- /* error */
--
-+ ...
- i2d_X509(x, &buf);
-- /* Other stuff ... */
-+ ...
- OPENSSL_free(buf);
-
- This code will result in B<buf> apparently containing garbage because
- it was incremented after the call to point after the data just written.
- Also B<buf> will no longer contain the pointer allocated by OPENSSL_malloc()
--and the subsequent call to OPENSSL_free() may well crash.
-+and the subsequent call to OPENSSL_free() is likely to crash.
-
--Another trap to avoid is misuse of the B<xp> argument to d2i_X509():
-+Another trap to avoid is misuse of the B<a> argument to d2i_TYPE():
-
- X509 *x;
-
-- if (!d2i_X509(&x, &p, len))
-- /* Some error */
-+ if (d2i_X509(&x, &p, len) == NULL)
-+ /* error */
-
- This will probably crash somewhere in d2i_X509(). The reason for this
- is that the variable B<x> is uninitialized and an attempt will be made to
-@@ -169,66 +555,44 @@ happen.
-
- =head1 BUGS
-
--In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
-+In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when
- B<*px> is valid is broken and some parts of the reused structure may
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
-
--i2d_X509() will not return an error in many versions of OpenSSL,
-+i2d_TYPE() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
--fields entirely and will not be parsed by d2i_X509(). This may be
--fixed in future so code should not assume that i2d_X509() will
-+fields entirely and will not be parsed by d2i_TYPE(). This may be
-+fixed in future so code should not assume that i2d_TYPE() will
- always succeed.
-
--The encoding of the TBSCertificate portion of a certificate is cached
--in the B<X509> structure internally to improve encoding performance
--and to ensure certificate signatures are verified correctly in some
--certificates with broken (non-DER) encodings.
--
--Any function which encodes an X509 structure such as i2d_X509(),
--i2d_X509_fp() or i2d_X509_bio() may return a stale encoding if the
--B<X509> structure has been modified after deserialization or previous
--serialization.
--
--If, after modification, the B<X509> object is re-signed with X509_sign(),
--the encoding is automatically renewed. Otherwise, the encoding of the
--TBSCertificate portion of the B<X509> can be manually renewed by calling
--i2d_re_X509_tbs().
-+Any function which encodes a structure (i2d_TYPE(),
-+i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the
-+structure has been modified after deserialization or previous
-+serialization. This is because some objects cache the encoding for
-+efficiency reasons.
-
- =head1 RETURN VALUES
-
--d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
--or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)>. If the "reuse" capability has been used
--with a valid X509 structure being passed in via B<px> then the object is not
--freed in the event of error but may be in a potentially invalid or inconsistent
--state.
--
--i2d_X509() returns the number of bytes successfully encoded or a negative
--value if an error occurs. The error code can be obtained by
--L<ERR_get_error(3)>.
--
--i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
--occurs The error code can be obtained by L<ERR_get_error(3)>.
--
--=head1 SEE ALSO
--
--L<ERR_get_error(3)>
--L<X509_CRL_get0_by_serial(3)>,
--L<X509_get0_signature(3)>,
--L<X509_get_ext_d2i(3)>,
--L<X509_get_extension_flags(3)>,
--L<X509_get_pubkey(3)>,
--L<X509_get_subject_name(3)>,
--L<X509_get_version(3)>,
--L<X509_NAME_add_entry_by_txt(3)>,
--L<X509_NAME_ENTRY_get_object(3)>,
--L<X509_NAME_get_index_by_NID(3)>,
--L<X509_NAME_print_ex(3)>,
--L<X509_new(3)>,
--L<X509_sign(3)>,
--L<X509V3_get_d2i(3)>,
--L<X509_verify_cert(3)>
-+d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid B<TYPE> structure
-+or B<NULL> if an error occurs. If the "reuse" capability has been used with
-+a valid structure being passed in via B<a>, then the object is not freed in
-+the event of error but may be in a potentially invalid or inconsistent state.
-+
-+i2d_TYPE() returns the number of bytes successfully encoded or a negative
-+value if an error occurs.
-+
-+i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error
-+occurs.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/crypto/d2i_X509_ALGOR.pod
-+++ /dev/null
-@@ -1,55 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_X509_ALGOR, i2d_X509_ALGOR, X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
-- int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
-- X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
-- int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-- void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-- X509_ALGOR *alg);
-- void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
-- int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
--
--=head1 DESCRIPTION
--
--The functions d2i_X509() and i2d_X509() decode and encode an B<X509_ALGOR>
--structure which is equivalent to the B<AlgorithmIdentifier> structure.
--
--Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--X509_ALGOR_dup() returns a copy of B<alg>.
--
--X509_ALGOR_set0() sets the algorithm OID of B<alg> to B<aobj> and the
--associated parameter type to B<ptype> with value B<pval>. If B<ptype> is
--B<V_ASN1_UNDEF> the parameter is omitted, otherwise B<ptype> and B<pval> have
--the same meaning as the B<type> and B<value> parameters to ASN1_TYPE_set().
--All the supplied parameters are used internally so must B<NOT> be freed after
--this call.
--
--X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the
--algorithm OID in B<*paobj> and the associated parameter in B<*pptype>
--and B<*ppval> from the B<AlgorithmIdentifier> B<alg>.
--
--X509_ALGOR_set_md() sets the B<AlgorithmIdentifier> B<alg> to appropriate
--values for the message digest B<md>.
--
--X509_ALGOR_cmp() compares B<a> and B<b> and returns 0 if they have identical
--encodings and non-zero otherwise.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/d2i_X509_CRL.pod
-+++ /dev/null
-@@ -1,39 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_X509_CRL_fp,
--i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_re_X509_CRL_tbs - CRL functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
-- int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
--
-- X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
-- X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
--
-- int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
-- int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
--
-- int i2d_re_X509_CRL_tbs(X509_CRL *x, unsigned char **out);
--
--=head1 DESCRIPTION
--
--These functions decode and encode an X509 CRL (certificate revocation
--list).
--
--Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/d2i_X509_NAME.pod
-+++ /dev/null
-@@ -1,45 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
-- int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
--
-- int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen,
-- X509_NAME *nm)
--
--
--=head1 DESCRIPTION
--
--The functions d2i_X509_NAME() and i2d_X509_NAME() decode and encode an
--B<X509_NAME> structure which is the same as the B<Name> type defined in
--RFC3280 (and elsewhere) and used for example in certificate subject and
--issuer names.
--
--Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--The function X509_NAME_get0_der() returns an internal pointer to the
--encoding of an B<X509_NAME> structure in B<*pder> and consisting of
--B<*pderlen> bytes. It is useful for applications that wish to examine
--the encoding of an B<X509_NAME> structure without copying it.
--
--=head1 RETURN VALUES
--
--=head1 SEE ALSO
--
--The meanings of the return values of d2i_X509_NAME() and i2d_X509_NAME()
--are similar to those for d2i_X509() and i2d_X509().
--
--The function X509_NAME_get0_der() returns 1 for success and 0 if an error
--occurred.
--
--L<d2i_X509(3)>
--
--=cut
---- a/doc/crypto/d2i_X509_REQ.pod
-+++ /dev/null
-@@ -1,39 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
--i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_re_X509_REQ_tbs - PKCS#10 certificate
--request functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);
-- int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
--
-- X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
-- X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
--
-- int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
-- int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
--
-- int i2d_re_X509_REQ_tbs(X509_REQ *x, unsigned char **out);
--
--=head1 DESCRIPTION
--
--These functions decode and encode a PKCS#10 certificate request.
--
--Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/d2i_X509_SIG.pod
-+++ /dev/null
-@@ -1,36 +0,0 @@
--=pod
--
--=head1 NAME
--
--d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
-- int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
-- void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
-- X509_SIG *sig);
--
--=head1 DESCRIPTION
--
--The functions d2i_X509_SIG() and i2d_X509_SIG() decode and encode an
--X509_SIG structure which is equivalent to the B<DigestInfo> structure
--defined in PKCS#1 and PKCS#7.
--
--Otherwise they behave in a similar way to d2i_X509() and i2d_X509()
--described in the L<d2i_X509(3)> manual page.
--
--X509_SIG_get0() returns pointers to the algorithm identifier and digest
--value in B<sig>. These values can then be examined or initialised.
--
--=head1 SEE ALSO
--
--L<d2i_X509(3)>
--
--=head1 HISTORY
--
--TBA
--
--=cut
---- a/doc/crypto/des.pod
-+++ /dev/null
-@@ -1,320 +0,0 @@
--=pod
--
--=head1 NAME
--
--DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
--DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
--DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
--DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
--DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
--DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
--DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
--DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
--DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
--
--=head1 SYNOPSIS
--
-- #include <openssl/des.h>
--
-- void DES_random_key(DES_cblock *ret);
--
-- int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
-- int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
-- int DES_set_key_checked(const_DES_cblock *key,
-- DES_key_schedule *schedule);
-- void DES_set_key_unchecked(const_DES_cblock *key,
-- DES_key_schedule *schedule);
--
-- void DES_set_odd_parity(DES_cblock *key);
-- int DES_is_weak_key(const_DES_cblock *key);
--
-- void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-- DES_key_schedule *ks, int enc);
-- void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
-- DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
-- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-- DES_key_schedule *ks1, DES_key_schedule *ks2,
-- DES_key_schedule *ks3, int enc);
--
-- void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-- int enc);
-- void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
-- int numbits, long length, DES_key_schedule *schedule,
-- DES_cblock *ivec, int enc);
-- void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
-- int numbits, long length, DES_key_schedule *schedule,
-- DES_cblock *ivec);
-- void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-- int enc);
-- void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-- int *num, int enc);
-- void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-- int *num);
--
-- void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-- long length, DES_key_schedule *schedule, DES_cblock *ivec,
-- const_DES_cblock *inw, const_DES_cblock *outw, int enc);
--
-- void DES_ede2_cbc_encrypt(const unsigned char *input,
-- unsigned char *output, long length, DES_key_schedule *ks1,
-- DES_key_schedule *ks2, DES_cblock *ivec, int enc);
-- void DES_ede2_cfb64_encrypt(const unsigned char *in,
-- unsigned char *out, long length, DES_key_schedule *ks1,
-- DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
-- void DES_ede2_ofb64_encrypt(const unsigned char *in,
-- unsigned char *out, long length, DES_key_schedule *ks1,
-- DES_key_schedule *ks2, DES_cblock *ivec, int *num);
--
-- void DES_ede3_cbc_encrypt(const unsigned char *input,
-- unsigned char *output, long length, DES_key_schedule *ks1,
-- DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
-- int enc);
-- void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-- DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
-- void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-- long length, DES_key_schedule *ks1,
-- DES_key_schedule *ks2, DES_key_schedule *ks3,
-- DES_cblock *ivec, int *num);
--
-- DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
-- long length, DES_key_schedule *schedule,
-- const_DES_cblock *ivec);
-- DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-- long length, int out_count, DES_cblock *seed);
-- void DES_string_to_key(const char *str, DES_cblock *key);
-- void DES_string_to_2keys(const char *str, DES_cblock *key1,
-- DES_cblock *key2);
--
-- char *DES_fcrypt(const char *buf, const char *salt, char *ret);
-- char *DES_crypt(const char *buf, const char *salt);
--
-- int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-- DES_cblock *iv);
-- int DES_enc_write(int fd, const void *buf, int len,
-- DES_key_schedule *sched, DES_cblock *iv);
--
--=head1 DESCRIPTION
--
--This library contains a fast implementation of the DES encryption
--algorithm.
--
--There are two phases to the use of DES encryption. The first is the
--generation of a I<DES_key_schedule> from a key, the second is the
--actual encryption. A DES key is of type I<DES_cblock>. This type is
--consists of 8 bytes with odd parity. The least significant bit in
--each byte is the parity bit. The key schedule is an expanded form of
--the key; it is used to speed the encryption process.
--
--DES_random_key() generates a random key. The PRNG must be seeded
--prior to using this function (see L<rand(3)>). If the PRNG
--could not generate a secure key, 0 is returned.
--
--Before a DES key can be used, it must be converted into the
--architecture dependent I<DES_key_schedule> via the
--DES_set_key_checked() or DES_set_key_unchecked() function.
--
--DES_set_key_checked() will check that the key passed is of odd parity
--and is not a week or semi-weak key. If the parity is wrong, then -1
--is returned. If the key is a weak key, then -2 is returned. If an
--error is returned, the key schedule is not generated.
--
--DES_set_key() works like
--DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
--otherwise like DES_set_key_unchecked(). These functions are available
--for compatibility; it is recommended to use a function that does not
--depend on a global variable.
--
--DES_set_odd_parity() sets the parity of the passed I<key> to odd.
--
--DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
--is ok.
--
--The following routines mostly operate on an input and output stream of
--I<DES_cblock>s.
--
--DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
--decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
--(ECB) mode. It always transforms the input data, pointed to by
--I<input>, into the output data, pointed to by the I<output> argument.
--If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
--(cleartext) is encrypted in to the I<output> (ciphertext) using the
--key_schedule specified by the I<schedule> argument, previously set via
--I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
--ciphertext) is decrypted into the I<output> (now cleartext). Input
--and output may overlap. DES_ecb_encrypt() does not return a value.
--
--DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
--three-key Triple-DES encryption in ECB mode. This involves encrypting
--the input with I<ks1>, decrypting with the key schedule I<ks2>, and
--then encrypting with I<ks3>. This routine greatly reduces the chances
--of brute force breaking of DES and has the advantage of if I<ks1>,
--I<ks2> and I<ks3> are the same, it is equivalent to just encryption
--using ECB mode and I<ks1> as the key.
--
--The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
--encryption by using I<ks1> for the final encryption.
--
--DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
--(CBC) mode of DES. If the I<encrypt> argument is non-zero, the
--routine cipher-block-chain encrypts the cleartext data pointed to by
--the I<input> argument into the ciphertext pointed to by the I<output>
--argument, using the key schedule provided by the I<schedule> argument,
--and initialization vector provided by the I<ivec> argument. If the
--I<length> argument is not an integral multiple of eight bytes, the
--last block is copied to a temporary area and zero filled. The output
--is always an integral multiple of eight bytes.
--
--DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and
--I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
--(unlike the iv) and are as such, part of the key. So the key is sort
--of 24 bytes. This is much better than CBC DES.
--
--DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
--three keys. This means that each DES operation inside the CBC mode is
--an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
--
--The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
--reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
--This form of Triple-DES is used by the RSAREF library.
--
--DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
--chaining mode used by Kerberos v4. Its parameters are the same as
--DES_ncbc_encrypt().
--
--DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
--method takes an array of characters as input and outputs and array of
--characters. It does not require any padding to 8 character groups.
--Note: the I<ivec> variable is changed and the new changed value needs to
--be passed to the next call to this function. Since this function runs
--a complete DES ECB encryption per I<numbits>, this function is only
--suggested for use when sending small numbers of characters.
--
--DES_cfb64_encrypt()
--implements CFB mode of DES with 64bit feedback. Why is this
--useful you ask? Because this routine will allow you to encrypt an
--arbitrary number of bytes, no 8 byte padding. Each call to this
--routine will encrypt the input bytes to output and then update ivec
--and num. num contains 'how far' we are though ivec. If this does
--not make much sense, read more about cfb mode of DES :-).
--
--DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
--DES_cfb64_encrypt() except that Triple-DES is used.
--
--DES_ofb_encrypt() encrypts using output feedback mode. This method
--takes an array of characters as input and outputs and array of
--characters. It does not require any padding to 8 character groups.
--Note: the I<ivec> variable is changed and the new changed value needs to
--be passed to the next call to this function. Since this function runs
--a complete DES ECB encryption per numbits, this function is only
--suggested for use when sending small numbers of characters.
--
--DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
--Feed Back mode.
--
--DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
--DES_ofb64_encrypt(), using Triple-DES.
--
--The following functions are included in the DES library for
--compatibility with the MIT Kerberos library.
--
--DES_cbc_cksum() produces an 8 byte checksum based on the input stream
--(via CBC encryption). The last 4 bytes of the checksum are returned
--and the complete 8 bytes are placed in I<output>. This function is
--used by Kerberos v4. Other applications should use
--L<EVP_DigestInit(3)> etc. instead.
--
--DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
--checksum from the input bytes. The algorithm can be iterated over the
--input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is
--non-NULL, the 8 bytes generated by each pass are written into
--I<output>.
--
--The following are DES-based transformations:
--
--DES_fcrypt() is a fast version of the Unix crypt(3) function. This
--version takes only a small amount of space relative to other fast
--crypt() implementations. This is different to the normal crypt in
--that the third parameter is the buffer that the return value is
--written into. It needs to be at least 14 bytes long. This function
--is thread safe, unlike the normal crypt.
--
--DES_crypt() is a faster replacement for the normal system crypt().
--This function calls DES_fcrypt() with a static array passed as the
--third parameter. This emulates the normal non-thread safe semantics
--of crypt(3).
--
--DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
--buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
--using I<sched> for the key and I<iv> as a starting vector. The actual
--data send down I<fd> consists of 4 bytes (in network byte order)
--containing the length of the following encrypted data. The encrypted
--data then follows, padded with random data out to a multiple of 8
--bytes.
--
--DES_enc_read() is used to read I<len> bytes from file descriptor
--I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to
--have come from DES_enc_write() and is decrypted using I<sched> for
--the key schedule and I<iv> for the initial vector.
--
--B<Warning:> The data format used by DES_enc_write() and DES_enc_read()
--has a cryptographic weakness: When asked to write more than MAXWRITE
--bytes, DES_enc_write() will split the data into several chunks that
--are all encrypted using the same IV. So don't use these functions
--unless you are sure you know what you do (in which case you might not
--want to use them anyway). They cannot handle non-blocking sockets.
--DES_enc_read() uses an internal state and thus cannot be used on
--multiple files.
--
--I<DES_rw_mode> is used to specify the encryption mode to use with
--DES_enc_read() and DES_end_write(). If set to I<DES_PCBC_MODE> (the
--default), DES_pcbc_encrypt is used. If set to I<DES_CBC_MODE>
--DES_cbc_encrypt is used.
--
--=head1 BUGS
--
--DES_3cbc_encrypt() is flawed and must not be used in applications.
--
--DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
--instead.
--
--DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
--What this means is that if you set numbits to 12, and length to 2, the
--first 12 bits will come from the 1st input byte and the low half of
--the second input byte. The second 12 bits will have the low 8 bits
--taken from the 3rd input byte and the top 4 bits taken from the 4th
--input byte. The same holds for output. This function has been
--implemented this way because most people will be using a multiple of 8
--and because once you get into pulling bytes input bytes apart things
--get ugly!
--
--DES_string_to_key() is available for backward compatibility with the
--MIT library. New applications should use a cryptographic hash function.
--The same applies for DES_string_to_2key().
--
--=head1 CONFORMING TO
--
--ANSI X3.106
--
--The B<des> library was written to be source code compatible with
--the MIT Kerberos library.
--
--=head1 NOTES
--
--Applications should use the higher level functions
--L<EVP_EncryptInit(3)> etc. instead of calling these
--functions directly.
--
--Single-key DES is insecure due to its short key size. ECB mode is
--not suitable for most applications; see L<des_modes(7)>.
--
--=head1 SEE ALSO
--
--L<des_modes(7)>,
--L<EVP_EncryptInit(3)>
--
--=cut
---- a/doc/crypto/des_modes.pod
-+++ b/doc/crypto/des_modes.pod
-@@ -240,16 +240,24 @@ This text was been written in large part
- documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed
- it to:
-
-- AS 2805.5.2
-- Australian Standard
-- Electronic funds transfer - Requirements for interfaces,
-- Part 5.2: Modes of operation for an n-bit block cipher algorithm
-- Appendix A
-+ AS 2805.5.2
-+ Australian Standard
-+ Electronic funds transfer - Requirements for interfaces,
-+ Part 5.2: Modes of operation for an n-bit block cipher algorithm
-+ Appendix A
-
- =head1 SEE ALSO
-
- L<blowfish(3)>, L<des(3)>, L<idea(3)>,
- L<rc2(3)>
-
--=cut
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/dh.pod
-+++ /dev/null
-@@ -1,61 +0,0 @@
--=pod
--
--=head1 NAME
--
--dh - Diffie-Hellman key agreement
--
--=head1 SYNOPSIS
--
-- #include <openssl/dh.h>
-- #include <openssl/engine.h>
--
-- DH * DH_new(void);
-- void DH_free(DH *dh);
--
-- DH * DH_generate_parameters(int prime_len, int generator,
-- void (*callback)(int, int, void *), void *cb_arg);
-- int DH_check(const DH *dh, int *codes);
--
-- int DH_generate_key(DH *dh);
-- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
--
-- void DH_set_default_method(const DH_METHOD *meth);
-- const DH_METHOD *DH_get_default_method(void);
-- int DH_set_method(DH *dh, const DH_METHOD *meth);
-- DH *DH_new_method(ENGINE *engine);
-- const DH_METHOD *DH_OpenSSL(void);
--
-- DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
-- int i2d_DHparams(const DH *a, unsigned char **pp);
--
-- int DHparams_print_fp(FILE *fp, const DH *x);
-- int DHparams_print(BIO *bp, const DH *x);
--
--=head1 DESCRIPTION
--
--These functions implement the Diffie-Hellman key agreement protocol.
--The generation of shared DH parameters is described in
--L<DH_generate_parameters(3)>; L<DH_generate_key(3)> describes how
--to perform a key agreement.
--
--The B<DH> structure consists of several BIGNUM components. The prime B<p>, the
--generate B<g>, the Private key B<priv_key> and the public key B<pub_key>.
--Optionally there may also be an additional parameter B<q>.
--
--Note that DH keys may use non-standard B<DH_METHOD> implementations,
--either directly or by the use of B<ENGINE> modules. In some cases (eg. an
--ENGINE providing support for hardware-embedded keys), these BIGNUM values
--will not be used by the implementation or may be used for alternative data
--storage.
--
--=head1 SEE ALSO
--
--L<dhparam(1)>, L<bn(3)>, L<dsa(3)>, L<err(3)>,
--L<rand(3)>, L<rsa(3)>, L<engine(3)>,
--L<DH_set_method(3)>, L<DH_new(3)>,
--L<DH_get_ex_new_index(3)>,
--L<DH_generate_parameters(3)>,
--L<DH_compute_key(3)>, L<DH_get0_pqg(3)>, L<DH_meth_new(3)>, L<d2i_DHparams(3)>,
--L<RSA_print(3)>
--
--=cut
---- a/doc/crypto/dsa.pod
-+++ /dev/null
-@@ -1,109 +0,0 @@
--=pod
--
--=head1 NAME
--
--dsa - Digital Signature Algorithm
--
--=head1 SYNOPSIS
--
-- #include <openssl/dsa.h>
-- #include <openssl/engine.h>
--
-- DSA * DSA_new(void);
-- void DSA_free(DSA *dsa);
--
-- int DSA_size(const DSA *dsa);
--
-- DSA * DSA_generate_parameters(int bits, unsigned char *seed,
-- int seed_len, int *counter_ret, unsigned long *h_ret,
-- void (*callback)(int, int, void *), void *cb_arg);
--
-- DH * DSA_dup_DH(const DSA *r);
--
-- int DSA_generate_key(DSA *dsa);
--
-- int DSA_sign(int dummy, const unsigned char *dgst, int len,
-- unsigned char *sigret, unsigned int *siglen, DSA *dsa);
-- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-- BIGNUM **rp);
-- int DSA_verify(int dummy, const unsigned char *dgst, int len,
-- const unsigned char *sigbuf, int siglen, DSA *dsa);
--
-- void DSA_set_default_method(const DSA_METHOD *meth);
-- const DSA_METHOD *DSA_get_default_method(void);
-- int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
-- DSA *DSA_new_method(ENGINE *engine);
-- const DSA_METHOD *DSA_OpenSSL(void);
--
-- DSA_SIG *DSA_SIG_new(void);
-- void DSA_SIG_free(DSA_SIG *a);
-- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
--
-- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-- DSA_SIG *sig, DSA *dsa);
--
-- DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
-- DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
-- DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
-- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-- int i2d_DSAparams(const DSA *a,unsigned char **pp);
--
-- int DSAparams_print(BIO *bp, const DSA *x);
-- int DSAparams_print_fp(FILE *fp, const DSA *x);
-- int DSA_print(BIO *bp, const DSA *x, int off);
-- int DSA_print_fp(FILE *bp, const DSA *x, int off);
--
--=head1 DESCRIPTION
--
--These functions implement the Digital Signature Algorithm (DSA). The
--generation of shared DSA parameters is described in
--L<DSA_generate_parameters(3)>;
--L<DSA_generate_key(3)> describes how to
--generate a signature key. Signature generation and verification are
--described in L<DSA_sign(3)>.
--
--The B<DSA> structure consists of several BIGNUM components.
--
-- struct
-- {
-- BIGNUM *p; // prime number (public)
-- BIGNUM *q; // 160-bit subprime, q | p-1 (public)
-- BIGNUM *g; // generator of subgroup (public)
-- BIGNUM *priv_key; // private key x
-- BIGNUM *pub_key; // public key y = g^x
-- // ...
-- }
-- DSA;
--
--In public keys, B<priv_key> is NULL.
--
--Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
--either directly or by the use of B<ENGINE> modules. In some cases (eg. an
--ENGINE providing support for hardware-embedded keys), these BIGNUM values
--will not be used by the implementation or may be used for alternative data
--storage. For this reason, applications should generally avoid using DSA
--structure elements directly and instead use API functions to query or
--modify keys.
--
--=head1 CONFORMING TO
--
--US Federal Information Processing Standard FIPS 186 (Digital Signature
--Standard, DSS), ANSI X9.30
--
--=head1 SEE ALSO
--
--L<bn(3)>, L<dh(3)>, L<err(3)>, L<rand(3)>,
--L<rsa(3)>, L<sha(3)>, L<engine(3)>,
--L<DSA_new(3)>,
--L<DSA_size(3)>,
--L<DSA_generate_parameters(3)>,
--L<DSA_dup_DH(3)>,
--L<DSA_generate_key(3)>,
--L<DSA_sign(3)>, L<DSA_set_method(3)>,
--L<DSA_get_ex_new_index(3)>,
--L<RSA_print(3)>
--
--=cut
---- a/doc/crypto/ec.pod
-+++ /dev/null
-@@ -1,198 +0,0 @@
--=pod
--
--=head1 NAME
--
--ec - Elliptic Curve functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/ec.h>
-- #include <openssl/bn.h>
--
-- const EC_METHOD *EC_GFp_simple_method(void);
-- const EC_METHOD *EC_GFp_mont_method(void);
-- const EC_METHOD *EC_GFp_nist_method(void);
-- const EC_METHOD *EC_GFp_nistp224_method(void);
-- const EC_METHOD *EC_GFp_nistp256_method(void);
-- const EC_METHOD *EC_GFp_nistp521_method(void);
--
-- const EC_METHOD *EC_GF2m_simple_method(void);
--
-- EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
-- void EC_GROUP_free(EC_GROUP *group);
-- void EC_GROUP_clear_free(EC_GROUP *group);
-- int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
-- EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
-- const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
-- int EC_METHOD_get_field_type(const EC_METHOD *meth);
-- int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-- const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
-- int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
-- int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
-- void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
-- int EC_GROUP_get_curve_name(const EC_GROUP *group);
-- void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
-- int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
-- void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
-- point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
-- unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
-- size_t EC_GROUP_get_seed_len(const EC_GROUP *);
-- size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
-- int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-- int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-- int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-- int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-- int EC_GROUP_get_degree(const EC_GROUP *group);
-- int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-- int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
-- int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
-- EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-- EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-- EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
--
-- size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
--
-- EC_POINT *EC_POINT_new(const EC_GROUP *group);
-- void EC_POINT_free(EC_POINT *point);
-- void EC_POINT_clear_free(EC_POINT *point);
-- int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
-- EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
-- const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
-- int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
-- int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
-- int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
-- const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
-- int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-- int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
-- const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-- int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-- const BIGNUM *x, int y_bit, BN_CTX *ctx);
-- int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-- int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
-- const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-- int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-- const BIGNUM *x, int y_bit, BN_CTX *ctx);
-- size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
-- point_conversion_form_t form,
-- unsigned char *buf, size_t len, BN_CTX *ctx);
-- int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
-- const unsigned char *buf, size_t len, BN_CTX *ctx);
-- BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
-- point_conversion_form_t form, BIGNUM *, BN_CTX *);
-- EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
-- EC_POINT *, BN_CTX *);
-- char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
-- point_conversion_form_t form, BN_CTX *);
-- EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
-- EC_POINT *, BN_CTX *);
--
-- int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-- int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
-- int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
-- int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
-- int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
-- int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-- int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
-- int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
-- int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
-- int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
-- int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-- int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
--
-- int EC_GROUP_get_basis_type(const EC_GROUP *);
-- int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-- int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
-- unsigned int *k2, unsigned int *k3);
-- EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
-- int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
-- #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-- #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-- #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
-- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-- #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
-- (unsigned char *)(x))
-- int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-- int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
--
-- EC_KEY *EC_KEY_new(void);
-- int EC_KEY_get_flags(const EC_KEY *key);
-- void EC_KEY_set_flags(EC_KEY *key, int flags);
-- void EC_KEY_clear_flags(EC_KEY *key, int flags);
-- EC_KEY *EC_KEY_new_by_curve_name(int nid);
-- void EC_KEY_free(EC_KEY *key);
-- EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-- EC_KEY *EC_KEY_dup(const EC_KEY *src);
-- int EC_KEY_up_ref(EC_KEY *key);
-- const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
-- int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
-- const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
-- int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
-- const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
-- int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
-- unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-- void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-- point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
-- void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
-- void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
-- int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
-- int EC_KEY_generate_key(EC_KEY *key);
-- int EC_KEY_check_key(const EC_KEY *key);
-- int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
--
-- EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
-- int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
--
-- EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
-- int i2d_ECParameters(EC_KEY *key, unsigned char **out);
--
-- EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
-- int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
-- int ECParameters_print(BIO *bp, const EC_KEY *key);
-- int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
-- int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
-- int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
-- #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
-- #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
-- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
-- EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
-- const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
-- int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
--
--=head1 DESCRIPTION
--
--This library provides an extensive set of functions for performing operations on elliptic curves over finite fields.
--In general an elliptic curve is one with an equation of the form:
--
--y^2 = x^3 + ax + b
--
--An B<EC_GROUP> structure is used to represent the definition of an elliptic curve. Points on a curve are stored using an
--B<EC_POINT> structure. An B<EC_KEY> is used to hold a private/public key pair, where a private key is simply a BIGNUM and a
--public key is a point on a curve (represented by an B<EC_POINT>).
--
--The library contains a number of alternative implementations of the different functions. Each implementation is optimised
--for different scenarios. No matter which implementation is being used, the interface remains the same. The library
--handles calling the correct implementation when an interface function is invoked. An implementation is represented by
--an B<EC_METHOD> structure.
--
--The creation and destruction of B<EC_GROUP> objects is described in L<EC_GROUP_new(3)>. Functions for
--manipulating B<EC_GROUP> objects are described in L<EC_GROUP_copy(3)>.
--
--Functions for creating, destroying and manipulating B<EC_POINT> objects are explained in L<EC_POINT_new(3)>,
--whilst functions for performing mathematical operations and tests on B<EC_POINTs> are covered in L<EC_POINT_add(3)>.
--
--For working with private and public keys refer to L<EC_KEY_new(3)>. Implementations are covered in
--L<EC_GFp_simple_method(3)>.
--
--For information on encoding and decoding curve parameters to and from ASN1 see L<d2i_ECPKParameters(3)>.
--
--=head1 SEE ALSO
--
--L<crypto(3)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>,
--L<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>,
--L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
--
--
--=cut
---- a/doc/crypto/ecdsa.pod
-+++ /dev/null
-@@ -1,189 +0,0 @@
--=pod
--
--=head1 NAME
--
--ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size,
--ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup,
--ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature
--algorithm (ECDSA) functions.
--
--=head1 SYNOPSIS
--
-- #include <openssl/ecdsa.h>
--
-- ECDSA_SIG *ECDSA_SIG_new(void);
-- void ECDSA_SIG_free(ECDSA_SIG *sig);
-- void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig);
-- int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-- ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-- int ECDSA_size(const EC_KEY *eckey);
--
-- int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
-- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-- ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
-- EC_KEY *eckey);
--
-- int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
-- const unsigned char *sig, int siglen, EC_KEY *eckey);
-- int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-- const ECDSA_SIG *sig, EC_KEY* eckey);
--
-- ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
-- const BIGNUM *kinv, const BIGNUM *rp,
-- EC_KEY *eckey);
-- int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
-- int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
-- unsigned char *sig, unsigned int *siglen,
-- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
--
--=head1 DESCRIPTION
--
--Note: these functions provide a low level interface to ECDSA. Most
--applications should use the higher level B<EVP> interface such as
--L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead.
--
--B<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the
--B<r> and B<s> value of an ECDSA signature (see X9.62 or FIPS 186-2).
--
--ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
--function also allocates the BIGNUMs) and initializes it.
--
--ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
--
--ECDSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
--in B<sig>. The values can then be examined or initialised.
--
--i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature B<sig> and
--writes the encoded signature to B<*pp> (note: if B<pp> is NULL i2d_ECDSA_SIG()
--returns the expected length in bytes of the DER encoded signature).
--i2d_ECDSA_SIG() returns the length of the DER encoded signature (or 0 on
--error).
--
--d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns the decoded
--signature in a newly allocated B<ECDSA_SIG> structure. B<*sig> points to the
--buffer containing the DER encoded signature of size B<len>.
--
--ECDSA_size() returns the maximum length of a DER encoded ECDSA signature
--created with the private EC key B<eckey>.
--
--ECDSA_sign() computes a digital signature of the B<dgstlen> bytes hash value
--B<dgst> using the private EC key B<eckey>. The DER encoded signatures is
--stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig> must
--point to ECDSA_size(eckey) bytes of memory. The parameter B<type> is currently
--ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with B<kinv>
--and B<rp> set to NULL.
--
--ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned
--as a newly allocated B<ECDSA_SIG> structure (or NULL on error). ECDSA_do_sign()
--is a wrapper function for ECDSA_do_sign_ex() with B<kinv> and B<rp> set to
--NULL.
--
--ECDSA_verify() verifies that the signature in B<sig> of size B<siglen> is a
--valid ECDSA signature of the hash value B<dgst> of size B<dgstlen> using the
--public key B<eckey>. The parameter B<type> is ignored.
--
--ECDSA_do_verify() is similar to ECDSA_verify() except the signature is
--presented in the form of a pointer to an B<ECDSA_SIG> structure.
--
--The remaining functions utilise the internal B<kinv> and B<r> values used
--during signature computation. Most applications will never need to call these
--and some external ECDSA ENGINE implementations may not support them at all if
--either B<kinv> or B<r> is not B<NULL>.
--
--ECDSA_sign_setup() may be used to precompute parts of the signing operation.
--B<eckey> is the private EC key and B<ctx> is a pointer to B<BN_CTX> structure
--(or NULL). The precomputed values or returned in B<kinv> and B<rp> and can be
--used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
--
--ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes hash value
--B<dgst> using the private EC key B<eckey> and the optional pre-computed values
--B<kinv> and B<rp>. The DER encoded signatures is stored in B<sig> and it's
--length is returned in B<sig_len>. Note: B<sig> must point to ECDSA_size(eckey)
--bytes of memory. The parameter B<type> is ignored.
--
--ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is
--returned as a newly allocated B<ECDSA_SIG> structure (or NULL on error).
--
--=head1 RETURN VALUES
--
--ECDSA_size() returns the maximum length signature or 0 on error.
--
--ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful
--or 0 on error.
--
--ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated
--B<ECDSA_SIG> structure or NULL on error.
--
--ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
--signature, 0 for an invalid signature and -1 on error.
--The error codes can be obtained by L<ERR_get_error(3)>.
--
--=head1 EXAMPLES
--
--Creating an ECDSA signature of a given SHA-256 hash value using the
--named curve prime256v1 (aka P-256).
--
--First step: create an EC_KEY object (note: this part is B<not> ECDSA
--specific)
--
-- int ret;
-- ECDSA_SIG *sig;
-- EC_KEY *eckey;
-- eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-- if (eckey == NULL) {
-- /* error */
-- }
-- if (EC_KEY_generate_key(eckey) == 0) {
-- /* error */
-- }
--
--Second step: compute the ECDSA signature of a SHA-256 hash value
--using ECDSA_do_sign():
--
-- sig = ECDSA_do_sign(digest, 32, eckey);
-- if (sig == NULL) {
-- /* error */
-- }
--
--or using ECDSA_sign():
--
-- unsigned char *buffer, *pp;
-- int buf_len;
-- buf_len = ECDSA_size(eckey);
-- buffer = OPENSSL_malloc(buf_len);
-- pp = buffer;
-- if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
-- /* error */
-- }
--
--Third step: verify the created ECDSA signature using ECDSA_do_verify():
--
-- ret = ECDSA_do_verify(digest, 32, sig, eckey);
--
--or using ECDSA_verify():
--
-- ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
--
--and finally evaluate the return value:
--
-- if (ret == 1) {
-- /* signature ok */
-- } else if (ret == 0) {
-- /* incorrect signature */
-- } else {
-- /* error */
-- }
--
--=head1 CONFORMING TO
--
--ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
--(Digital Signature Standard, DSS)
--
--=head1 SEE ALSO
--
--L<dsa(3)>,
--L<rsa(3)>,
--L<EVP_DigestSignInit(3)>,
--L<EVP_DigestVerifyInit(3)>
--
--=cut
---- a/doc/crypto/engine.pod
-+++ /dev/null
-@@ -1,566 +0,0 @@
--=pod
--
--=head1 NAME
--
--engine - ENGINE cryptographic module support
--
--=head1 SYNOPSIS
--
-- #include <openssl/engine.h>
--
-- ENGINE *ENGINE_get_first(void);
-- ENGINE *ENGINE_get_last(void);
-- ENGINE *ENGINE_get_next(ENGINE *e);
-- ENGINE *ENGINE_get_prev(ENGINE *e);
--
-- int ENGINE_add(ENGINE *e);
-- int ENGINE_remove(ENGINE *e);
--
-- ENGINE *ENGINE_by_id(const char *id);
--
-- int ENGINE_init(ENGINE *e);
-- int ENGINE_finish(ENGINE *e);
--
-- void ENGINE_load_builtin_engines(void);
--
-- ENGINE *ENGINE_get_default_RSA(void);
-- ENGINE *ENGINE_get_default_DSA(void);
-- ENGINE *ENGINE_get_default_ECDH(void);
-- ENGINE *ENGINE_get_default_ECDSA(void);
-- ENGINE *ENGINE_get_default_DH(void);
-- ENGINE *ENGINE_get_default_RAND(void);
-- ENGINE *ENGINE_get_cipher_engine(int nid);
-- ENGINE *ENGINE_get_digest_engine(int nid);
--
-- int ENGINE_set_default_RSA(ENGINE *e);
-- int ENGINE_set_default_DSA(ENGINE *e);
-- int ENGINE_set_default_ECDH(ENGINE *e);
-- int ENGINE_set_default_ECDSA(ENGINE *e);
-- int ENGINE_set_default_DH(ENGINE *e);
-- int ENGINE_set_default_RAND(ENGINE *e);
-- int ENGINE_set_default_ciphers(ENGINE *e);
-- int ENGINE_set_default_digests(ENGINE *e);
-- int ENGINE_set_default_string(ENGINE *e, const char *list);
--
-- int ENGINE_set_default(ENGINE *e, unsigned int flags);
--
-- unsigned int ENGINE_get_table_flags(void);
-- void ENGINE_set_table_flags(unsigned int flags);
--
-- int ENGINE_register_RSA(ENGINE *e);
-- void ENGINE_unregister_RSA(ENGINE *e);
-- void ENGINE_register_all_RSA(void);
-- int ENGINE_register_DSA(ENGINE *e);
-- void ENGINE_unregister_DSA(ENGINE *e);
-- void ENGINE_register_all_DSA(void);
-- int ENGINE_register_ECDH(ENGINE *e);
-- void ENGINE_unregister_ECDH(ENGINE *e);
-- void ENGINE_register_all_ECDH(void);
-- int ENGINE_register_ECDSA(ENGINE *e);
-- void ENGINE_unregister_ECDSA(ENGINE *e);
-- void ENGINE_register_all_ECDSA(void);
-- int ENGINE_register_DH(ENGINE *e);
-- void ENGINE_unregister_DH(ENGINE *e);
-- void ENGINE_register_all_DH(void);
-- int ENGINE_register_RAND(ENGINE *e);
-- void ENGINE_unregister_RAND(ENGINE *e);
-- void ENGINE_register_all_RAND(void);
-- int ENGINE_register_ciphers(ENGINE *e);
-- void ENGINE_unregister_ciphers(ENGINE *e);
-- void ENGINE_register_all_ciphers(void);
-- int ENGINE_register_digests(ENGINE *e);
-- void ENGINE_unregister_digests(ENGINE *e);
-- void ENGINE_register_all_digests(void);
-- int ENGINE_register_complete(ENGINE *e);
-- int ENGINE_register_all_complete(void);
--
-- int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-- int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-- int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-- long i, void *p, void (*f)(void), int cmd_optional);
-- int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-- int cmd_optional);
--
-- ENGINE *ENGINE_new(void);
-- int ENGINE_free(ENGINE *e);
-- int ENGINE_up_ref(ENGINE *e);
--
-- int ENGINE_set_id(ENGINE *e, const char *id);
-- int ENGINE_set_name(ENGINE *e, const char *name);
-- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-- int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
-- int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
-- int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-- int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-- int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-- int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-- int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-- int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-- int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-- int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-- int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-- int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-- int ENGINE_set_flags(ENGINE *e, int flags);
-- int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
--
-- const char *ENGINE_get_id(const ENGINE *e);
-- const char *ENGINE_get_name(const ENGINE *e);
-- const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-- const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-- const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-- const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
-- const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-- const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-- ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-- ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-- ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-- ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-- ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-- const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-- const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-- int ENGINE_get_flags(const ENGINE *e);
-- const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
--
-- EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-- UI_METHOD *ui_method, void *callback_data);
-- EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-- UI_METHOD *ui_method, void *callback_data);
--
-- void ENGINE_add_conf_module(void);
--
--Deprecated:
--
-- #if OPENSSL_API_COMPAT < 0x10100000L
-- void ENGINE_cleanup(void)
-- #endif
--
--=head1 DESCRIPTION
--
--These functions create, manipulate, and use cryptographic modules in the
--form of B<ENGINE> objects. These objects act as containers for
--implementations of cryptographic algorithms, and support a
--reference-counted mechanism to allow them to be dynamically loaded in and
--out of the running application.
--
--The cryptographic functionality that can be provided by an B<ENGINE>
--implementation includes the following abstractions;
--
-- RSA_METHOD - for providing alternative RSA implementations
-- DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
-- - similarly for other OpenSSL APIs
-- EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
-- EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
-- key-loading - loading public and/or private EVP_PKEY keys
--
--=head2 Reference counting and handles
--
--Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
--treated as handles - ie. not only as pointers, but also as references to
--the underlying ENGINE object. Ie. one should obtain a new reference when
--making copies of an ENGINE pointer if the copies will be used (and
--released) independently.
--
--ENGINE objects have two levels of reference-counting to match the way in
--which the objects are used. At the most basic level, each ENGINE pointer is
--inherently a B<structural> reference - a structural reference is required
--to use the pointer value at all, as this kind of reference is a guarantee
--that the structure can not be deallocated until the reference is released.
--
--However, a structural reference provides no guarantee that the ENGINE is
--initialised and able to use any of its cryptographic
--implementations. Indeed it's quite possible that most ENGINEs will not
--initialise at all in typical environments, as ENGINEs are typically used to
--support specialised hardware. To use an ENGINE's functionality, you need a
--B<functional> reference. This kind of reference can be considered a
--specialised form of structural reference, because each functional reference
--implicitly contains a structural reference as well - however to avoid
--difficult-to-find programming bugs, it is recommended to treat the two
--kinds of reference independently. If you have a functional reference to an
--ENGINE, you have a guarantee that the ENGINE has been initialised and
--is ready to perform cryptographic operations, and will remain initialised
--until after you have released your reference.
--
--I<Structural references>
--
--This basic type of reference is used for instantiating new ENGINEs,
--iterating across OpenSSL's internal linked-list of loaded
--ENGINEs, reading information about an ENGINE, etc. Essentially a structural
--reference is sufficient if you only need to query or manipulate the data of
--an ENGINE implementation rather than use its functionality.
--
--The ENGINE_new() function returns a structural reference to a new (empty)
--ENGINE object. There are other ENGINE API functions that return structural
--references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
--ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
--released by a corresponding to call to the ENGINE_free() function - the
--ENGINE object itself will only actually be cleaned up and deallocated when
--the last structural reference is released.
--
--It should also be noted that many ENGINE API function calls that accept a
--structural reference will internally obtain another reference - typically
--this happens whenever the supplied ENGINE will be needed by OpenSSL after
--the function has returned. Eg. the function to add a new ENGINE to
--OpenSSL's internal list is ENGINE_add() - if this function returns success,
--then OpenSSL will have stored a new structural reference internally so the
--caller is still responsible for freeing their own reference with
--ENGINE_free() when they are finished with it. In a similar way, some
--functions will automatically release the structural reference passed to it
--if part of the function's job is to do so. Eg. the ENGINE_get_next() and
--ENGINE_get_prev() functions are used for iterating across the internal
--ENGINE list - they will return a new structural reference to the next (or
--previous) ENGINE in the list or NULL if at the end (or beginning) of the
--list, but in either case the structural reference passed to the function is
--released on behalf of the caller.
--
--To clarify a particular function's handling of references, one should
--always consult that function's documentation "man" page, or failing that
--the openssl/engine.h header file includes some hints.
--
--I<Functional references>
--
--As mentioned, functional references exist when the cryptographic
--functionality of an ENGINE is required to be available. A functional
--reference can be obtained in one of two ways; from an existing structural
--reference to the required ENGINE, or by asking OpenSSL for the default
--operational ENGINE for a given cryptographic purpose.
--
--To obtain a functional reference from an existing structural reference,
--call the ENGINE_init() function. This returns zero if the ENGINE was not
--already operational and couldn't be successfully initialised (eg. lack of
--system drivers, no special hardware attached, etc), otherwise it will
--return non-zero to indicate that the ENGINE is now operational and will
--have allocated a new B<functional> reference to the ENGINE. All functional
--references are released by calling ENGINE_finish() (which removes the
--implicit structural reference as well).
--
--The second way to get a functional reference is by asking OpenSSL for a
--default implementation for a given task, eg. by ENGINE_get_default_RSA(),
--ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
--section, though they are not usually required by application programmers as
--they are used automatically when creating and using the relevant
--algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
--
--=head2 Default implementations
--
--For each supported abstraction, the ENGINE code maintains an internal table
--of state to control which implementations are available for a given
--abstraction and which should be used by default. These implementations are
--registered in the tables and indexed by an 'nid' value, because
--abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
--algorithms and modes, and ENGINEs can support arbitrarily many of them.
--In the case of other abstractions like RSA, DSA, etc, there is only one
--"algorithm" so all implementations implicitly register using the same 'nid'
--index.
--
--When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
--when calling RSA_new_method(NULL)), a "get_default" call will be made to the
--ENGINE subsystem to process the corresponding state table and return a
--functional reference to an initialised ENGINE whose implementation should be
--used. If no ENGINE should (or can) be used, it will return NULL and the caller
--will operate with a NULL ENGINE handle - this usually equates to using the
--conventional software implementation. In the latter case, OpenSSL will from
--then on behave the way it used to before the ENGINE API existed.
--
--Each state table has a flag to note whether it has processed this
--"get_default" query since the table was last modified, because to process
--this question it must iterate across all the registered ENGINEs in the
--table trying to initialise each of them in turn, in case one of them is
--operational. If it returns a functional reference to an ENGINE, it will
--also cache another reference to speed up processing future queries (without
--needing to iterate across the table). Likewise, it will cache a NULL
--response if no ENGINE was available so that future queries won't repeat the
--same iteration unless the state table changes. This behaviour can also be
--changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
--ENGINE_set_table_flags()), no attempted initialisations will take place,
--instead the only way for the state table to return a non-NULL ENGINE to the
--"get_default" query will be if one is expressly set in the table. Eg.
--ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
--that it also sets the state table's cached response for the "get_default"
--query. In the case of abstractions like EVP_CIPHER, where implementations are
--indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
--value.
--
--=head2 Application requirements
--
--This section will explain the basic things an application programmer should
--support to make the most useful elements of the ENGINE functionality
--available to the user. The first thing to consider is whether the
--programmer wishes to make alternative ENGINE modules available to the
--application and user. OpenSSL maintains an internal linked list of
--"visible" ENGINEs from which it has to operate - at start-up, this list is
--empty and in fact if an application does not call any ENGINE API calls and
--it uses static linking against openssl, then the resulting application
--binary will not contain any alternative ENGINE code at all. So the first
--consideration is whether any/all available ENGINE implementations should be
--made visible to OpenSSL - this is controlled by calling the various "load"
--functions.
--
--Having called any of these functions, ENGINE objects would have been
--dynamically allocated and populated with these implementations and linked
--into OpenSSL's internal linked list. At this point it is important to
--mention an important API function;
--
-- void ENGINE_cleanup(void)
--
--If no ENGINE API functions are called at all in an application, then there
--are no inherent memory leaks to worry about from the ENGINE functionality.
--However, prior to OpenSSL 1.1.0 if any ENGINEs are loaded, even if they are
--never registered or used, it was necessary to use the ENGINE_cleanup() function
--to correspondingly cleanup before program exit, if the caller wishes to avoid
--memory leaks. This mechanism used an internal callback registration table
--so that any ENGINE API functionality that knows it requires cleanup can
--register its cleanup details to be called during ENGINE_cleanup(). This
--approach allowed ENGINE_cleanup() to clean up after any ENGINE functionality
--at all that your program uses, yet doesn't automatically create linker
--dependencies to all possible ENGINE functionality - only the cleanup
--callbacks required by the functionality you do use will be required by the
--linker. From OpenSSL 1.1.0 it is no longer necessary to explicitly call
--ENGINE_cleanup and this function is deprecated. Cleanup automatically takes
--place at program exit.
--
--The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
--the program and loaded into memory at run-time) does not mean they are
--"registered" or called into use by OpenSSL automatically - that behaviour
--is something for the application to control. Some applications
--will want to allow the user to specify exactly which ENGINE they want used
--if any is to be used at all. Others may prefer to load all support and have
--OpenSSL automatically use at run-time any ENGINE that is able to
--successfully initialise - ie. to assume that this corresponds to
--acceleration hardware attached to the machine or some such thing. There are
--probably numerous other ways in which applications may prefer to handle
--things, so we will simply illustrate the consequences as they apply to a
--couple of simple cases and leave developers to consider these and the
--source code to openssl's builtin utilities as guides.
--
--I<Using a specific ENGINE implementation>
--
--Here we'll assume an application has been configured by its user or admin
--to want to use the "ACME" ENGINE if it is available in the version of
--OpenSSL the application was compiled with. If it is available, it should be
--used by default for all RSA, DSA, and symmetric cipher operations, otherwise
--OpenSSL should use its builtin software as per usual. The following code
--illustrates how to approach this;
--
-- ENGINE *e;
-- const char *engine_id = "ACME";
-- ENGINE_load_builtin_engines();
-- e = ENGINE_by_id(engine_id);
-- if(!e)
-- /* the engine isn't available */
-- return;
-- if(!ENGINE_init(e)) {
-- /* the engine couldn't initialise, release 'e' */
-- ENGINE_free(e);
-- return;
-- }
-- if(!ENGINE_set_default_RSA(e))
-- /* This should only happen when 'e' can't initialise, but the previous
-- * statement suggests it did. */
-- abort();
-- ENGINE_set_default_DSA(e);
-- ENGINE_set_default_ciphers(e);
-- /* Release the functional reference from ENGINE_init() */
-- ENGINE_finish(e);
-- /* Release the structural reference from ENGINE_by_id() */
-- ENGINE_free(e);
--
--I<Automatically using builtin ENGINE implementations>
--
--Here we'll assume we want to load and register all ENGINE implementations
--bundled with OpenSSL, such that for any cryptographic algorithm required by
--OpenSSL - if there is an ENGINE that implements it and can be initialised,
--it should be used. The following code illustrates how this can work;
--
-- /* Load all bundled ENGINEs into memory and make them visible */
-- ENGINE_load_builtin_engines();
-- /* Register all of them for every algorithm they collectively implement */
-- ENGINE_register_all_complete();
--
--That's all that's required. Eg. the next time OpenSSL tries to set up an
--RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
--ENGINE_init() and if any of those succeed, that ENGINE will be set as the
--default for RSA use from then on.
--
--=head2 Advanced configuration support
--
--There is a mechanism supported by the ENGINE framework that allows each
--ENGINE implementation to define an arbitrary set of configuration
--"commands" and expose them to OpenSSL and any applications based on
--OpenSSL. This mechanism is entirely based on the use of name-value pairs
--and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
--applications want to provide a transparent way for users to provide
--arbitrary configuration "directives" directly to such ENGINEs. It is also
--possible for the application to dynamically interrogate the loaded ENGINE
--implementations for the names, descriptions, and input flags of their
--available "control commands", providing a more flexible configuration
--scheme. However, if the user is expected to know which ENGINE device he/she
--is using (in the case of specialised hardware, this goes without saying)
--then applications may not need to concern themselves with discovering the
--supported control commands and simply prefer to pass settings into ENGINEs
--exactly as they are provided by the user.
--
--Before illustrating how control commands work, it is worth mentioning what
--they are typically used for. Broadly speaking there are two uses for
--control commands; the first is to provide the necessary details to the
--implementation (which may know nothing at all specific to the host system)
--so that it can be initialised for use. This could include the path to any
--driver or config files it needs to load, required network addresses,
--smart-card identifiers, passwords to initialise protected devices,
--logging information, etc etc. This class of commands typically needs to be
--passed to an ENGINE B<before> attempting to initialise it, ie. before
--calling ENGINE_init(). The other class of commands consist of settings or
--operations that tweak certain behaviour or cause certain operations to take
--place, and these commands may work either before or after ENGINE_init(), or
--in some cases both. ENGINE implementations should provide indications of
--this in the descriptions attached to builtin control commands and/or in
--external product documentation.
--
--I<Issuing control commands to an ENGINE>
--
--Let's illustrate by example; a function for which the caller supplies the
--name of the ENGINE it wishes to use, a table of string-pairs for use before
--initialisation, and another table for use after initialisation. Note that
--the string-pairs used for control commands consist of a command "name"
--followed by the command "parameter" - the parameter could be NULL in some
--cases but the name can not. This function should initialise the ENGINE
--(issuing the "pre" commands beforehand and the "post" commands afterwards)
--and set it as the default for everything except RAND and then return a
--boolean success or failure.
--
-- int generic_load_engine_fn(const char *engine_id,
-- const char **pre_cmds, int pre_num,
-- const char **post_cmds, int post_num)
-- {
-- ENGINE *e = ENGINE_by_id(engine_id);
-- if(!e) return 0;
-- while(pre_num--) {
-- if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
-- fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-- pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
-- ENGINE_free(e);
-- return 0;
-- }
-- pre_cmds += 2;
-- }
-- if(!ENGINE_init(e)) {
-- fprintf(stderr, "Failed initialisation\n");
-- ENGINE_free(e);
-- return 0;
-- }
-- /* ENGINE_init() returned a functional reference, so free the structural
-- * reference from ENGINE_by_id(). */
-- ENGINE_free(e);
-- while(post_num--) {
-- if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
-- fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
-- post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
-- ENGINE_finish(e);
-- return 0;
-- }
-- post_cmds += 2;
-- }
-- ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
-- /* Success */
-- return 1;
-- }
--
--Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
--relax the semantics of the function - if set non-zero it will only return
--failure if the ENGINE supported the given command name but failed while
--executing it, if the ENGINE doesn't support the command name it will simply
--return success without doing anything. In this case we assume the user is
--only supplying commands specific to the given ENGINE so we set this to
--FALSE.
--
--I<Discovering supported control commands>
--
--It is possible to discover at run-time the names, numerical-ids, descriptions
--and input parameters of the control commands supported by an ENGINE using a
--structural reference. Note that some control commands are defined by OpenSSL
--itself and it will intercept and handle these control commands on behalf of the
--ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
--openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
--implemented by ENGINEs should be numbered from. Any command value lower than
--this symbol is considered a "generic" command is handled directly by the
--OpenSSL core routines.
--
--It is using these "core" control commands that one can discover the control
--commands implemented by a given ENGINE, specifically the commands;
--
-- #define ENGINE_HAS_CTRL_FUNCTION 10
-- #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
-- #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
-- #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
-- #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
-- #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
-- #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
-- #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
-- #define ENGINE_CTRL_GET_CMD_FLAGS 18
--
--Whilst these commands are automatically processed by the OpenSSL framework code,
--they use various properties exposed by each ENGINE to process these
--queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
--it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
--the ENGINE's flags, and it can expose an array of control command descriptions.
--If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
--simply pass all these "core" control commands directly to the ENGINE's ctrl()
--handler (and thus, it must have supplied one), so it is up to the ENGINE to
--reply to these "discovery" commands itself. If that flag is not set, then the
--OpenSSL framework code will work with the following rules;
--
-- if no ctrl() handler supplied;
-- ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
-- all other commands fail.
-- if a ctrl() handler was supplied but no array of control commands;
-- ENGINE_HAS_CTRL_FUNCTION returns TRUE,
-- all other commands fail.
-- if a ctrl() handler and array of control commands was supplied;
-- ENGINE_HAS_CTRL_FUNCTION returns TRUE,
-- all other commands proceed processing ...
--
--If the ENGINE's array of control commands is empty then all other commands will
--fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
--the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
--identifier of a command supported by the ENGINE and returns the next command
--identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
--name for a command and returns the corresponding identifier or fails if no such
--command name exists, and the remaining commands take a command identifier and
--return properties of the corresponding commands. All except
--ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
--or populate a supplied character buffer with a copy of the command name or
--description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
--possible values;
--
-- #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
-- #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
-- #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
-- #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
--
--If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
--informational to the caller - this flag will prevent the command being usable
--for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
--"INTERNAL" commands are not intended to be exposed to text-based configuration
--by applications, administrations, users, etc. These can support arbitrary
--operations via ENGINE_ctrl(), including passing to and/or from the control
--commands data of any arbitrary type. These commands are supported in the
--discovery mechanisms simply to allow applications to determine if an ENGINE
--supports certain specific commands it might want to use (eg. application "foo"
--might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
--and ENGINE could therefore decide whether or not to support this "foo"-specific
--extension).
--
--=head1 SEE ALSO
--
--L<OPENSSL_init_crypto(3)>, L<rsa(3)>, L<dsa(3)>, L<dh(3)>, L<rand(3)>
--
--=head1 HISTORY
--
--ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and
--ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by
--OPENSSL_init_crypto().
--
--=cut
---- a/doc/crypto/err.pod
-+++ /dev/null
-@@ -1,199 +0,0 @@
--=pod
--
--=head1 NAME
--
--err - error codes
--
--=head1 SYNOPSIS
--
-- #include <openssl/err.h>
--
-- unsigned long ERR_get_error(void);
-- unsigned long ERR_peek_error(void);
-- unsigned long ERR_get_error_line(const char **file, int *line);
-- unsigned long ERR_peek_error_line(const char **file, int *line);
-- unsigned long ERR_get_error_line_data(const char **file, int *line,
-- const char **data, int *flags);
-- unsigned long ERR_peek_error_line_data(const char **file, int *line,
-- const char **data, int *flags);
--
-- int ERR_GET_LIB(unsigned long e);
-- int ERR_GET_FUNC(unsigned long e);
-- int ERR_GET_REASON(unsigned long e);
--
-- void ERR_clear_error(void);
-- void ERR_remove_thread_state(void);
--
-- char *ERR_error_string(unsigned long e, char *buf);
-- const char *ERR_lib_error_string(unsigned long e);
-- const char *ERR_func_error_string(unsigned long e);
-- const char *ERR_reason_error_string(unsigned long e);
--
-- void ERR_print_errors(BIO *bp);
-- void ERR_print_errors_fp(FILE *fp);
--
-- void ERR_load_crypto_strings(void);
--
-- void ERR_put_error(int lib, int func, int reason, const char *file,
-- int line);
-- void ERR_add_error_data(int num, ...);
--
-- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
-- unsigned long ERR_PACK(int lib, int func, int reason);
-- int ERR_get_next_error_library(void);
--
--Deprecated:
--
-- #if OPENSSL_API_COMPAT < 0x10000000L
-- void ERR_remove_state(unsigned long pid);
-- #endif
--
-- #if OPENSSL_API_COMPAT < 0x10100000L
-- void ERR_free_strings(void)
-- #endif
--
--
--=head1 DESCRIPTION
--
--When a call to the OpenSSL library fails, this is usually signaled
--by the return value, and an error code is stored in an error queue
--associated with the current thread. The B<err> library provides
--functions to obtain these error codes and textual error messages.
--
--The L<ERR_get_error(3)> manpage describes how to
--access error codes.
--
--Error codes contain information about where the error occurred, and
--what went wrong. L<ERR_GET_LIB(3)> describes how to
--extract this information. A method to obtain human-readable error
--messages is described in L<ERR_error_string(3)>.
--
--L<ERR_clear_error(3)> can be used to clear the
--error queue.
--
--Note that L<ERR_remove_thread_state(3)> should be used to
--avoid memory leaks when threads are terminated.
--
--=head1 ADDING NEW ERROR CODES TO OPENSSL
--
--See L<ERR_put_error(3)> if you want to record error codes in the
--OpenSSL error system from within your application.
--
--The remainder of this section is of interest only if you want to add
--new error codes to OpenSSL or add error codes from external libraries.
--
--=head2 Reporting errors
--
--Each sub-library has a specific macro XXXerr() that is used to report
--errors. Its first argument is a function code B<XXX_F_...>, the second
--argument is a reason code B<XXX_R_...>. Function codes are derived
--from the function names; reason codes consist of textual error
--descriptions. For example, the function ssl3_read_bytes() reports a
--"handshake failure" as follows:
--
-- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
--
--Function and reason codes should consist of upper case characters,
--numbers and underscores only. The error file generation script translates
--function codes into function names by looking in the header files
--for an appropriate function name, if none is found it just uses
--the capitalized form such as "SSL3_READ_BYTES" in the above example.
--
--The trailing section of a reason code (after the "_R_") is translated
--into lower case and underscores changed to spaces.
--
--When you are using new function or reason codes, run B<make errors>.
--The necessary B<#define>s will then automatically be added to the
--sub-library's header file.
--
--Although a library will normally report errors using its own specific
--XXXerr macro, another library's macro can be used. This is normally
--only done when a library wants to include ASN1 code which must use
--the ASN1err() macro.
--
--=head2 Adding new libraries
--
--When adding a new sub-library to OpenSSL, assign it a library number
--B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
--name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
--C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
--(in B<crypto/err/err_all.c>). Finally, add an entry
--
-- L XXX xxx.h xxx_err.c
--
--to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
--Running B<make errors> will then generate a file B<xxx_err.c>, and
--add all error codes used in the library to B<xxx.h>.
--
--Additionally the library include file must have a certain form.
--Typically it will initially look like this:
--
-- #ifndef HEADER_XXX_H
-- #define HEADER_XXX_H
--
-- #ifdef __cplusplus
-- extern "C" {
-- #endif
--
-- /* Include files */
--
-- #include <openssl/bio.h>
-- #include <openssl/x509.h>
--
-- /* Macros, structures and function prototypes */
--
--
-- /* BEGIN ERROR CODES */
--
--The B<BEGIN ERROR CODES> sequence is used by the error code
--generation script as the point to place new error codes, any text
--after this point will be overwritten when B<make errors> is run.
--The closing #endif etc will be automatically added by the script.
--
--The generated C error code file B<xxx_err.c> will load the header
--files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
--header file must load any additional header files containing any
--definitions it uses.
--
--=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
--
--It is also possible to use OpenSSL's error code scheme in external
--libraries. The library needs to load its own codes and call the OpenSSL
--error code insertion script B<mkerr.pl> explicitly to add codes to
--the header file and generate the C error code file. This will normally
--be done if the external library needs to generate new ASN1 structures
--but it can also be used to add more general purpose error code handling.
--
--TBA more details
--
--=head1 INTERNALS
--
--The error queues are stored in a thread-local storage with one B<ERR_STATE>
--entry for each thread. ERR_get_state() returns the current thread's
--B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
--codes. When more error codes are added, the old ones are overwritten,
--on the assumption that the most recent errors are most important.
--
--Error strings are also stored in a hash table that can be obtained
--by calling ERR_get_string_table(void).
--
--=head1 SEE ALSO
--
--L<CRYPTO_set_locking_callback(3)>,
--L<ERR_get_error(3)>,
--L<ERR_GET_LIB(3)>,
--L<ERR_clear_error(3)>,
--L<ERR_error_string(3)>,
--L<ERR_print_errors(3)>,
--L<ERR_load_crypto_strings(3)>,
--L<ERR_remove_thread_state(3)>,
--L<ERR_put_error(3)>,
--L<ERR_load_strings(3)>,
--L<SSL_get_error(3)>
--
--=head1 HISTORY
--
--The ERR_load_crypto_strings() function was deprecated in OpenSSL 1.1.0 by
--OPENSSL_init_crypto().
--
--=cut
---- a/doc/crypto/evp.pod
-+++ b/doc/crypto/evp.pod
-@@ -1,5 +1,7 @@
- =pod
-
-+=for comment openssl_manual_section:7
-+
- =head1 NAME
-
- evp - high-level cryptographic functions
-@@ -61,6 +63,10 @@ based encryption. Careful selection of t
- implementation. However, new applications should not typically use this (preferring, for example,
- PBKDF2 from PCKS#5).
-
-+The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
-+L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
-+and decoding.
-+
- All the symmetric algorithms (ciphers), digests and asymmetric algorithms
- (public key algorithms) can be replaced by L<engine(3)> modules providing alternative
- implementations. If ENGINE implementations of ciphers or digests are registered
-@@ -71,7 +77,7 @@ implementations. For more information, c
- Although low level algorithm specific functions exist for many algorithms
- their use is discouraged. They cannot be used with an ENGINE and ENGINE
- versions of new algorithms cannot be accessed using the low level functions.
--Also makes code harder to adapt to new algorithms and some options are not
-+Also makes code harder to adapt to new algorithms and some options are not
- cleanly supported at the low level and some operations are more efficient
- using the high level interface.
-
-@@ -84,6 +90,7 @@ L<EVP_SealInit(3)>,
- L<EVP_DigestSignInit(3)>,
- L<EVP_SignInit(3)>,
- L<EVP_VerifyInit(3)>,
-+L<EVP_EncodeInit(3)>,
- L<EVP_PKEY_new(3)>,
- L<EVP_PKEY_set1_RSA(3)>,
- L<EVP_PKEY_keygen(3)>,
-@@ -97,4 +104,13 @@ L<EVP_PKEY_derive(3)>,
- L<EVP_BytesToKey(3)>,
- L<engine(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/hmac.pod
-+++ /dev/null
-@@ -1,113 +0,0 @@
--=pod
--
--=head1 NAME
--
--HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final - HMAC message authentication code
--
--=head1 SYNOPSIS
--
-- #include <openssl/hmac.h>
--
-- unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
-- int key_len, const unsigned char *d, int n,
-- unsigned char *md, unsigned int *md_len);
--
-- HMAC_CTX *HMAC_CTX_new(void);
-- int HMAC_CTX_reset(HMAC_CTX *ctx);
--
-- int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
-- const EVP_MD *md, ENGINE *impl);
-- int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
-- int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
--
-- void HMAC_CTX_free(HMAC_CTX *ctx);
--
--Deprecated:
--
-- #if OPENSSL_API_COMPAT < 0x10100000L
-- int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
-- const EVP_MD *md);
-- #endif
--
--=head1 DESCRIPTION
--
--HMAC is a MAC (message authentication code), i.e. a keyed hash
--function used for message authentication, which is based on a hash
--function.
--
--HMAC() computes the message authentication code of the B<n> bytes at
--B<d> using the hash function B<evp_md> and the key B<key> which is
--B<key_len> bytes long.
--
--It places the result in B<md> (which must have space for the output of
--the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
--If B<md> is NULL, the digest is placed in a static array. The size of
--the output is placed in B<md_len>, unless it is B<NULL>.
--
--B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
--
--HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
--
--HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
--resources, making it suitable for new computations as if it was newly
--created with HMAC_CTX_new().
--
--HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
--releases any associated resources and finally frees the B<HMAC_CTX>
--itself.
--
--The following functions may be used if the message is not completely
--stored in memory:
--
--HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
--function B<evp_md> and the key B<key> which is B<key_len> bytes
--long. It is deprecated and only included for backward compatibility
--with OpenSSL 0.9.6b.
--
--HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
--the function B<evp_md> and key B<key>. Either can be NULL, in which
--case the existing one will be reused. B<ctx> must have been created
--with HMAC_CTX_new() before the first use of an B<HMAC_CTX> in this
--function. B<N.B. HMAC_Init() had this undocumented behaviour in
--previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
--programs that expect it will cause them to stop working>.
--
--HMAC_Update() can be called repeatedly with chunks of the message to
--be authenticated (B<len> bytes at B<data>).
--
--HMAC_Final() places the message authentication code in B<md>, which
--must have space for the hash function output.
--
--=head1 RETURN VALUES
--
--HMAC() returns a pointer to the message authentication code or NULL if
--an error occurred.
--
--HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
--B<NULL> if an error occurred.
--
--HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1
--for success or 0 if an error occurred.
--
--HMAC_CTX_free() do not return values.
--
--=head1 CONFORMING TO
--
--RFC 2104
--
--=head1 SEE ALSO
--
--L<sha(3)>, L<evp(3)>
--
--=head1 HISTORY
--
--HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.
--
--HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.
--
--HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1.
--
--HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
--versions of OpenSSL before 1.0.0.
--
--=cut
---- a/doc/crypto/i2d_CMS_bio_stream.pod
-+++ b/doc/crypto/i2d_CMS_bio_stream.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
-- i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format.
-+i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format
-
- =head1 SYNOPSIS
-
-@@ -41,4 +41,13 @@ L<PEM_write_bio_CMS_stream(3)>
-
- i2d_CMS_bio_stream() was added to OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/crypto/i2d_PKCS7_bio_stream.pod
-+++ b/doc/crypto/i2d_PKCS7_bio_stream.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--i2d_PKCS7_bio_stream - output PKCS7 structure in BER format.
-+i2d_PKCS7_bio_stream - output PKCS7 structure in BER format
-
- =head1 SYNOPSIS
-
-@@ -41,4 +41,13 @@ L<PEM_write_bio_PKCS7_stream(3)>
-
- i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/crypto/i2d_re_X509_tbs.pod
-@@ -0,0 +1,79 @@
-+=pod
-+
-+=head1 NAME
-+
-+d2i_X509_AUX, i2d_X509_AUX,
-+i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs
-+- X509 encode and decode functions
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
-+ int i2d_X509_AUX(X509 *x, unsigned char **out);
-+ int i2d_re_X509_tbs(X509 *x, unsigned char **out);
-+ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
-+ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
-+
-+=head1 DESCRIPTION
-+
-+The X509 encode and decode routines encode and parse an
-+B<X509> structure, which represents an X509 certificate.
-+
-+d2i_X509_AUX() is similar to L<d2i_X509(3)> but the input is expected to
-+consist of an X509 certificate followed by auxiliary trust information.
-+This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
-+This function should not be called on untrusted input.
-+
-+i2d_X509_AUX() is similar to L<i2d_X509(3)>, but the encoded output
-+contains both the certificate and any auxiliary trust information.
-+This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
-+Note that this is a non-standard OpenSSL-specific data format.
-+
-+i2d_re_X509_tbs() is similar to L<i2d_X509(3)> except it encodes only
-+the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs()
-+and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request,
-+respectively. The "re" in B<i2d_re_X509_tbs> stands for "re-encode",
-+and ensures that a fresh encoding is generated in case the object has been
-+modified after creation (see the BUGS section).
-+
-+The encoding of the TBSCertificate portion of a certificate is cached
-+in the B<X509> structure internally to improve encoding performance
-+and to ensure certificate signatures are verified correctly in some
-+certificates with broken (non-DER) encodings.
-+
-+If, after modification, the B<X509> object is re-signed with X509_sign(),
-+the encoding is automatically renewed. Otherwise, the encoding of the
-+TBSCertificate portion of the B<X509> can be manually renewed by calling
-+i2d_re_X509_tbs().
-+
-+=head1 SEE ALSO
-+
-+L<ERR_get_error(3)>
-+L<X509_CRL_get0_by_serial(3)>,
-+L<X509_get0_signature(3)>,
-+L<X509_get_ext_d2i(3)>,
-+L<X509_get_extension_flags(3)>,
-+L<X509_get_pubkey(3)>,
-+L<X509_get_subject_name(3)>,
-+L<X509_get_version(3)>,
-+L<X509_NAME_add_entry_by_txt(3)>,
-+L<X509_NAME_ENTRY_get_object(3)>,
-+L<X509_NAME_get_index_by_NID(3)>,
-+L<X509_NAME_print_ex(3)>,
-+L<X509_new(3)>,
-+L<X509_sign(3)>,
-+L<X509V3_get_d2i(3)>,
-+L<X509_verify_cert(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/crypto/lh_stats.pod
-+++ /dev/null
-@@ -1,54 +0,0 @@
--=pod
--
--=head1 NAME
--
--lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
--lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
--
--=head1 SYNOPSIS
--
-- #include <openssl/lhash.h>
--
-- void lh_stats(LHASH *table, FILE *out);
-- void lh_node_stats(LHASH *table, FILE *out);
-- void lh_node_usage_stats(LHASH *table, FILE *out);
--
-- void lh_stats_bio(LHASH *table, BIO *out);
-- void lh_node_stats_bio(LHASH *table, BIO *out);
-- void lh_node_usage_stats_bio(LHASH *table, BIO *out);
--
--=head1 DESCRIPTION
--
--The B<LHASH> structure records statistics about most aspects of
--accessing the hash table. This is mostly a legacy of Eric Young
--writing this library for the reasons of implementing what looked like
--a nice algorithm rather than for a particular software product.
--
--lh_stats() prints out statistics on the size of the hash table, how
--many entries are in it, and the number and result of calls to the
--routines in this library.
--
--lh_node_stats() prints the number of entries for each 'bucket' in the
--hash table.
--
--lh_node_usage_stats() prints out a short summary of the state of the
--hash table. It prints the 'load' and the 'actual load'. The load is
--the average number of data items per 'bucket' in the hash table. The
--'actual load' is the average number of items per 'bucket', but only
--for buckets which contain entries. So the 'actual load' is the
--average number of searches that will need to find an item in the hash
--table, while the 'load' is the average number that will be done to
--record a miss.
--
--lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
--are the same as the above, except that the output goes to a B<BIO>.
--
--=head1 RETURN VALUES
--
--These functions do not return values.
--
--=head1 SEE ALSO
--
--L<bio(3)>, L<lhash(3)>
--
--=cut
---- a/doc/crypto/lhash.pod
-+++ /dev/null
-@@ -1,246 +0,0 @@
--=pod
--
--=head1 NAME
--
--lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error - dynamic hash table
--
--=head1 SYNOPSIS
--
-- #include <openssl/lhash.h>
--
-- DECLARE_LHASH_OF(<type>);
--
-- LHASH *lh_<type>_new();
-- void lh_<type>_free(LHASH_OF(<type> *table);
--
-- <type> *lh_<type>_insert(LHASH_OF(<type> *table, <type> *data);
-- <type> *lh_<type>_delete(LHASH_OF(<type> *table, <type> *data);
-- <type> *lh_retrieve(LHASH_OF<type> *table, <type> *data);
--
-- void lh_<type>_doall(LHASH_OF(<type> *table, LHASH_DOALL_FN_TYPE func);
-- void lh_<type>_doall_arg(LHASH_OF(<type> *table, LHASH_DOALL_ARG_FN_TYPE func,
-- <type2>, <type2> *arg);
--
-- int lh_<type>_error(LHASH_OF(<type> *table);
--
-- typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
-- typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
-- typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
-- typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
--
--=head1 DESCRIPTION
--
--This library implements type-checked dynamic hash tables. The hash
--table entries can be arbitrary structures. Usually they consist of key
--and value fields.
--
--lh_<type>_new() creates a new B<LHASH_OF(<type>> structure to store
--arbitrary data entries, and provides the 'hash' and 'compare'
--callbacks to be used in organising the table's entries. The B<hash>
--callback takes a pointer to a table entry as its argument and returns
--an unsigned long hash value for its key field. The hash value is
--normally truncated to a power of 2, so make sure that your hash
--function returns well mixed low order bits. The B<compare> callback
--takes two arguments (pointers to two hash table entries), and returns
--0 if their keys are equal, non-zero otherwise. If your hash table
--will contain items of some particular type and the B<hash> and
--B<compare> callbacks hash/compare these types, then the
--B<DECLARE_LHASH_HASH_FN> and B<IMPLEMENT_LHASH_COMP_FN> macros can be
--used to create callback wrappers of the prototypes required by
--lh_<type>_new(). These provide per-variable casts before calling the
--type-specific callbacks written by the application author. These
--macros, as well as those used for the "doall" callbacks, are defined
--as;
--
-- #define DECLARE_LHASH_HASH_FN(name, o_type) \
-- unsigned long name##_LHASH_HASH(const void *);
-- #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-- unsigned long name##_LHASH_HASH(const void *arg) { \
-- const o_type *a = arg; \
-- return name##_hash(a); }
-- #define LHASH_HASH_FN(name) name##_LHASH_HASH
--
-- #define DECLARE_LHASH_COMP_FN(name, o_type) \
-- int name##_LHASH_COMP(const void *, const void *);
-- #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-- int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-- const o_type *a = arg1; \
-- const o_type *b = arg2; \
-- return name##_cmp(a,b); }
-- #define LHASH_COMP_FN(name) name##_LHASH_COMP
--
-- #define DECLARE_LHASH_DOALL_FN(name, o_type) \
-- void name##_LHASH_DOALL(void *);
-- #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-- void name##_LHASH_DOALL(void *arg) { \
-- o_type *a = arg; \
-- name##_doall(a); }
-- #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
--
-- #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-- void name##_LHASH_DOALL_ARG(void *, void *);
-- #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-- void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-- o_type *a = arg1; \
-- a_type *b = arg2; \
-- name##_doall_arg(a, b); }
-- #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
--
-- An example of a hash table storing (pointers to) structures of type 'STUFF'
-- could be defined as follows;
--
-- /* Calculates the hash value of 'tohash' (implemented elsewhere) */
-- unsigned long STUFF_hash(const STUFF *tohash);
-- /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
-- int stuff_cmp(const STUFF *arg1, const STUFF *arg2);
-- /* Create the type-safe wrapper functions for use in the LHASH internals */
-- static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF);
-- static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF);
-- /* ... */
-- int main(int argc, char *argv[]) {
-- /* Create the new hash table using the hash/compare wrappers */
-- LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
-- LHASH_COMP_FN(STUFF_cmp));
-- /* ... */
-- }
--
--lh_<type>_free() frees the B<LHASH_OF(<type>> structure
--B<table>. Allocated hash table entries will not be freed; consider
--using lh_<type>_doall() to deallocate any remaining entries in the
--hash table (see below).
--
--lh_<type>_insert() inserts the structure pointed to by B<data> into
--B<table>. If there already is an entry with the same key, the old
--value is replaced. Note that lh_<type>_insert() stores pointers, the
--data are not copied.
--
--lh_<type>_delete() deletes an entry from B<table>.
--
--lh_<type>_retrieve() looks up an entry in B<table>. Normally, B<data>
--is a structure with the key field(s) set; the function will return a
--pointer to a fully populated structure.
--
--lh_<type>_doall() will, for every entry in the hash table, call
--B<func> with the data item as its parameter. For lh_<type>_doall()
--and lh_<type>_doall_arg(), function pointer casting should be avoided
--in the callbacks (see B<NOTE>) - instead use the declare/implement
--macros to create type-checked wrappers that cast variables prior to
--calling your type-specific callbacks. An example of this is
--illustrated here where the callback is used to cleanup resources for
--items in the hash table prior to the hashtable itself being
--deallocated:
--
-- /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
-- void STUFF_cleanup_doall(STUFF *a);
-- /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
-- IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF)
-- /* ... then later in the code ... */
-- /* So to run "STUFF_cleanup" against all items in a hash table ... */
-- lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
-- /* Then the hash table itself can be deallocated */
-- lh_STUFF_free(hashtable);
--
--When doing this, be careful if you delete entries from the hash table
--in your callbacks: the table may decrease in size, moving the item
--that you are currently on down lower in the hash table - this could
--cause some entries to be skipped during the iteration. The second
--best solution to this problem is to set hash-E<gt>down_load=0 before
--you start (which will stop the hash table ever decreasing in size).
--The best solution is probably to avoid deleting items from the hash
--table inside a "doall" callback!
--
--lh_<type>_doall_arg() is the same as lh_<type>_doall() except that
--B<func> will be called with B<arg> as the second argument and B<func>
--should be of type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype
--that is passed both the table entry and an extra argument). As with
--lh_doall(), you can instead choose to declare your callback with a
--prototype matching the types you are dealing with and use the
--declare/implement macros to create compatible wrappers that cast
--variables before calling your type-specific callbacks. An example of
--this is demonstrated here (printing all hash table entries to a BIO
--that is provided by the caller):
--
-- /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
-- void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio);
-- /* Implement a prototype-compatible wrapper for "STUFF_print" */
-- static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO)
-- /* ... then later in the code ... */
-- /* Print out the entire hashtable to a particular BIO */
-- lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
-- logging_bio);
--
--lh_<type>_error() can be used to determine if an error occurred in the last
--operation. lh_<type>_error() is a macro.
--
--=head1 RETURN VALUES
--
--lh_<type>_new() returns B<NULL> on error, otherwise a pointer to the new
--B<LHASH> structure.
--
--When a hash table entry is replaced, lh_<type>_insert() returns the value
--being replaced. B<NULL> is returned on normal operation and on error.
--
--lh_<type>_delete() returns the entry being deleted. B<NULL> is returned if
--there is no such value in the hash table.
--
--lh_<type>_retrieve() returns the hash table entry if it has been found,
--B<NULL> otherwise.
--
--lh_<type>_error() returns 1 if an error occurred in the last operation, 0
--otherwise.
--
--lh_<type>_free(), lh_<type>_doall() and lh_<type>_doall_arg() return no values.
--
--=head1 NOTE
--
--The various LHASH macros and callback types exist to make it possible
--to write type-checked code without resorting to function-prototype
--casting - an evil that makes application code much harder to
--audit/verify and also opens the window of opportunity for stack
--corruption and other hard-to-find bugs. It also, apparently, violates
--ANSI-C.
--
--The LHASH code regards table entries as constant data. As such, it
--internally represents lh_insert()'d items with a "const void *"
--pointer type. This is why callbacks such as those used by lh_doall()
--and lh_doall_arg() declare their prototypes with "const", even for the
--parameters that pass back the table items' data pointers - for
--consistency, user-provided data is "const" at all times as far as the
--LHASH code is concerned. However, as callers are themselves providing
--these pointers, they can choose whether they too should be treating
--all such parameters as constant.
--
--As an example, a hash table may be maintained by code that, for
--reasons of encapsulation, has only "const" access to the data being
--indexed in the hash table (ie. it is returned as "const" from
--elsewhere in their code) - in this case the LHASH prototypes are
--appropriate as-is. Conversely, if the caller is responsible for the
--life-time of the data in question, then they may well wish to make
--modifications to table item passed back in the lh_doall() or
--lh_doall_arg() callbacks (see the "STUFF_cleanup" example above). If
--so, the caller can either cast the "const" away (if they're providing
--the raw callbacks themselves) or use the macros to declare/implement
--the wrapper functions without "const" types.
--
--Callers that only have "const" access to data they're indexing in a
--table, yet declare callbacks without constant types (or cast the
--"const" away themselves), are therefore creating their own risks/bugs
--without being encouraged to do so by the API. On a related note,
--those auditing code should pay special attention to any instances of
--DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
--without any "const" qualifiers.
--
--=head1 BUGS
--
--lh_<type>_insert() returns B<NULL> both for success and error.
--
--=head1 SEE ALSO
--
--L<lh_stats(3)>
--
--=head1 HISTORY
--
--In OpenSSL 1.0.0, the lhash interface was revamped for better
--type checking.
--
--=cut
---- a/doc/crypto/md5.pod
-+++ /dev/null
-@@ -1,92 +0,0 @@
--=pod
--
--=head1 NAME
--
--MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
--MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
--
--=head1 SYNOPSIS
--
-- #include <openssl/md2.h>
--
-- unsigned char *MD2(const unsigned char *d, unsigned long n,
-- unsigned char *md);
--
-- int MD2_Init(MD2_CTX *c);
-- int MD2_Update(MD2_CTX *c, const unsigned char *data,
-- unsigned long len);
-- int MD2_Final(unsigned char *md, MD2_CTX *c);
--
--
-- #include <openssl/md4.h>
--
-- unsigned char *MD4(const unsigned char *d, unsigned long n,
-- unsigned char *md);
--
-- int MD4_Init(MD4_CTX *c);
-- int MD4_Update(MD4_CTX *c, const void *data,
-- unsigned long len);
-- int MD4_Final(unsigned char *md, MD4_CTX *c);
--
--
-- #include <openssl/md5.h>
--
-- unsigned char *MD5(const unsigned char *d, unsigned long n,
-- unsigned char *md);
--
-- int MD5_Init(MD5_CTX *c);
-- int MD5_Update(MD5_CTX *c, const void *data,
-- unsigned long len);
-- int MD5_Final(unsigned char *md, MD5_CTX *c);
--
--=head1 DESCRIPTION
--
--MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
--
--MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
--of the B<n> bytes at B<d> and place it in B<md> (which must have space
--for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
--bytes of output). If B<md> is NULL, the digest is placed in a static
--array.
--
--The following functions may be used if the message is not completely
--stored in memory:
--
--MD2_Init() initializes a B<MD2_CTX> structure.
--
--MD2_Update() can be called repeatedly with chunks of the message to
--be hashed (B<len> bytes at B<data>).
--
--MD2_Final() places the message digest in B<md>, which must have space
--for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
--
--MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
--MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
--
--Applications should use the higher level functions
--L<EVP_DigestInit(3)>
--etc. instead of calling the hash functions directly.
--
--=head1 NOTE
--
--MD2, MD4, and MD5 are recommended only for compatibility with existing
--applications. In new applications, SHA-1 or RIPEMD-160 should be
--preferred.
--
--=head1 RETURN VALUES
--
--MD2(), MD4(), and MD5() return pointers to the hash value.
--
--MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
--MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
--success, 0 otherwise.
--
--=head1 CONFORMING TO
--
--RFC 1319, RFC 1320, RFC 1321
--
--=head1 SEE ALSO
--
--L<EVP_DigestInit(3)>
--
--=cut
---- a/doc/crypto/mdc2.pod
-+++ /dev/null
-@@ -1,59 +0,0 @@
--=pod
--
--=head1 NAME
--
--MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
--
--=head1 SYNOPSIS
--
-- #include <openssl/mdc2.h>
--
-- unsigned char *MDC2(const unsigned char *d, unsigned long n,
-- unsigned char *md);
--
-- int MDC2_Init(MDC2_CTX *c);
-- int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
-- unsigned long len);
-- int MDC2_Final(unsigned char *md, MDC2_CTX *c);
--
--=head1 DESCRIPTION
--
--MDC2 is a method to construct hash functions with 128 bit output from
--block ciphers. These functions are an implementation of MDC2 with
--DES.
--
--MDC2() computes the MDC2 message digest of the B<n>
--bytes at B<d> and places it in B<md> (which must have space for
--MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
--is placed in a static array.
--
--The following functions may be used if the message is not completely
--stored in memory:
--
--MDC2_Init() initializes a B<MDC2_CTX> structure.
--
--MDC2_Update() can be called repeatedly with chunks of the message to
--be hashed (B<len> bytes at B<data>).
--
--MDC2_Final() places the message digest in B<md>, which must have space
--for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
--
--Applications should use the higher level functions
--L<EVP_DigestInit(3)> etc. instead of calling the
--hash functions directly.
--
--=head1 RETURN VALUES
--
--MDC2() returns a pointer to the hash value.
--
--MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
--
--=head1 CONFORMING TO
--
--ISO/IEC 10118-2, with DES
--
--=head1 SEE ALSO
--
--L<EVP_DigestInit(3)>
--
--=cut
---- a/doc/crypto/pem.pod
-+++ /dev/null
-@@ -1,458 +0,0 @@
--=pod
--
--=head1 NAME
--
--PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
--PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
--PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
--PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
--PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
--PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
--PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
--PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
--PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
--PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
--PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
--PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
--PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
--PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
--PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
--PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
--PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
--PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
--PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
--PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
--PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
--
--=head1 SYNOPSIS
--
-- #include <openssl/pem.h>
--
-- EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
-- pem_password_cb *cb, void *u);
-- EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-- unsigned char *kstr, int klen,
-- pem_password_cb *cb, void *u);
-- int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-- unsigned char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
-- int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
-- int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-- char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
-- pem_password_cb *cb, void *u);
-- EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
-- int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
--
-- RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
-- pem_password_cb *cb, void *u);
-- RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-- unsigned char *kstr, int klen,
-- pem_password_cb *cb, void *u);
-- int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-- unsigned char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
-- pem_password_cb *cb, void *u);
-- RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
-- int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
--
-- RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
-- pem_password_cb *cb, void *u);
-- RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
-- int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
--
-- DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
-- pem_password_cb *cb, void *u);
-- DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-- unsigned char *kstr, int klen,
-- pem_password_cb *cb, void *u);
-- int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-- unsigned char *kstr, int klen,
-- pem_password_cb *cb, void *u);
--
-- DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
-- pem_password_cb *cb, void *u);
-- DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
-- int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
--
-- DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
-- DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
-- int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
-- int PEM_write_DSAparams(FILE *fp, DSA *x);
--
-- DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
-- DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
-- int PEM_write_bio_DHparams(BIO *bp, DH *x);
-- int PEM_write_DHparams(FILE *fp, DH *x);
--
-- X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
-- X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
-- int PEM_write_bio_X509(BIO *bp, X509 *x);
-- int PEM_write_X509(FILE *fp, X509 *x);
--
-- X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
-- X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
-- int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
-- int PEM_write_X509_AUX(FILE *fp, X509 *x);
--
-- X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
-- pem_password_cb *cb, void *u);
-- X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
-- int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
-- int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
-- int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
--
-- X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
-- pem_password_cb *cb, void *u);
-- X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
-- pem_password_cb *cb, void *u);
-- int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
-- int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
--
-- PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
-- PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
-- int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
-- int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
--
--=head1 DESCRIPTION
--
--The PEM functions read or write structures in PEM format. In
--this sense PEM format is simply base64 encoded data surrounded
--by header lines.
--
--For more details about the meaning of arguments see the
--B<PEM FUNCTION ARGUMENTS> section.
--
--Each operation has four functions associated with it. For
--clarity the term "B<foobar> functions" will be used to collectively
--refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
--PEM_write_bio_foobar() and PEM_write_foobar() functions.
--
--The B<PrivateKey> functions read or write a private key in
--PEM format using an EVP_PKEY structure. The write routines use
--"traditional" private key format and can handle both RSA and DSA
--private keys. The read functions can additionally transparently
--handle PKCS#8 format encrypted and unencrypted keys too.
--
--PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
--write a private key in an EVP_PKEY structure in PKCS#8
--EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
--algorithms. The B<cipher> argument specifies the encryption algorithm to
--use: unlike all other PEM routines the encryption is applied at the
--PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
--encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
--
--PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
--also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
--it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
--to use is specified in the B<nid> parameter and should be the NID of the
--corresponding OBJECT IDENTIFIER (see NOTES section).
--
--The B<PUBKEY> functions process a public key using an EVP_PKEY
--structure. The public key is encoded as a SubjectPublicKeyInfo
--structure.
--
--The B<RSAPrivateKey> functions process an RSA private key using an
--RSA structure. It handles the same formats as the B<PrivateKey>
--functions but an error occurs if the private key is not RSA.
--
--The B<RSAPublicKey> functions process an RSA public key using an
--RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
--structure.
--
--The B<RSA_PUBKEY> functions also process an RSA public key using
--an RSA structure. However the public key is encoded using a
--SubjectPublicKeyInfo structure and an error occurs if the public
--key is not RSA.
--
--The B<DSAPrivateKey> functions process a DSA private key using a
--DSA structure. It handles the same formats as the B<PrivateKey>
--functions but an error occurs if the private key is not DSA.
--
--The B<DSA_PUBKEY> functions process a DSA public key using
--a DSA structure. The public key is encoded using a
--SubjectPublicKeyInfo structure and an error occurs if the public
--key is not DSA.
--
--The B<DSAparams> functions process DSA parameters using a DSA
--structure. The parameters are encoded using a Dss-Parms structure
--as defined in RFC2459.
--
--The B<DHparams> functions process DH parameters using a DH
--structure. The parameters are encoded using a PKCS#3 DHparameter
--structure.
--
--The B<X509> functions process an X509 certificate using an X509
--structure. They will also process a trusted X509 certificate but
--any trust settings are discarded.
--
--The B<X509_AUX> functions process a trusted X509 certificate using
--an X509 structure.
--
--The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
--certificate request using an X509_REQ structure. The B<X509_REQ>
--write functions use B<CERTIFICATE REQUEST> in the header whereas
--the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
--(as required by some CAs). The B<X509_REQ> read functions will
--handle either form so there are no B<X509_REQ_NEW> read functions.
--
--The B<X509_CRL> functions process an X509 CRL using an X509_CRL
--structure.
--
--The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
--structure.
--
--=head1 PEM FUNCTION ARGUMENTS
--
--The PEM functions have many common arguments.
--
--The B<bp> BIO parameter (if present) specifies the BIO to read from
--or write to.
--
--The B<fp> FILE parameter (if present) specifies the FILE pointer to
--read from or write to.
--
--The PEM read functions all take an argument B<TYPE **x> and return
--a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
--uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
--NULL but B<*x> is NULL then the structure returned will be written
--to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
--to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
--Irrespective of the value of B<x> a pointer to the structure is always
--returned (or NULL if an error occurred).
--
--The PEM functions which write private keys take an B<enc> parameter
--which specifies the encryption algorithm to use, encryption is done
--at the PEM level. If this parameter is set to NULL then the private
--key is written in unencrypted form.
--
--The B<cb> argument is the callback to use when querying for the pass
--phrase used for encrypted PEM structures (normally only private keys).
--
--For the PEM write routines if the B<kstr> parameter is not NULL then
--B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
--ignored.
--
--If the B<cb> parameters is set to NULL and the B<u> parameter is not
--NULL then the B<u> parameter is interpreted as a null terminated string
--to use as the passphrase. If both B<cb> and B<u> are NULL then the
--default callback routine is used which will typically prompt for the
--passphrase on the current terminal with echoing turned off.
--
--The default passphrase callback is sometimes inappropriate (for example
--in a GUI application) so an alternative can be supplied. The callback
--routine has the following form:
--
-- int cb(char *buf, int size, int rwflag, void *u);
--
--B<buf> is the buffer to write the passphrase to. B<size> is the maximum
--length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
--which is set to 0 when reading and 1 when writing. A typical routine
--will ask the user to verify the passphrase (for example by prompting
--for it twice) if B<rwflag> is 1. The B<u> parameter has the same
--value as the B<u> parameter passed to the PEM routine. It allows
--arbitrary data to be passed to the callback by the application
--(for example a window handle in a GUI application). The callback
--B<must> return the number of characters in the passphrase or 0 if
--an error occurred.
--
--=head1 EXAMPLES
--
--Although the PEM routines take several arguments in almost all applications
--most of them are set to 0 or NULL.
--
--Read a certificate in PEM format from a BIO:
--
-- X509 *x;
-- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-- if (x == NULL) {
-- /* Error */
-- }
--
--Alternative method:
--
-- X509 *x = NULL;
-- if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
-- /* Error */
-- }
--
--Write a certificate to a BIO:
--
-- if (!PEM_write_bio_X509(bp, x)) {
-- /* Error */
-- }
--
--Write a private key (using traditional format) to a BIO using
--triple DES encryption, the pass phrase is prompted for:
--
-- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
-- /* Error */
-- }
--
--Write a private key (using PKCS#8 format) to a BIO using triple
--DES encryption, using the pass phrase "hello":
--
-- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
-- /* Error */
-- }
--
--Read a private key from a BIO using a pass phrase callback:
--
-- key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
-- if (key == NULL) {
-- /* Error */
-- }
--
--Skeleton pass phrase callback:
--
-- int pass_cb(char *buf, int size, int rwflag, void *u)
-- {
-- int len;
-- char *tmp;
--
-- /* We'd probably do something else if 'rwflag' is 1 */
-- printf("Enter pass phrase for \"%s\"\n", (char *)u);
--
-- /* get pass phrase, length 'len' into 'tmp' */
-- tmp = "hello";
-- len = strlen(tmp);
-- if (len <= 0)
-- return 0;
--
-- if (len > size)
-- len = size;
-- memcpy(buf, tmp, len);
-- return len;
-- }
--
--=head1 NOTES
--
--The old B<PrivateKey> write routines are retained for compatibility.
--New applications should write private keys using the
--PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
--because they are more secure (they use an iteration count of 2048 whereas
--the traditional routines use a count of 1) unless compatibility with older
--versions of OpenSSL is important.
--
--The B<PrivateKey> read routines can be used in all applications because
--they handle all formats transparently.
--
--A frequent cause of problems is attempting to use the PEM routines like
--this:
--
-- X509 *x;
-- PEM_read_bio_X509(bp, &x, 0, NULL);
--
--this is a bug because an attempt will be made to reuse the data at B<x>
--which is an uninitialised pointer.
--
--=head1 PEM ENCRYPTION FORMAT
--
--These old B<PrivateKey> routines use a non standard technique for encryption.
--
--The private key (or other data) takes the following form:
--
-- -----BEGIN RSA PRIVATE KEY-----
-- Proc-Type: 4,ENCRYPTED
-- DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
--
-- ...base64 encoded data...
-- -----END RSA PRIVATE KEY-----
--
--The line beginning with I<Proc-Type> contains the version and the
--protection on the encapsulated data. The line beginning I<DEK-Info>
--contains two comma separated values: the encryption algorithm name as
--used by EVP_get_cipherbyname() and an initialization vector used by the
--cipher encoded as a set of hexadecimal digits. After those two lines is
--the base64-encoded encrypted data.
--
--The encryption key is derived using EVP_BytesToKey(). The cipher's
--initialization vector is passed to EVP_BytesToKey() as the B<salt>
--parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
--(regardless of the size of the initialization vector). The user's
--password is passed to EVP_BytesToKey() using the B<data> and B<datal>
--parameters. Finally, the library uses an iteration count of 1 for
--EVP_BytesToKey().
--
--he B<key> derived by EVP_BytesToKey() along with the original initialization
--vector is then used to decrypt the encrypted data. The B<iv> produced by
--EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
--the function.
--
--The pseudo code to derive the key would look similar to:
--
-- EVP_CIPHER* cipher = EVP_des_ede3_cbc();
-- EVP_MD* md = EVP_md5();
--
-- unsigned int nkey = EVP_CIPHER_key_length(cipher);
-- unsigned int niv = EVP_CIPHER_iv_length(cipher);
-- unsigned char key[nkey];
-- unsigned char iv[niv];
--
-- memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
-- rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
-- if (rc != nkey) {
-- /* Error */
-- }
--
-- /* On success, use key and iv to initialize the cipher */
--
--=head1 BUGS
--
--The PEM read routines in some versions of OpenSSL will not correctly reuse
--an existing structure. Therefore the following:
--
-- PEM_read_bio_X509(bp, &x, 0, NULL);
--
--where B<x> already contains a valid certificate, may not work, whereas:
--
-- X509_free(x);
-- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
--
--is guaranteed to work.
--
--=head1 RETURN CODES
--
--The read routines return either a pointer to the structure read or NULL
--if an error occurred.
--
--The write routines return 1 for success or 0 for failure.
--
--=head1 HISTORY
--
--The old Netscape certificate sequences were no longer documented
--in OpenSSL 1.1; applications should use the PKCS7 standard instead
--as they will be formally deprecated in a future releases.
--
--=head1 SEE ALSO
--
--L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
---- a/doc/crypto/rand.pod
-+++ /dev/null
-@@ -1,77 +0,0 @@
--=pod
--
--=head1 NAME
--
--rand - pseudo-random number generator
--
--=head1 SYNOPSIS
--
-- #include <openssl/rand.h>
--
-- int RAND_set_rand_engine(ENGINE *engine);
--
-- int RAND_bytes(unsigned char *buf, int num);
-- int RAND_pseudo_bytes(unsigned char *buf, int num);
--
-- void RAND_seed(const void *buf, int num);
-- void RAND_add(const void *buf, int num, int entropy);
-- int RAND_status(void);
--
-- int RAND_load_file(const char *file, long max_bytes);
-- int RAND_write_file(const char *file);
-- const char *RAND_file_name(char *file, size_t num);
--
-- int RAND_egd(const char *path);
--
-- void RAND_set_rand_method(const RAND_METHOD *meth);
-- const RAND_METHOD *RAND_get_rand_method(void);
-- RAND_METHOD *RAND_OpenSSL(void);
--
-- /* For Win32 only */
-- void RAND_screen(void);
-- int RAND_event(UINT, WPARAM, LPARAM);
--
--Deprecated:
--
-- #if OPENSSL_API_COMPAT < 0x10100000L
-- void RAND_cleanup(void)
-- #endif
--
--=head1 DESCRIPTION
--
--Since the introduction of the ENGINE API, the recommended way of controlling
--default implementations is by using the ENGINE API functions. The default
--B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
--RAND_get_rand_method(), is only used if no ENGINE has been set as the default
--"rand" implementation. Hence, these two functions are no longer the recommended
--way to control defaults.
--
--If an alternative B<RAND_METHOD> implementation is being used (either set
--directly or as provided by an ENGINE module), then it is entirely responsible
--for the generation and management of a cryptographically secure PRNG stream. The
--mechanisms described below relate solely to the software PRNG implementation
--built in to OpenSSL and used by default.
--
--These functions implement a cryptographically secure pseudo-random
--number generator (PRNG). It is used by other library functions for
--example to generate random keys, and applications can use it when they
--need randomness.
--
--A cryptographic PRNG must be seeded with unpredictable data such as
--mouse movements or keys pressed at random by the user. This is
--described in L<RAND_add(3)>. Its state can be saved in a seed file
--(see L<RAND_load_file(3)>) to avoid having to go through the
--seeding process whenever the application is started.
--
--L<RAND_bytes(3)> describes how to obtain random data from the
--PRNG.
--
--=head1 SEE ALSO
--
--L<BN_rand(3)>, L<RAND_add(3)>,
--L<RAND_load_file(3)>, L<RAND_egd(3)>,
--L<RAND_bytes(3)>,
--L<RAND_set_rand_method(3)>,
--L<RAND_cleanup(3)>
--
--=cut
---- a/doc/crypto/rc4.pod
-+++ /dev/null
-@@ -1,57 +0,0 @@
--=pod
--
--=head1 NAME
--
--RC4_set_key, RC4 - RC4 encryption
--
--=head1 SYNOPSIS
--
-- #include <openssl/rc4.h>
--
-- void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
--
-- void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
-- unsigned char *outdata);
--
--=head1 DESCRIPTION
--
--This library implements the Alleged RC4 cipher, which is described for
--example in I<Applied Cryptography>. It is believed to be compatible
--with RC4[TM], a proprietary cipher of RSA Security Inc.
--
--RC4 is a stream cipher with variable key length. Typically, 128 bit
--(16 byte) keys are used for strong encryption, but shorter insecure
--key sizes have been widely used due to export restrictions.
--
--RC4 consists of a key setup phase and the actual encryption or
--decryption phase.
--
--RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
--key at B<data>.
--
--RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
--B<key> and places the result at B<outdata>. Repeated RC4() calls with
--the same B<key> yield a continuous key stream.
--
--Since RC4 is a stream cipher (the input is XORed with a pseudo-random
--key stream to produce the output), decryption uses the same function
--calls as encryption.
--
--=head1 RETURN VALUES
--
--RC4_set_key() and RC4() do not return values.
--
--=head1 NOTE
--
--Applications should use the higher level functions
--L<EVP_EncryptInit(3)> etc. instead of calling these
--functions directly.
--
--It is difficult to securely use stream ciphers. For example, do not perform
--multiple encryptions using the same key stream.
--
--=head1 SEE ALSO
--
--L<EVP_EncryptInit(3)>
--
--=cut
---- a/doc/crypto/ripemd.pod
-+++ /dev/null
-@@ -1,63 +0,0 @@
--=pod
--
--=head1 NAME
--
--RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
--RIPEMD-160 hash function
--
--=head1 SYNOPSIS
--
-- #include <openssl/ripemd.h>
--
-- unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
-- unsigned char *md);
--
-- int RIPEMD160_Init(RIPEMD160_CTX *c);
-- int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
-- unsigned long len);
-- int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
--
--=head1 DESCRIPTION
--
--RIPEMD-160 is a cryptographic hash function with a
--160 bit output.
--
--RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
--bytes at B<d> and places it in B<md> (which must have space for
--RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
--is placed in a static array.
--
--The following functions may be used if the message is not completely
--stored in memory:
--
--RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
--
--RIPEMD160_Update() can be called repeatedly with chunks of the message to
--be hashed (B<len> bytes at B<data>).
--
--RIPEMD160_Final() places the message digest in B<md>, which must have
--space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
--the B<RIPEMD160_CTX>.
--
--=head1 RETURN VALUES
--
--RIPEMD160() returns a pointer to the hash value.
--
--RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
--success, 0 otherwise.
--
--=head1 NOTE
--
--Applications should use the higher level functions
--L<EVP_DigestInit(3)> etc. instead of calling these
--functions directly.
--
--=head1 CONFORMING TO
--
--ISO/IEC 10118-3 (draft) (??)
--
--=head1 SEE ALSO
--
--L<EVP_DigestInit(3)>
--
--=cut
---- a/doc/crypto/rsa.pod
-+++ /dev/null
-@@ -1,103 +0,0 @@
--=pod
--
--=head1 NAME
--
--rsa - RSA public key cryptosystem
--
--=head1 SYNOPSIS
--
-- #include <openssl/rsa.h>
-- #include <openssl/engine.h>
--
-- RSA * RSA_new(void);
-- void RSA_free(RSA *rsa);
--
-- int RSA_public_encrypt(int flen, unsigned char *from,
-- unsigned char *to, RSA *rsa, int padding);
-- int RSA_private_decrypt(int flen, unsigned char *from,
-- unsigned char *to, RSA *rsa, int padding);
-- int RSA_private_encrypt(int flen, unsigned char *from,
-- unsigned char *to, RSA *rsa,int padding);
-- int RSA_public_decrypt(int flen, unsigned char *from,
-- unsigned char *to, RSA *rsa,int padding);
--
-- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
-- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
--
-- RSA *RSA_generate_key(int num, unsigned long e,
-- void (*callback)(int,int,void *), void *cb_arg);
--
-- int RSA_check_key(RSA *rsa);
--
-- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-- void RSA_blinding_off(RSA *rsa);
--
-- void RSA_set_default_method(const RSA_METHOD *meth);
-- const RSA_METHOD *RSA_get_default_method(void);
-- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-- const RSA_METHOD *RSA_get_method(const RSA *rsa);
-- RSA_METHOD *RSA_PKCS1_OpenSSL(void);
-- RSA_METHOD *RSA_null_method(void);
-- int RSA_flags(const RSA *rsa);
-- RSA *RSA_new_method(ENGINE *engine);
--
-- int RSA_print(BIO *bp, RSA *x, int offset);
-- int RSA_print_fp(FILE *fp, RSA *x, int offset);
--
-- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-- unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
-- RSA *rsa);
-- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-- RSA *rsa);
--
--=head1 DESCRIPTION
--
--These functions implement RSA public key encryption and signatures
--as defined in PKCS #1 v2.0 [RFC 2437].
--
--The B<RSA> structure consists of the BIGNUM components B<n>, B<e>,
--B<d>, B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp>, which represent public
--as well as private RSA keys.
--
--In public keys, the private exponent B<d> and the related secret
--values B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> are B<NULL>.
--
--B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
--keys, but the RSA operations are much faster when these values are
--available.
--
--Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
--either directly or by the use of B<ENGINE> modules. In some cases (eg. an
--ENGINE providing support for hardware-embedded keys), these BIGNUM values
--will not be used by the implementation or may be used for alternative data
--storage. For this reason, applications should generally avoid using RSA
--structure elements directly and instead use API functions to query or
--modify keys.
--
--=head1 CONFORMING TO
--
--SSL, PKCS #1 v2.0
--
--=head1 PATENTS
--
--RSA was covered by a US patent which expired in September 2000.
--
--=head1 SEE ALSO
--
--L<rsa(1)>, L<bn(3)>, L<dsa(3)>, L<dh(3)>,
--L<rand(3)>, L<engine(3)>, L<RSA_new(3)>, L<RSA_set0_key(3)>
--L<RSA_public_encrypt(3)>,
--L<RSA_sign(3)>, L<RSA_size(3)>,
--L<RSA_generate_key(3)>,
--L<RSA_check_key(3)>,
--L<RSA_blinding_on(3)>,
--L<RSA_set_method(3)>, L<RSA_print(3)>,
--L<RSA_get_ex_new_index(3)>,
--L<RSA_private_encrypt(3)>,
--L<RSA_sign_ASN1_OCTET_STRING(3)>,
--L<RSA_padding_add_PKCS1_type_1(3)>
--
--=cut
---- a/doc/crypto/sha.pod
-+++ /dev/null
-@@ -1,99 +0,0 @@
--=pod
--
--=head1 NAME
--
--SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update,
--SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384,
--SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
--SHA512_Final - Secure Hash Algorithm
--
--=head1 SYNOPSIS
--
-- #include <openssl/sha.h>
--
-- int SHA1_Init(SHA_CTX *c);
-- int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-- int SHA1_Final(unsigned char *md, SHA_CTX *c);
-- unsigned char *SHA1(const unsigned char *d, size_t n,
-- unsigned char *md);
--
-- int SHA224_Init(SHA256_CTX *c);
-- int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-- int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-- unsigned char *SHA224(const unsigned char *d, size_t n,
-- unsigned char *md);
--
-- int SHA256_Init(SHA256_CTX *c);
-- int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-- int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-- unsigned char *SHA256(const unsigned char *d, size_t n,
-- unsigned char *md);
--
-- int SHA384_Init(SHA512_CTX *c);
-- int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-- int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-- unsigned char *SHA384(const unsigned char *d, size_t n,
-- unsigned char *md);
--
-- int SHA512_Init(SHA512_CTX *c);
-- int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-- int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-- unsigned char *SHA512(const unsigned char *d, size_t n,
-- unsigned char *md);
--
--=head1 DESCRIPTION
--
--Applications should use the higher level functions
--L<EVP_DigestInit(3)> etc. instead of calling the hash
--functions directly.
--
--SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
--160 bit output.
--
--SHA1() computes the SHA-1 message digest of the B<n>
--bytes at B<d> and places it in B<md> (which must have space for
--SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
--is placed in a static array. Note: setting B<md> to NULL is B<not thread safe>.
--
--The following functions may be used if the message is not completely
--stored in memory:
--
--SHA1_Init() initializes a B<SHA_CTX> structure.
--
--SHA1_Update() can be called repeatedly with chunks of the message to
--be hashed (B<len> bytes at B<data>).
--
--SHA1_Final() places the message digest in B<md>, which must have space
--for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
--
--The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the
--same way as for the SHA1 functions. Note that SHA224 and SHA256 use a
--B<SHA256_CTX> object instead of B<SHA_CTX>. SHA384 and SHA512 use B<SHA512_CTX>.
--The buffer B<md> must have space for the output from the SHA variant being used
--(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and
--SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the
--SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if
--B<md> is NULL.
--
--The predecessor of SHA-1, SHA, is also implemented, but it should be
--used only when backward compatibility is required.
--
--=head1 RETURN VALUES
--
--SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
--value.
--
--SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256,
--SHA384 and SHA512 functions return 1 for success, 0 otherwise.
--
--=head1 CONFORMING TO
--
--US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash
--Standard),
--ANSI X9.30
--
--=head1 SEE ALSO
--
--L<EVP_DigestInit(3)>
--
--=cut
---- a/doc/crypto/sk_X509_num.pod
-+++ /dev/null
-@@ -1,200 +0,0 @@
--=pod
--
--=head1 NAME
--
--sk_X509_num, sk_X509_value, sk_X509_new, sk_X509_new_null, sk_X509_free,
--sk_X509_zero, sk_X509_delete, sk_X509_delete_ptr, sk_X509_push,
--sk_X509_unshift, sk_X509_pop, sk_X509_shift, sk_X509_pop_free, sk_X509_insert,
--sk_X509_set, sk_X509_find, sk_X509_find_ex, sk_X509_sort, sk_X509_is_sorted,
--sk_X509_dup, sk_X509_deep_copy, sk_X509_set_cmp_func - X509 stack
--
--=head1 SYNOPSIS
--
-- #include <openssl/x509.h>
--
-- int sk_X509_num(const STACK_OF(X509) *sk);
-- X509 *sk_X509_value(const STACK_OF(X509) *sk, int idx);
-- STACK_OF(X509) *sk_X509_new(int (*cmpf)(const X509 * const *a,
-- const X509 * const *b));
-- STACK_OF(X509) *sk_X509_new_null(void);
-- int (*sk_X509_set_cmp_func (STACK_OF(X509) *sk,
-- int (*cmpf) (const X509 * const *a,
-- const X509 * const *b)))
-- (const X509 * const *, const X509 * const *);
-- void sk_X509_free(const STACK_OF(X509) *sk);
-- void sk_X509_zero(const STACK_OF(X509) *sk);
-- void sk_X509_pop_free(STACK_OF(X509) *sk, void (*func) (X509 *a));
-- X509 *sk_X509_delete(STACK_OF(X509) *sk, int i);
-- X509 *sk_X509_delete_ptr(STACK_OF(X509) *sk, X509 *ptr);
-- int sk_X509_insert(STACK_OF(X509) *sk, X509 *ptr, int idx);
-- int sk_X509_push(STACK_OF(X509) *sk, X509 *ptr);
-- int sk_X509_unshift(STACK_OF(X509) *sk, X509 *ptr);
-- X509 *sk_X509_pop(STACK_OF(X509) *sk);
-- X509 *sk_X509_shift(STACK_OF(X509) *sk);
-- X509 *sk_X509_set(STACK_OF(X509) *sk, int idx, X509 *ptr);
-- int sk_X509_find(STACK_OF(X509) *sk, X509 *ptr);
-- int sk_X509_find_ex(STACK_OF(X509) *sk, X509 *ptr);
-- void sk_X509_sort(const STACK_OF(X509) *sk);
-- int sk_X509_is_sorted(const STACK_OF(X509) *sk);
-- STACK_OF(X509) *sk_X509_dup(STACK_OF(X509) *sk);
-- STACK_OF(X509) *sk_X509_deep_copy(STACK_OF(X509) *sk,
-- X509 * (*copyfn) (const X509 *),
-- void (*freefn) (X509 *));
--
--=head1 DESCRIPTION
--
--sk_X509_num() returns the number of elements in B<sk> or -1 if B<sk> is
--B<NULL>.
--
--sk_X509_value() returns element B<idx> in B<sk>. Where B<idx> runs from 0
--to sk_X509_num(sk) - 1 inclusive. If B<idx> is out of range then B<NULL>
--is returned.
--
--sk_X509_new() allocates a new empty stack using comparison function B<cmpf>.
--If B<cmpf> is B<0> then no comparison function is used.
--
--sk_X509_new_null() allocates a new empty stack with no comparison function.
--
--sk_X509_set_cmp_func() sets the comparison function of B<sk> to B<cmpf>.
--The previous comparison function is returned or B<0> if there was
--no previous comparison function.
--
--sk_X509_free() frees up the B<sk> structure. It does B<not> free up any
--elements of B<sk>. After this call B<sk> is no longer valid.
--
--sk_X509_zero() sets the number of elements in B<sk> to zero. It does not free
--B<sk> so after this call B<sk> is still valid.
--
--sk_X509_pop_free() frees up all elements of B<sk> and B<sk> itself. The
--free function func() is called on each element to free it.
--
--sk_X509_delete() deletes element B<i> from B<sk>. It returns the deleted
--element or B<NULL> if B<i> is out of range.
--
--sk_X509_delete_ptr() deletes element matching B<ptr> from B<sk>. It returns
--the deleted element or B<NULL> if no element matching B<ptr> was found.
--
--sk_X509_insert() inserts B<ptr> into B<sk> at position B<idx>. Any existing
--elements at or after B<idx> are moved downwards. If B<idx> is out of range
--the new element is appended to B<sk>. sk_X509_insert() either returns the
--number of elements in B<sk> after the new element is inserted or zero if
--an error occurred: which will happen if there is a memory allocation failure.
--
--sk_X509_push() appends B<ptr> to B<sk> it is equivalent to:
--
-- sk_X509_insert(sk, ptr, -1);
--
--sk_X509_unshift() inserts B<ptr> at the start of B<sk> it is equivalent to:
--
-- sk_X509_insert(sk, ptr, 0);
--
--sk_X509_pop() returns and removes the last element from B<sk>.
--
--sk_X509_shift() returns and removes the first element from B<sk>.
--
--sk_X509_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
--element. The new element value is returned or B<NULL> if an error occurred:
--this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
--
--sk_X509_find() and int sk_X509_find_ex() search B<sk> using the supplied
--comparison function for an element matching B<ptr>. sk_X509_find() returns
--the index of the first matching element or B<-1> if there is no match.
--sk_X509_find_ex() returns a matching element or the nearest element that
--does not match B<ptr>. Note: if a comparison function is set then B<sk> is
--sorted before the search which may change its order. If no comparison
--function is set then a linear search is made for a pointer matching B<ptr>
--and the stack is not reordered.
--
--sk_X509_sort() sorts B<sk> using the supplied comparison function.
--
--sk_X509_is_sorted() returns B<1> if B<sk> is sorted and B<0> otherwise.
--
--sk_X509_dup() returns a copy of B<sk>. Note the pointers in the copy
--are identical to the original.
--
--sk_X509_deep_copy() returns a new stack where each element has been copied.
--Copying is performed by the supplied copyfn() and freeing by freefn(). The
--function freefn() is only called if an error occurs.
--
--=head1 NOTES
--
--This manual page documents the functions which operate on a stack of
--B<X509> pointers. A stack can contain pointers to any structure with B<X509>
--replaced by the appropriate structure name.
--
--Care should be taken when accessing stacks in multi-threaded environments.
--Any operation which increases the size of a stack such as sk_X509_insert() or
--sk_push() can "grow" the size of an internal array and cause race conditions
--if the same stack is accessed in a different thread. Operations such as
--sk_find() and sk_sort() can also reorder the stack.
--
--Any comparison function supplied should use a metric suitable
--for use in a binary search operation. That is it should return zero, a
--positive or negative value if B<a> is equal to, greater than
--or less than B<b> respectively.
--
--Care should be taken when checking the return values of the functions
--sk_X509_find() and sk_X509_find_ex(). They return an index to the
--matching element. In particular B<0> indicates a matching first element.
--A failed search is indicated by a B<-1> return value.
--
--=head1 APPLICATION DEFINED STACKS
--
--Applications can create and use their own stacks by placing any of the macros
--described below in a header file.
--
--DEFINE_STACK_OF(NAME) creates set of functions for a stack of B<NAME>. This
--will mean that type B<NAME> is stored in each stack, the type is referenced by
--STACK_OF(NAME) and each function name begins with sk_NAME_. For example:
--
-- NAME *sk_NAME_value(STACK_OF(NAME) *sk, int idx);
--
--DEFINE_STACK_OF_CONST(NAME) is identical to DEFINE_STACK_OF(NAME) except
--each element is constant for example:
--
-- const NAME *sk_name_value(STACK_OF(NAME) *sk, int idx);
--
--DEFINE_SPECIAL_STACK_OF(FNAME, STNAME) defines a stack of B<STNAME> but
--each function uses B<FNAME>. For example:
--
-- STNAME *sk_FNAME_value(STACK_OF(STNAME) *sk, int idx);
--
--=head1 RETURN VALUES
--
--sk_X509_num() returns the number of elements in the stack or B<-1> if the
--passed stack is B<NULL>.
--
--sk_X509_value() returns a pointer to a stack element or B<NULL> if the
--index is out of range.
--
--sk_X509_new() and sk_X509_new_null() return an empty stack or B<NULL> if
--an error occurs.
--
--sk_X509_set_cmp_func() returns the old comparison function or B<NULL> if
--there was no old comparison function.
--
--sk_X509_free(), sk_X509_zero(), sk_X509_pop_free() and sk_X509_sort() do
--not return values.
--
--sk_X509_pop(), sk_X509_shift(), sk_X509_delete() and sk_X509_delete_ptr()
--return a pointer to the deleted element or B<NULL> on error.
--
--sk_X509_insert(), sk_X509_push() and sk_X509_unshift() return the total
--number of elements in the stack and 0 if an error occurred.
--
--sk_X509_set() returns a pointer to the replacement element or B<NULL> on
--error.
--
--sk_X509_find() and sk_X509_find_ex() return an index to the found element
--or B<-1> on error.
--
--sk_X509_is_sorted() returns B<1> if the stack is sorted and B<0> if it is
--not.
--
--sk_X509_dup() and sk_X509_deep_copy() return a pointer to the copy of the
--stack.
--
--=head1 HISTORY
--
--Use of inline functions and application defined stacks first appeared in
--OpenSSL 1.1.0. Previous versions of OpenSSL implemented stacks as macros.
---- a/doc/crypto/threads.pod
-+++ /dev/null
-@@ -1,82 +0,0 @@
--=pod
--
--=head1 NAME
--
--CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
--CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support
--
--=head1 SYNOPSIS
--
-- #include <openssl/crypto.h>
--
-- CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
-- int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
-- int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
-- int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
-- void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
--
-- int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
--
--=head1 DESCRIPTION
--
--OpenSSL can be safely used in multi-threaded applications provided that
--support for the underlying OS threading API is built-in. Currently, OpenSSL
--supports the pthread and Windows APIs. OpenSSL can also be built without
--any multi-threading support, for example on platforms that don't provide
--any threading support or that provide a threading API that is not yet
--supported by OpenSSL.
--
--The following multi-threading function are provided:
--
--=over 4
--
--=item *
--CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
--lock.
--
--=item *
--CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
--
--=item *
--CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
--
--=item *
--CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
--
--=item *
--CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
--
--=item *
--CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
--result of the operation in B<ret>. B<lock> will be locked, unless atomic
--operations are supported on the specific platform. Because of this, if a
--variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must
--be the only way that the variable is modified.
--
--=back
--
--=head1 RETURN VALUES
--
--CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
--
--CRYPTO_THREAD_lock_frees() returns no value.
--
--The other functions return 1 on success or 0 on error.
--
--=head1 NOTES
--
--You can find out if OpenSSL was configured with thread support:
--
-- #define OPENSSL_THREAD_DEFINES
-- #include <openssl/opensslconf.h>
-- #if defined(OPENSSL_THREADS)
-- // thread support enabled
-- #else
-- // no thread support
-- #endif
--
--=head1 SEE ALSO
--
--L<crypto(3)>
--
--=cut
---- a/doc/crypto/ui.pod
-+++ /dev/null
-@@ -1,186 +0,0 @@
--=pod
--
--=head1 NAME
--
--UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
--UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
--UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
--UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
--UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
--UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
--UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
--
--=head1 SYNOPSIS
--
-- #include <openssl/ui.h>
--
-- typedef struct ui_st UI;
-- typedef struct ui_method_st UI_METHOD;
--
-- UI *UI_new(void);
-- UI *UI_new_method(const UI_METHOD *method);
-- void UI_free(UI *ui);
--
-- int UI_add_input_string(UI *ui, const char *prompt, int flags,
-- char *result_buf, int minsize, int maxsize);
-- int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-- char *result_buf, int minsize, int maxsize);
-- int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-- char *result_buf, int minsize, int maxsize, const char *test_buf);
-- int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-- char *result_buf, int minsize, int maxsize, const char *test_buf);
-- int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-- const char *ok_chars, const char *cancel_chars,
-- int flags, char *result_buf);
-- int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-- const char *ok_chars, const char *cancel_chars,
-- int flags, char *result_buf);
-- int UI_add_info_string(UI *ui, const char *text);
-- int UI_dup_info_string(UI *ui, const char *text);
-- int UI_add_error_string(UI *ui, const char *text);
-- int UI_dup_error_string(UI *ui, const char *text);
--
-- /* These are the possible flags. They can be or'ed together. */
-- #define UI_INPUT_FLAG_ECHO 0x01
-- #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
--
-- char *UI_construct_prompt(UI *ui_method,
-- const char *object_desc, const char *object_name);
--
-- void *UI_add_user_data(UI *ui, void *user_data);
-- void *UI_get0_user_data(UI *ui);
--
-- const char *UI_get0_result(UI *ui, int i);
--
-- int UI_process(UI *ui);
--
-- int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
-- #define UI_CTRL_PRINT_ERRORS 1
-- #define UI_CTRL_IS_REDOABLE 2
--
-- void UI_set_default_method(const UI_METHOD *meth);
-- const UI_METHOD *UI_get_default_method(void);
-- const UI_METHOD *UI_get_method(UI *ui);
-- const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
--
-- UI_METHOD *UI_OpenSSL(void);
--
--=head1 DESCRIPTION
--
--UI stands for User Interface, and is general purpose set of routines to
--prompt the user for text-based information. Through user-written methods
--(see L<ui_create(3)>), prompting can be done in any way
--imaginable, be it plain text prompting, through dialog boxes or from a
--cell phone.
--
--All the functions work through a context of the type UI. This context
--contains all the information needed to prompt correctly as well as a
--reference to a UI_METHOD, which is an ordered vector of functions that
--carry out the actual prompting.
--
--The first thing to do is to create a UI with UI_new() or UI_new_method(),
--then add information to it with the UI_add or UI_dup functions. Also,
--user-defined random data can be passed down to the underlying method
--through calls to UI_add_user_data. The default UI method doesn't care
--about these data, but other methods might. Finally, use UI_process()
--to actually perform the prompting and UI_get0_result() to find the result
--to the prompt.
--
--A UI can contain more than one prompt, which are performed in the given
--sequence. Each prompt gets an index number which is returned by the
--UI_add and UI_dup functions, and has to be used to get the corresponding
--result with UI_get0_result().
--
--The functions are as follows:
--
--UI_new() creates a new UI using the default UI method. When done with
--this UI, it should be freed using UI_free().
--
--UI_new_method() creates a new UI using the given UI method. When done with
--this UI, it should be freed using UI_free().
--
--UI_OpenSSL() returns the built-in UI method (note: not the default one,
--since the default can be changed. See further on). This method is the
--most machine/OS dependent part of OpenSSL and normally generates the
--most problems when porting.
--
--UI_free() removes a UI from memory, along with all other pieces of memory
--that's connected to it, like duplicated input strings, results and others.
--If B<ui> is NULL nothing is done.
--
--UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
--as well as flags and a result buffer and the desired minimum and maximum
--sizes of the result. The given information is used to prompt for
--information, for example a password, and to verify a password (i.e. having
--the user enter it twice and check that the same string was entered twice).
--UI_add_verify_string() takes and extra argument that should be a pointer
--to the result buffer of the input string that it's supposed to verify, or
--verification will fail.
--
--UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
--in a boolean way, with a single character for yes and a different character
--for no. A set of characters that can be used to cancel the prompt is given
--as well. The prompt itself is divided in two, one part being the
--descriptive text (given through the I<prompt> argument) and one describing
--the possible answers (given through the I<action_desc> argument).
--
--UI_add_info_string() and UI_add_error_string() add strings that are shown at
--the same time as the prompt for extra information or to show an error string.
--The difference between the two is only conceptual. With the builtin method,
--there's no technical difference between them. Other methods may make a
--difference between them, however.
--
--The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
--UI_add_input_string() and will have the users response be echoed (when
--prompting for a password, this flag should obviously not be used, and
--UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
--sort will be used (completely depending on the application and the UI
--method).
--
--UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
--UI_dup_info_string() and UI_dup_error_string() are basically the same
--as their UI_add counterparts, except that they make their own copies
--of all strings.
--
--UI_construct_prompt() is a helper function that can be used to create
--a prompt from two pieces of information: an description and a name.
--The default constructor (if there is none provided by the method used)
--creates a string "Enter I<description> for I<name>:". With the
--description "pass phrase" and the file name "foo.key", that becomes
--"Enter pass phrase for foo.key:". Other methods may create whatever
--string and may include encodings that will be processed by the other
--method functions.
--
--UI_add_user_data() adds a piece of memory for the method to use at any
--time. The builtin UI method doesn't care about this info. Note that several
--calls to this function doesn't add data, it replaces the previous blob
--with the one given as argument.
--
--UI_get0_user_data() retrieves the data that has last been given to the
--UI with UI_add_user_data().
--
--UI_get0_result() returns a pointer to the result buffer associated with
--the information indexed by I<i>.
--
--UI_process() goes through the information given so far, does all the printing
--and prompting and returns.
--
--UI_ctrl() adds extra control for the application author. For now, it
--understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
--print the OpenSSL error stack as part of processing the UI, and
--UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
--be used again or not.
--
--UI_set_default_method() changes the default UI method to the one given.
--
--UI_get_default_method() returns a pointer to the current default UI method.
--
--UI_get_method() returns the UI method associated with a given UI.
--
--UI_set_method() changes the UI method associated with a given UI.
--
--=head1 SEE ALSO
--
--L<ui_create(3)>, L<ui_compat(3)>
--
--=cut
---- a/doc/crypto/x509.pod
-+++ b/doc/crypto/x509.pod
-@@ -1,5 +1,7 @@
- =pod
-
-+=for comment openssl_manual_section:7
-+
- =head1 NAME
-
- x509 - X.509 certificate handling
-@@ -61,4 +63,13 @@ L<d2i_X509_SIG(3)>,
- L<crypto(3)>,
- L<x509v3(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/DTLSv1_listen.pod
-+++ b/doc/ssl/DTLSv1_listen.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--DTLSv1_listen - listen for incoming DTLS connections.
-+DTLSv1_listen - listen for incoming DTLS connections
-
- =head1 SYNOPSIS
-
-@@ -90,4 +90,13 @@ L<ssl(3)>, L<bio(3)>
- DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer"
- also changed in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/OPENSSL_init_ssl.pod
-+++ b/doc/ssl/OPENSSL_init_ssl.pod
-@@ -72,4 +72,13 @@ L<OPENSSL_init_crypto(3)>
-
- The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CIPHER_get_name.pod
-+++ b/doc/ssl/SSL_CIPHER_get_name.pod
-@@ -2,7 +2,11 @@
-
- =head1 NAME
-
--SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
-+SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_kx_nid,
-+SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead,
-+SSL_CIPHER_get_name, SSL_CIPHER_get_bits,
-+SSL_CIPHER_get_version, SSL_CIPHER_description
-+- get SSL_CIPHER properties
-
- =head1 SYNOPSIS
-
-@@ -112,4 +116,13 @@ rather than a fixed string, in OpenSSL 1
- L<ssl(3)>, L<SSL_get_current_cipher(3)>,
- L<SSL_get_ciphers(3)>, L<ciphers(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_COMP_add_compression_method.pod
-+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
-@@ -26,7 +26,7 @@ It cannot be set for specific SSL_CTX or
- In versions of OpenSSL prior to 1.1.0 SSL_COMP_free_compression_methods() freed
- the internal table of compression methods that were built internally, and
- possibly augmented by adding SSL_COMP_add_compression_method(). However this is
--now unncessary from version 1.1.0. No explicit initialisation or
-+now unnecessary from version 1.1.0. No explicit initialisation or
- de-initialisation is necessary. See L<OPENSSL_init_crypto(3)> and
- L<OPENSSL_init_ssl(3)>. From OpenSSL 1.1.0 calling this function does nothing.
-
-@@ -84,4 +84,13 @@ L<ssl(3)>
-
- SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CONF_CTX_new.pod
-+++ b/doc/ssl/SSL_CONF_CTX_new.pod
-@@ -38,4 +38,13 @@ L<SSL_CONF_cmd_argv(3)>
-
- These functions were first added to OpenSSL 1.0.2
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
-+++ b/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
-@@ -20,7 +20,7 @@ to B<prefix>. If B<prefix> is B<NULL> it
- Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd()
- calls. For example for files, if the prefix "SSL" is set then command names
- such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol"
--and "Options". Similarly for command lines if the prefix is "--ssl-" then
-+and "Options". Similarly for command lines if the prefix is "--ssl-" then
- "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2".
-
- If the B<SSL_CONF_FLAG_CMDLINE> flag is set then prefix checks are case
-@@ -46,4 +46,13 @@ L<SSL_CONF_cmd_argv(3)>
-
- These functions were first added to OpenSSL 1.0.2
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CONF_CTX_set_flags.pod
-+++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod
-@@ -72,4 +72,13 @@ L<SSL_CONF_cmd_argv(3)>
-
- These functions were first added to OpenSSL 1.0.2
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
-+++ b/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
-@@ -44,4 +44,13 @@ L<SSL_CONF_cmd_argv(3)>
-
- These functions were first added to OpenSSL 1.0.2
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CONF_cmd.pod
-+++ b/doc/ssl/SSL_CONF_cmd.pod
-@@ -2,6 +2,7 @@
-
- =head1 NAME
-
-+SSL_CONF_cmd_value_type, SSL_CONF_finish,
- SSL_CONF_cmd - send configuration command
-
- =head1 SYNOPSIS
-@@ -123,8 +124,8 @@ than the deprecated alternative commands
- =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the
--corresponding options B<SSL_OP_NO_SSL3>, B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1>
--and B<SSL_OP_NO_TLS1_2> respectively.
-+corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>
-+and B<SSL_OP_NO_TLSv1_2> respectively.
- These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>.
-
- =item B<-bugs>
-@@ -465,7 +466,7 @@ pathname to an absolute pathname.
-
- SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
-
--There are various ways to select the supported procotols.
-+There are various ways to select the supported protocols.
-
- This set the minimum protocol version to TLSv1, and so disables SSLv3.
- This is the recommended way to disable protocols.
-@@ -550,4 +551,13 @@ B<SSL_CONF_TYPE_UNKNOWN>.
-
- B<MinProtocol> and B<MaxProtocol> where added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CONF_cmd_argv.pod
-+++ b/doc/ssl/SSL_CONF_cmd_argv.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SSL_CONF_cmd_argv - SSL configuration command line processing.
-+SSL_CONF_cmd_argv - SSL configuration command line processing
-
- =head1 SYNOPSIS
-
-@@ -39,4 +39,13 @@ L<SSL_CONF_cmd(3)>
-
- These functions were first added to OpenSSL 1.0.2
-
-+=head1 COPYRIGHT
-+
-+Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_add1_chain_cert.pod
-+++ b/doc/ssl/SSL_CTX_add1_chain_cert.pod
-@@ -146,4 +146,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>
-
- These functions were first added to OpenSSL 1.0.2.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
-+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
-@@ -68,4 +68,13 @@ L<SSL_add1_chain_cert(3)>
- L<SSL_CTX_build_cert_chain(3)>
- L<SSL_build_cert_chain(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_add_session.pod
-+++ b/doc/ssl/SSL_CTX_add_session.pod
-@@ -59,7 +59,7 @@ over the sessions that can be resumed if
- session was not found in the cache.
-
- =item Z<>1
--
-+
- The operation succeeded.
-
- =back
-@@ -70,4 +70,13 @@ L<ssl(3)>,
- L<SSL_CTX_set_session_cache_mode(3)>,
- L<SSL_SESSION_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_config.pod
-+++ b/doc/ssl/SSL_CTX_config.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure.
-+SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure
-
- =head1 SYNOPSIS
-
-@@ -81,4 +81,13 @@ L<CONF_modules_load_file(3)>
-
- SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_ctrl.pod
-+++ b/doc/ssl/SSL_CTX_ctrl.pod
-@@ -31,4 +31,13 @@ supplied via the B<cmd> parameter.
-
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_dane_enable.pod
-+++ b/doc/ssl/SSL_CTX_dane_enable.pod
-@@ -3,7 +3,9 @@
- =head1 NAME
-
- SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable,
--SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa -
-+SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa
-+SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags,
-+SSL_dane_set_flags, SSL_dane_clear_flags -
- enable DANE TLS authentication of the remote TLS server in the local
- TLS client
-
-@@ -21,6 +23,10 @@ TLS client
- int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
- uint8_t *mtype, unsigned const char **data,
- size_t *dlen);
-+ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
-+ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
-+ unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
-+ unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
-
- =head1 DESCRIPTION
-
-@@ -71,11 +77,17 @@ The arguments specify the fields of the
- The B<data> field is provided in binary (wire RDATA) form, not the hexadecimal
- ASCII presentation form, with an explicit length passed via B<dlen>.
- A return value of 0 indicates that "unusable" TLSA records (with invalid or
--unsupported parameters) were provided, a negative return value indicates an
--internal error in processing the records.
--If DANE authentication is enabled, but no TLSA records are added successfully,
--authentication will fail, and the handshake may not complete, depending on the
--B<mode> argument of L<SSL_set_verify(3)> and any verification callback.
-+unsupported parameters) were provided.
-+A negative return value indicates an internal error in processing the record.
-+
-+The caller is expected to check the return value of each SSL_dane_tlsa_add()
-+call and take appropriate action if none are usable or an internal error
-+is encountered in processing some records.
-+
-+If no TLSA records are added successfully, DANE authentication is not enabled,
-+and authentication will be based on any configured traditional trust-anchors;
-+authentication success in this case does not mean that the peer was
-+DANE-authenticated.
-
- SSL_get0_dane_authority() can be used to get more detailed information about
- the matched DANE trust-anchor after successful connection completion.
-@@ -118,6 +130,33 @@ The B<data> parameter is set to a short-
- data field and must not be freed by the application.
- Applications that need long-term access to this field need to copy the content.
-
-+SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable
-+optional DANE verification features.
-+SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable
-+the same features.
-+The B<flags> argument is a bitmask of the features to enable or disable.
-+The B<flags> set for an B<SSL_CTX> context are copied to each B<SSL> handle
-+associated with that context at the time the handle is created.
-+Subsequent changes in the context's B<flags> have no effect on the B<flags> set
-+for the handle.
-+
-+At present, the only available option is B<DANE_FLAG_NO_DANE_EE_NAMECHECKS>
-+which can be used to disable server name checks when authenticating via
-+DANE-EE(3) TLSA records.
-+For some applications, primarily web browsers, it is not safe to disable name
-+checks due to "unknown key share" attacks, in which a malicious server can
-+convince a client that a connection to a victim server is instead a secure
-+connection to the malicious server.
-+The malicious server may then be able to violate cross-origin scripting
-+restrictions.
-+Thus, despite the text of RFC7671, name checks are by default enabled for
-+DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
-+to do so.
-+In particular, SMTP and XMPP clients should set this option as SRV and MX
-+records already make it possible for a remote domain to redirect client
-+connections to any server of its choice, and in any case SMTP and XMPP clients
-+do not execute scripts downloaded from remote servers.
-+
- =head1 RETURN VALUES
-
- The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(),
-@@ -136,6 +175,10 @@ non-negative value indicates the chain d
- chain certificate, or the depth of the top-most certificate, when the TLSA
- record is a full public key that is its signer.
-
-+The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(),
-+SSL_dane_set_flags() and SSL_dane_clear_flags() return the B<flags> in effect
-+before they were called.
-+
- =head1 EXAMPLE
-
- Suppose "smtp.example.com" is the MX host of the domain "example.com", and has
-@@ -149,6 +192,7 @@ the lifetime of the SSL connection.
-
- SSL_CTX *ctx;
- SSL *ssl;
-+ int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
- int num_usable = 0;
- const char *nexthop_domain = "example.com";
- const char *dane_tlsa_domain = "smtp.example.com";
-@@ -164,6 +208,14 @@ the lifetime of the SSL connection.
-
- if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
- /* handle error */
-+
-+ /*
-+ * For many applications it is safe to skip DANE-EE(3) namechecks. Do not
-+ * disable the checks unless "unknown key share" attacks pose no risk for
-+ * your application.
-+ */
-+ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
-+
- if (!SSL_add1_host(ssl, nexthop_domain))
- /* handle error */
- SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-@@ -175,11 +227,19 @@ the lifetime of the SSL connection.
-
- /* set usage, selector, mtype, data, len */
-
-- /* Opportunistic DANE TLS clients treat usages 0, 1 as unusable. */
-+ /*
-+ * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
-+ * They treat all other certificate usages, and in particular PKIX-TA(0)
-+ * and PKIX-EE(1), as unusable.
-+ */
- switch (usage) {
-+ default:
- case 0: /* PKIX-TA(0) */
- case 1: /* PKIX-EE(1) */
- continue;
-+ case 2: /* DANE-TA(2) */
-+ case 3: /* DANE-EE(3) */
-+ break;
- }
-
- ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
-@@ -194,16 +254,29 @@ the lifetime of the SSL connection.
- }
-
- /*
-+ * At this point, the verification mode is still the default SSL_VERIFY_NONE.
- * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
- * are unusable, so continue the handshake even if authentication fails.
- */
- if (num_usable == 0) {
-- int (*cb)(int ok, X509_STORE_CTX *sctx) = NULL;
--
- /* Log all records unusable? */
-- /* Set cb to a non-NULL callback of your choice? */
-
-- SSL_set_verify(ssl, SSL_VERIFY_NONE, cb);
-+ /* Optionally set verify_cb to a suitable non-NULL callback. */
-+ SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
-+ } else {
-+ /* At least one usable record. We expect to verify the peer */
-+
-+ /* Optionally set verify_cb to a suitable non-NULL callback. */
-+
-+ /*
-+ * Below we elect to fail the handshake when peer verification fails.
-+ * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
-+ * complete the handshake, check the verification status, and if not
-+ * verified disconnect gracefully at the application layer, especially if
-+ * application protocol supports informing the server that authentication
-+ * failed.
-+ */
-+ SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
- }
-
- /*
-@@ -240,14 +313,14 @@ the lifetime of the SSL connection.
- }
- if (peername != NULL) {
- /* Name checks were in scope and matched the peername */
-- printf(bio, "Verified peername: %s\n", peername);
-+ printf("Verified peername: %s\n", peername);
- }
- } else {
- /*
- * Not authenticated, presumably all TLSA rrs unusable, but possibly a
-- * callback suppressed connection termination despite presence of TLSA
-- * usable RRs none of which matched. Do whatever is appropriate for
-- * unauthenticated connections.
-+ * callback suppressed connection termination despite the presence of
-+ * usable TLSA RRs none of which matched. Do whatever is appropriate for
-+ * fresh unauthenticated connections.
- */
- }
-
-@@ -265,7 +338,7 @@ them among the TLSA records used to auth
- In addition, some TLSA records with supported usages may be "unusable" as a
- result of invalid or unsupported parameters.
-
--When a peer has TLSA records, but none are "usable", an opportunistic
-+When a peer has TLSA records, but none are "usable", an opportunistic
- application must avoid cleartext, but cannot authenticate the peer,
- and so should generally proceed with an unauthenticated connection.
- Opportunistic applications need to note the return value of each
-@@ -297,4 +370,13 @@ L<EVP_PKEY_free(3)>
-
- These functions were first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_flush_sessions.pod
-+++ b/doc/ssl/SSL_CTX_flush_sessions.pod
-@@ -26,7 +26,7 @@ As sessions will not be reused ones they
- removed from the cache to save resources. This can either be done
- automatically whenever 255 new sessions were established (see
- L<SSL_CTX_set_session_cache_mode(3)>)
--or manually by calling SSL_CTX_flush_sessions().
-+or manually by calling SSL_CTX_flush_sessions().
-
- The parameter B<tm> specifies the time which should be used for the
- expiration test, in most cases the actual time given by time(0)
-@@ -37,8 +37,6 @@ cache. When a session is found and remov
- called to synchronize with the external cache (see
- L<SSL_CTX_sess_set_get_cb(3)>).
-
--=head1 RETURN VALUES
--
- =head1 SEE ALSO
-
- L<ssl(3)>,
-@@ -46,4 +44,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
- L<SSL_CTX_set_timeout(3)>,
- L<SSL_CTX_sess_set_get_cb(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_free.pod
-+++ b/doc/ssl/SSL_CTX_free.pod
-@@ -39,4 +39,13 @@ SSL_CTX_free() does not provide diagnost
- L<SSL_CTX_new(3)>, L<ssl(3)>,
- L<SSL_CTX_sess_set_get_cb(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_get0_param.pod
-+++ b/doc/ssl/SSL_CTX_get0_param.pod
-@@ -52,4 +52,13 @@ L<X509_VERIFY_PARAM_set_flags(3)>
-
- These functions were first added to OpenSSL 1.0.2.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_get_verify_mode.pod
-+++ b/doc/ssl/SSL_CTX_get_verify_mode.pod
-@@ -47,4 +47,13 @@ See DESCRIPTION
-
- L<ssl(3)>, L<SSL_CTX_set_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_has_client_custom_ext.pod
-+++ b/doc/ssl/SSL_CTX_has_client_custom_ext.pod
-@@ -25,4 +25,13 @@ Returns 1 if a handler has been set, 0 o
- L<ssl(3)>,
- L<SSL_CTX_add_client_custom_ext(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_load_verify_locations.pod
-+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
-@@ -2,8 +2,9 @@
-
- =head1 NAME
-
--SSL_CTX_load_verify_locations - set default locations for trusted CA
--certificates
-+SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths,
-+SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file - set
-+default locations for trusted CA certificates
-
- =head1 SYNOPSIS
-
-@@ -24,9 +25,13 @@ SSL_CTX_load_verify_locations() specifie
- which CA certificates for verification purposes are located. The certificates
- available via B<CAfile> and B<CApath> are trusted.
-
--SSL_CTX_set_default_verify_paths() specifies that the default locations for
-+SSL_CTX_set_default_verify_paths() specifies that the default locations from
- which CA certificates are loaded should be used. There is one default directory
--and one default file.
-+and one default file. The default CA certificates directory is called "certs" in
-+the default OpenSSL directory. Alternatively the SSL_CERT_DIR environment
-+variable can be defined to override this location. The default CA certificates
-+file is called "cert.pem" in the default OpenSSL directory. Alternatively the
-+SSL_CERT_FILE environment variable can be defined to override this location.
-
- SSL_CTX_set_default_verify_dir() is similar to
- SSL_CTX_set_default_verify_paths() except that just the default directory is
-@@ -144,4 +149,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>,
- L<SSL_CTX_set_cert_store(3)>,
- L<SSL_CTX_set_client_CA_list(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_new.pod
-+++ b/doc/ssl/SSL_CTX_new.pod
-@@ -2,14 +2,15 @@
-
- =head1 NAME
-
-+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
- SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
- SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method,
- TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
- TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
- SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
- DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
--DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method -
--create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
-+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method
-+- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
- functions
-
- =head1 SYNOPSIS
-@@ -17,15 +18,15 @@ functions
- #include <openssl/ssl.h>
-
- SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
-- void SSL_CTX_up_ref(SSL_CTX *ctx);
-+ int SSL_CTX_up_ref(SSL_CTX *ctx);
-
- const SSL_METHOD *TLS_method(void);
- const SSL_METHOD *TLS_server_method(void);
- const SSL_METHOD *TLS_client_method(void);
-
-- #define SSLv23_method TLS_method
-- #define SSLv23_server_method TLS_server_method
-- #define SSLv23_client_method TLS_client_method
-+ const SSL_METHOD *SSLv23_method(void);
-+ const SSL_METHOD *SSLv23_server_method(void);
-+ const SSL_METHOD *SSLv23_client_method(void);
-
- #ifndef OPENSSL_NO_SSL3_METHOD
- const SSL_METHOD *SSLv3_method(void);
-@@ -184,6 +185,8 @@ the reason.
-
- The return value points to an allocated SSL_CTX object.
-
-+SSL_CTX_up_ref() returns 1 for success and 0 for failure.
-+
- =back
-
- =head1 HISTORY
-@@ -201,6 +204,15 @@ All version-specific methods were deprec
- =head1 SEE ALSO
-
- L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<SSL_accept(3)>,
--L<SSL_CTX_set_min_proto_version(3)>, L<ssl(3)>, L<SSL_set_connect_state(3)>
-+L<SSL_CTX_set_min_proto_version(3)>, L<ssl(3)>, L<SSL_set_connect_state(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/ssl/SSL_CTX_sess_number.pod
-+++ b/doc/ssl/SSL_CTX_sess_number.pod
-@@ -73,4 +73,13 @@ L<ssl(3)>, L<SSL_set_session(3)>,
- L<SSL_CTX_set_session_cache_mode(3)>
- L<SSL_CTX_sess_set_cache_size(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_sess_set_cache_size.pod
-+++ b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
-@@ -50,4 +50,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
- L<SSL_CTX_sess_number(3)>,
- L<SSL_CTX_flush_sessions(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod
-+++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
-@@ -9,11 +9,11 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_se
- #include <openssl/ssl.h>
-
- void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-- int (*new_session_cb)(SSL *, SSL_SESSION *));
-+ int (*new_session_cb)(SSL *, SSL_SESSION *));
- void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-- void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
-+ void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
- void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-- SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *));
-+ SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *));
-
- int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
- void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-@@ -22,7 +22,7 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_se
- int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
- void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
-- int len, int *copy);
-+ int len, int *copy);
-
- =head1 DESCRIPTION
-
-@@ -84,4 +84,13 @@ L<SSL_CTX_flush_sessions(3)>,
- L<SSL_SESSION_free(3)>,
- L<SSL_CTX_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_sessions.pod
-+++ b/doc/ssl/SSL_CTX_sessions.pod
-@@ -31,4 +31,13 @@ L<ssl(3)>, L<lhash(3)>,
- L<SSL_CTX_add_session(3)>,
- L<SSL_CTX_set_session_cache_mode(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set1_curves.pod
-+++ b/doc/ssl/SSL_CTX_set1_curves.pod
-@@ -23,7 +23,7 @@ SSL_set1_curves_list, SSL_get1_curves, S
- SSL_CTX_set1_curves() sets the supported curves for B<ctx> to B<clistlen>
- curves in the array B<clist>. The array consist of all NIDs of curves in
- preference order. For a TLS client the curves are used directly in the
--supported curves extension. For a TLS server the curves are used to
-+supported curves extension. For a TLS server the curves are used to
- determine the set of shared curves.
-
- SSL_CTX_set1_curves_list() sets the supported curves for B<ctx> to
-@@ -34,7 +34,7 @@ SSL_set1_curves() and SSL_set1_curves_li
- supported curves for the SSL structure B<ssl>.
-
- SSL_get1_curves() returns the set of supported curves sent by a client
--in the supported curves extension. It returns the total number of
-+in the supported curves extension. It returns the total number of
- supported curves. The B<curves> parameter can be B<NULL> to simply
- return the number of curves for memory allocation purposes. The
- B<curves> array is in the form of a set of curve NIDs in preference
-@@ -78,4 +78,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>
-
- These functions were first added to OpenSSL 1.0.2.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set1_sigalgs.pod
-+++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod
-@@ -101,4 +101,13 @@ All these functions return 1 for success
- L<ssl(3)>, L<SSL_get_shared_sigalgs(3)>,
- L<SSL_CONF_CTX_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
-+++ b/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
-@@ -54,7 +54,7 @@ any client certificate chain.
- The chain store is used to build the certificate chain.
-
- If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is
--configured already (for example using the functions such as
-+configured already (for example using the functions such as
- L<SSL_CTX_add1_chain_cert(3)> or
- L<SSL_CTX_add_extra_chain_cert(3)>) then
- automatic chain building is disabled.
-@@ -88,4 +88,13 @@ L<SSL_build_cert_chain(3)>
-
- These functions were first added to OpenSSL 1.0.2.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
-+++ b/doc/ssl/SSL_CTX_set_alpn_select_cb.pod
-@@ -44,7 +44,8 @@ the application callback.
- B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
- vector in protocol-list format. The value of the B<out>, B<outlen> vector
- should be set to the value of a single protocol selected from the B<in>,
--B<inlen> vector. The B<arg> parameter is the pointer set via
-+B<inlen> vector. The B<out> buffer may point directly into B<in>, or to a
-+buffer that outlives the handshake. The B<arg> parameter is the pointer set via
- SSL_CTX_set_alpn_select_cb().
-
- SSL_select_next_proto() is a helper function used to select protocols. It
-@@ -123,4 +124,13 @@ ALPN protocol not selected.
- L<ssl(3)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
- L<SSL_CTX_set_tlsext_servername_arg(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_cert_cb.pod
-+++ b/doc/ssl/SSL_CTX_set_cert_cb.pod
-@@ -65,4 +65,13 @@ L<SSL_add1_chain_cert(3)>,
- L<SSL_get_client_CA_list(3)>,
- L<SSL_clear(3)>, L<SSL_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_cert_store.pod
-+++ b/doc/ssl/SSL_CTX_set_cert_store.pod
-@@ -46,7 +46,7 @@ X509_STORE object and its handling becom
-
- The X509_STORE structure used by an SSL_CTX is used for verifying peer
- certificates and building certificate chains, it is also shared by
--every child SSL structure. Applications wanting finer control can use
-+every child SSL structure. Applications wanting finer control can use
- functions such as SSL_CTX_set1_verify_cert_store() instead.
-
- =head1 RETURN VALUES
-@@ -61,4 +61,13 @@ L<ssl(3)>,
- L<SSL_CTX_load_verify_locations(3)>,
- L<SSL_CTX_set_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
-+++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
-@@ -8,7 +8,7 @@ SSL_CTX_set_cert_verify_callback - set p
-
- #include <openssl/ssl.h>
-
-- void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
-+ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *, void *), void *arg);
-
- =head1 DESCRIPTION
-
-@@ -26,7 +26,7 @@ SSL_CTX_set_cert_verify_callback(), the
- instead. By setting I<callback> to NULL, the default behaviour is restored.
-
- When the verification must be performed, I<callback> will be called with
--the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
-+the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
- argument I<arg> is specified by the application when setting I<callback>.
-
- I<callback> should return 1 to indicate verification success and 0 to
-@@ -35,7 +35,7 @@ returns 0, the handshake will fail. As t
- allow to continue the connection in case of failure (by always returning 1)
- the verification result must be set in any case using the B<error>
- member of I<x509_store_ctx> so that the calling application will be informed
--about the detailed result of the verification procedure!
-+about the detailed result of the verification procedure!
-
- Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
- function set using L<SSL_CTX_set_verify(3)>.
-@@ -54,8 +54,6 @@ the B<verify_callback> function.
-
- =head1 BUGS
-
--=head1 RETURN VALUES
--
- SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
-
- =head1 SEE ALSO
-@@ -64,4 +62,13 @@ L<ssl(3)>, L<SSL_CTX_set_verify(3)>,
- L<SSL_get_verify_result(3)>,
- L<SSL_CTX_load_verify_locations(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_cipher_list.pod
-+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
-@@ -62,4 +62,13 @@ L<SSL_CTX_use_certificate(3)>,
- L<SSL_CTX_set_tmp_dh_callback(3)>,
- L<ciphers(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
-@@ -9,7 +9,7 @@ client certificate
- =head1 SYNOPSIS
-
- #include <openssl/ssl.h>
--
-+
- void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
- void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
- int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
-@@ -42,7 +42,7 @@ This list must explicitly be set using S
- B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
- specified overrides the previous setting. The CAs listed do not become
- trusted (B<list> only contains the names, not the complete certificates); use
--L<SSL_CTX_load_verify_locations(3)>
-+L<SSL_CTX_load_verify_locations(3)>
- to additionally load them for verification.
-
- If the list of acceptable CAs is compiled in a file, the
-@@ -82,7 +82,7 @@ The operation succeeded.
-
- Scan all certificates in B<CAfile> and list them as acceptable CAs:
-
-- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
-+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-
- =head1 SEE ALSO
-
-@@ -91,4 +91,13 @@ L<SSL_get_client_CA_list(3)>,
- L<SSL_load_client_CA_file(3)>,
- L<SSL_CTX_load_verify_locations(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_client_cert_cb.pod
-+++ b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
-@@ -91,4 +91,13 @@ L<SSL_CTX_add_extra_chain_cert(3)>,
- L<SSL_get_client_CA_list(3)>,
- L<SSL_clear(3)>, L<SSL_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
-+++ b/doc/ssl/SSL_CTX_set_ct_validation_callback.pod
-@@ -33,21 +33,29 @@ The behaviour of the callback is determi
- which can be either of B<SSL_CT_VALIDATION_PERMISSIVE> or
- B<SSL_CT_VALIDATION_STRICT> as described below.
-
-+If B<validation_mode> is equal to B<SSL_CT_VALIDATION_STRICT>, then in a full
-+TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
-+presents no valid SCTs the handshake will be aborted.
-+If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
-+despite lack of valid SCTs.
-+However, in that case if the verification status before the built-in callback
-+was B<X509_V_OK> it will be set to B<X509_V_ERR_NO_VALID_SCTS> after the
-+callback.
-+Applications can call L<SSL_get_verify_result(3)> to check the status at
-+handshake completion, even after session resumption since the verification
-+status is part of the saved session state.
-+See L<SSL_set_verify(3)>, <SSL_get_verify_result(3)>, L<SSL_session_reused(3)>.
-+
- If B<validation_mode> is equal to B<SSL_CT_VALIDATION_PERMISSIVE>, then the
--handshake continues regardless of the validation status of any SCTs.
--The application can inspect the validation status of the SCTs at handshake
--completion.
-+handshake continues, and the verification status is not modified, regardless of
-+the validation status of any SCTs.
-+The application can still inspect the validation status of the SCTs at
-+handshake completion.
- Note that with session resumption there will not be any SCTs presented during
- the handshake.
- Therefore, in applications that delay SCT policy enforcement until after
--handshake completion, SCT checks should only be performed when the session is
--not reused.
--See L<SSL_session_reused(3)>.
--
--If B<validation_mode> is equal to B<SSL_CT_VALIDATION_STRICT>, then in a full
--TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
--presents no valid SCTs the handshake will be aborted.
--See L<SSL_set_verify(3)>.
-+handshake completion, such delayed SCT checks should only be performed when the
-+session is not resumed.
-
- SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback()
- register a custom callback that may implement a different policy than either of
-@@ -112,9 +120,19 @@ callback) is set.
- =head1 SEE ALSO
-
- L<ssl(3)>,
-+<SSL_get_verify_result(3)>,
- L<SSL_session_reused(3)>,
- L<SSL_set_verify(3)>,
- L<SSL_CTX_set_verify(3)>,
- L<ssl_ct_validation_cb(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
-+++ b/doc/ssl/SSL_CTX_set_ctlog_list_file.pod
-@@ -51,4 +51,13 @@ the case of an error, the log list may h
- L<ssl(3)>,
- L<ssl_ct_validation_cb(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
-+++ /dev/null
-@@ -1,133 +0,0 @@
--=pod
--
--=head1 NAME
--
--SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext - custom TLS extension handling
--
--=head1 SYNOPSIS
--
-- #include <openssl/ssl.h>
--
-- int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-- custom_ext_add_cb add_cb,
-- custom_ext_free_cb free_cb, void *add_arg,
-- custom_ext_parse_cb parse_cb,
-- void *parse_arg);
--
-- int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-- custom_ext_add_cb add_cb,
-- custom_ext_free_cb free_cb, void *add_arg,
-- custom_ext_parse_cb parse_cb,
-- void *parse_arg);
--
-- int SSL_extension_supported(unsigned int ext_type);
--
-- typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
-- const unsigned char **out,
-- size_t *outlen, int *al,
-- void *add_arg);
--
-- typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
-- const unsigned char *out,
-- void *add_arg);
--
-- typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
-- const unsigned char *in,
-- size_t inlen, int *al,
-- void *parse_arg);
--
--
--=head1 DESCRIPTION
--
--SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS client
--with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
--B<parse_cb>.
--
--SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS server
--with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
--B<parse_cb>.
--
--In both cases the extension type must not be handled by OpenSSL internally
--or an error occurs.
--
--SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
--internally by OpenSSL and 0 otherwise.
--
--=head1 EXTENSION CALLBACKS
--
--The callback B<add_cb> is called to send custom extension data to be
--included in ClientHello for TLS clients or ServerHello for servers. The
--B<ext_type> parameter is set to the extension type which will be added and
--B<add_arg> to the value set when the extension handler was added.
--
--If the application wishes to include the extension B<ext_type> it should
--set B<*out> to the extension data, set B<*outlen> to the length of the
--extension data and return 1.
--
--If the B<add_cb> does not wish to include the extension it must return 0.
--
--If B<add_cb> returns -1 a fatal handshake error occurs using the TLS
--alert value specified in B<*al>.
--
--For clients (but not servers) if B<add_cb> is set to NULL a zero length
--extension is added for B<ext_type>.
--
--For clients every registered B<add_cb> is always called to see if the
--application wishes to add an extension to ClientHello.
--
--For servers every registered B<add_cb> is called once if and only if the
--corresponding extension was received in ClientHello to see if the application
--wishes to add the extension to ServerHello. That is, if no corresponding extension
--was received in ClientHello then B<add_cb> will not be called.
--
--If an extension is added (that is B<add_cb> returns 1) B<free_cb> is called
--(if it is set) with the value of B<out> set by the add callback. It can be
--used to free up any dynamic extension data set by B<add_cb>. Since B<out> is
--constant (to permit use of constant data in B<add_cb>) applications may need to
--cast away const to free the data.
--
--The callback B<parse_cb> receives data for TLS extensions. For TLS clients
--the extension data will come from ServerHello and for TLS servers it will
--come from ClientHello.
--
--The extension data consists of B<inlen> bytes in the buffer B<in> for the
--extension B<extension_type>.
--
--If the B<parse_cb> considers the extension data acceptable it must return
--1. If it returns 0 or a negative value a fatal handshake error occurs
--using the TLS alert value specified in B<*al>.
--
--The buffer B<in> is a temporary internal buffer which will not be valid after
--the callback returns.
--
--=head1 NOTES
--
--The B<add_arg> and B<parse_arg> parameters can be set to arbitrary values
--which will be passed to the corresponding callbacks. They can, for example,
--be used to store the extension data received in a convenient structure or
--pass the extension data to be added or freed when adding extensions.
--
--The B<ext_type> parameter corresponds to the B<extension_type> field of
--RFC5246 et al. It is B<not> a NID.
--
--If the same custom extension type is received multiple times a fatal
--B<decode_error> alert is sent and the handshake aborts. If a custom extension
--is received in ServerHello which was not sent in ClientHello a fatal
--B<unsupported_extension> alert is sent and the handshake is aborted. The
--ServerHello B<add_cb> callback is only called if the corresponding extension
--was received in ClientHello. This is compliant with the TLS specifications.
--This behaviour ensures that each callback is called at most once and that
--an application can never send unsolicited extensions.
--
--=head1 RETURN VALUES
--
--SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for
--success and 0 for failure. A failure can occur if an attempt is made to
--add the same B<ext_type> more than once, if an attempt is made to use an
--extension type handled internally by OpenSSL or if an internal error occurs
--(for example a memory allocation failure).
--
--SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
--internally by OpenSSL and 0 otherwise.
--
--=cut
---- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
-+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
-@@ -22,21 +22,19 @@ get passwd callback for encrypted PEM fi
- pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
- void *SSL_get_default_passwd_cb_userdata(SSL *s);
-
-- int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
--
- =head1 DESCRIPTION
-
- SSL_CTX_set_default_passwd_cb() sets the default password callback called
- when loading/storing a PEM certificate with encryption.
-
--SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
--will be provided to the password callback on invocation.
-+SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, B<u>,
-+which will be provided to the password callback on invocation.
-
- SSL_CTX_get_default_passwd_cb() returns a function pointer to the password
- callback currently set in B<ctx>. If no callback was explicitly set, the
- NULL pointer is returned.
-
--SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to B<userdata>
-+SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata
- currently set in B<ctx>. If no userdata was explicitly set, the NULL pointer
- is returned.
-
-@@ -44,26 +42,28 @@ SSL_set_default_passwd_cb(), SSL_set_def
- SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform
- the same function as their SSL_CTX counterparts, but using an SSL object.
-
--The pem_passwd_cb(), which must be provided by the application, hands back the
--password to be used during decryption. On invocation a pointer to B<userdata>
--is provided. The pem_passwd_cb must write the password into the provided buffer
-+The password callback, which must be provided by the application, hands back the
-+password to be used during decryption.
-+On invocation a pointer to userdata
-+is provided. The function must store the password into the provided buffer
- B<buf> which is of size B<size>. The actual length of the password must
- be returned to the calling function. B<rwflag> indicates whether the
- callback is used for reading/decryption (rwflag=0) or writing/encryption
- (rwflag=1).
-+For more details, see L<pem_password_cb(3)>.
-
- =head1 NOTES
-
- When loading or storing private keys, a password might be supplied to
- protect the private key. The way this password can be supplied may depend
- on the application. If only one private key is handled, it can be practical
--to have pem_passwd_cb() handle the password dialog interactively. If several
-+to have the callback handle the password dialog interactively. If several
- keys have to be handled, it can be practical to ask for the password once,
- then keep it in memory and use it several times. In the last case, the
--password could be stored into the B<userdata> storage and the
--pem_passwd_cb() only returns the password already stored.
-+password could be stored into the userdata storage and the
-+callback only returns the password already stored.
-
--When asking for the password interactively, pem_passwd_cb() can use
-+When asking for the password interactively, the callback can use
- B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
- In this case the password dialog may ask for the same password twice
- for comparison in order to catch typos, that would make decryption
-@@ -78,16 +78,16 @@ These functions do not provide diagnosti
-
- =head1 EXAMPLES
-
--The following example returns the password provided as B<userdata> to the
-+The following example returns the password provided as userdata to the
- calling function. The password is considered to be a '\0' terminated
- string. If the password does not fit into the buffer, the password is
- truncated.
-
-- int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
-+ int my_cb(char *buf, int size, int rwflag, void *u)
- {
-- strncpy(buf, (char *)(password), size);
-- buf[size - 1] = '\0';
-- return(strlen(buf));
-+ strncpy(buf, (char *)u, size);
-+ buf[size - 1] = '\0';
-+ return strlen(buf);
- }
-
- =head1 HISTORY
-@@ -101,4 +101,13 @@ first added to OpenSSL 1.1.0
- L<ssl(3)>,
- L<SSL_CTX_use_certificate(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_generate_session_id.pod
-+++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod
-@@ -14,7 +14,7 @@ SSL_CTX_set_generate_session_id, SSL_set
- int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
- int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
- int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-- unsigned int id_len);
-+ unsigned int id_len);
-
- =head1 DESCRIPTION
-
-@@ -90,25 +90,27 @@ The callback function listed will genera
- #define MAX_SESSION_ID_ATTEMPTS 10
- static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
-- {
-+ {
- unsigned int count = 0;
-- do {
-- RAND_pseudo_bytes(id, *id_len);
-- /* Prefix the session_id with the required prefix. NB: If our
-- * prefix is too long, clip it - but there will be worse effects
-- * anyway, eg. the server could only possibly create 1 session
-- * ID (ie. the prefix!) so all future session negotiations will
-- * fail due to conflicts. */
-- memcpy(id, session_id_prefix,
-- (strlen(session_id_prefix) < *id_len) ?
-- strlen(session_id_prefix) : *id_len);
-- }
-- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
-+ do {
-+ RAND_pseudo_bytes(id, *id_len);
-+ /*
-+ * Prefix the session_id with the required prefix. NB: If our
-+ * prefix is too long, clip it - but there will be worse effects
-+ * anyway, eg. the server could only possibly create 1 session
-+ * ID (ie. the prefix!) so all future session negotiations will
-+ * fail due to conflicts.
-+ */
-+ memcpy(id, session_id_prefix,
-+ (strlen(session_id_prefix) < *id_len) ?
-+ strlen(session_id_prefix) : *id_len);
-+ }
-+ while (SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
-- if(count >= MAX_SESSION_ID_ATTEMPTS)
-+ if (count >= MAX_SESSION_ID_ATTEMPTS)
- return 0;
- return 1;
-- }
-+ }
-
-
- =head1 RETURN VALUES
-@@ -123,4 +125,13 @@ same id is already in the cache.
-
- L<ssl(3)>, L<SSL_get_version(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_info_callback.pod
-+++ b/doc/ssl/SSL_CTX_set_info_callback.pod
-@@ -110,44 +110,53 @@ The following example callback function
- about alerts being handled and error messages to the B<bio_err> BIO.
-
- void apps_ssl_info_callback(SSL *s, int where, int ret)
-- {
-- const char *str;
-- int w;
--
-- w=where& ~SSL_ST_MASK;
--
-- if (w & SSL_ST_CONNECT) str="SSL_connect";
-- else if (w & SSL_ST_ACCEPT) str="SSL_accept";
-- else str="undefined";
--
-- if (where & SSL_CB_LOOP)
-- {
-- BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
-- }
-- else if (where & SSL_CB_ALERT)
-- {
-- str=(where & SSL_CB_READ)?"read":"write";
-- BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
-- str,
-- SSL_alert_type_string_long(ret),
-- SSL_alert_desc_string_long(ret));
-- }
-- else if (where & SSL_CB_EXIT)
-- {
-- if (ret == 0)
-- BIO_printf(bio_err,"%s:failed in %s\n",
-- str,SSL_state_string_long(s));
-- else if (ret < 0)
-- {
-- BIO_printf(bio_err,"%s:error in %s\n",
-- str,SSL_state_string_long(s));
-- }
-- }
-- }
-+ {
-+ const char *str;
-+ int w;
-+
-+ w = where & ~SSL_ST_MASK;
-+
-+ if (w & SSL_ST_CONNECT) str = "SSL_connect";
-+ else if (w & SSL_ST_ACCEPT) str = "SSL_accept";
-+ else str = "undefined";
-+
-+ if (where & SSL_CB_LOOP)
-+ {
-+ BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
-+ }
-+ else if (where & SSL_CB_ALERT)
-+ {
-+ str = (where & SSL_CB_READ) ? "read" : "write";
-+ BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
-+ str,
-+ SSL_alert_type_string_long(ret),
-+ SSL_alert_desc_string_long(ret));
-+ }
-+ else if (where & SSL_CB_EXIT)
-+ {
-+ if (ret == 0)
-+ BIO_printf(bio_err, "%s:failed in %s\n",
-+ str, SSL_state_string_long(s));
-+ else if (ret < 0)
-+ {
-+ BIO_printf(bio_err, "%s:error in %s\n",
-+ str, SSL_state_string_long(s));
-+ }
-+ }
-+ }
-
- =head1 SEE ALSO
-
- L<ssl(3)>, L<SSL_state_string(3)>,
- L<SSL_alert_type_string(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_max_cert_list.pod
-+++ b/doc/ssl/SSL_CTX_set_max_cert_list.pod
-@@ -70,4 +70,13 @@ set value.
- L<ssl(3)>, L<SSL_new(3)>,
- L<SSL_CTX_set_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_min_proto_version.pod
-+++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod
-@@ -17,7 +17,7 @@ and maximum supported protocol version
-
- =head1 DESCRIPTION
-
--The functions set the minimum and maximum supported portocol versions
-+The functions set the minimum and maximum supported protocol versions
- for the B<ctx> or B<ssl>.
- This works in combination with the options set via
- L<SSL_CTX_set_options(3)> that also make it possible to disable
-@@ -48,4 +48,13 @@ The functions were added in OpenSSL 1.1.
-
- L<SSL_CTX_set_options(3)>, L<SSL_CONF_cmd(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_mode.pod
-+++ b/doc/ssl/SSL_CTX_set_mode.pod
-@@ -102,4 +102,13 @@ L<ssl(3)>, L<SSL_read(3)>, L<SSL_write(3
-
- SSL_MODE_ASYNC was first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_msg_callback.pod
-+++ b/doc/ssl/SSL_CTX_set_msg_callback.pod
-@@ -91,4 +91,13 @@ I<version> will be B<SSL3_VERSION>.
-
- L<ssl(3)>, L<SSL_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_options.pod
-+++ b/doc/ssl/SSL_CTX_set_options.pod
-@@ -280,4 +280,13 @@ L<dhparam(1)>
- The attempt to always try to use secure renegotiation was added in
- Openssl 0.9.8m.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_psk_client_callback.pod
-+++ b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
-@@ -1,34 +1,5 @@
- =pod
-
--=begin comment
--
--Copyright 2005 Nokia. All rights reserved.
--
--The portions of the attached software ("Contribution") is developed by
--Nokia Corporation and is licensed pursuant to the OpenSSL open source
--license.
--
--The Contribution, originally written by Mika Kousa and Pasi Eronen of
--Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
--support (see RFC 4279) to OpenSSL.
--
--No patent licenses or other rights except those expressly stated in
--the OpenSSL open source license shall be deemed granted or received
--expressly, by implication, estoppel, or otherwise.
--
--No assurances are provided by Nokia that the Contribution does not
--infringe the patent or other intellectual property rights of any third
--party or that the license provides you with all the necessary rights
--to make use of the Contribution.
--
--THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
--ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
--SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
--OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
--OTHERWISE.
--
--=end comment
--
- =head1 NAME
-
- SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client callback
-@@ -38,13 +9,13 @@ SSL_CTX_set_psk_client_callback, SSL_set
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-- unsigned int (*callback)(SSL *ssl, const char *hint,
-- char *identity, unsigned int max_identity_len,
-- unsigned char *psk, unsigned int max_psk_len));
-+ unsigned int (*callback)(SSL *ssl, const char *hint,
-+ char *identity, unsigned int max_identity_len,
-+ unsigned char *psk, unsigned int max_psk_len));
- void SSL_set_psk_client_callback(SSL *ssl,
-- unsigned int (*callback)(SSL *ssl, const char *hint,
-- char *identity, unsigned int max_identity_len,
-- unsigned char *psk, unsigned int max_psk_len));
-+ unsigned int (*callback)(SSL *ssl, const char *hint,
-+ char *identity, unsigned int max_identity_len,
-+ unsigned char *psk, unsigned int max_psk_len));
-
-
- =head1 DESCRIPTION
-@@ -78,4 +49,15 @@ the length (> 0) of B<psk> in bytes is r
- Otherwise or on errors callback should return 0. In this case
- the connection setup fails.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+Copyright 2005 Nokia.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
-+++ b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
-@@ -60,4 +60,13 @@ L<ssl(3)>, L<SSL_shutdown(3)>,
- L<SSL_set_shutdown(3)>, L<SSL_new(3)>,
- L<SSL_clear(3)>, L<SSL_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_read_ahead.pod
-+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
-@@ -2,21 +2,21 @@
-
- =head1 NAME
-
--SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
--SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
-+SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead,
-+SSL_set_read_ahead, SSL_get_read_ahead,
-+SSL_CTX_get_default_read_ahead
- - manage whether to read as many input bytes as possible
-
- =head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
-- int SSL_get_read_ahead(const SSL *s);
- void SSL_set_read_ahead(SSL *s, int yes);
-+ int SSL_get_read_ahead(const SSL *s);
-
-- #define SSL_CTX_get_default_read_ahead(ctx)
-- #define SSL_CTX_set_default_read_ahead(ctx,m)
-- #define SSL_CTX_get_read_ahead(ctx)
-- #define SSL_CTX_set_read_ahead(ctx,m)
-+ SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
-+ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
-+ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
-
- =head1 DESCRIPTION
-
-@@ -27,9 +27,7 @@ the underlying BIO (where B<y> > B<x>),
- into its buffer (providing that the buffer is large enough) if reading ahead is
- on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
- reading ahead is off, or non zero otherwise.
--
--SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
--SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
-+SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().
-
- SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
- ahead has been set or not.
-@@ -43,11 +41,20 @@ B<read_ahead> can impact the behaviour o
-
- =head1 RETURN VALUES
-
--SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
-+SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off,
- and non zero otherwise.
-
- =head1 SEE ALSO
-
- L<ssl(3)>, L<SSL_pending(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_security_level.pod
-+++ b/doc/ssl/SSL_CTX_set_security_level.pod
-@@ -15,12 +15,12 @@ SSL_CTX_set_security_level, SSL_set_secu
- int SSL_get_security_level(const SSL *s);
-
- void SSL_CTX_set_security_callback(SSL_CTX *ctx,
-- int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
-- void *other, void *ex));
-+ int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
-+ void *other, void *ex));
-
- void SSL_set_security_callback(SSL *s,
-- int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
-- void *other, void *ex));
-+ int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
-+ void *other, void *ex));
-
- int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
- int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
-@@ -105,7 +105,7 @@ shorter than 15360 bits and ECC keys sho
-
- =head1 APPLICATION DEFINED SECURITY CALLBACKS
-
--TBA
-+I<Documentation to be provided.>
-
- =head1 NOTES
-
-@@ -153,12 +153,17 @@ key using SSL_CTX_use_certificate() at l
- check the return values for errors will misbehave: for example it might
- appear that a certificate is not set at all because it had been rejected.
-
--=head1 SEE ALSO
--
--TBA
--
- =head1 HISTORY
-
- These functions were first added to OpenSSL 1.1.0
-
-+=head1 COPYRIGHT
-+
-+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod
-+++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
-@@ -26,7 +26,7 @@ SSL_CTX object is being maintained, the
- object.
-
- In order to reuse a session, a client must send the session's id to the
--server. It can only send exactly one id. The server then either
-+server. It can only send exactly one id. The server then either
- agrees to reuse the session or it starts a full handshake (to create a new
- session).
-
-@@ -129,4 +129,13 @@ L<SSL_CTX_set_session_id_context(3)>,
- L<SSL_CTX_set_timeout(3)>,
- L<SSL_CTX_flush_sessions(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_session_id_context.pod
-+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
-@@ -80,4 +80,13 @@ The operation succeeded.
-
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_split_send_fragment.pod
-+++ b/doc/ssl/SSL_CTX_set_split_send_fragment.pod
-@@ -12,18 +12,14 @@ fragment sizes and pipelining operations
-
- #include <openssl/ssl.h>
-
-- # define SSL_CTX_set_max_send_fragment(ctx,m) \
-- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-- # define SSL_set_max_send_fragment(ssl,m) \
-- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-- # define SSL_CTX_set_max_pipelines(ctx,m) \
-- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
-- # define SSL_set_max_pipelines(ssl,m) \
-- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
-- # define SSL_CTX_set_split_send_fragment(ctx,m) \
-- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
-- # define SSL_set_split_send_fragment(ssl,m) \
-- SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
-+ long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
-+ long SSL_set_max_send_fragment(SSL *ssl, long m);
-+
-+ long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
-+ long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
-+
-+ long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
-+ long SSL_set_split_send_fragment(SSL *ssl, long m);
-
- void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
- void SSL_set_default_read_buffer_len(SSL *s, size_t len);
-@@ -58,7 +54,7 @@ explained further below. OpenSSL will on
- a ciphersuite is negotiated that uses a pipeline capable cipher provided by an
- engine.
-
--Pipelining operates slighly differently for reading encrypted data compared to
-+Pipelining operates slightly differently for reading encrypted data compared to
- writing encrypted data. SSL_CTX_set_split_send_fragment() and
- SSL_set_split_send_fragment() define how data is split up into pipelines when
- writing encrypted data. The number of pipelines used will be determined by the
-@@ -124,4 +120,13 @@ functions were added in OpenSSL 1.1.0.
-
- L<SSL_CTX_set_read_ahead(3)>, L<SSL_pending(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_ssl_version.pod
-+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
-@@ -58,4 +58,13 @@ L<SSL_CTX_new(3)>, L<SSL_new(3)>,
- L<SSL_clear(3)>, L<ssl(3)>,
- L<SSL_set_connect_state(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_timeout.pod
-+++ b/doc/ssl/SSL_CTX_set_timeout.pod
-@@ -56,4 +56,13 @@ L<SSL_SESSION_get_time(3)>,
- L<SSL_CTX_flush_sessions(3)>,
- L<SSL_get_default_timeout(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
-+++ b/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
-@@ -2,9 +2,15 @@
-
- =head1 NAME
-
--SSL_CTX_set_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg,
--SSL_set_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp,
--SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
-+SSL_CTX_set_tlsext_status_cb,
-+SSL_CTX_set_tlsext_status_arg,
-+SSL_CTX_set_tlsext_status_type,
-+SSL_CTX_get_tlsext_status_type,
-+SSL_set_tlsext_status_type,
-+SSL_get_tlsext_status_type,
-+SSL_get_tlsext_status_ocsp_resp,
-+SSL_set_tlsext_status_ocsp_resp
-+- OCSP Certificate Status Request functions
-
- =head1 SYNOPSIS
-
-@@ -14,7 +20,11 @@ SSL_set_tlsext_status_ocsp_resp - OCSP C
- int (*callback)(SSL *, void *));
- long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
-
-+ long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
-+ long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
-+
- long SSL_set_tlsext_status_type(SSL *s, int type);
-+ long SSL_get_tlsext_status_type(SSL *s);
-
- long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
- long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
-@@ -23,16 +33,28 @@ SSL_set_tlsext_status_ocsp_resp - OCSP C
-
- A client application may request that a server send back an OCSP status response
- (also known as OCSP stapling). To do so the client should call the
--SSL_set_tlsext_status_type() function prior to the start of the handshake.
-+SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL
-+objects. Alternatively an application can call the SSL_set_tlsext_status_type()
-+function on an individual SSL object prior to the start of the handshake.
- Currently the only supported type is B<TLSEXT_STATUSTYPE_ocsp>. This value
--should be passed in the B<type> argument. The client should additionally provide
--a callback function to decide what to do with the returned OCSP response by
--calling SSL_CTX_set_tlsext_status_cb(). The callback function should determine
--whether the returned OCSP response is acceptable or not. The callback will be
--passed as an argument the value previously set via a call to
--SSL_CTX_set_tlsext_status_arg(). Note that the callback will not be called in
--the event of a handshake where session resumption occurs (because there are no
--Certificates exchanged in such a handshake).
-+should be passed in the B<type> argument. Calling
-+SSL_CTX_get_tlsext_status_type() will return the type B<TLSEXT_STATUSTYPE_ocsp>
-+previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.
-+
-+The client should additionally provide a callback function to decide what to do
-+with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The
-+callback function should determine whether the returned OCSP response is
-+acceptable or not. The callback will be passed as an argument the value
-+previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the
-+callback will not be called in the event of a handshake where session resumption
-+occurs (because there are no Certificates exchanged in such a handshake).
-+
-+On the client side SSL_get_tlsext_status_type() can be used to determine whether
-+the client has previously called SSL_set_tlsext_status_type(). It will return
-+B<TLSEXT_STATUSTYPE_ocsp> if it has been called or -1 otherwise. On the server
-+side SSL_get_tlsext_status_type() can be used to determine whether the client
-+requested OCSP stapling. If the client requested it then this function will
-+return B<TLSEXT_STATUSTYPE_ocsp>, or -1 otherwise.
-
- The response returned by the server can be obtained via a call to
- SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point
-@@ -64,10 +86,31 @@ returned) or SSL_TLSEXT_ERR_ALERT_FATAL
- occurred).
-
- SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),
--SSL_set_tlsext_status_type() and SSL_set_tlsext_status_ocsp_resp() return 0 on
--error or 1 on success.
-+SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and
-+SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.
-+
-+SSL_CTX_get_tlsext_status_type() returns the value previously set by
-+SSL_CTX_set_tlsext_status_type(), or -1 if not set.
-
- SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data
- or -1 if there is no OCSP response data.
-
-+SSL_get_tlsext_status_type() returns B<TLSEXT_STATUSTYPE_ocsp> on the client
-+side if SSL_set_tlsext_status_type() was previously called, or on the server
-+side if the client requested OCSP stapling. Otherwise -1 is returned.
-+
-+=head1 HISTORY
-+
-+SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and
-+SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
-+++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
-@@ -10,13 +10,13 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a
-
- long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
- int (*cb)(SSL *s, unsigned char key_name[16],
-- unsigned char iv[EVP_MAX_IV_LENGTH],
-- EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
-+ unsigned char iv[EVP_MAX_IV_LENGTH],
-+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
-
- =head1 DESCRIPTION
-
- SSL_CTX_set_tlsext_ticket_key_cb() sets a callback function I<cb> for handling
--session tickets for the ssl context I<sslctx>. Session tickets, defined in
-+session tickets for the ssl context I<sslctx>. Session tickets, defined in
- RFC5077 provide an enhanced session resumption capability where the server
- implementation is not required to maintain per session state. It only applies
- to TLS and there is no SSLv3 implementation.
-@@ -26,9 +26,9 @@ session when session ticket extension is
- message. It is the responsibility of this function to create or retrieve the
- cryptographic parameters and to maintain their state.
-
--The OpenSSL library uses your callback function to help implement a common TLS
-+The OpenSSL library uses your callback function to help implement a common TLS
- ticket construction state according to RFC5077 Section 4 such that per session
--state is unnecessary and a small set of cryptographic variables needs to be
-+state is unnecessary and a small set of cryptographic variables needs to be
- maintained by the callback function implementation.
-
- In order to reuse a session, a TLS client must send the a session ticket
-@@ -56,7 +56,7 @@ I<ctx> should use the initialisation vec
- set using L<EVP_EncryptInit_ex(3)>. The hmac context can be set using
- L<HMAC_Init_ex(3)>.
-
--When the client presents a session ticket, the callback function with be called
-+When the client presents a session ticket, the callback function with be called
- with I<enc> set to 0 indicating that the I<cb> function should retrieve a set
- of parameters. In this case I<name> and I<iv> have already been parsed out of
- the session ticket. The OpenSSL library expects that the I<name> will be used
-@@ -76,7 +76,7 @@ The return value of the I<cb> function i
-
- =item Z<>2
-
--This indicates that the I<ctx> and I<hctx> have been set and the session can
-+This indicates that the I<ctx> and I<hctx> have been set and the session can
- continue on those parameters. Additionally it indicates that the session
- ticket is in a renewal period and should be replaced. The OpenSSL library will
- call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
-@@ -84,12 +84,12 @@ call I<cb> again with an enc argument of
-
- =item Z<>1
-
--This indicates that the I<ctx> and I<hctx> have been set and the session can
-+This indicates that the I<ctx> and I<hctx> have been set and the session can
- continue on those parameters.
-
- =item Z<>0
-
--This indicates that it was not possible to set/retrieve a session ticket and
-+This indicates that it was not possible to set/retrieve a session ticket and
- the SSL/TLS session will continue by negotiating a set of cryptographic
- parameters or using the alternate SSL/TLS resumption mechanism, session ids.
-
-@@ -124,7 +124,7 @@ enable an attacker to obtain the session
- =head1 EXAMPLES
-
- Reference Implementation:
-- SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);
-+ SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
- ....
-
- static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
-@@ -133,7 +133,7 @@ enable an attacker to obtain the session
- if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
- return -1; /* insufficient random */
- }
--
-+
- key = currentkey(); /* something that you need to implement */
- if ( !key ) {
- /* current key doesn't exist or isn't valid */
-@@ -146,19 +146,19 @@ enable an attacker to obtain the session
- }
- }
- memcpy(key_name, key->name, 16);
--
-+
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
- HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
--
-+
- return 1;
--
-+
- } else { /* retrieve session */
- key = findkey(name);
--
-+
- if (!key || key->expire < now() ) {
- return 0;
- }
--
-+
- HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
-
-@@ -167,7 +167,7 @@ enable an attacker to obtain the session
- return 2;
- }
- return 1;
--
-+
- }
- }
-
-@@ -186,4 +186,13 @@ L<SSL_CTX_sess_number(3)>,
- L<SSL_CTX_sess_set_get_cb(3)>,
- L<SSL_CTX_set_session_id_context(3)>,
-
-+=head1 COPYRIGHT
-+
-+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
-+++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
-@@ -104,7 +104,7 @@ partly left out.)
- /* Error. */
- }
- if (dh_2048 == NULL) {
-- /* Error. */
-+ /* Error. */
- }
- if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
- /* Error. */
-@@ -122,8 +122,16 @@ on failure. Check the error queue to fin
- =head1 SEE ALSO
-
- L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
--L<SSL_CTX_set_tmp_rsa_callback(3)>,
- L<SSL_CTX_set_options(3)>,
- L<ciphers(1)>, L<dhparam(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_set_verify.pod
-+++ b/doc/ssl/SSL_CTX_set_verify.pod
-@@ -12,7 +12,7 @@ SSL_CTX_set_verify, SSL_set_verify, SSL_
- int (*verify_callback)(int, X509_STORE_CTX *));
- void SSL_set_verify(SSL *s, int mode,
- int (*verify_callback)(int, X509_STORE_CTX *));
-- void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-+ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
- void SSL_set_verify_depth(SSL *s, int depth);
-
- int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
-@@ -208,7 +208,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>
- preverify_ok = 0;
- err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- X509_STORE_CTX_set_error(ctx, err);
-- }
-+ }
- if (!preverify_ok) {
- printf("verify error:num=%d:%s:depth=%d:%s\n", err,
- X509_verify_cert_error_string(err), depth, buf);
-@@ -256,9 +256,9 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>
- */
- mydata.verify_depth = verify_depth; ...
- SSL_set_ex_data(ssl, mydata_index, &mydata);
--
-+
- ...
-- SSL_accept(ssl); /* check of success left out for clarity */
-+ SSL_accept(ssl); /* check of success left out for clarity */
- if (peer = SSL_get_peer_certificate(ssl))
- {
- if (SSL_get_verify_result(ssl) == X509_V_OK)
-@@ -278,4 +278,13 @@ L<SSL_CTX_set_cert_verify_callback(3)>,
- L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
- L<SSL_get_ex_new_index(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_use_certificate.pod
-+++ b/doc/ssl/SSL_CTX_use_certificate.pod
-@@ -2,7 +2,17 @@
-
- =head1 NAME
-
--SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key - load certificate and key data
-+SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1,
-+SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1,
-+SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file,
-+SSL_use_certificate_chain_file,
-+SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1,
-+SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey,
-+SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file,
-+SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey,
-+SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1,
-+SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key
-+- load certificate and key data
-
- =head1 SYNOPSIS
-
-@@ -20,13 +30,13 @@ SSL_CTX_use_certificate, SSL_CTX_use_cer
-
- int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
- int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
-- long len);
-+ long len);
- int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
- int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
- int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
- int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
- int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-- int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
-+ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
- int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
- int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
- int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-@@ -67,12 +77,12 @@ SSL_use_certificate_file() loads the cer
- See the NOTES section on why SSL_CTX_use_certificate_chain_file()
- should be preferred.
-
--SSL_CTX_use_certificate_chain_file() loads a certificate chain from
-+SSL_CTX_use_certificate_chain_file() loads a certificate chain from
- B<file> into B<ctx>. The certificates must be in PEM format and must
- be sorted starting with the subject's certificate (actual client or server
- certificate), followed by intermediate CA certificates if applicable, and
- ending at the highest level (root) CA. SSL_use_certificate_chain_file() is
--similar except it loads the cerificate chain into B<ssl>.
-+similar except it loads the certificate chain into B<ssl>.
-
- SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
- SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
-@@ -82,7 +92,7 @@ If a certificate has already been set an
- to the certificate an error is returned. To change a certificate, private
- key pair the new certificate needs to be set with SSL_use_certificate()
- or SSL_CTX_use_certificate() before setting the private key with
--SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().
-+SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().
-
-
- SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
-@@ -109,14 +119,14 @@ the same check for B<ssl>. If no key/cer
- this B<ssl>, the last item added into B<ctx> will be checked.
-
- =head1 NOTES
--
-+
- The internal certificate store of OpenSSL can hold several private
- key/certificate pairs at a time. The certificate used depends on the
- cipher selected, see also L<SSL_CTX_set_cipher_list(3)>.
-
- When reading certificates and private keys from file, files of type
- SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain
--one certificate or private key, consequently
-+one certificate or private key, consequently
- SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting.
- Files of type SSL_FILETYPE_PEM can contain more than one item.
-
-@@ -124,7 +134,7 @@ SSL_CTX_use_certificate_chain_file() add
- in the file to the certificate store. The other certificates are added
- to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single
- certificate chain store for all certificate types, OpenSSL 1.0.2 and later
--have a separate chain store for each type. SSL_CTX_use_certificate_chain_file()
-+have a separate chain store for each type. SSL_CTX_use_certificate_chain_file()
- should be used instead of the SSL_CTX_use_certificate_file() function in order
- to allow the use of complete certificate chains even when no trusted CA
- storage is used or when the CA issuing the certificate shall not be added to
-@@ -158,4 +168,13 @@ L<SSL_CTX_set_client_CA_list(3)>,
- L<SSL_CTX_set_client_cert_cb(3)>,
- L<SSL_CTX_add_extra_chain_cert(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-@@ -1,41 +1,11 @@
- =pod
-
--=begin comment
--
--Copyright 2005 Nokia. All rights reserved.
--
--The portions of the attached software ("Contribution") is developed by
--Nokia Corporation and is licensed pursuant to the OpenSSL open source
--license.
--
--The Contribution, originally written by Mika Kousa and Pasi Eronen of
--Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
--support (see RFC 4279) to OpenSSL.
--
--No patent licenses or other rights except those expressly stated in
--the OpenSSL open source license shall be deemed granted or received
--expressly, by implication, estoppel, or otherwise.
--
--No assurances are provided by Nokia that the Contribution does not
--infringe the patent or other intellectual property rights of any third
--party or that the license provides you with all the necessary rights
--to make use of the Contribution.
--
--THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
--ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
--SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
--OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
--OTHERWISE.
--
--=end comment
--
- =head1 NAME
-
- SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint,
- SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback - set PSK
- identity hint to use
-
--
- =head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-@@ -44,11 +14,11 @@ identity hint to use
- int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
-
- void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-- unsigned int (*callback)(SSL *ssl, const char *identity,
-- unsigned char *psk, int max_psk_len));
-+ unsigned int (*callback)(SSL *ssl, const char *identity,
-+ unsigned char *psk, int max_psk_len));
- void SSL_set_psk_server_callback(SSL *ssl,
-- unsigned int (*callback)(SSL *ssl, const char *identity,
-- unsigned char *psk, int max_psk_len));
-+ unsigned int (*callback)(SSL *ssl, const char *identity,
-+ unsigned char *psk, int max_psk_len));
-
-
- =head1 DESCRIPTION
-@@ -103,4 +73,15 @@ completely.
-
- =back
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+Copyright 2005 Nokia.
-+
- =cut
---- a/doc/ssl/SSL_CTX_use_serverinfo.pod
-+++ b/doc/ssl/SSL_CTX_use_serverinfo.pod
-@@ -20,8 +20,8 @@ A "serverinfo" extension is returned in
- Extension.
-
- SSL_CTX_use_serverinfo() loads one or more serverinfo extensions from
--a byte array into B<ctx>. The extensions must be concatenated into a
--sequence of bytes. Each extension must consist of a 2-byte Extension Type,
-+a byte array into B<ctx>. The extensions must be concatenated into a
-+sequence of bytes. Each extension must consist of a 2-byte Extension Type,
- a 2-byte length, and then length bytes of extension_data.
-
- SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from
-@@ -30,7 +30,13 @@ must consist of a 2-byte Extension Type,
- bytes of extension_data. Each PEM extension name must begin with the phrase
- "BEGIN SERVERINFO FOR ".
-
--=head1 NOTES
-+If more than one certificate (RSA/DSA) is installed using
-+SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
-+last certificate installed. If e.g. the last item was a RSA certificate, the
-+loaded serverinfo extension data will be loaded for that certificate. To
-+use the serverinfo extension for multiple certificates,
-+SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
-+each time a certificate is loaded.
-
- =head1 RETURN VALUES
-
-@@ -38,9 +44,13 @@ On success, the functions return 1.
- On failure, the functions return 0. Check out the error stack to find out
- the reason.
-
--=head1 SEE ALSO
-+=head1 COPYRIGHT
-
--=head1 HISTORY
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/ssl/SSL_SESSION_free.pod
-+++ b/doc/ssl/SSL_SESSION_free.pod
-@@ -53,4 +53,13 @@ L<SSL_CTX_set_session_cache_mode(3)>,
- L<SSL_CTX_flush_sessions(3)>,
- L<d2i_SSL_SESSION(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/ssl/SSL_SESSION_get0_hostname.pod
-@@ -0,0 +1,37 @@
-+=pod
-+
-+=head1 NAME
-+
-+SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ssl.h>
-+
-+ const char *SSL_SESSION_get0_hostname(const SSL_SESSSION *s);
-+
-+=head1 DESCRIPTION
-+
-+SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
-+client when the session was created, or NULL if no value was sent.
-+
-+The value returned is a pointer to memory maintained within B<s> and
-+should not be free'd.
-+
-+=head1 SEE ALSO
-+
-+L<ssl(3)>,
-+L<d2i_SSL_SESSION(3)>,
-+L<SSL_SESSION_get_time(3)>,
-+L<SSL_SESSION_free(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/ssl/SSL_SESSION_get_hostname.pod
-+++ /dev/null
-@@ -1,28 +0,0 @@
--=pod
--
--=head1 NAME
--
--SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
--
--=head1 SYNOPSIS
--
-- #include <openssl/ssl.h>
--
-- const char *SSL_SESSION_get0_hostname(const SSL_SESSSION *s);
--
--=head1 DESCRIPTION
--
--SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
--client when the session was created, or NULL if no value was sent.
--
--The value returned is a pointer to memory maintained within B<s> and
--should not be free'd.
--
--=head1 SEE ALSO
--
--L<ssl(3)>,
--L<d2i_SSL_SESSION(3)>,
--L<SSL_SESSION_get_time(3)>,
--L<SSL_SESSION_free(3)>
--
--=cut
---- /dev/null
-+++ b/doc/ssl/SSL_SESSION_get_protocol_version.pod
-@@ -0,0 +1,44 @@
-+=pod
-+
-+=head1 NAME
-+
-+SSL_SESSION_get_protocol_version - retrieve session protocol version
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ssl.h>
-+
-+ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
-+
-+=head1 DESCRIPTION
-+
-+SSL_SESSION_get_protocol_version() returns the protocol version number used
-+by session B<s>.
-+
-+=head1 RETURN VALUES
-+
-+SSL_SESSION_get_protocol_version() returns a number indicating the protocol
-+version used for the session; this number matches the constants I<e.g.>
-+B<TLS1_VERSION> or B<TLS1_2_VERSION>.
-+
-+Note that the SSL_SESSION_get_protocol_version() function
-+does B<not> perform a null check on the provided session B<s> pointer.
-+
-+=head1 SEE ALSO
-+
-+L<ssl(3)>
-+
-+=head1 HISTORY
-+
-+SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/ssl/SSL_SESSION_get_time.pod
-+++ b/doc/ssl/SSL_SESSION_get_time.pod
-@@ -2,7 +2,10 @@
-
- =head1 NAME
-
--SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout - retrieve and manipulate session time and timeout settings
-+SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout,
-+SSL_SESSION_set_timeout
-+SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout,
-+- retrieve and manipulate session time and timeout settings
-
- =head1 SYNOPSIS
-
-@@ -52,7 +55,7 @@ valid values.
-
- SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.
-
--If any of the function is passed the NULL pointer for the session B<s>,
-+If any of the function is passed the NULL pointer for the session B<s>,
- 0 is returned.
-
- =head1 SEE ALSO
-@@ -61,4 +64,13 @@ L<ssl(3)>,
- L<SSL_CTX_set_timeout(3)>,
- L<SSL_get_default_timeout(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_SESSION_has_ticket.pod
-+++ b/doc/ssl/SSL_SESSION_has_ticket.pod
-@@ -2,7 +2,9 @@
-
- =head1 NAME
-
--SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ticket - get details about the ticket associated with a session
-+SSL_SESSION_get0_ticket,
-+SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint,
-+- get details about the ticket associated with a session
-
- =head1 SYNOPSIS
-
-@@ -11,7 +13,7 @@ SSL_SESSION_has_ticket, SSL_SESSION_get_
- int SSL_SESSION_has_ticket(const SSL_SESSION *s);
- unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
- void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
-- size_t *len);
-+ size_t *len);
-
- =head1 DESCRIPTION
-
-@@ -39,4 +41,13 @@ L<SSL_SESSION_free(3)>
- SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and
- SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_accept.pod
-+++ b/doc/ssl/SSL_accept.pod
-@@ -18,7 +18,7 @@ B<ssl> by setting an underlying B<BIO>.
-
- =head1 NOTES
-
--The behaviour of SSL_accept() depends on the underlying BIO.
-+The behaviour of SSL_accept() depends on the underlying BIO.
-
- If the underlying BIO is B<blocking>, SSL_accept() will only return once the
- handshake has been finished or an error occurred.
-@@ -70,4 +70,13 @@ L<SSL_set_connect_state(3)>,
- L<SSL_do_handshake(3)>,
- L<SSL_CTX_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_alert_type_string.pod
-+++ b/doc/ssl/SSL_alert_type_string.pod
-@@ -217,7 +217,7 @@ point. This message is always a warning.
- =item "UP"/"unknown PSK identity"
-
- Sent by the server to indicate that it does not recognize a PSK
--identity or an SRP identity.
-+identity or an SRP identity.
-
- =item "UK"/"unknown"
-
-@@ -230,4 +230,13 @@ Probably B<value> does not contain a cor
-
- L<ssl(3)>, L<SSL_CTX_set_info_callback(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_check_chain.pod
-+++ b/doc/ssl/SSL_check_chain.pod
-@@ -82,4 +82,13 @@ for earlier versions of TLS or DTLS.
- L<SSL_CTX_set_cert_cb(3)>,
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_clear.pod
-+++ b/doc/ssl/SSL_clear.pod
-@@ -72,4 +72,13 @@ L<SSL_shutdown(3)>, L<SSL_set_shutdown(3
- L<SSL_CTX_set_options(3)>, L<ssl(3)>,
- L<SSL_CTX_set_client_cert_cb(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_connect.pod
-+++ b/doc/ssl/SSL_connect.pod
-@@ -18,7 +18,7 @@ underlying B<BIO>.
-
- =head1 NOTES
-
--The behaviour of SSL_connect() depends on the underlying BIO.
-+The behaviour of SSL_connect() depends on the underlying BIO.
-
- If the underlying BIO is B<blocking>, SSL_connect() will only return once the
- handshake has been finished or an error occurred.
-@@ -70,4 +70,13 @@ L<SSL_set_connect_state(3)>,
- L<SSL_do_handshake(3)>,
- L<SSL_CTX_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_do_handshake.pod
-+++ b/doc/ssl/SSL_do_handshake.pod
-@@ -69,4 +69,13 @@ L<SSL_get_error(3)>, L<SSL_connect(3)>,
- L<SSL_accept(3)>, L<ssl(3)>, L<bio(3)>,
- L<SSL_set_connect_state(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- /dev/null
-+++ b/doc/ssl/SSL_extension_supported.pod
-@@ -0,0 +1,144 @@
-+=pod
-+
-+=head1 NAME
-+
-+SSL_extension_supported,
-+SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext
-+- custom TLS extension handling
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/ssl.h>
-+
-+ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-+ custom_ext_add_cb add_cb,
-+ custom_ext_free_cb free_cb, void *add_arg,
-+ custom_ext_parse_cb parse_cb,
-+ void *parse_arg);
-+
-+ int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
-+ custom_ext_add_cb add_cb,
-+ custom_ext_free_cb free_cb, void *add_arg,
-+ custom_ext_parse_cb parse_cb,
-+ void *parse_arg);
-+
-+ int SSL_extension_supported(unsigned int ext_type);
-+
-+ typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
-+ const unsigned char **out,
-+ size_t *outlen, int *al,
-+ void *add_arg);
-+
-+ typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
-+ const unsigned char *out,
-+ void *add_arg);
-+
-+ typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
-+ const unsigned char *in,
-+ size_t inlen, int *al,
-+ void *parse_arg);
-+
-+
-+=head1 DESCRIPTION
-+
-+SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS client
-+with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
-+B<parse_cb>.
-+
-+SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS server
-+with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and
-+B<parse_cb>.
-+
-+In both cases the extension type must not be handled by OpenSSL internally
-+or an error occurs.
-+
-+SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
-+internally by OpenSSL and 0 otherwise.
-+
-+=head1 EXTENSION CALLBACKS
-+
-+The callback B<add_cb> is called to send custom extension data to be
-+included in ClientHello for TLS clients or ServerHello for servers. The
-+B<ext_type> parameter is set to the extension type which will be added and
-+B<add_arg> to the value set when the extension handler was added.
-+
-+If the application wishes to include the extension B<ext_type> it should
-+set B<*out> to the extension data, set B<*outlen> to the length of the
-+extension data and return 1.
-+
-+If the B<add_cb> does not wish to include the extension it must return 0.
-+
-+If B<add_cb> returns -1 a fatal handshake error occurs using the TLS
-+alert value specified in B<*al>.
-+
-+For clients (but not servers) if B<add_cb> is set to NULL a zero length
-+extension is added for B<ext_type>.
-+
-+For clients every registered B<add_cb> is always called to see if the
-+application wishes to add an extension to ClientHello.
-+
-+For servers every registered B<add_cb> is called once if and only if the
-+corresponding extension was received in ClientHello to see if the application
-+wishes to add the extension to ServerHello. That is, if no corresponding extension
-+was received in ClientHello then B<add_cb> will not be called.
-+
-+If an extension is added (that is B<add_cb> returns 1) B<free_cb> is called
-+(if it is set) with the value of B<out> set by the add callback. It can be
-+used to free up any dynamic extension data set by B<add_cb>. Since B<out> is
-+constant (to permit use of constant data in B<add_cb>) applications may need to
-+cast away const to free the data.
-+
-+The callback B<parse_cb> receives data for TLS extensions. For TLS clients
-+the extension data will come from ServerHello and for TLS servers it will
-+come from ClientHello.
-+
-+The extension data consists of B<inlen> bytes in the buffer B<in> for the
-+extension B<extension_type>.
-+
-+If the B<parse_cb> considers the extension data acceptable it must return
-+1. If it returns 0 or a negative value a fatal handshake error occurs
-+using the TLS alert value specified in B<*al>.
-+
-+The buffer B<in> is a temporary internal buffer which will not be valid after
-+the callback returns.
-+
-+=head1 NOTES
-+
-+The B<add_arg> and B<parse_arg> parameters can be set to arbitrary values
-+which will be passed to the corresponding callbacks. They can, for example,
-+be used to store the extension data received in a convenient structure or
-+pass the extension data to be added or freed when adding extensions.
-+
-+The B<ext_type> parameter corresponds to the B<extension_type> field of
-+RFC5246 et al. It is B<not> a NID.
-+
-+If the same custom extension type is received multiple times a fatal
-+B<decode_error> alert is sent and the handshake aborts. If a custom extension
-+is received in ServerHello which was not sent in ClientHello a fatal
-+B<unsupported_extension> alert is sent and the handshake is aborted. The
-+ServerHello B<add_cb> callback is only called if the corresponding extension
-+was received in ClientHello. This is compliant with the TLS specifications.
-+This behaviour ensures that each callback is called at most once and that
-+an application can never send unsolicited extensions.
-+
-+=head1 RETURN VALUES
-+
-+SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for
-+success and 0 for failure. A failure can occur if an attempt is made to
-+add the same B<ext_type> more than once, if an attempt is made to use an
-+extension type handled internally by OpenSSL or if an internal error occurs
-+(for example a memory allocation failure).
-+
-+SSL_extension_supported() returns 1 if the extension B<ext_type> is handled
-+internally by OpenSSL and 0 otherwise.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/doc/ssl/SSL_free.pod
-+++ b/doc/ssl/SSL_free.pod
-@@ -42,4 +42,13 @@ L<SSL_new(3)>, L<SSL_clear(3)>,
- L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get0_peer_scts.pod
-+++ b/doc/ssl/SSL_get0_peer_scts.pod
-@@ -33,4 +33,13 @@ SSL_get0_peer_scts() returns a list of S
- L<ssl(3)>,
- L<SSL_CTX_set_ct_validation_callback(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_SSL_CTX.pod
-+++ b/doc/ssl/SSL_get_SSL_CTX.pod
-@@ -23,4 +23,13 @@ The pointer to the SSL_CTX object is ret
-
- L<ssl(3)>, L<SSL_new(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_all_async_fds.pod
-+++ b/doc/ssl/SSL_get_all_async_fds.pod
-@@ -2,11 +2,16 @@
-
- =head1 NAME
-
--SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds - manage
--asynchronous operations
-+SSL_waiting_for_async,
-+SSL_get_all_async_fds,
-+SSL_get_changed_async_fds
-+- manage asynchronous operations
-+
-+=for comment multiple includes
-
- =head1 SYNOPSIS
-
-+ #include <openssl/async.h>
- #include <openssl/ssl.h>
-
- int SSL_waiting_for_async(SSL *s);
-@@ -53,6 +58,15 @@ for an async operation to complete and 0
- SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or
- 0 on error.
-
-+=head1 NOTES
-+
-+On Windows platforms the openssl/async.h header is dependent on some
-+of the types customarily made available by including windows.h. The
-+application developer is likely to require control over when the latter
-+is included, commonly as one of the first included headers. Therefore
-+it is defined as an application developer's responsibility to include
-+windows.h prior to async.h.
-+
- =head1 SEE ALSO
-
- L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)>
-@@ -62,4 +76,13 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(
- SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds()
- were first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_ciphers.pod
-+++ b/doc/ssl/SSL_get_ciphers.pod
-@@ -2,7 +2,9 @@
-
- =head1 NAME
-
--SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
-+SSL_get1_supported_ciphers, SSL_get_client_ciphers,
-+SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list
-+- get list of available SSL_CIPHERs
-
- =head1 SYNOPSIS
-
-@@ -70,4 +72,13 @@ See DESCRIPTION
- L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
- L<SSL_CIPHER_get_name(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_client_CA_list.pod
-+++ b/doc/ssl/SSL_get_client_CA_list.pod
-@@ -9,7 +9,7 @@ SSL_get_client_CA_list, SSL_CTX_get_clie
- #include <openssl/ssl.h>
-
- STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-- STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
-+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
-
- =head1 DESCRIPTION
-
-@@ -50,4 +50,13 @@ L<ssl(3)>,
- L<SSL_CTX_set_client_CA_list(3)>,
- L<SSL_CTX_set_client_cert_cb(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_client_random.pod
-+++ b/doc/ssl/SSL_get_client_random.pod
-@@ -41,7 +41,7 @@ details.
-
- Despite the names of SSL_get_client_random() and SSL_get_server_random(), they
- ARE NOT random number generators. Instead, they return the mostly-random values that
--were already generated and used in the TLS protoccol. Using them
-+were already generated and used in the TLS protocol. Using them
- in place of RAND_bytes() would be grossly foolish.
-
- The security of your TLS session depends on keeping the master key secret:
-@@ -76,4 +76,13 @@ L<RAND_bytes(3)>,
- L<SSL_export_keying_material(3)>
-
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_current_cipher.pod
-+++ b/doc/ssl/SSL_get_current_cipher.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
-+SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher,
- SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
-
- =head1 SYNOPSIS
-@@ -10,34 +10,46 @@ SSL_get_cipher_bits, SSL_get_cipher_vers
- #include <openssl/ssl.h>
-
- SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
-- #define SSL_get_cipher(s) \
-- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-- #define SSL_get_cipher_name(s) \
-- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-- #define SSL_get_cipher_bits(s,np) \
-- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-- #define SSL_get_cipher_version(s) \
-- SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-+
-+ const char *SSL_get_cipher_name(const SSL *s);
-+ const char *SSL_get_cipher(const SSL *s);
-+ int SSL_get_cipher_bits(const SSL *s, int *np) \
-+ const char *SSL_get_cipher_version(const SSL *s);
-
- =head1 DESCRIPTION
-
- SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing
- the description of the actually used cipher of a connection established with
- the B<ssl> object.
-+See L<SSL_CIPHER_get_name(3)> for more details.
-
--SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the
--name of the currently used cipher. SSL_get_cipher_bits() is a
--macro to obtain the number of secret/algorithm bits used and
-+SSL_get_cipher_name() obtains the
-+name of the currently used cipher.
-+SSL_get_cipher() is identical to SSL_get_cipher_name().
-+SSL_get_cipher_bits() is a
-+macro to obtain the number of secret/algorithm bits used and
- SSL_get_cipher_version() returns the protocol name.
--See L<SSL_CIPHER_get_name(3)> for more details.
-
- =head1 RETURN VALUES
-
--SSL_get_current_cipher() returns the cipher actually used or NULL, when
-+SSL_get_current_cipher() returns the cipher actually used, or NULL if
- no session has been established.
-
-+=head1 NOTES
-+
-+These are implemented as macros.
-+
- =head1 SEE ALSO
-
- L<ssl(3)>, L<SSL_CIPHER_get_name(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_default_timeout.pod
-+++ b/doc/ssl/SSL_get_default_timeout.pod
-@@ -38,4 +38,13 @@ L<SSL_SESSION_get_time(3)>,
- L<SSL_CTX_flush_sessions(3)>,
- L<SSL_get_default_timeout(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_error.pod
-+++ b/doc/ssl/SSL_get_error.pod
-@@ -95,9 +95,19 @@ using L<SSL_CTX_set_mode(3)> or L<SSL_se
- engine is being used. An application can determine whether the engine has
- completed its processing using select() or poll() on the asynchronous wait file
- descriptor. This file descriptor is available by calling
--L<SSL_get_async_wait_fd(3)>. The TLS/SSL I/O function should be called again
--later. The function B<must> be called from the same thread that the original
--call was made from.
-+L<SSL_get_all_async_fds(3)> or L<SSL_get_changed_async_fds(3)>. The TLS/SSL I/O
-+function should be called again later. The function B<must> be called from the
-+same thread that the original call was made from.
-+
-+=item SSL_ERROR_WANT_ASYNC_JOB
-+
-+The asynchronous job could not be started because there were no async jobs
-+available in the pool (see ASYNC_init_thread(3)). This will only occur if the
-+mode has been set to SSL_MODE_ASYNC using L<SSL_CTX_set_mode(3)> or
-+L<SSL_set_mode(3)> and a maximum limit has been set on the async job pool
-+through a call to L<ASYNC_init_thread(3)>. The application should retry the
-+operation after a currently executing asynchronous operation for the current
-+thread has completed.
-
- =item SSL_ERROR_SYSCALL
-
-@@ -123,4 +133,13 @@ L<ssl(3)>, L<err(3)>
-
- SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_extms_support.pod
-+++ b/doc/ssl/SSL_get_extms_support.pod
-@@ -28,4 +28,13 @@ was used.
-
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_fd.pod
-+++ b/doc/ssl/SSL_get_fd.pod
-@@ -41,4 +41,13 @@ The file descriptor linked to B<ssl>.
-
- L<SSL_set_fd(3)>, L<ssl(3)> , L<bio(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_peer_cert_chain.pod
-+++ b/doc/ssl/SSL_get_peer_cert_chain.pod
-@@ -65,4 +65,13 @@ The return value points to the certifica
- L<ssl(3)>, L<SSL_get_peer_certificate(3)>, L<X509_up_ref(3)>,
- L<X509_chain_up_ref(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_peer_certificate.pod
-+++ b/doc/ssl/SSL_get_peer_certificate.pod
-@@ -52,4 +52,13 @@ The return value points to the certifica
- L<ssl(3)>, L<SSL_get_verify_result(3)>,
- L<SSL_CTX_set_verify(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_psk_identity.pod
-+++ b/doc/ssl/SSL_get_psk_identity.pod
-@@ -1,39 +1,9 @@
- =pod
-
--=begin comment
--
--Copyright 2005 Nokia. All rights reserved.
--
--The portions of the attached software ("Contribution") is developed by
--Nokia Corporation and is licensed pursuant to the OpenSSL open source
--license.
--
--The Contribution, originally written by Mika Kousa and Pasi Eronen of
--Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
--support (see RFC 4279) to OpenSSL.
--
--No patent licenses or other rights except those expressly stated in
--the OpenSSL open source license shall be deemed granted or received
--expressly, by implication, estoppel, or otherwise.
--
--No assurances are provided by Nokia that the Contribution does not
--infringe the patent or other intellectual property rights of any third
--party or that the license provides you with all the necessary rights
--to make use of the Contribution.
--
--THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
--ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
--SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
--OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
--OTHERWISE.
--
--=end comment
--
- =head1 NAME
-
- SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint
-
--
- =head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-@@ -60,4 +30,15 @@ no PSK identity hint was used during the
- Note that the return value is valid only during the lifetime of the
- SSL object B<ssl>.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+Copyright 2005 Nokia.
-+
- =cut
---- a/doc/ssl/SSL_get_rbio.pod
-+++ b/doc/ssl/SSL_get_rbio.pod
-@@ -37,4 +37,13 @@ The BIO linked to B<ssl>.
-
- L<SSL_set_bio(3)>, L<ssl(3)> , L<bio(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_session.pod
-+++ b/doc/ssl/SSL_get_session.pod
-@@ -70,4 +70,13 @@ L<ssl(3)>, L<SSL_free(3)>,
- L<SSL_clear(3)>,
- L<SSL_SESSION_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_shared_sigalgs.pod
-+++ b/doc/ssl/SSL_get_shared_sigalgs.pod
-@@ -65,7 +65,7 @@ The NIDs are OpenSSL equivalents. For ex
- rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig>
- NID_rsaEncryption and B<*psighash> NID_sha256WithRSAEncryption.
-
--If a signature algorithm is not recognised the corresponsing NIDs
-+If a signature algorithm is not recognised the corresponding NIDs
- will be set to B<NID_undef>. This may be because the value is not supported
- or is not an appropriate combination (for example MD5 and DSA).
-
-@@ -74,4 +74,13 @@ or is not an appropriate combination (fo
- L<SSL_CTX_set_cert_cb(3)>,
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_verify_result.pod
-+++ b/doc/ssl/SSL_get_verify_result.pod
-@@ -54,4 +54,13 @@ L<ssl(3)>, L<SSL_set_verify_result(3)>,
- L<SSL_get_peer_certificate(3)>,
- L<verify(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_get_version.pod
-+++ b/doc/ssl/SSL_get_version.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SSL_get_version - get the protocol version of a connection.
-+SSL_get_version, SSL_is_dtls - get the protocol information of a connection
-
- =head1 SYNOPSIS
-
-@@ -10,14 +10,18 @@ SSL_get_version - get the protocol versi
-
- const char *SSL_get_version(const SSL *ssl);
-
-+ int SSL_is_dtls(const SSL *ssl);
-+
- =head1 DESCRIPTION
-
- SSL_get_version() returns the name of the protocol used for the
- connection B<ssl>.
-
-+SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
-+
- =head1 RETURN VALUES
-
--The following strings can be returned:
-+SSL_get_version() returns one of the following strings:
-
- =over 4
-
-@@ -47,4 +51,17 @@ This indicates that no version has been
-
- L<ssl(3)>
-
-+=head1 HISTORY
-+
-+SSL_is_dtls() was added in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_library_init.pod
-+++ b/doc/ssl/SSL_library_init.pod
-@@ -10,18 +10,20 @@ SSL_library_init, OpenSSL_add_ssl_algori
- #include <openssl/ssl.h>
-
- int SSL_library_init(void);
-- #define OpenSSL_add_ssl_algorithms() SSL_library_init()
-+
-+ int OpenSSL_add_ssl_algorithms(void);
-
- =head1 DESCRIPTION
-
- SSL_library_init() registers the available SSL/TLS ciphers and digests.
-
--OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init().
-+OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is
-+implemented as a macro.
-
- =head1 NOTES
-
- SSL_library_init() must be called before any other action takes place.
--SSL_library_init() is not reentrant.
-+SSL_library_init() is not reentrant.
-
- =head1 WARNING
-
-@@ -43,4 +45,13 @@ L<RAND_add(3)>
- The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were
- deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_load_client_CA_file.pod
-+++ b/doc/ssl/SSL_load_client_CA_file.pod
-@@ -30,7 +30,7 @@ it is not limited to CA certificates.
- SSL_CTX *ctx;
- STACK_OF(X509_NAME) *cert_names;
-
-- ...
-+ ...
- cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
- if (cert_names != NULL)
- SSL_CTX_set_client_CA_list(ctx, cert_names);
-@@ -59,4 +59,13 @@ Pointer to the subject names of the succ
- L<ssl(3)>,
- L<SSL_CTX_set_client_CA_list(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_new.pod
-+++ b/doc/ssl/SSL_new.pod
-@@ -9,7 +9,7 @@ SSL_new, SSL_up_ref - create a new SSL s
- #include <openssl/ssl.h>
-
- SSL *SSL_new(SSL_CTX *ctx);
-- void SSL_up_ref(SSL *s);
-+ int SSL_up_ref(SSL *s);
-
- =head1 DESCRIPTION
-
-@@ -38,6 +38,8 @@ find out the reason.
-
- The return value points to an allocated SSL structure.
-
-+SSL_up_ref() returns 1 for success and 0 for failure.
-+
- =back
-
- =head1 SEE ALSO
-@@ -47,4 +49,13 @@ L<SSL_CTX_set_options(3)>,
- L<SSL_get_SSL_CTX(3)>,
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_pending.pod
-+++ b/doc/ssl/SSL_pending.pod
-@@ -56,4 +56,13 @@ L<SSL_CTX_set_split_send_fragment(3)>, L
-
- The SSL_has_pending() function was added in OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_read.pod
-+++ b/doc/ssl/SSL_read.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SSL_read - read bytes from a TLS/SSL connection.
-+SSL_read - read bytes from a TLS/SSL connection
-
- =head1 SYNOPSIS
-
-@@ -22,7 +22,7 @@ not already explicitly performed by L<SS
- L<SSL_accept(3)>. If the
- peer requests a re-negotiation, it will be performed transparently during
- the SSL_read() operation. The behaviour of SSL_read() depends on the
--underlying BIO.
-+underlying BIO.
-
- For the transparent negotiation to succeed, the B<ssl> must have been
- initialized to client or server mode. This is being done by calling
-@@ -47,7 +47,7 @@ record is complete and SSL_read() can su
-
- If the underlying BIO is B<blocking>, SSL_read() will only return, once the
- read operation has been finished or an error occurred, except when a
--renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
-+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
- This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
- L<SSL_CTX_set_mode(3)> call.
-
-@@ -116,4 +116,13 @@ L<SSL_pending(3)>,
- L<SSL_shutdown(3)>, L<SSL_set_shutdown(3)>,
- L<ssl(3)>, L<bio(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_rstate_string.pod
-+++ b/doc/ssl/SSL_rstate_string.pod
-@@ -56,4 +56,13 @@ The read state is unknown. This should n
-
- L<ssl(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_session_reused.pod
-+++ b/doc/ssl/SSL_session_reused.pod
-@@ -42,4 +42,13 @@ A session was reused.
- L<ssl(3)>, L<SSL_set_session(3)>,
- L<SSL_CTX_set_session_cache_mode(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_set1_host.pod
-+++ b/doc/ssl/SSL_set1_host.pod
-@@ -2,13 +2,12 @@
-
- =head1 NAME
-
-- SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername -
-- SSL server verification parameters
-+SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername -
-+SSL server verification parameters
-
- =head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-- #include <openssl/x509_vfy.h>
-
- int SSL_set1_host(SSL *s, const char *hostname);
- int SSL_add1_host(SSL *s, const char *hostname);
-@@ -72,8 +71,6 @@ applicable (as with RFC7671 DANE-EE(3)),
- matched. Otherwise, it returns the matched peername. To determine
- whether verification succeeded call L<SSL_get_verify_result(3)>.
-
--=head1 NOTES
--
- =head1 EXAMPLE
-
- Suppose "smtp.example.com" is the MX host of the domain "example.com".
-@@ -112,4 +109,13 @@ L<SSL_dane_enable(3)>.
-
- These functions were first added to OpenSSL 1.1.0.
-
-+=head1 COPYRIGHT
-+
-+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_set_bio.pod
-+++ b/doc/ssl/SSL_set_bio.pod
-@@ -2,29 +2,85 @@
-
- =head1 NAME
-
--SSL_set_bio, SSL_set_rbio, SSL_set_wbio - connect the SSL object with a BIO
-+SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO
-
- =head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
-+ void SSL_set0_rbio(SSL *s, BIO *rbio);
-+ void SSL_set0_wbio(SSL *s, BIO *wbio);
-
- =head1 DESCRIPTION
-
--SSL_set_bio() connects the BIOs B<rbio> and B<wbio> for the read and write
--operations of the TLS/SSL (encrypted) side of B<ssl>.
-+SSL_set0_rbio() connects the BIO B<rbio> for the read operations of the B<ssl>
-+object. The SSL engine inherits the behaviour of B<rbio>. If the BIO is
-+non-blocking then the B<ssl> object will also have non-blocking behaviour. This
-+function transfers ownership of B<rbio> to B<ssl>. It will be automatically
-+freed using L<BIO_free_all(3)> when the B<ssl> is freed. On calling this
-+function, any existing B<rbio> that was previously set will also be freed via a
-+call to L<BIO_free_all(3)> (this includes the case where the B<rbio> is set to
-+the same value as previously).
-
--The SSL engine inherits the behaviour of B<rbio> and B<wbio>, respectively.
--If a BIO is non-blocking, the B<ssl> will also have non-blocking behaviour.
-+SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects
-+the BIO B<wbio> for the write operations of the B<ssl> object. Note that if the
-+rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take
-+ownership of one reference. Therefore it may be necessary to increment the
-+number of references available using L<BIO_up_ref(3)> before calling the set0
-+functions.
-
--If there was already a BIO connected to B<ssl>, BIO_free() will be called
--(for both the reading and writing side, if different).
-+SSL_set_bio() does a similar job as SSL_set0_rbio() and SSL_set0_wbio() except
-+that it connects both the B<rbio> and the B<wbio> at the same time. This
-+function transfers the ownership of B<rbio> and B<wbio> to B<ssl> except that
-+the rules for this are much more complex. For this reason this function is
-+considered a legacy function and SSL_set0_rbio() and SSL_set0_wbio() should be
-+used in preference. The ownership rules are as follows:
-
--SSL_set_rbio() does the same job as SSL_set_bio() except that it enables you
--to only connect the read bio, without touching the write bio. Similarly
--SSL_set_wbio() enables you to connect the write bio without touching the read
--bio.
-+=over 4
-+
-+=item
-+
-+If neither the rbio or wbio have changed from their previous values then nothing
-+is done.
-+
-+=item
-+
-+If the rbio and wbio parameters are different and both are different to their
-+previously set values then one reference is consumed for the rbio and one
-+reference is consumed for the wbio.
-+
-+=item
-+
-+If the rbio and wbio parameters are the same and the rbio is not the same as the
-+previously set value then one reference is consumed.
-+
-+=item
-+
-+If the rbio and wbio parameters are the same and the rbio is the same as the
-+previously set value, then no additional references are consumed.
-+
-+=item
-+
-+If the rbio and wbio parameters are different and the rbio is the same as the
-+previously set value then one reference is consumbed for the wbio and no
-+references are consumed for the rbio.
-+
-+=item
-+
-+If the rbio and wbio parameters are different and the wbio is the same as the
-+previously set value and the old rbio and wbio values were the same as each
-+other then one reference is consumed for the rbio and no references are consumed
-+for the wbio.
-+
-+=item
-+
-+If the rbio and wbio parameters are different and the wbio is the same as the
-+previously set value and the old rbio and wbio values were different to each
-+other then one reference is consumed for the rbio and one reference is consumed
-+for the wbio.
-+
-+=back
-
- =head1 RETURN VALUES
-
-@@ -38,6 +94,15 @@ L<SSL_shutdown(3)>, L<ssl(3)>, L<bio(3)>
-
- =head1 HISTORY
-
--SSL_set_rbio() and SSL_set_wbio() were added in OpenSSL 1.1.0.
-+SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/ssl/SSL_set_connect_state.pod
-+++ b/doc/ssl/SSL_set_connect_state.pod
-@@ -52,4 +52,13 @@ L<SSL_write(3)>, L<SSL_read(3)>,
- L<SSL_do_handshake(3)>,
- L<SSL_CTX_set_ssl_version(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_set_fd.pod
-+++ b/doc/ssl/SSL_set_fd.pod
-@@ -51,4 +51,13 @@ L<SSL_get_fd(3)>, L<SSL_set_bio(3)>,
- L<SSL_connect(3)>, L<SSL_accept(3)>,
- L<SSL_shutdown(3)>, L<ssl(3)> , L<bio(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_set_session.pod
-+++ b/doc/ssl/SSL_set_session.pod
-@@ -21,7 +21,11 @@ with the L<SSL_session_reused(3)> call.
-
- If there is already a session set inside B<ssl> (because it was set with
- SSL_set_session() before or because the same B<ssl> was already used for
--a connection), SSL_SESSION_free() will be called for that session.
-+a connection), SSL_SESSION_free() will be called for that session. If that old
-+session is still B<open>, it is considered bad and will be removed from the
-+session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
-+not called for the connection (or at least L<SSL_set_shutdown(3)> was used to
-+set the SSL_SENT_SHUTDOWN state).
-
- =head1 NOTES
-
-@@ -54,4 +58,13 @@ L<SSL_get_session(3)>,
- L<SSL_session_reused(3)>,
- L<SSL_CTX_set_session_cache_mode(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_set_shutdown.pod
-+++ b/doc/ssl/SSL_set_shutdown.pod
-@@ -69,4 +69,13 @@ L<ssl(3)>, L<SSL_shutdown(3)>,
- L<SSL_CTX_set_quiet_shutdown(3)>,
- L<SSL_clear(3)>, L<SSL_free(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_set_verify_result.pod
-+++ b/doc/ssl/SSL_set_verify_result.pod
-@@ -35,4 +35,13 @@ L<ssl(3)>, L<SSL_get_verify_result(3)>,
- L<SSL_get_peer_certificate(3)>,
- L<verify(1)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_shutdown.pod
-+++ b/doc/ssl/SSL_shutdown.pod
-@@ -12,7 +12,7 @@ SSL_shutdown - shut down a TLS/SSL conne
-
- =head1 DESCRIPTION
-
--SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
-+SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
- "close notify" shutdown alert to the peer.
-
- =head1 NOTES
-@@ -62,7 +62,7 @@ It is therefore recommended, to check th
- and call SSL_shutdown() again, if the bidirectional shutdown is not yet
- complete (return value of the first call is 0).
-
--The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
-+The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
-
- If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
- handshake step has been finished or an error occurred.
-@@ -120,4 +120,13 @@ L<SSL_CTX_set_quiet_shutdown(3)>,
- L<SSL_clear(3)>, L<SSL_free(3)>,
- L<ssl(3)>, L<bio(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_state_string.pod
-+++ b/doc/ssl/SSL_state_string.pod
-@@ -42,4 +42,13 @@ Detailed description of possible states
-
- L<ssl(3)>, L<SSL_CTX_set_info_callback(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_want.pod
-+++ b/doc/ssl/SSL_want.pod
-@@ -2,7 +2,9 @@
-
- =head1 NAME
-
--SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation
-+SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup,
-+SSL_want_async, SSL_want_async_job - obtain state information TLS/SSL I/O
-+operation
-
- =head1 SYNOPSIS
-
-@@ -13,6 +15,8 @@ SSL_want, SSL_want_nothing, SSL_want_rea
- int SSL_want_read(const SSL *ssl);
- int SSL_want_write(const SSL *ssl);
- int SSL_want_x509_lookup(const SSL *ssl);
-+ int SSL_want_async(const SSL *ssl);
-+ int SSL_want_async_job(const SSL *ssl);
-
- =head1 DESCRIPTION
-
-@@ -65,13 +69,35 @@ SSL_CTX_set_client_cert_cb() has asked t
- A call to L<SSL_get_error(3)> should return
- SSL_ERROR_WANT_X509_LOOKUP.
-
-+=item SSL_ASYNC_PAUSED
-+
-+An asynchronous operation partially completed and was then paused. See
-+L<SSL_get_all_async_fds(3)>. A call to L<SSL_get_error(3)> should return
-+SSL_ERROR_WANT_ASYNC.
-+
-+=item SSL_ASYNC_NO_JOBS
-+
-+The asynchronous job could not be started because there were no async jobs
-+available in the pool (see ASYNC_init_thread(3)). A call to L<SSL_get_error(3)>
-+should return SSL_ERROR_WANT_ASYNC_JOB.
-+
- =back
-
--SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup()
--return 1, when the corresponding condition is true or 0 otherwise.
-+SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(),
-+SSL_want_async() and SSL_want_async_job() return 1, when the corresponding
-+condition is true or 0 otherwise.
-
- =head1 SEE ALSO
-
- L<ssl(3)>, L<err(3)>, L<SSL_get_error(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/SSL_write.pod
-+++ b/doc/ssl/SSL_write.pod
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--SSL_write - write bytes to a TLS/SSL connection.
-+SSL_write - write bytes to a TLS/SSL connection
-
- =head1 SYNOPSIS
-
-@@ -22,7 +22,7 @@ not already explicitly performed by L<SS
- L<SSL_accept(3)>. If the
- peer requests a re-negotiation, it will be performed transparently during
- the SSL_write() operation. The behaviour of SSL_write() depends on the
--underlying BIO.
-+underlying BIO.
-
- For the transparent negotiation to succeed, the B<ssl> must have been
- initialized to client or server mode. This is being done by calling
-@@ -31,7 +31,7 @@ before the first call to an L<SSL_read(3
-
- If the underlying BIO is B<blocking>, SSL_write() will only return, once the
- write operation has been finished or an error occurred, except when a
--renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
-+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
- This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
- L<SSL_CTX_set_mode(3)> call.
-
-@@ -102,4 +102,13 @@ L<SSL_connect(3)>, L<SSL_accept(3)>
- L<SSL_set_connect_state(3)>,
- L<ssl(3)>, L<bio(3)>
-
-+=head1 COPYRIGHT
-+
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
- =cut
---- a/doc/ssl/d2i_SSL_SESSION.pod
-+++ b/doc/ssl/d2i_SSL_SESSION.pod
-@@ -13,28 +13,8 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - conve
-
- =head1 DESCRIPTION
-
--d2i_SSL_SESSION() transforms the external ASN1 representation of an SSL/TLS
--session, stored as binary data at location B<pp> with length B<length>, into
--an SSL_SESSION object.
--
--i2d_SSL_SESSION() transforms the SSL_SESSION object B<in> into the ASN1
--representation and stores it into the memory location pointed to by B<pp>.
--The length of the resulting ASN1 representation is returned. If B<pp> is
--the NULL pointer, only the length is calculated and returned.
--
--=head1 NOTES
--
--The SSL_SESSION object is built from several malloc()ed parts, it can
--therefore not be moved, copied or stored directly. In order to store
--session data on disk or into a database, it must be transformed into
--a binary ASN1 representation.
--
--When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
--allocated. The reference count is 1, so that the session must be
--explicitly removed using L<SSL_SESSION_free(3)>,
--unless the SSL_SESSION object is completely taken over, when being called
--inside the get_session_cb() (see
--L<SSL_CTX_sess_set_get_cb(3)>).
-+These functions decode and encode an SSL_SESSION object.
-+For encoding details see L<d2i_X509(3)>.
-
- SSL_SESSION objects keep internal link information about the session cache
- list, when being inserted into one SSL_CTX object's session cache.
-@@ -42,23 +22,6 @@ One SSL_SESSION object, regardless of it
- only be used with one SSL_CTX object (and the SSL objects created
- from this SSL_CTX object).
-
--When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
--large enough to hold the binary representation of the session. There is no
--known limit on the size of the created ASN1 representation, so the necessary
--amount of space should be obtained by first calling i2d_SSL_SESSION() with
--B<pp=NULL>, and obtain the size needed, then allocate the memory and
--call i2d_SSL_SESSION() again.
--Note that this will advance the value contained in B<*pp> so it is necessary
--to save a copy of the original allocation.
--For example:
-- int i,j;
-- char *p, *temp;
-- i = i2d_SSL_SESSION(sess, NULL);
-- p = temp = malloc(i);
-- j = i2d_SSL_SESSION(sess, &temp);
-- assert(i == j);
-- assert(p+i == temp);
--
- =head1 RETURN VALUES
-
- d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
-@@ -71,6 +34,16 @@ When the session is not valid, B<0> is r
- =head1 SEE ALSO
-
- L<ssl(3)>, L<SSL_SESSION_free(3)>,
--L<SSL_CTX_sess_set_get_cb(3)>
-+L<SSL_CTX_sess_set_get_cb(3)>,
-+L<d2i_X509(3)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-
- =cut
---- a/doc/ssl/ssl.pod
-+++ b/doc/ssl/ssl.pod
-@@ -1,12 +1,15 @@
--
- =pod
-
-+=for comment openssl_manual_section:7
-+
- =head1 NAME
-
- SSL - OpenSSL SSL/TLS library
-
- =head1 SYNOPSIS
-
-+See the individual manual pages for details.
-+
- =head1 DESCRIPTION
-
- The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
-@@ -111,7 +114,7 @@ it's already included by ssl.h>.
- Currently the OpenSSL B<ssl> library exports 214 API functions.
- They are documented in the following:
-
--=head2 DEALING WITH PROTOCOL METHODS
-+=head2 Dealing with Protocol Methods
-
- Here we document the various API functions which deal with the SSL/TLS
- protocol methods defined in B<SSL_METHOD> structures.
-@@ -182,7 +185,7 @@ Constructor for the SSLv3 SSL_METHOD str
-
- =back
-
--=head2 DEALING WITH CIPHERS
-+=head2 Dealing with Ciphers
-
- Here we document the various API functions which deal with the SSL/TLS
- ciphers defined in B<SSL_CIPHER> structures.
-@@ -214,7 +217,7 @@ in the specification the first time).
-
- =back
-
--=head2 DEALING WITH PROTOCOL CONTEXTS
-+=head2 Dealing with Protocol Contexts
-
- Here we document the various API functions which deal with the SSL/TLS
- protocol context defined in the B<SSL_CTX> structure.
-@@ -265,13 +268,11 @@ protocol context defined in the B<SSL_CT
-
- =item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
-
--=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
--
--=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
-+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, const char *CAfile, const char *CApath);
-
- =item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
-
--=item void SSL_CTX_up_ref(SSL_CTX *ctx);
-+=item int SSL_CTX_up_ref(SSL_CTX *ctx);
-
- =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
-
-@@ -305,7 +306,7 @@ protocol context defined in the B<SSL_CT
-
- =item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
-
--=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
-+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx, t);
-
- =item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
-
-@@ -317,7 +318,7 @@ protocol context defined in the B<SSL_CT
-
- =item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
-
--=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
-+=item int B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
-
- =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
-
-@@ -380,19 +381,19 @@ Use the file path to locate trusted CA c
-
- =item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
-
--=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
-+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, const char *file, int type);
-
- =item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
-
- =item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
-
--=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
-+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, const char *file, int type);
-
- =item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
-
- =item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
-
--=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
-+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, const char *file, int type);
-
- =item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
-
-@@ -405,11 +406,9 @@ Use the file path to locate trusted CA c
- =item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
-
-
--
--
- =back
-
--=head2 DEALING WITH SESSIONS
-+=head2 Dealing with Sessions
-
- Here we document the various API functions which deal with the SSL/TLS
- sessions defined in the B<SSL_SESSION> structures.
-@@ -438,7 +437,7 @@ sessions defined in the B<SSL_SESSION> s
-
- =item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
-
--=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
-+=item int B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
-
- =item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
-
-@@ -448,7 +447,7 @@ sessions defined in the B<SSL_SESSION> s
-
- =back
-
--=head2 DEALING WITH CONNECTIONS
-+=head2 Dealing with Connections
-
- Here we document the various API functions which deal with the SSL/TLS
- connection defined in the B<SSL> structure.
-@@ -521,6 +520,8 @@ fresh handle for each connection.
-
- =item const char *B<SSL_get_cipher>(const SSL *ssl);
-
-+=item int B<SSL_is_dtls>(const SSL *ssl);
-+
- =item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
-
- =item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
-@@ -575,7 +576,7 @@ fresh handle for each connection.
-
- =item long B<SSL_get_timeout>(const SSL *ssl);
-
--=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *)
-+=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int, X509_STORE_CTX *)
-
- =item int B<SSL_get_verify_mode>(const SSL *ssl);
-
-@@ -595,11 +596,11 @@ fresh handle for each connection.
-
- =item int B<SSL_is_init_finished>(SSL *ssl);
-
--=item STACK *B<SSL_load_client_CA_file>(char *file);
-+=item STACK *B<SSL_load_client_CA_file>(const char *file);
-
- =item SSL *B<SSL_new>(SSL_CTX *ctx);
-
--=item void SSL_up_ref(SSL *s);
-+=item int SSL_up_ref(SSL *s);
-
- =item long B<SSL_num_renegotiations>(SSL *ssl);
-
-@@ -683,19 +684,19 @@ Returns the current handshake state.
-
- =item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
-
--=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
-+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, const char *file, int type);
-
- =item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
-
- =item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
-
--=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
-+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, const char *file, int type);
-
- =item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
-
- =item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
-
--=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
-+=item int B<SSL_use_certificate_file>(SSL *ssl, const char *file, int type);
-
- =item int B<SSL_version>(const SSL *ssl);
-
-@@ -723,6 +724,10 @@ Returns the current handshake state.
-
- =back
-
-+=head1 RETURN VALUES
-+
-+See the individual manual pages for details.
-+
- =head1 SEE ALSO
-
- L<openssl(1)>, L<crypto(3)>,
-@@ -808,5 +813,13 @@ in OpenSSL 1.1.0.
- The return type of B<SSL_copy_session_id> was changed from void to int in
- OpenSSL 1.1.0.
-
--=cut
-+=head1 COPYRIGHT
-
-+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
---- a/e_os.h
-+++ b/e_os.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_E_OS_H
-@@ -151,6 +103,7 @@ extern "C" {
- # define writesocket(s,b,n) send((s),(b),(n),0)
- # elif defined(__DJGPP__)
- # define WATT32
-+# define WATT32_NO_OLDIES
- # define get_last_socket_error() errno
- # define clear_socket_error() errno=0
- # define closesocket(s) close_s(s)
-@@ -185,11 +138,14 @@ extern "C" {
- # include <unistd.h>
- # include <sys/stat.h>
- # include <sys/socket.h>
-+# include <sys/un.h>
- # include <tcp.h>
- # include <netdb.h>
- # define _setmode setmode
- # define _O_TEXT O_TEXT
- # define _O_BINARY O_BINARY
-+# define HAS_LFN_SUPPORT(name) (pathconf((name), _PC_NAME_MAX) > 12)
-+# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */
- # undef DEVRANDOM
- # define DEVRANDOM "/dev/urandom\x24"
- # endif /* __DJGPP__ */
-@@ -223,7 +179,7 @@ extern "C" {
- */
- # define _WIN32_WINNT 0x0501
- # endif
--# if !defined(OPENSSL_NO_SOCK) && (defined(_WIN32_WINNT) || defined(_WIN32_WCE))
-+# if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
- /*
- * Just like defining _WIN32_WINNT including winsock2.h implies
- * certain "discipline" for maintaining [broad] binary compatibility.
-@@ -369,6 +325,8 @@ extern FILE *_imp___iob;
- # define NO_SYS_PARAM_H
- # define NO_SYS_UN_H
-
-+# define DEFAULT_HOME "SYS$LOGIN:"
-+
- # else
- /* !defined VMS */
- # ifdef OPENSSL_UNISTD
-@@ -392,10 +350,6 @@ extern FILE *_imp___iob;
-
- /*************/
-
--# if defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_DGRAM)
--# define OPENSSL_NO_DGRAM
--# endif
--
- # ifdef USE_SOCKETS
- # ifdef OPENSSL_NO_SOCK
- # elif defined(WINDOWS) || defined(MSDOS)
-@@ -517,12 +471,17 @@ struct servent *PASCAL getservbyname(con
- # if defined(OPENSSL_SYS_WINDOWS)
- # define strcasecmp _stricmp
- # define strncasecmp _strnicmp
--# elif defined(OPENSSL_SYS_VMS)
--/* VMS below version 7.0 doesn't have strcasecmp() */
--# include "internal/o_str.h"
--# define strcasecmp OPENSSL_strcasecmp
--# define strncasecmp OPENSSL_strncasecmp
--# define OPENSSL_IMPLEMENTS_strncasecmp
-+# if (_MSC_VER >= 1310)
-+# define open _open
-+# define fdopen _fdopen
-+# define close _close
-+# ifndef strdup
-+# define strdup _strdup
-+# endif
-+# define unlink _unlink
-+# endif
-+# else
-+# include <strings.h>
- # endif
-
- /* vxworks */
-@@ -552,13 +511,6 @@ struct servent *getservbyname(const char
- # endif
- /* end vxworks */
-
--/* haiku */
--# if defined(OPENSSL_SYS_HAIKU)
--# include <sys/select.h>
--# include <sys/time.h>
--# endif
--/* end haiku */
--
- #define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0]))
-
- #ifdef __cplusplus
---- a/engines/Makefile.in
-+++ /dev/null
-@@ -1,119 +0,0 @@
--#
--# OpenSSL/engines/Makefile
--#
--
--DIR= engines
--TOP= ..
--CC= cc
--INCLUDES= -I../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--RECURSIVE_MAKE= for i in $${ENGDIRS:-$(ENGDIRS)} ; do \
-- (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
-- $(MAKE) -e TOP=../.. DIR=$$i $$target ) || exit 1; \
-- done;
--
--PADLOCK_ASM_OBJ=
--
--PLIB_LDFLAG=
--EX_LIBS=
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--ASFLAGS= $(INCLUDES) $(ASFLAG) $(SHARED_CFLAG)
--AFLAGS= $(ASFLAGS)
--
--GENERAL=Makefile engines.com install.com engine_vector.mar
--
--LIB=$(TOP)/libcrypto.a
--LIBNAMES= padlock capi dasync
--LIBSRC= \
-- e_padlock.c \
-- e_capi.c \
-- e_dasync.c
--LIBOBJ= \
-- e_padlock.o \
-- e_capi.o \
-- e_dasync.o \
-- $(PADLOCK_ASM_OBJ)
--
--TESTLIBNAMES= ossltest
--TESTLIBSRC= e_ossltest.c
--TESTLIBOBJ= e_ossltest.o
--
--SRC= $(LIBSRC)
--
--HEADER= \
-- e_capi_err.c e_capi_err.h \
-- e_ossltest_err.c e_ossltest_err.h \
-- e_dasync_err.c e_dasync_err.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ..; $(MAKE) DIRS=$(DIR) all)
--
--all: lib subdirs
--
--lib: $(LIBOBJ) $(TESTLIBOBJ)
-- @if [ "$(DYNAMIC_ENGINES)" = 1 ]; then \
-- set -e; \
-- for l in $(LIBNAMES) $(TESTLIBNAMES); do \
-- $(MAKE) -f ../Makefile.shared -e \
-- LIBNAME=$$l LIBEXTRAS="e_$$l*.o" \
-- LIBDEPS='$(PLIB_LDFLAG) -L.. -lcrypto $(EX_LIBS)' \
-- link_dso.$(SHLIB_TARGET); \
-- done; \
-- else \
-- $(AR) $(LIB) $(LIBOBJ); \
-- $(RANLIB) $(LIB) || echo Never mind.; \
-- fi; \
-- touch lib
--
--e_padlock-x86.s: asm/e_padlock-x86.pl
-- $(PERL) asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) $@
--e_padlock-x86_64.s: asm/e_padlock-x86_64.pl
-- $(PERL) asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) $@
--
--subdirs:
-- @target=all; $(RECURSIVE_MAKE)
--
--install:
-- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-- @if [ -n "$(SHARED_LIBS)" ]; then \
-- set -e; \
-- $(PERL) $(TOP)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines; \
-- for l in $(LIBNAMES); do \
-- cp $${l}$(DSO_EXT) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$${l}$(DSO_EXT).new; \
-- chmod 555 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$${l}$(DSO_EXT).new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$${l}$(DSO_EXT).new $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$${l}$(DSO_EXT); \
-- done; \
-- fi
-- @target=install; $(RECURSIVE_MAKE)
--
--uninstall:
-- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-- @if [ -n "$(SHARED_LIBS)" ]; then \
-- set -e; \
-- for l in $(LIBNAMES); do \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$${l}$(DSO_EXT); \
-- done; \
-- fi
-- @target=install; $(RECURSIVE_MAKE)
--
--errors:
-- set -e; for l in $(LIBNAMES); do \
-- $(PERL) ../util/mkerr.pl -conf e_$$l.ec \
-- -nostatic -staticloader -write e_$$l.c; \
-- done
--
--depend:
-- @[ -z "$(THIS)" ] || $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC) $(TESTLIBSRC)
-- @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-- @target=clean; $(RECURSIVE_MAKE)
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/engines/afalg/Makefile.in
-+++ /dev/null
-@@ -1,75 +0,0 @@
--#
--# OpenSSL/engines/afalg/Makefile
--#
--
--DIR= afalg
--TOP= ../..
--CC= cc
--INCLUDES= -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--LIB=$(TOP)/libcrypto.a
--
--LIBNAME=afalg
--LIBSRC= e_afalg.c
--LIBOBJ= e_afalg.o e_afalg_err.o
--
--SRC= $(LIBSRC)
--
--top:
-- (cd $(TOP); $(MAKE) DIRS=engines sub_all)
--
--all: errors lib
--
--errors:
-- $(PERL) $(TOP)/util/mkerr.pl -conf e_afalg.ec -nostatic -write $(SRC)
--
--lib: $(LIBOBJ)
-- @if [ "$(DYNAMIC_ENGINES)" = 1 ]; then \
-- $(MAKE) -f $(TOP)/Makefile.shared -e \
-- LIBNAME=$(LIBNAME) \
-- LIBEXTRAS='$(LIBOBJ)' \
-- LIBDEPS='-L$(TOP) -lcrypto' \
-- link_dso.$(SHLIB_TARGET); \
-- else \
-- $(AR) $(LIB) $(LIBOBJ); \
-- fi
-- @touch lib
--
--install:
-- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-- @if [ -n "$(SHARED_LIBS)" ]; then \
-- set -e; \
-- $(PERL) $(TOP)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines; \
-- cp $(LIBNAME)$(DSO_EXT) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$(LIBNAME)$(DSO_EXT).new; \
-- chmod 555 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$(LIBNAME)$(DSO_EXT).new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$(LIBNAME)$(DSO_EXT).new $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$(LIBNAME)$(DSO_EXT); \
-- fi
--
--
--depend:
-- @[ -z "$(THIS)" ] || $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(TESTLIBSRC)
--
--clean:
-- rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.dll *.dylib
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
--e_afalg.o: e_afalg.c ../../include/openssl/engine.h \
-- ../../include/openssl/opensslconf.h ../../include/openssl/bn.h \
-- ../../include/openssl/e_os2.h ../../include/openssl/ossl_typ.h \
-- ../../include/openssl/crypto.h ../../include/openssl/stack.h \
-- ../../include/openssl/safestack.h ../../include/openssl/opensslv.h \
-- ../../include/openssl/symhacks.h ../../include/openssl/rsa.h \
-- ../../include/openssl/asn1.h ../../include/openssl/bio.h \
-- ../../include/openssl/dsa.h ../../include/openssl/dh.h \
-- ../../include/openssl/ec.h ../../include/openssl/rand.h \
-- ../../include/openssl/ui.h ../../include/openssl/err.h \
-- ../../include/openssl/lhash.h ../../include/openssl/x509.h \
-- ../../include/openssl/buffer.h ../../include/openssl/evp.h \
-- ../../include/openssl/objects.h ../../include/openssl/obj_mac.h \
-- ../../include/openssl/sha.h ../../include/openssl/x509_vfy.h \
-- ../../include/openssl/pkcs7.h ../../include/openssl/async.h e_afalg.h \
-- e_afalg_err.h
---- a/engines/afalg/build.info
-+++ b/engines/afalg/build.info
-@@ -1,5 +1,3 @@
--{- use File::Spec::Functions qw/:DEFAULT rel2abs/; -}
--
- IF[{- !$disabled{"engine"} -}]
- IF[{- !$disabled{afalg} -}]
- IF[{- $disabled{"dynamic-engine"} -}]
-@@ -9,7 +7,7 @@ IF[{- !$disabled{"engine"} -}]
- ENGINES=afalg
- SOURCE[afalg]=e_afalg.c e_afalg_err.c
- DEPEND[afalg]=../../libcrypto
-- INCLUDE[afalg]= {- rel2abs(catdir($builddir,"../../include")) -} ../../include
-+ INCLUDE[afalg]= ../../include
- ENDIF
- ENDIF
- ENDIF
---- a/engines/afalg/e_afalg.c
-+++ b/engines/afalg/e_afalg.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Required for vmsplice */
-@@ -131,7 +86,7 @@ static int afalg_chk_platform(void);
-
- /* Engine Id and Name */
- static const char *engine_afalg_id = "afalg";
--static const char *engine_afalg_name = "AFLAG engine support";
-+static const char *engine_afalg_name = "AFALG engine support";
-
- static int afalg_cipher_nids[] = {
- NID_aes_128_cbc
-@@ -139,27 +94,27 @@ static int afalg_cipher_nids[] = {
-
- static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
-
--static inline int io_setup(unsigned n, aio_context_t *ctx)
-+static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
- {
- return syscall(__NR_io_setup, n, ctx);
- }
-
--static inline int eventfd(int n)
-+static ossl_inline int eventfd(int n)
- {
- return syscall(__NR_eventfd, n);
- }
-
--static inline int io_destroy(aio_context_t ctx)
-+static ossl_inline int io_destroy(aio_context_t ctx)
- {
- return syscall(__NR_io_destroy, ctx);
- }
-
--static inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
-+static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
- {
- return syscall(__NR_io_submit, ctx, n, iocb);
- }
-
--static inline int io_getevents(aio_context_t ctx, long min, long max,
-+static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
- struct io_event *events,
- struct timespec *timeout)
- {
-@@ -275,7 +230,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio,
- memset(cb, '\0', sizeof(*cb));
- cb->aio_fildes = sfd;
- cb->aio_lio_opcode = IOCB_CMD_PREAD;
-- cb->aio_buf = (unsigned long)buf;
-+ cb->aio_buf = (uint64_t)buf;
- cb->aio_offset = 0;
- cb->aio_data = 0;
- cb->aio_nbytes = len;
-@@ -355,7 +310,7 @@ int afalg_fin_cipher_aio(afalg_aio *aio,
- return 1;
- }
-
--static inline void afalg_set_op_sk(struct cmsghdr *cmsg,
-+static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
- const unsigned int op)
- {
- cmsg->cmsg_level = SOL_ALG;
-@@ -377,7 +332,7 @@ static void afalg_set_iv_sk(struct cmsgh
- memcpy(aiv->iv, iv, len);
- }
-
--static inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
-+static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
- const int klen)
- {
- int ret;
-@@ -776,6 +731,7 @@ static int afalg_chk_platform(void)
- int ret;
- int i;
- int kver[3] = { -1, -1, -1 };
-+ int sock;
- char *str;
- struct utsname ut;
-
-@@ -803,6 +759,14 @@ static int afalg_chk_platform(void)
- return 0;
- }
-
-+ /* Test if we can actually create an AF_ALG socket */
-+ sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
-+ if (sock == -1) {
-+ AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
-+ return 0;
-+ }
-+ close(sock);
-+
- return 1;
- }
-
---- a/engines/afalg/e_afalg.h
-+++ b/engines/afalg/e_afalg.h
-@@ -1,59 +1,14 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--#ifndef _E_AFALG_H_
--# define _E_AFALG_H_
-+#ifndef HEADER_AFALG_H
-+# define HEADER_AFALG_H
-
- # ifdef ALG_DEBUG
- # define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
---- a/engines/afalg/e_afalg_err.c
-+++ b/engines/afalg/e_afalg_err.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/engines/afalg/e_afalg_err.h
-+++ b/engines/afalg/e_afalg_err.h
-@@ -1,55 +1,16 @@
--/* ====================================================================
-- * Copyright (c) 2001-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
-+ * made to it will be overwritten when the script next updates this file,
-+ * only reason strings will be preserved.
- */
-
- #ifndef HEADER_AFALG_ERR_H
-@@ -60,10 +21,6 @@ extern "C" {
- # endif
-
- /* BEGIN ERROR CODES */
--/*
-- * The following lines are auto generated by the script mkerr.pl. Any changes
-- * made after this point may be overwritten when the script is next run.
-- */
- void ERR_load_AFALG_strings(void);
- void ERR_unload_AFALG_strings(void);
- void ERR_AFALG_error(int function, int reason, char *file, int line);
---- a/engines/asm/e_padlock-x86.pl
-+++ b/engines/asm/e_padlock-x86.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
---- a/engines/asm/e_padlock-x86_64.pl
-+++ b/engines/asm/e_padlock-x86_64.pl
-@@ -1,4 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # ====================================================================
- # Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-@@ -23,7 +30,7 @@ if ($flavour =~ /\./) { $output = $flavo
- ( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
-
--open OUT,"| \"$^X\" $xlate $flavour $output";
-+open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
- *STDOUT=*OUT;
-
- $code=".text\n";
---- a/engines/build.info
-+++ b/engines/build.info
-@@ -1,4 +1,3 @@
--{- use File::Spec::Functions qw/:DEFAULT rel2abs/; -}
- IF[{- !$disabled{"engine"} -}]
- IF[{- $disabled{"dynamic-engine"} -}]
- LIBS=../libcrypto
-@@ -9,22 +8,23 @@ IF[{- !$disabled{"engine"} -}]
- SOURCE[../libcrypto]=e_capi.c
- ENDIF
- ELSE
-- ENGINES=padlock dasync ossltest
-+ ENGINES=padlock dasync
-+ ENGINES_NO_INST=ossltest
- SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
- DEPEND[padlock]=../libcrypto
-- INCLUDE[padlock]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[padlock]=../include
- IF[{- !$disabled{capieng} -}]
- ENGINES=capi
- SOURCE[capi]=e_capi.c
- DEPEND[capi]=../libcrypto
-- INCLUDE[capi]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[capi]=../include
- ENDIF
- SOURCE[dasync]=e_dasync.c
- DEPEND[dasync]=../libcrypto
-- INCLUDE[dasync]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[dasync]=../include
- SOURCE[ossltest]=e_ossltest.c
- DEPEND[ossltest]=../libcrypto
-- INCLUDE[ossltest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[ossltest]=../include
- ENDIF
-
- GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)
---- a/engines/capierr.bat
-+++ /dev/null
-@@ -1 +0,0 @@
--perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c
---- a/engines/e_capi.c
-+++ b/engines/e_capi.c
-@@ -1,63 +1,29 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--#include <stdio.h>
--#include <string.h>
--#include <stdlib.h>
-+#ifdef _WIN32
-+# ifndef _WIN32_WINNT
-+# define _WIN32_WINNT 0x0400
-+# endif
-+# include <windows.h>
-+# include <wincrypt.h>
-
--#include <openssl/crypto.h>
-+# include <stdio.h>
-+# include <string.h>
-+# include <stdlib.h>
-+# include <malloc.h>
-+# ifndef alloca
-+# define alloca _alloca
-+# endif
-+
-+# include <openssl/crypto.h>
-
--#ifdef OPENSSL_SYS_WIN32
- # ifndef OPENSSL_NO_CAPIENG
-
- # include <openssl/buffer.h>
-@@ -65,17 +31,6 @@
- # include <openssl/rsa.h>
- # include <openssl/dsa.h>
-
--# ifndef _WIN32_WINNT
--# define _WIN32_WINNT 0x0400
--# endif
--
--# include <windows.h>
--# include <wincrypt.h>
--# include <malloc.h>
--# ifndef alloca
--# define alloca _alloca
--# endif
--
- /*
- * This module uses several "new" interfaces, among which is
- * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
-@@ -94,7 +49,7 @@
- # define __COMPILE_CAPIENG
- # endif /* CERT_KEY_PROV_INFO_PROP_ID */
- # endif /* OPENSSL_NO_CAPIENG */
--#endif /* OPENSSL_SYS_WIN32 */
-+#endif /* _WIN32 */
-
- #ifdef __COMPILE_CAPIENG
-
-@@ -176,9 +131,11 @@ static int capi_rsa_priv_dec(int flen, c
- unsigned char *to, RSA *rsa, int padding);
- static int capi_rsa_free(RSA *rsa);
-
-+# ifndef OPENSSL_NO_DSA
- static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
- DSA *dsa);
- static int capi_dsa_free(DSA *dsa);
-+# endif
-
- static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
-@@ -337,6 +294,7 @@ static int capi_ctrl(ENGINE *e, int cmd,
- int ret = 1;
- CAPI_CTX *ctx;
- BIO *out;
-+ LPSTR tmpstr;
- if (capi_idx == -1) {
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
- return 0;
-@@ -365,9 +323,15 @@ static int capi_ctrl(ENGINE *e, int cmd,
- break;
-
- case CAPI_CMD_STORE_NAME:
-- OPENSSL_free(ctx->storename);
-- ctx->storename = OPENSSL_strdup(p);
-- CAPI_trace(ctx, "Setting store name to %s\n", p);
-+ tmpstr = OPENSSL_strdup(p);
-+ if (tmpstr != NULL) {
-+ OPENSSL_free(ctx->storename);
-+ ctx->storename = tmpstr;
-+ CAPI_trace(ctx, "Setting store name to %s\n", p);
-+ } else {
-+ CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
-+ ret = 0;
-+ }
- break;
-
- case CAPI_CMD_STORE_FLAGS:
-@@ -387,8 +351,14 @@ static int capi_ctrl(ENGINE *e, int cmd,
- break;
-
- case CAPI_CMD_DEBUG_FILE:
-- ctx->debug_file = OPENSSL_strdup(p);
-- CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
-+ tmpstr = OPENSSL_strdup(p);
-+ if (tmpstr != NULL) {
-+ ctx->debug_file = tmpstr;
-+ CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
-+ } else {
-+ CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
-+ ret = 0;
-+ }
- break;
-
- case CAPI_CMD_KEYTYPE:
-@@ -432,7 +402,9 @@ static int capi_ctrl(ENGINE *e, int cmd,
- }
-
- static RSA_METHOD *capi_rsa_method = NULL;
-+# ifndef OPENSSL_NO_DSA
- static DSA_METHOD *capi_dsa_method = NULL;
-+# endif
-
- static int use_aes_csp = 0;
-
-@@ -440,7 +412,9 @@ static int capi_init(ENGINE *e)
- {
- CAPI_CTX *ctx;
- const RSA_METHOD *ossl_rsa_meth;
-+# ifndef OPENSSL_NO_DSA
- const DSA_METHOD *ossl_dsa_meth;
-+# endif
- HCRYPTPROV hprov;
-
- if (capi_idx < 0) {
-@@ -468,6 +442,7 @@ static int capi_init(ENGINE *e)
- goto memerr;
- }
-
-+# ifndef OPENSSL_NO_DSA
- /* Setup DSA Method */
- dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
- ossl_dsa_meth = DSA_OpenSSL();
-@@ -481,6 +456,7 @@ static int capi_init(ENGINE *e)
- DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
- goto memerr;
- }
-+# endif
- }
-
- ctx = capi_ctx_new();
-@@ -526,8 +502,10 @@ static int capi_destroy(ENGINE *e)
- {
- RSA_meth_free(capi_rsa_method);
- capi_rsa_method = NULL;
-+# ifndef OPENSSL_NO_DSA
- DSA_meth_free(capi_dsa_method);
- capi_dsa_method = NULL;
-+# endif
- ERR_unload_CAPI_strings();
- return 1;
- }
-@@ -560,9 +538,11 @@ static int bind_capi(ENGINE *e)
- capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
- if (capi_rsa_method == NULL)
- return 0;
-+# ifndef OPENSSL_NO_DSA
- capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
- if (capi_dsa_method == NULL)
- goto memerr;
-+# endif
- if (!ENGINE_set_id(e, engine_capi_id)
- || !ENGINE_set_name(e, engine_capi_name)
- || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
-@@ -570,7 +550,9 @@ static int bind_capi(ENGINE *e)
- || !ENGINE_set_finish_function(e, capi_finish)
- || !ENGINE_set_destroy_function(e, capi_destroy)
- || !ENGINE_set_RSA(e, capi_rsa_method)
-+# ifndef OPENSSL_NO_DSA
- || !ENGINE_set_DSA(e, capi_dsa_method)
-+# endif
- || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
- || !ENGINE_set_load_ssl_client_cert_function(e,
- capi_load_ssl_client_cert)
-@@ -583,8 +565,10 @@ static int bind_capi(ENGINE *e)
- memerr:
- RSA_meth_free(capi_rsa_method);
- capi_rsa_method = NULL;
-+# ifndef OPENSSL_NO_DSA
- DSA_meth_free(capi_dsa_method);
- capi_dsa_method = NULL;
-+# endif
- return 0;
- }
-
-@@ -722,6 +706,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *e
- EVP_PKEY_assign_RSA(ret, rkey);
- rkey = NULL;
-
-+# ifndef OPENSSL_NO_DSA
- } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
- DSSPUBKEY *dp;
- DWORD dsa_plen;
-@@ -774,6 +759,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *e
-
- EVP_PKEY_assign_DSA(ret, dkey);
- dkey = NULL;
-+# endif
- } else {
- char algstr[10];
- BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
-@@ -787,7 +773,9 @@ static EVP_PKEY *capi_get_pkey(ENGINE *e
- OPENSSL_free(pubkey);
- if (!ret) {
- RSA_free(rkey);
-+# ifndef OPENSSL_NO_DSA
- DSA_free(dkey);
-+# endif
- }
-
- return ret;
-@@ -990,6 +978,7 @@ static int capi_rsa_free(RSA *rsa)
- return 1;
- }
-
-+# ifndef OPENSSL_NO_DSA
- /* CryptoAPI DSA operations */
-
- static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
-@@ -1039,17 +1028,17 @@ static DSA_SIG *capi_dsa_do_sign(const u
- capi_addlasterror();
- goto err;
- } else {
-- BIGNUM *r = NULL, *s = NULL;
-- ret = DSA_SIG_new();
-- if (ret == NULL)
-- goto err;
-- DSA_SIG_get0(&r, &s, ret);
-- if (!lend_tobn(r, csigbuf, 20)
-- || !lend_tobn(s, csigbuf + 20, 20)) {
-- DSA_SIG_free(ret);
-- ret = NULL;
-+ BIGNUM *r = BN_new(), *s = BN_new();
-+
-+ if (r == NULL || s == NULL
-+ || !lend_tobn(r, csigbuf, 20)
-+ || !lend_tobn(s, csigbuf + 20, 20)
-+ || (ret = DSA_SIG_new()) == NULL) {
-+ BN_free(r); /* BN_free checks for BIGNUM * being NULL */
-+ BN_free(s);
- goto err;
- }
-+ DSA_SIG_set0(ret, r, s);
- }
-
- /* Now cleanup */
-@@ -1068,6 +1057,7 @@ static int capi_dsa_free(DSA *dsa)
- DSA_set_ex_data(dsa, dsa_capi_idx, 0);
- return 1;
- }
-+# endif
-
- static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
- va_list argptr)
-@@ -1647,6 +1637,8 @@ static void capi_ctx_free(CAPI_CTX * ctx
- static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
- int check)
- {
-+ LPSTR tmpcspname;
-+
- CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
- if (check) {
- HCRYPTPROV hprov;
-@@ -1670,8 +1662,13 @@ static int capi_ctx_set_provname(CAPI_CT
- }
- CryptReleaseContext(hprov, 0);
- }
-+ tmpcspname = OPENSSL_strdup(pname);
-+ if (tmpcspname == NULL) {
-+ CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
- OPENSSL_free(ctx->cspname);
-- ctx->cspname = OPENSSL_strdup(pname);
-+ ctx->cspname = tmpcspname;
- ctx->csptype = type;
- return 1;
- }
---- a/engines/e_capi_err.c
-+++ b/engines/e_capi_err.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/engines/e_capi_err.h
-+++ b/engines/e_capi_err.h
-@@ -1,55 +1,16 @@
--/* ====================================================================
-- * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
-+ * made to it will be overwritten when the script next updates this file,
-+ * only reason strings will be preserved.
- */
-
- #ifndef HEADER_CAPI_ERR_H
-@@ -60,10 +21,6 @@ extern "C" {
- #endif
-
- /* BEGIN ERROR CODES */
--/*
-- * The following lines are auto generated by the script mkerr.pl. Any changes
-- * made after this point may be overwritten when the script is next run.
-- */
- static void ERR_load_CAPI_strings(void);
- static void ERR_unload_CAPI_strings(void);
- static void ERR_CAPI_error(int function, int reason, char *file, int line);
---- a/engines/e_chil.c
-+++ b/engines/e_chil.c
-@@ -1,60 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org), Geoff Thorpe
-- * (geoff at geoffthorpe.net) and Dr Stephen N Henson (steve at openssl.org) for
-- * the OpenSSL project 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -359,8 +309,10 @@ static int bind_helper(ENGINE *e)
- # endif
-
- chil_lock = CRYPTO_THREAD_lock_new();
-- if (chil_lock == NULL)
-+ if (chil_lock == NULL) {
-+ HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE);
- return 0;
-+ }
-
- if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
- !ENGINE_set_name(e, engine_hwcrhk_name) ||
-@@ -689,7 +641,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cm
- CRYPTO_THREAD_write_lock(chil_lock);
- BIO_free(logstream);
- logstream = NULL;
-- if (BIO_up_ref(bio)
-+ if (BIO_up_ref(bio))
- logstream = bio;
- else
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
-@@ -1142,8 +1094,10 @@ static int hwcrhk_mutex_init(HWCryptoHoo
- HWCryptoHook_CallerContext * cactx)
- {
- mt->lock = CRYPTO_THREAD_lock_new();
-- if (mt->lock == NULL)
-+ if (mt->lock == NULL) {
-+ HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE);
- return 1; /* failure */
-+ }
- return 0; /* success */
- }
-
-@@ -1262,7 +1216,7 @@ static int hwcrhk_insert_card(const char
- ui = UI_new_method(ui_method);
-
- if (ui) {
-- char answer;
-+ char answer = '\0';
- char buf[BUFSIZ];
- /*
- * Despite what the documentation says wrong_info can be an empty
---- a/engines/e_chil_err.c
-+++ b/engines/e_chil_err.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/engines/e_chil_err.h
-+++ b/engines/e_chil_err.h
-@@ -1,55 +1,16 @@
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
-+ * made to it will be overwritten when the script next updates this file,
-+ * only reason strings will be preserved.
- */
-
- #ifndef HEADER_HWCRHK_ERR_H
-@@ -60,10 +21,6 @@ extern "C" {
- #endif
-
- /* BEGIN ERROR CODES */
--/*
-- * The following lines are auto generated by the script mkerr.pl. Any changes
-- * made after this point may be overwritten when the script is next run.
-- */
- static void ERR_load_HWCRHK_strings(void);
- static void ERR_unload_HWCRHK_strings(void);
- static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-@@ -82,6 +39,8 @@ static void ERR_HWCRHK_error(int functio
- # define HWCRHK_F_HWCRHK_MOD_EXP 107
- # define HWCRHK_F_HWCRHK_RAND_BYTES 108
- # define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
-+# define HWCRHK_F_BIND_HELPER 110
-+# define HWCRHK_F_HWCRHK_MUTEX_INIT 111
-
- /* Reason codes. */
- # define HWCRHK_R_ALREADY_LOADED 100
---- a/engines/e_dasync.c
-+++ b/engines/e_dasync.c
-@@ -1,55 +1,16 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
-+#if defined(_WIN32)
-+# include <windows.h>
-+#endif
-+
- #include <stdio.h>
- #include <string.h>
-
-@@ -71,7 +32,6 @@
- #elif defined(_WIN32)
- # undef ASYNC_WIN
- # define ASYNC_WIN
--# include <windows.h>
- #endif
-
- #define DASYNC_LIB_NAME "DASYNC"
-@@ -228,7 +188,7 @@ static int bind_dasync(ENGINE *e)
- || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
- || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
- || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
-- || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_dec) == 0
-+ || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
- || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
- || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
- || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
---- a/engines/e_dasync_err.c
-+++ b/engines/e_dasync_err.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/engines/e_dasync_err.h
-+++ b/engines/e_dasync_err.h
-@@ -1,55 +1,16 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
-+ * made to it will be overwritten when the script next updates this file,
-+ * only reason strings will be preserved.
- */
-
- #ifndef HEADER_DASYNC_ERR_H
-@@ -60,10 +21,6 @@ extern "C" {
- #endif
-
- /* BEGIN ERROR CODES */
--/*
-- * The following lines are auto generated by the script mkerr.pl. Any changes
-- * made after this point may be overwritten when the script is next run.
-- */
- static void ERR_load_DASYNC_strings(void);
- static void ERR_unload_DASYNC_strings(void);
- static void ERR_DASYNC_error(int function, int reason, char *file, int line);
---- a/engines/e_ossltest.c
-+++ b/engines/e_ossltest.c
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/engines/e_ossltest_err.c
-+++ b/engines/e_ossltest_err.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/engines/e_ossltest_err.h
-+++ b/engines/e_ossltest_err.h
-@@ -1,55 +1,16 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
-+ * made to it will be overwritten when the script next updates this file,
-+ * only reason strings will be preserved.
- */
-
- #ifndef HEADER_OSSLTEST_ERR_H
-@@ -60,10 +21,6 @@ extern "C" {
- #endif
-
- /* BEGIN ERROR CODES */
--/*
-- * The following lines are auto generated by the script mkerr.pl. Any changes
-- * made after this point may be overwritten when the script is next run.
-- */
- static void ERR_load_OSSLTEST_strings(void);
- static void ERR_unload_OSSLTEST_strings(void);
- static void ERR_OSSLTEST_error(int function, int reason, char *file, int line);
---- a/engines/e_padlock.c
-+++ b/engines/e_padlock.c
-@@ -1,65 +1,10 @@
--/*-
-- * Support for VIA PadLock Advanced Cryptography Engine (ACE)
-- * Written by Michal Ludvig <michal at logix.cz>
-- * http://www.logix.cz/michal
-- *
-- * Big thanks to Andy Polyakov for a help with optimization,
-- * assembler fixes, port to MS Windows and a lot of other
-- * valuable work on this engine!
-- */
--
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -99,8 +44,7 @@
- # if !defined(I386_ONLY) && !defined(OPENSSL_NO_ASM)
- # if defined(__i386__) || defined(__i386) || \
- defined(__x86_64__) || defined(__x86_64) || \
-- defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-- defined(__INTEL__)
-+ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)
- # define COMPILE_HW_PADLOCK
- # ifdef OPENSSL_NO_DYNAMIC_ENGINE
- static ENGINE *ENGINE_padlock(void);
---- a/engines/vendor_defns/hwcryptohook.h
-+++ b/engines/vendor_defns/hwcryptohook.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*-
- * ModExp / RSA (with/without KM) plugin API
- *
-@@ -64,8 +73,6 @@
- * library files; if you received the library files without a licence,
- * please contact nCipher.
- *
-- *
-- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
- */
-
- #ifndef HWCRYPTOHOOK_H
---- a/external/perl/transfer/Text/Template.pm
-+++ b/external/perl/transfer/Text/Template.pm
-@@ -1,4 +1,9 @@
--#! /usr/bin/perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- # Quick transfer to the downloaded Text::Template
-
---- /dev/null
-+++ b/fuzz/README.md
-@@ -0,0 +1,66 @@
-+# I Can Haz Fuzz?
-+
-+LibFuzzer
-+=========
-+
-+Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
-+
-+Starting from a vanilla+OpenSSH server Ubuntu install.
-+
-+Use Chrome's handy recent build of clang. Older versions may also work.
-+
-+ $ sudo apt-get install git
-+ $ mkdir git-work
-+ $ git clone https://chromium.googlesource.com/chromium/src/tools/clang
-+ $ clang/scripts/update.py
-+
-+You may want to git pull and re-run the update from time to time.
-+
-+Update your path:
-+
-+ $ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH
-+
-+Get and build libFuzzer (there is a git mirror at
-+https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
-+
-+ $ cd
-+ $ sudo apt-get install subversion
-+ $ mkdir svn-work
-+ $ cd svn-work
-+ $ svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
-+ $ cd Fuzzer
-+ $ clang++ -c -g -O2 -std=c++11 *.cpp
-+ $ ar r libFuzzer.a *.o
-+ $ ranlib libFuzzer.a
-+
-+Configure for fuzzing:
-+
-+ $ CC=clang ./config enable-fuzz-libfuzzer \
-+ --with-fuzzer-include=../../svn-work/Fuzzer \
-+ --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
-+ -DPEDANTIC enable-asan enable-ubsan no-shared
-+ $ sudo apt-get install make
-+ $ LDCMD=clang++ make -j
-+ $ fuzz/helper.py $FUZZER
-+
-+Where $FUZZER is one of the executables in `fuzz/`.
-+
-+If you get a crash, you should find a corresponding input file in
-+`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with
-+
-+ $ fuzz/$FUZZER <crashfile>
-+
-+AFL
-+===
-+
-+Configure for fuzzing:
-+
-+ $ sudo apt-get install afl-clang
-+ $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
-+ $ make
-+
-+Run one of the fuzzers:
-+
-+ $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
-+
-+Where $FUZZER is one of the executables in `fuzz/`.
---- /dev/null
-+++ b/fuzz/asn1.c
-@@ -0,0 +1,222 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Fuzz ASN.1 parsing for various data structures. Specify which on the
-+ * command line:
-+ *
-+ * asn1 <data structure>
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/asn1.h>
-+#include <openssl/asn1t.h>
-+#include <openssl/dh.h>
-+#include <openssl/ec.h>
-+#include <openssl/ocsp.h>
-+#include <openssl/pkcs12.h>
-+#include <openssl/rsa.h>
-+#include <openssl/ts.h>
-+#include <openssl/x509v3.h>
-+#include <openssl/cms.h>
-+#include "fuzzer.h"
-+
-+static ASN1_ITEM_EXP *item_type[] = {
-+ ASN1_ITEM_ref(ACCESS_DESCRIPTION),
-+#ifndef OPENSSL_NO_RFC3779
-+ ASN1_ITEM_ref(ASIdentifierChoice),
-+ ASN1_ITEM_ref(ASIdentifiers),
-+ ASN1_ITEM_ref(ASIdOrRange),
-+#endif
-+ ASN1_ITEM_ref(ASN1_ANY),
-+ ASN1_ITEM_ref(ASN1_BIT_STRING),
-+ ASN1_ITEM_ref(ASN1_BMPSTRING),
-+ ASN1_ITEM_ref(ASN1_BOOLEAN),
-+ ASN1_ITEM_ref(ASN1_ENUMERATED),
-+ ASN1_ITEM_ref(ASN1_FBOOLEAN),
-+ ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-+ ASN1_ITEM_ref(ASN1_GENERALSTRING),
-+ ASN1_ITEM_ref(ASN1_IA5STRING),
-+ ASN1_ITEM_ref(ASN1_INTEGER),
-+ ASN1_ITEM_ref(ASN1_NULL),
-+ ASN1_ITEM_ref(ASN1_OBJECT),
-+ ASN1_ITEM_ref(ASN1_OCTET_STRING),
-+ ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
-+ ASN1_ITEM_ref(ASN1_PRINTABLE),
-+ ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
-+ ASN1_ITEM_ref(ASN1_SEQUENCE),
-+ ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
-+ ASN1_ITEM_ref(ASN1_SET_ANY),
-+ ASN1_ITEM_ref(ASN1_T61STRING),
-+ ASN1_ITEM_ref(ASN1_TBOOLEAN),
-+ ASN1_ITEM_ref(ASN1_TIME),
-+ ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
-+ ASN1_ITEM_ref(ASN1_UTCTIME),
-+ ASN1_ITEM_ref(ASN1_UTF8STRING),
-+ ASN1_ITEM_ref(ASN1_VISIBLESTRING),
-+#ifndef OPENSSL_NO_RFC3779
-+ ASN1_ITEM_ref(ASRange),
-+#endif
-+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-+ ASN1_ITEM_ref(AUTHORITY_KEYID),
-+ ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-+ ASN1_ITEM_ref(BIGNUM),
-+ ASN1_ITEM_ref(CBIGNUM),
-+ ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-+#ifndef OPENSSL_NO_CMS
-+ ASN1_ITEM_ref(CMS_ContentInfo),
-+ ASN1_ITEM_ref(CMS_ReceiptRequest),
-+ ASN1_ITEM_ref(CRL_DIST_POINTS),
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ ASN1_ITEM_ref(DHparams),
-+#endif
-+ ASN1_ITEM_ref(DIRECTORYSTRING),
-+ ASN1_ITEM_ref(DISPLAYTEXT),
-+ ASN1_ITEM_ref(DIST_POINT),
-+ ASN1_ITEM_ref(DIST_POINT_NAME),
-+#ifndef OPENSSL_NO_EC
-+ ASN1_ITEM_ref(ECPARAMETERS),
-+ ASN1_ITEM_ref(ECPKPARAMETERS),
-+#endif
-+ ASN1_ITEM_ref(EDIPARTYNAME),
-+ ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-+ ASN1_ITEM_ref(GENERAL_NAME),
-+ ASN1_ITEM_ref(GENERAL_NAMES),
-+ ASN1_ITEM_ref(GENERAL_SUBTREE),
-+#ifndef OPENSSL_NO_RFC3779
-+ ASN1_ITEM_ref(IPAddressChoice),
-+ ASN1_ITEM_ref(IPAddressFamily),
-+ ASN1_ITEM_ref(IPAddressOrRange),
-+ ASN1_ITEM_ref(IPAddressRange),
-+#endif
-+ ASN1_ITEM_ref(ISSUING_DIST_POINT),
-+ ASN1_ITEM_ref(LONG),
-+ ASN1_ITEM_ref(NAME_CONSTRAINTS),
-+ ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
-+ ASN1_ITEM_ref(NETSCAPE_SPKAC),
-+ ASN1_ITEM_ref(NETSCAPE_SPKI),
-+ ASN1_ITEM_ref(NOTICEREF),
-+#ifndef OPENSSL_NO_OCSP
-+ ASN1_ITEM_ref(OCSP_BASICRESP),
-+ ASN1_ITEM_ref(OCSP_CERTID),
-+ ASN1_ITEM_ref(OCSP_CERTSTATUS),
-+ ASN1_ITEM_ref(OCSP_CRLID),
-+ ASN1_ITEM_ref(OCSP_ONEREQ),
-+ ASN1_ITEM_ref(OCSP_REQINFO),
-+ ASN1_ITEM_ref(OCSP_REQUEST),
-+ ASN1_ITEM_ref(OCSP_RESPBYTES),
-+ ASN1_ITEM_ref(OCSP_RESPDATA),
-+ ASN1_ITEM_ref(OCSP_RESPID),
-+ ASN1_ITEM_ref(OCSP_RESPONSE),
-+ ASN1_ITEM_ref(OCSP_REVOKEDINFO),
-+ ASN1_ITEM_ref(OCSP_SERVICELOC),
-+ ASN1_ITEM_ref(OCSP_SIGNATURE),
-+ ASN1_ITEM_ref(OCSP_SINGLERESP),
-+#endif
-+ ASN1_ITEM_ref(OTHERNAME),
-+ ASN1_ITEM_ref(PBE2PARAM),
-+ ASN1_ITEM_ref(PBEPARAM),
-+ ASN1_ITEM_ref(PBKDF2PARAM),
-+ ASN1_ITEM_ref(PKCS12),
-+ ASN1_ITEM_ref(PKCS12_AUTHSAFES),
-+ ASN1_ITEM_ref(PKCS12_BAGS),
-+ ASN1_ITEM_ref(PKCS12_MAC_DATA),
-+ ASN1_ITEM_ref(PKCS12_SAFEBAG),
-+ ASN1_ITEM_ref(PKCS12_SAFEBAGS),
-+ ASN1_ITEM_ref(PKCS7),
-+ ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
-+ ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
-+ ASN1_ITEM_ref(PKCS7_DIGEST),
-+ ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
-+ ASN1_ITEM_ref(PKCS7_ENCRYPT),
-+ ASN1_ITEM_ref(PKCS7_ENVELOPE),
-+ ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
-+ ASN1_ITEM_ref(PKCS7_RECIP_INFO),
-+ ASN1_ITEM_ref(PKCS7_SIGNED),
-+ ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
-+ ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
-+ ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
-+ ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-+ ASN1_ITEM_ref(POLICY_CONSTRAINTS),
-+ ASN1_ITEM_ref(POLICYINFO),
-+ ASN1_ITEM_ref(POLICY_MAPPING),
-+ ASN1_ITEM_ref(POLICY_MAPPINGS),
-+ ASN1_ITEM_ref(POLICYQUALINFO),
-+ ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-+ ASN1_ITEM_ref(PROXY_POLICY),
-+ ASN1_ITEM_ref(RSA_OAEP_PARAMS),
-+ ASN1_ITEM_ref(RSAPrivateKey),
-+ ASN1_ITEM_ref(RSA_PSS_PARAMS),
-+ ASN1_ITEM_ref(RSAPublicKey),
-+ ASN1_ITEM_ref(SXNET),
-+ ASN1_ITEM_ref(SXNETID),
-+ /*ASN1_ITEM_ref(TS_RESP), want to do this, but type is hidden, however d2i exists... */
-+ ASN1_ITEM_ref(USERNOTICE),
-+ ASN1_ITEM_ref(X509),
-+ ASN1_ITEM_ref(X509_ALGOR),
-+ ASN1_ITEM_ref(X509_ALGORS),
-+ ASN1_ITEM_ref(X509_ATTRIBUTE),
-+ ASN1_ITEM_ref(X509_CERT_AUX),
-+ ASN1_ITEM_ref(X509_CINF),
-+ ASN1_ITEM_ref(X509_CRL),
-+ ASN1_ITEM_ref(X509_CRL_INFO),
-+ ASN1_ITEM_ref(X509_EXTENSION),
-+ ASN1_ITEM_ref(X509_EXTENSIONS),
-+ ASN1_ITEM_ref(X509_NAME),
-+ ASN1_ITEM_ref(X509_NAME_ENTRY),
-+ ASN1_ITEM_ref(X509_PUBKEY),
-+ ASN1_ITEM_ref(X509_REQ),
-+ ASN1_ITEM_ref(X509_REQ_INFO),
-+ ASN1_ITEM_ref(X509_REVOKED),
-+ ASN1_ITEM_ref(X509_SIG),
-+ ASN1_ITEM_ref(X509_VAL),
-+ ASN1_ITEM_ref(ZLONG),
-+ NULL
-+};
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ int n;
-+
-+ ASN1_PCTX *pctx = ASN1_PCTX_new();
-+
-+ ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
-+ ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
-+ ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
-+ ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
-+ ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
-+
-+ for (n = 0; item_type[n] != NULL; ++n) {
-+ const uint8_t *b = buf;
-+ unsigned char *der = NULL;
-+ const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
-+ ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
-+
-+ if (o != NULL) {
-+ BIO *bio = BIO_new(BIO_s_null());
-+ ASN1_item_print(bio, o, 4, i, pctx);
-+ BIO_free(bio);
-+
-+ ASN1_item_i2d(o, &der, i);
-+ OPENSSL_free(der);
-+
-+ ASN1_item_free(o, i);
-+ }
-+ }
-+
-+ ASN1_PCTX_free(pctx);
-+
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/asn1parse.c
-@@ -0,0 +1,33 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Fuzz the parser used for dumping ASN.1 using "openssl asn1parse".
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/asn1.h>
-+#include <openssl/x509.h>
-+#include <openssl/x509v3.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ static BIO *bio_out;
-+
-+ if (bio_out == NULL)
-+ bio_out = BIO_new_file("/dev/null", "w");
-+
-+ (void)ASN1_parse_dump(bio_out, buf, len, 0, 0);
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/bignum.c
-@@ -0,0 +1,94 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Confirm that a^b mod c agrees when calculated cleverly vs naively, for
-+ * random a, b and c.
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/bn.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ static BN_CTX *ctx;
-+ static BIGNUM *b1;
-+ static BIGNUM *b2;
-+ static BIGNUM *b3;
-+ static BIGNUM *b4;
-+ static BIGNUM *b5;
-+ int success = 0;
-+ size_t l1 = 0, l2 = 0, l3 = 0;
-+ int s1 = 0, s2 = 0, s3 = 0;
-+
-+ if (ctx == NULL) {
-+ b1 = BN_new();
-+ b2 = BN_new();
-+ b3 = BN_new();
-+ b4 = BN_new();
-+ b5 = BN_new();
-+ ctx = BN_CTX_new();
-+ }
-+ /* Divide the input into three parts, using the values of the first two
-+ * bytes to choose lengths, which generate b1, b2 and b3. Use three bits
-+ * of the third byte to choose signs for the three numbers.
-+ */
-+ if (len > 2) {
-+ len -= 3;
-+ l1 = (buf[0] * len) / 255;
-+ ++buf;
-+ l2 = (buf[0] * (len - l1)) / 255;
-+ ++buf;
-+ l3 = len - l1 - l2;
-+
-+ s1 = buf[0] & 1;
-+ s2 = buf[0] & 2;
-+ s3 = buf[0] & 4;
-+ ++buf;
-+ }
-+ OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
-+ BN_set_negative(b1, s1);
-+ OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
-+ BN_set_negative(b2, s2);
-+ OPENSSL_assert(BN_bin2bn(buf + l1 + l2, l3, b3) == b3);
-+ BN_set_negative(b3, s3);
-+
-+ /* mod 0 is undefined */
-+ if (BN_is_zero(b3)) {
-+ success = 1;
-+ goto done;
-+ }
-+
-+ OPENSSL_assert(BN_mod_exp(b4, b1, b2, b3, ctx));
-+ OPENSSL_assert(BN_mod_exp_simple(b5, b1, b2, b3, ctx));
-+
-+ success = BN_cmp(b4, b5) == 0;
-+ if (!success) {
-+ BN_print_fp(stdout, b1);
-+ putchar('\n');
-+ BN_print_fp(stdout, b2);
-+ putchar('\n');
-+ BN_print_fp(stdout, b3);
-+ putchar('\n');
-+ BN_print_fp(stdout, b4);
-+ putchar('\n');
-+ BN_print_fp(stdout, b5);
-+ putchar('\n');
-+ }
-+
-+ done:
-+ OPENSSL_assert(success);
-+
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/bndiv.c
-@@ -0,0 +1,107 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Confirm that if (d, r) = a / b, then b * d + r == a, and that sign(d) ==
-+ * sign(a), and 0 <= r <= b
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/bn.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ static BN_CTX *ctx;
-+ static BIGNUM *b1;
-+ static BIGNUM *b2;
-+ static BIGNUM *b3;
-+ static BIGNUM *b4;
-+ static BIGNUM *b5;
-+ int success = 0;
-+ size_t l1 = 0, l2 = 0;
-+ /* s1 and s2 will be the signs for b1 and b2. */
-+ int s1 = 0, s2 = 0;
-+
-+ if (ctx == NULL) {
-+ b1 = BN_new();
-+ b2 = BN_new();
-+ b3 = BN_new();
-+ b4 = BN_new();
-+ b5 = BN_new();
-+ ctx = BN_CTX_new();
-+ }
-+ /* We are going to split the buffer in two, sizes l1 and l2, giving b1 and
-+ * b2.
-+ */
-+ if (len > 0) {
-+ --len;
-+ /* Use first byte to divide the remaining buffer into 3Fths. I admit
-+ * this disallows some number sizes. If it matters, better ideas are
-+ * welcome (Ben).
-+ */
-+ l1 = ((buf[0] & 0x3f) * len) / 0x3f;
-+ s1 = buf[0] & 0x40;
-+ s2 = buf[0] & 0x80;
-+ ++buf;
-+ l2 = len - l1;
-+ }
-+ OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1);
-+ BN_set_negative(b1, s1);
-+ OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2);
-+ BN_set_negative(b2, s2);
-+
-+ /* divide by 0 is an error */
-+ if (BN_is_zero(b2)) {
-+ success = 1;
-+ goto done;
-+ }
-+
-+ OPENSSL_assert(BN_div(b3, b4, b1, b2, ctx));
-+ if (BN_is_zero(b1))
-+ success = BN_is_zero(b3) && BN_is_zero(b4);
-+ else if (BN_is_negative(b1))
-+ success = (BN_is_negative(b3) != BN_is_negative(b2) || BN_is_zero(b3))
-+ && (BN_is_negative(b4) || BN_is_zero(b4));
-+ else
-+ success = (BN_is_negative(b3) == BN_is_negative(b2) || BN_is_zero(b3))
-+ && (!BN_is_negative(b4) || BN_is_zero(b4));
-+ OPENSSL_assert(BN_mul(b5, b3, b2, ctx));
-+ OPENSSL_assert(BN_add(b5, b5, b4));
-+
-+ success = success && BN_cmp(b5, b1) == 0;
-+ if (!success) {
-+ BN_print_fp(stdout, b1);
-+ putchar('\n');
-+ BN_print_fp(stdout, b2);
-+ putchar('\n');
-+ BN_print_fp(stdout, b3);
-+ putchar('\n');
-+ BN_print_fp(stdout, b4);
-+ putchar('\n');
-+ BN_print_fp(stdout, b5);
-+ putchar('\n');
-+ printf("%d %d %d %d %d %d %d\n", BN_is_negative(b1),
-+ BN_is_negative(b2),
-+ BN_is_negative(b3), BN_is_negative(b4), BN_is_zero(b4),
-+ BN_is_negative(b3) != BN_is_negative(b2)
-+ && (BN_is_negative(b4) || BN_is_zero(b4)),
-+ BN_cmp(b5, b1));
-+ puts("----\n");
-+ }
-+
-+ done:
-+ OPENSSL_assert(success);
-+
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/build.info
-@@ -0,0 +1,113 @@
-+{- use File::Spec::Functions;
-+ our $ex_inc = $withargs{fuzzer_include} &&
-+ (file_name_is_absolute($withargs{fuzzer_include}) ?
-+ $withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
-+ our $ex_lib = $withargs{fuzzer_lib} &&
-+ (file_name_is_absolute($withargs{fuzzer_lib}) ?
-+ $withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
-+ ""
-+-}
-+
-+IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
-+ PROGRAMS_NO_INST=asn1 asn1parse bignum bndiv conf crl server x509
-+
-+ IF[{- !$disabled{"cms"} -}]
-+ PROGRAMS_NO_INST=cms
-+ ENDIF
-+
-+ IF[{- !$disabled{"ct"} -}]
-+ PROGRAMS_NO_INST=ct
-+ ENDIF
-+
-+ SOURCE[asn1]=asn1.c driver.c
-+ INCLUDE[asn1]=../include {- $ex_inc -}
-+ DEPEND[asn1]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[asn1parse]=asn1parse.c driver.c
-+ INCLUDE[asn1parse]=../include {- $ex_inc -}
-+ DEPEND[asn1parse]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[bignum]=bignum.c driver.c
-+ INCLUDE[bignum]=../include {- $ex_inc -}
-+ DEPEND[bignum]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[bndiv]=bndiv.c driver.c
-+ INCLUDE[bndiv]=../include {- $ex_inc -}
-+ DEPEND[bndiv]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[cms]=cms.c driver.c
-+ INCLUDE[cms]=../include {- $ex_inc -}
-+ DEPEND[cms]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[conf]=conf.c driver.c
-+ INCLUDE[conf]=../include {- $ex_inc -}
-+ DEPEND[conf]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[crl]=crl.c driver.c
-+ INCLUDE[crl]=../include {- $ex_inc -}
-+ DEPEND[crl]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[ct]=ct.c driver.c
-+ INCLUDE[ct]=../include {- $ex_inc -}
-+ DEPEND[ct]=../libcrypto {- $ex_lib -}
-+
-+ SOURCE[server]=server.c driver.c
-+ INCLUDE[server]=../include {- $ex_inc -}
-+ DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
-+
-+ SOURCE[x509]=x509.c driver.c
-+ INCLUDE[x509]=../include {- $ex_inc -}
-+ DEPEND[x509]=../libcrypto {- $ex_lib -}
-+ENDIF
-+
-+IF[{- !$disabled{tests} -}]
-+ PROGRAMS_NO_INST=asn1-test asn1parse-test bignum-test bndiv-test conf-test crl-test server-test x509-test
-+
-+ IF[{- !$disabled{"cms"} -}]
-+ PROGRAMS_NO_INST=cms-test
-+ ENDIF
-+
-+ IF[{- !$disabled{"ct"} -}]
-+ PROGRAMS_NO_INST=ct-test
-+ ENDIF
-+
-+ SOURCE[asn1-test]=asn1.c test-corpus.c
-+ INCLUDE[asn1-test]=../include
-+ DEPEND[asn1-test]=../libcrypto
-+
-+ SOURCE[asn1parse-test]=asn1parse.c test-corpus.c
-+ INCLUDE[asn1parse-test]=../include
-+ DEPEND[asn1parse-test]=../libcrypto
-+
-+ SOURCE[bignum-test]=bignum.c test-corpus.c
-+ INCLUDE[bignum-test]=../include
-+ DEPEND[bignum-test]=../libcrypto
-+
-+ SOURCE[bndiv-test]=bndiv.c test-corpus.c
-+ INCLUDE[bndiv-test]=../include
-+ DEPEND[bndiv-test]=../libcrypto
-+
-+ SOURCE[cms-test]=cms.c test-corpus.c
-+ INCLUDE[cms-test]=../include
-+ DEPEND[cms-test]=../libcrypto
-+
-+ SOURCE[conf-test]=conf.c test-corpus.c
-+ INCLUDE[conf-test]=../include
-+ DEPEND[conf-test]=../libcrypto
-+
-+ SOURCE[crl-test]=crl.c test-corpus.c
-+ INCLUDE[crl-test]=../include
-+ DEPEND[crl-test]=../libcrypto
-+
-+ SOURCE[ct-test]=ct.c test-corpus.c
-+ INCLUDE[ct-test]=../include
-+ DEPEND[ct-test]=../libcrypto
-+
-+ SOURCE[server-test]=server.c test-corpus.c
-+ INCLUDE[server-test]=../include
-+ DEPEND[server-test]=../libcrypto ../libssl
-+
-+ SOURCE[x509-test]=x509.c test-corpus.c
-+ INCLUDE[x509-test]=../include
-+ DEPEND[x509-test]=../libcrypto
-+ENDIF
---- /dev/null
-+++ b/fuzz/cms.c
-@@ -0,0 +1,32 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Test CMS DER parsing.
-+ */
-+
-+#include <openssl/bio.h>
-+#include <openssl/cms.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ CMS_ContentInfo *i;
-+ BIO *in = BIO_new(BIO_s_mem());
-+
-+ OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
-+ i = d2i_CMS_bio(in, NULL);
-+ CMS_ContentInfo_free(i);
-+ BIO_free(in);
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/conf.c
-@@ -0,0 +1,33 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Test configuration parsing.
-+ */
-+
-+#include <openssl/conf.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ CONF *conf = NCONF_new(NULL);
-+ BIO *in = BIO_new(BIO_s_mem());
-+ long eline;
-+
-+ OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
-+ NCONF_load_bio(conf, in, &eline);
-+ NCONF_free(conf);
-+ BIO_free(in);
-+
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/crl.c
-@@ -0,0 +1,35 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+#include <openssl/x509.h>
-+#include <openssl/bio.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ const unsigned char *p = buf;
-+ unsigned char *der = NULL;
-+
-+ X509_CRL *crl = d2i_X509_CRL(NULL, &p, len);
-+ if (crl != NULL) {
-+ BIO *bio = BIO_new(BIO_s_null());
-+ X509_CRL_print(bio, crl);
-+ BIO_free(bio);
-+
-+ i2d_X509_CRL(crl, &der);
-+ OPENSSL_free(der);
-+
-+ X509_CRL_free(crl);
-+ }
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/ct.c
-@@ -0,0 +1,40 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Fuzz the SCT parser.
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/ct.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ const uint8_t **pp = &buf;
-+ unsigned char *der = NULL;
-+ STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
-+ if (scts != NULL) {
-+ BIO *bio = BIO_new(BIO_s_null());
-+ SCT_LIST_print(scts, bio, 4, "\n", NULL);
-+ BIO_free(bio);
-+
-+ if (i2d_SCT_LIST(scts, &der)) {
-+ /* Silence unused result warning */
-+ }
-+ OPENSSL_free(der);
-+
-+ SCT_LIST_free(scts);
-+ }
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/driver.c
-@@ -0,0 +1,52 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+#include <stdint.h>
-+#include <unistd.h>
-+#include <stdlib.h>
-+#include <openssl/opensslconf.h>
-+#include "fuzzer.h"
-+
-+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
-+
-+int LLVMFuzzerInitialize(int *argc, char ***argv)
-+{
-+ if (FuzzerInitialize)
-+ return FuzzerInitialize(argc, argv);
-+ return 0;
-+}
-+
-+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ return FuzzerTestOneInput(buf, len);
-+}
-+
-+#elif !defined(OPENSSL_NO_FUZZ_AFL)
-+
-+#define BUF_SIZE 65536
-+
-+int main(int argc, char** argv)
-+{
-+ if (FuzzerInitialize)
-+ FuzzerInitialize(&argc, &argv);
-+
-+ while (__AFL_LOOP(10000)) {
-+ uint8_t *buf = malloc(BUF_SIZE);
-+ size_t size = read(0, buf, BUF_SIZE);
-+
-+ FuzzerTestOneInput(buf, size);
-+ free(buf);
-+ }
-+ return 0;
-+}
-+
-+#else
-+
-+#error "Unsupported fuzzer"
-+
-+#endif
---- /dev/null
-+++ b/fuzz/fuzzer.h
-@@ -0,0 +1,12 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len);
-+int FuzzerInitialize(int *argc, char ***argv);
---- /dev/null
-+++ b/fuzz/helper.py
-@@ -0,0 +1,52 @@
-+#!/usr/bin/python
-+#
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+"""Fuzzing helper, creates and uses corpus/crash directories.
-+
-+fuzzer.py <fuzzer> <extra fuzzer arguments>
-+"""
-+
-+import os
-+import subprocess
-+import sys
-+
-+FUZZER = sys.argv[1]
-+
-+THIS_DIR = os.path.abspath(os.path.dirname(__file__))
-+CORPORA_DIR = os.path.abspath(os.path.join(THIS_DIR, "corpora"))
-+
-+FUZZER_DIR = os.path.abspath(os.path.join(CORPORA_DIR, FUZZER))
-+if not os.path.isdir(FUZZER_DIR):
-+ os.mkdir(FUZZER_DIR)
-+
-+corpora = []
-+
-+def _create(d):
-+ dd = os.path.abspath(os.path.join(CORPORA_DIR, d))
-+ if not os.path.isdir(dd):
-+ os.mkdir(dd)
-+ corpora.append(dd)
-+
-+def _add(d):
-+ dd = os.path.abspath(os.path.join(CORPORA_DIR, d))
-+ if os.path.isdir(dd):
-+ corpora.append(dd)
-+
-+def main():
-+ _create(FUZZER)
-+ _create(FUZZER + "-crash")
-+ _add(FUZZER + "-seed")
-+
-+ cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:]
-+ + ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
-+ print " ".join(cmd)
-+ subprocess.call(cmd)
-+
-+if __name__ == "__main__":
-+ main()
---- /dev/null
-+++ b/fuzz/server.c
-@@ -0,0 +1,244 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/* Shamelessly copied from BoringSSL and converted to C. */
-+
-+/* Test first part of SSL server handshake. */
-+
-+
-+#include <openssl/rand.h>
-+#include <openssl/ssl.h>
-+#include <openssl/rsa.h>
-+#include "fuzzer.h"
-+
-+static const uint8_t kCertificateDER[] = {
-+ 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
-+ 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
-+ 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
-+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
-+ 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
-+ 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
-+ 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
-+ 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
-+ 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
-+ 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
-+ 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
-+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
-+ 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
-+ 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
-+ 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
-+ 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
-+ 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
-+ 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
-+ 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
-+ 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
-+ 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
-+ 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
-+ 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
-+ 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
-+ 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
-+ 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
-+ 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
-+ 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
-+ 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
-+ 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
-+ 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
-+ 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
-+ 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
-+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
-+ 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
-+ 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
-+ 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
-+ 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
-+ 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
-+ 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
-+ 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-+ 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
-+ 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
-+ 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
-+ 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
-+ 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
-+ 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
-+ 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
-+ 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
-+ 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
-+ 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
-+ 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
-+ 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
-+ 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
-+ 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
-+ 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
-+ 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
-+ 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
-+ 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
-+ 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
-+ 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
-+ 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
-+ 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
-+ 0x76, 0x8a, 0xbb,
-+};
-+
-+static const uint8_t kRSAPrivateKeyDER[] = {
-+ 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
-+ 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
-+ 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
-+ 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
-+ 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
-+ 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
-+ 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
-+ 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
-+ 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
-+ 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
-+ 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
-+ 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
-+ 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
-+ 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
-+ 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
-+ 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
-+ 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
-+ 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
-+ 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
-+ 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
-+ 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
-+ 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
-+ 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
-+ 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
-+ 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
-+ 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
-+ 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
-+ 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
-+ 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
-+ 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
-+ 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
-+ 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
-+ 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
-+ 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
-+ 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
-+ 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
-+ 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
-+ 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
-+ 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
-+ 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
-+ 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
-+ 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
-+ 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
-+ 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
-+ 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
-+ 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
-+ 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
-+ 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
-+ 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
-+ 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
-+ 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
-+ 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
-+ 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
-+ 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
-+ 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
-+ 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
-+ 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
-+ 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
-+ 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
-+ 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
-+ 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
-+ 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
-+ 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
-+ 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
-+ 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
-+ 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
-+ 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
-+ 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
-+ 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
-+ 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
-+ 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
-+ 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
-+ 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
-+ 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
-+ 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
-+ 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
-+ 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
-+ 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
-+ 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
-+ 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
-+ 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
-+ 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
-+ 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
-+ 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
-+ 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
-+ 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
-+ 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
-+ 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
-+ 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
-+ 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
-+ 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
-+ 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
-+ 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
-+ 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
-+ 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
-+ 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
-+ 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
-+ 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
-+ 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
-+ 0x98, 0x46, 0x89, 0x82, 0x40,
-+};
-+
-+static SSL_CTX *ctx;
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ const uint8_t *bufp = kRSAPrivateKeyDER;
-+ RSA *privkey;
-+ EVP_PKEY *pkey;
-+ int ret;
-+ X509 *cert;
-+
-+ ctx = SSL_CTX_new(SSLv23_method());
-+ privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
-+ OPENSSL_assert(privkey != NULL);
-+ pkey = EVP_PKEY_new();
-+ EVP_PKEY_assign_RSA(pkey, privkey);
-+ ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-+ OPENSSL_assert(ret == 1);
-+ EVP_PKEY_free(pkey);
-+ bufp = kCertificateDER;
-+ cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
-+ OPENSSL_assert(cert != NULL);
-+ ret = SSL_CTX_use_certificate(ctx, cert);
-+ OPENSSL_assert(ret == 1);
-+ X509_free(cert);
-+
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ /* TODO: make this work for OpenSSL. There's a PREDICT define that may do
-+ * the job.
-+ * TODO: use the ossltest engine (optionally?) to disable crypto checks.
-+ * RAND_reset_for_fuzzing();
-+ */
-+
-+ /* This only fuzzes the initial flow from the client so far. */
-+ SSL *server = SSL_new(ctx);
-+ BIO *in = BIO_new(BIO_s_mem());
-+ BIO *out = BIO_new(BIO_s_mem());
-+ SSL_set_bio(server, in, out);
-+ SSL_set_accept_state(server);
-+ OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
-+ if (SSL_do_handshake(server) == 1) {
-+ /* Keep reading application data until error or EOF. */
-+ uint8_t tmp[1024];
-+ for (;;) {
-+ if (SSL_read(server, tmp, sizeof(tmp)) <= 0) {
-+ break;
-+ }
-+ }
-+ }
-+ SSL_free(server);
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/test-corpus.c
-@@ -0,0 +1,46 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+/*
-+ * Given a list of files, run each of them through the fuzzer. Note that
-+ * failure will be indicated by some kind of crash. Switching on things like
-+ * asan improves the test.
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <sys/stat.h>
-+#include <openssl/crypto.h>
-+#include "fuzzer.h"
-+
-+int main(int argc, char **argv) {
-+ int n;
-+
-+ FuzzerInitialize(&argc, &argv);
-+
-+ for (n = 1; n < argc; ++n) {
-+ struct stat st;
-+ FILE *f;
-+ unsigned char *buf;
-+ size_t s;
-+
-+ stat(argv[n], &st);
-+ f = fopen(argv[n], "rb");
-+ if (f == NULL)
-+ continue;
-+ buf = malloc(st.st_size);
-+ s = fread(buf, 1, st.st_size, f);
-+ OPENSSL_assert(s == (size_t)st.st_size);
-+ FuzzerTestOneInput(buf, s);
-+ free(buf);
-+ fclose(f);
-+ }
-+ return 0;
-+}
---- /dev/null
-+++ b/fuzz/x509.c
-@@ -0,0 +1,36 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+#include <openssl/x509.h>
-+#include <openssl/bio.h>
-+#include "fuzzer.h"
-+
-+int FuzzerInitialize(int *argc, char ***argv) {
-+ return 1;
-+}
-+
-+int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-+ const unsigned char *p = buf;
-+ unsigned char *der = NULL;
-+
-+ X509 *x509 = d2i_X509(NULL, &p, len);
-+ if (x509 != NULL) {
-+ BIO *bio = BIO_new(BIO_s_null());
-+ /* This will load and print the public key as well as extensions */
-+ X509_print(bio, x509);
-+ BIO_free(bio);
-+
-+ i2d_X509(x509, &der);
-+ OPENSSL_free(der);
-+
-+ X509_free(x509);
-+ }
-+ return 0;
-+}
---- a/include/internal/bio.h
-+++ b/include/internal/bio.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/bio.h>
---- a/include/internal/comp.h
-+++ b/include/internal/comp.h
-@@ -1,9 +1,10 @@
- /*
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <openssl/comp.h>
---- a/include/internal/conf.h
-+++ b/include/internal/conf.h
-@@ -1,40 +1,10 @@
- /*
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_INTERNAL_CONF_H
-@@ -48,10 +18,10 @@ extern "C" {
-
-
- struct ossl_init_settings_st {
-- char *config_name;
-+ char *appname;
- };
-
--void openssl_config_int(const char *config_name);
-+void openssl_config_int(const char *appname);
- void openssl_no_config_int(void);
- void conf_modules_free_int(void);
-
---- a/include/internal/constant_time_locl.h
-+++ b/include/internal/constant_time_locl.h
-@@ -1,46 +1,10 @@
--/*-
-- * Utilities for constant-time cryptography.
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Author: Emilia Kasper (emilia at openssl.org)
-- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
-- * (Google).
-- * ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CONSTANT_TIME_LOCL_H
---- a/include/internal/dane.h
-+++ b/include/internal/dane.h
-@@ -1,60 +1,12 @@
- /*
-- * Written by Viktor Dukhovni (viktor at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef HEADER_INTERNAL_DANE_H
- #define HEADER_INTERNAL_DANE_H
-
-@@ -105,6 +57,7 @@ struct dane_ctx_st {
- const EVP_MD **mdevp; /* mtype -> digest */
- uint8_t *mdord; /* mtype -> preference */
- uint8_t mdmax; /* highest supported mtype */
-+ unsigned long flags; /* feature bitmask */
- };
-
- /*
-@@ -119,9 +72,11 @@ struct ssl_dane_st {
- uint32_t umask; /* Usages present */
- int mdpth; /* Depth of matched cert */
- int pdpth; /* Depth of PKIX trust */
-+ unsigned long flags; /* feature bitmask */
- };
-
--#define DANETLS_ENABLED(dane) ((dane) != NULL && ((dane)->trecs != NULL))
-+#define DANETLS_ENABLED(dane) \
-+ ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
-
- #define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u)
-
---- a/include/internal/dso.h
-+++ b/include/internal/dso.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_DSO_H
-@@ -201,24 +152,18 @@ void *DSO_global_lookup(const char *name
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_DSO_strings(void);
-+
-+int ERR_load_DSO_strings(void);
-
- /* Error codes for the DSO functions. */
-
- /* Function codes. */
--# define DSO_F_BEOS_BIND_FUNC 144
--# define DSO_F_BEOS_BIND_VAR 145
--# define DSO_F_BEOS_LOAD 146
--# define DSO_F_BEOS_NAME_CONVERTER 147
--# define DSO_F_BEOS_UNLOAD 148
- # define DSO_F_DLFCN_BIND_FUNC 100
--# define DSO_F_DLFCN_BIND_VAR 101
- # define DSO_F_DLFCN_LOAD 102
- # define DSO_F_DLFCN_MERGER 130
- # define DSO_F_DLFCN_NAME_CONVERTER 123
- # define DSO_F_DLFCN_UNLOAD 103
- # define DSO_F_DL_BIND_FUNC 104
--# define DSO_F_DL_BIND_VAR 105
- # define DSO_F_DL_LOAD 106
- # define DSO_F_DL_MERGER 131
- # define DSO_F_DL_NAME_CONVERTER 124
-@@ -228,22 +173,18 @@ void ERR_load_DSO_strings(void);
- # define DSO_F_DSO_CTRL 110
- # define DSO_F_DSO_FREE 111
- # define DSO_F_DSO_GET_FILENAME 127
--# define DSO_F_DSO_GET_LOADED_FILENAME 128
- # define DSO_F_DSO_GLOBAL_LOOKUP 139
- # define DSO_F_DSO_LOAD 112
- # define DSO_F_DSO_MERGE 132
- # define DSO_F_DSO_NEW_METHOD 113
- # define DSO_F_DSO_SET_FILENAME 129
- # define DSO_F_DSO_UP_REF 114
--# define DSO_F_GLOBAL_LOOKUP_FUNC 138
- # define DSO_F_VMS_BIND_SYM 115
- # define DSO_F_VMS_LOAD 116
- # define DSO_F_VMS_MERGER 133
- # define DSO_F_VMS_UNLOAD 117
--# define DSO_F_WIN32_BIND_FUNC 118
--# define DSO_F_WIN32_BIND_VAR 119
-+# define DSO_F_WIN32_BIND_FUNC 101
- # define DSO_F_WIN32_GLOBALLOOKUP 142
--# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143
- # define DSO_F_WIN32_JOINER 135
- # define DSO_F_WIN32_LOAD 120
- # define DSO_F_WIN32_MERGER 134
-@@ -262,7 +203,6 @@ void ERR_load_DSO_strings(void);
- # define DSO_R_LOAD_FAILED 103
- # define DSO_R_NAME_TRANSLATION_FAILED 109
- # define DSO_R_NO_FILENAME 111
--# define DSO_R_NO_FILE_SPECIFICATION 116
- # define DSO_R_NULL_HANDLE 104
- # define DSO_R_SET_FILENAME_FAILED 112
- # define DSO_R_STACK_ERROR 105
-@@ -270,7 +210,7 @@ void ERR_load_DSO_strings(void);
- # define DSO_R_UNLOAD_FAILED 107
- # define DSO_R_UNSUPPORTED 108
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/internal/err.h
-+++ b/include/internal/err.h
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef INTERNAL_ERR_H
---- a/include/internal/numbers.h
-+++ b/include/internal/numbers.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_NUMBERS_H
---- a/include/internal/o_dir.h
-+++ b/include/internal/o_dir.h
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copied from Richard Levitte's (richard at levitte.org) LP library. All
- * symbol names have been changed, with permission from the author.
- */
---- a/include/internal/o_str.h
-+++ b/include/internal/o_str.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2003.
-- */
--/* ====================================================================
-- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_O_STR_H
-@@ -61,8 +12,6 @@
-
- # include <stddef.h> /* to get size_t */
-
--int OPENSSL_strcasecmp(const char *str1, const char *str2);
--int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
- int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
-
- #endif
---- /dev/null
-+++ b/include/internal/thread_once.h
-@@ -0,0 +1,42 @@
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <openssl/crypto.h>
-+
-+#define DEFINE_RUN_ONCE(init) \
-+ static int init(void); \
-+ int init##_ossl_ret_ = 0; \
-+ void init##_ossl_(void) \
-+ { \
-+ init##_ossl_ret_ = init(); \
-+ } \
-+ static int init(void)
-+#define DECLARE_RUN_ONCE(init) \
-+ extern int init##_ossl_ret_; \
-+ void init##_ossl_(void);
-+
-+#define DEFINE_RUN_ONCE_STATIC(init) \
-+ static int init(void); \
-+ static int init##_ossl_ret_ = 0; \
-+ static void init##_ossl_(void) \
-+ { \
-+ init##_ossl_ret_ = init(); \
-+ } \
-+ static int init(void)
-+
-+/*
-+ * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
-+ * @once: pointer to static object of type CRYPTO_ONCE
-+ * @init: function name that was previously given to DEFINE_RUN_ONCE,
-+ * DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.
-+ *
-+ * The return value is 1 on success or 0 in case of error.
-+ */
-+#define RUN_ONCE(once, init) \
-+ (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
---- a/include/internal/threads.h
-+++ /dev/null
-@@ -1,92 +0,0 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- */
--
--#ifndef HEADER_INTERNAL_THREADS_H
--# define HEADER_INTERNAL_THREADS_H
--
--#include "e_os.h"
--
--# if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
--typedef unsigned int CRYPTO_ONCE;
--typedef unsigned int CRYPTO_THREAD_LOCAL;
--typedef unsigned int CRYPTO_THREAD_ID;
--
--# define CRYPTO_ONCE_STATIC_INIT 0
--# elif defined(OPENSSL_SYS_WINDOWS)
--# include <windows.h>
--typedef DWORD CRYPTO_THREAD_LOCAL;
--typedef DWORD CRYPTO_THREAD_ID;
--
--# if _WIN32_WINNT < 0x0600
--typedef LONG CRYPTO_ONCE;
--# define CRYPTO_ONCE_STATIC_INIT 0
--# else
--typedef INIT_ONCE CRYPTO_ONCE;
--# define CRYPTO_ONCE_STATIC_INIT INIT_ONCE_STATIC_INIT
--# endif
--
--# else
--# include <pthread.h>
--typedef pthread_once_t CRYPTO_ONCE;
--typedef pthread_key_t CRYPTO_THREAD_LOCAL;
--typedef pthread_t CRYPTO_THREAD_ID;
--
--# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
--# endif
--
--int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
--
--int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
--void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
--int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
--int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
--
--CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
--int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
--
--#endif
---- /dev/null
-+++ b/include/openssl/__DECC_INCLUDE_EPILOGUE.H
-@@ -0,0 +1,16 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * This file is only used by HP C on VMS, and is included automatically
-+ * after each header file from this directory
-+ */
-+
-+/* restore state. Must correspond to the save in __decc_include_prologue.h */
-+#pragma names restore
---- /dev/null
-+++ b/include/openssl/__DECC_INCLUDE_PROLOGUE.H
-@@ -0,0 +1,20 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * This file is only used by HP C on VMS, and is included automatically
-+ * after each header file from this directory
-+ */
-+
-+/* save state */
-+#pragma names save
-+/* have the compiler shorten symbols larger than 31 chars to 23 chars
-+ * followed by a 8 hex char CRC
-+ */
-+#pragma names as_is,shortened
---- a/include/openssl/__decc_include_epilogue.h
-+++ /dev/null
-@@ -1,7 +0,0 @@
--/*
-- * This file is only used by HP C on VMS, and is included automatically
-- * after each header file from this directory
-- */
--
--/* restore state. Must correspond to the save in __decc_include_prologue.h */
--#pragma names restore
---- a/include/openssl/__decc_include_prologue.h
-+++ /dev/null
-@@ -1,11 +0,0 @@
--/*
-- * This file is only used by HP C on VMS, and is included automatically
-- * after each header file from this directory
-- */
--
--/* save state */
--#pragma names save
--/* have the compiler shorten symbols larger than 31 chars to 23 chars
-- * followed by a 8 hex char CRC
-- */
--#pragma names as_is,shortened
---- a/include/openssl/aes.h
-+++ b/include/openssl/aes.h
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_AES_H
---- a/include/openssl/asn1.h
-+++ b/include/openssl/asn1.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_ASN1_H
-@@ -94,13 +46,11 @@ extern "C" {
- # define V_ASN1_OTHER -3/* used in ASN1_TYPE */
- # define V_ASN1_ANY -4/* used in ASN1 template code */
-
--# define V_ASN1_NEG 0x100/* negative flag */
--
- # define V_ASN1_UNDEF -1
-+/* ASN.1 tag values */
- # define V_ASN1_EOC 0
- # define V_ASN1_BOOLEAN 1 /**/
- # define V_ASN1_INTEGER 2
--# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
- # define V_ASN1_BIT_STRING 3
- # define V_ASN1_OCTET_STRING 4
- # define V_ASN1_NULL 5
-@@ -109,7 +59,6 @@ extern "C" {
- # define V_ASN1_EXTERNAL 8
- # define V_ASN1_REAL 9
- # define V_ASN1_ENUMERATED 10
--# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
- # define V_ASN1_UTF8STRING 12
- # define V_ASN1_SEQUENCE 16
- # define V_ASN1_SET 17
-@@ -127,6 +76,17 @@ extern "C" {
- # define V_ASN1_GENERALSTRING 27 /**/
- # define V_ASN1_UNIVERSALSTRING 28 /**/
- # define V_ASN1_BMPSTRING 30
-+
-+/*
-+ * NB the constants below are used internally by ASN1_INTEGER
-+ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
-+ * the wire tag values.
-+ */
-+
-+# define V_ASN1_NEG 0x100
-+# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
-+# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
-+
- /* For use with d2i_ASN1_type_bytes() */
- # define B_ASN1_NUMERICSTRING 0x0001
- # define B_ASN1_PRINTABLESTRING 0x0002
-@@ -458,6 +418,11 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (
- # define ASN1_STRFLGS_DUMP_DER 0x200
-
- /*
-+ * This flag specifies that RC2254 escaping shall be performed.
-+ */
-+#define ASN1_STRFLGS_ESC_2254 0x400
-+
-+/*
- * All the string flags consistent with RFC2253, escaping control characters
- * isn't essential in RFC2253 but it is advisable anyway.
- */
-@@ -473,6 +438,8 @@ DEFINE_STACK_OF(ASN1_INTEGER)
-
- DEFINE_STACK_OF(ASN1_GENERALSTRING)
-
-+DEFINE_STACK_OF(ASN1_UTF8STRING)
-+
- typedef struct asn1_type_st {
- int type;
- union {
-@@ -549,7 +516,7 @@ typedef struct BIT_STRING_BITNAME_st {
-
- DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
--int ASN1_TYPE_get(ASN1_TYPE *a);
-+int ASN1_TYPE_get(const ASN1_TYPE *a);
- void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
- int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
- int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
-@@ -559,7 +526,7 @@ void *ASN1_TYPE_unpack_sequence(const AS
-
- ASN1_OBJECT *ASN1_OBJECT_new(void);
- void ASN1_OBJECT_free(ASN1_OBJECT *a);
--int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
-+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
- ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
- long length);
-
-@@ -582,7 +549,7 @@ int ASN1_STRING_set(ASN1_STRING *str, co
- void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
- int ASN1_STRING_length(const ASN1_STRING *x);
- void ASN1_STRING_length_set(ASN1_STRING *x, int n);
--int ASN1_STRING_type(ASN1_STRING *x);
-+int ASN1_STRING_type(const ASN1_STRING *x);
- unsigned char *ASN1_STRING_data(ASN1_STRING *x);
-
- DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-@@ -594,8 +561,8 @@ int ASN1_BIT_STRING_check(const ASN1_BIT
-
- int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
- BIT_STRING_BITNAME *tbl, int indent);
--int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
--int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
-+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
- BIT_STRING_BITNAME *tbl);
-
- DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-@@ -665,10 +632,10 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEG
- int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
- int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
- int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
--int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a);
-+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
- int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
- int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
--int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
-+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
-
- int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
- ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-@@ -756,7 +723,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it
- int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
- # endif
-
--int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
-
- void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
-
-@@ -785,7 +752,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *fp,
- int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
- int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
- int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
--int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int off);
-+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
- int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
- unsigned char *buf, int off);
- int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
-@@ -793,15 +760,15 @@ int ASN1_parse_dump(BIO *bp, const unsig
- int dump);
- const char *ASN1_tag2str(int tag);
-
--/* Used to load and write netscape format cert */
-+/* Used to load and write Netscape format cert */
-
- int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-
- int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
--int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
-+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
- int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
- unsigned char *data, int len);
--int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
-+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
- unsigned char *data, int max_len);
-
- void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-@@ -839,8 +806,8 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val,
- void ASN1_add_oid_module(void);
- void ASN1_add_stable_module(void);
-
--ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
--ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
-+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
- int ASN1_str2mask(const char *str, unsigned long *pmask);
-
- /* ASN1 Print flags */
-@@ -907,42 +874,36 @@ int SMIME_text(BIO *in, BIO *out);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_ASN1_strings(void);
-+
-+int ERR_load_ASN1_strings(void);
-
- /* Error codes for the ASN1 functions. */
-
- /* Function codes. */
- # define ASN1_F_A2D_ASN1_OBJECT 100
--# define ASN1_F_A2I_ASN1_ENUMERATED 101
- # define ASN1_F_A2I_ASN1_INTEGER 102
- # define ASN1_F_A2I_ASN1_STRING 103
- # define ASN1_F_APPEND_EXP 176
- # define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
- # define ASN1_F_ASN1_CB 177
- # define ASN1_F_ASN1_CHECK_TLEN 104
--# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
- # define ASN1_F_ASN1_COLLECT 106
- # define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
- # define ASN1_F_ASN1_D2I_FP 109
- # define ASN1_F_ASN1_D2I_READ_BIO 107
- # define ASN1_F_ASN1_DIGEST 184
- # define ASN1_F_ASN1_DO_ADB 110
-+# define ASN1_F_ASN1_DO_LOCK 233
- # define ASN1_F_ASN1_DUP 111
--# define ASN1_F_ASN1_ENUMERATED_SET 112
--# define ASN1_F_ASN1_ENUMERATED_TO_BN 113
- # define ASN1_F_ASN1_EX_C2I 204
- # define ASN1_F_ASN1_FIND_END 190
- # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216
--# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
- # define ASN1_F_ASN1_GENERATE_V3 178
- # define ASN1_F_ASN1_GET_INT64 224
- # define ASN1_F_ASN1_GET_OBJECT 114
- # define ASN1_F_ASN1_GET_UINT64 225
--# define ASN1_F_ASN1_HEADER_NEW 115
- # define ASN1_F_ASN1_I2D_BIO 116
- # define ASN1_F_ASN1_I2D_FP 117
--# define ASN1_F_ASN1_INTEGER_SET 118
--# define ASN1_F_ASN1_INTEGER_TO_BN 119
- # define ASN1_F_ASN1_ITEM_D2I_FP 206
- # define ASN1_F_ASN1_ITEM_DUP 191
- # define ASN1_F_ASN1_ITEM_EMBED_D2I 120
-@@ -957,12 +918,8 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_F_ASN1_MBSTRING_NCOPY 122
- # define ASN1_F_ASN1_OBJECT_NEW 123
- # define ASN1_F_ASN1_OUTPUT_DATA 214
--# define ASN1_F_ASN1_PACK_STRING 124
- # define ASN1_F_ASN1_PCTX_NEW 205
--# define ASN1_F_ASN1_PKCS5_PBE_SET 125
- # define ASN1_F_ASN1_SCTX_NEW 221
--# define ASN1_F_ASN1_SEQ_PACK 126
--# define ASN1_F_ASN1_SEQ_UNPACK 127
- # define ASN1_F_ASN1_SIGN 128
- # define ASN1_F_ASN1_STR2TYPE 179
- # define ASN1_F_ASN1_STRING_GET_INT64 227
-@@ -975,48 +932,27 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_F_ASN1_TEMPLATE_NEW 133
- # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
- # define ASN1_F_ASN1_TIME_ADJ 217
--# define ASN1_F_ASN1_TIME_SET 175
- # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
- # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
--# define ASN1_F_ASN1_UNPACK_STRING 136
- # define ASN1_F_ASN1_UTCTIME_ADJ 218
--# define ASN1_F_ASN1_UTCTIME_SET 187
- # define ASN1_F_ASN1_VERIFY 137
- # define ASN1_F_B64_READ_ASN1 209
- # define ASN1_F_B64_WRITE_ASN1 210
- # define ASN1_F_BIO_NEW_NDEF 208
- # define ASN1_F_BITSTR_CB 180
--# define ASN1_F_BN_TO_ASN1_ENUMERATED 138
--# define ASN1_F_BN_TO_ASN1_INTEGER 139
- # define ASN1_F_BN_TO_ASN1_STRING 229
- # define ASN1_F_C2I_ASN1_BIT_STRING 189
- # define ASN1_F_C2I_ASN1_INTEGER 194
- # define ASN1_F_C2I_ASN1_OBJECT 196
- # define ASN1_F_C2I_IBUF 226
- # define ASN1_F_COLLECT_DATA 140
--# define ASN1_F_D2I_ASN1_BIT_STRING 141
--# define ASN1_F_D2I_ASN1_BOOLEAN 142
--# define ASN1_F_D2I_ASN1_BYTES 143
--# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144
--# define ASN1_F_D2I_ASN1_HEADER 145
--# define ASN1_F_D2I_ASN1_INTEGER 146
- # define ASN1_F_D2I_ASN1_OBJECT 147
--# define ASN1_F_D2I_ASN1_SET 148
--# define ASN1_F_D2I_ASN1_TYPE_BYTES 149
- # define ASN1_F_D2I_ASN1_UINTEGER 150
--# define ASN1_F_D2I_ASN1_UTCTIME 151
- # define ASN1_F_D2I_AUTOPRIVATEKEY 207
--# define ASN1_F_D2I_NETSCAPE_RSA 152
--# define ASN1_F_D2I_NETSCAPE_RSA_2 153
- # define ASN1_F_D2I_PRIVATEKEY 154
- # define ASN1_F_D2I_PUBLICKEY 155
--# define ASN1_F_D2I_X509 156
--# define ASN1_F_D2I_X509_CINF 157
--# define ASN1_F_D2I_X509_PKEY 159
- # define ASN1_F_DO_TCREATE 222
- # define ASN1_F_I2D_ASN1_BIO_STREAM 211
--# define ASN1_F_I2D_ASN1_SET 188
--# define ASN1_F_I2D_ASN1_TIME 160
- # define ASN1_F_I2D_DSA_PUBKEY 161
- # define ASN1_F_I2D_EC_PUBKEY 181
- # define ASN1_F_I2D_PRIVATEKEY 163
-@@ -1034,13 +970,11 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_F_SMIME_READ_ASN1 212
- # define ASN1_F_SMIME_TEXT 213
- # define ASN1_F_STBL_MODULE_INIT 223
--# define ASN1_F_X509_CINF_NEW 168
- # define ASN1_F_X509_CRL_ADD0_REVOKED 169
- # define ASN1_F_X509_INFO_NEW 170
- # define ASN1_F_X509_NAME_ENCODE 203
- # define ASN1_F_X509_NAME_EX_D2I 158
- # define ASN1_F_X509_NAME_EX_NEW 171
--# define ASN1_F_X509_NEW 172
- # define ASN1_F_X509_PKEY_NEW 173
-
- /* Reason codes. */
-@@ -1048,10 +982,7 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_ASN1_PARSE_ERROR 203
- # define ASN1_R_ASN1_SIG_PARSE_ERROR 204
- # define ASN1_R_AUX_ERROR 100
--# define ASN1_R_BAD_CLASS 101
- # define ASN1_R_BAD_OBJECT_HEADER 102
--# define ASN1_R_BAD_PASSWORD_READ 103
--# define ASN1_R_BAD_TAG 104
- # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
- # define ASN1_R_BN_LIB 105
- # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
-@@ -1060,18 +991,14 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_CONTEXT_NOT_INITIALISED 217
- # define ASN1_R_DATA_IS_WRONG 109
- # define ASN1_R_DECODE_ERROR 110
--# define ASN1_R_DECODING_ERROR 111
- # define ASN1_R_DEPTH_EXCEEDED 174
- # define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198
- # define ASN1_R_ENCODE_ERROR 112
- # define ASN1_R_ERROR_GETTING_TIME 173
- # define ASN1_R_ERROR_LOADING_SECTION 172
--# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
- # define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
- # define ASN1_R_EXPECTING_AN_INTEGER 115
- # define ASN1_R_EXPECTING_AN_OBJECT 116
--# define ASN1_R_EXPECTING_A_BOOLEAN 117
--# define ASN1_R_EXPECTING_A_TIME 118
- # define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
- # define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
- # define ASN1_R_FIELD_MISSING 121
-@@ -1107,12 +1034,9 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_INVALID_SCRYPT_PARAMETERS 227
- # define ASN1_R_INVALID_SEPARATOR 131
- # define ASN1_R_INVALID_STRING_TABLE_VALUE 218
--# define ASN1_R_INVALID_TIME_FORMAT 132
- # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
- # define ASN1_R_INVALID_UTF8STRING 134
- # define ASN1_R_INVALID_VALUE 219
--# define ASN1_R_IV_TOO_LARGE 135
--# define ASN1_R_LENGTH_ERROR 136
- # define ASN1_R_LIST_ERROR 188
- # define ASN1_R_MIME_NO_CONTENT_TYPE 206
- # define ASN1_R_MIME_PARSE_ERROR 207
-@@ -1127,7 +1051,6 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_NOT_ASCII_FORMAT 190
- # define ASN1_R_NOT_ENOUGH_DATA 142
- # define ASN1_R_NO_CONTENT_TYPE 209
--# define ASN1_R_NO_DEFAULT_DIGEST 201
- # define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
- # define ASN1_R_NO_MULTIPART_BODY_FAILURE 210
- # define ASN1_R_NO_MULTIPART_BOUNDARY 211
-@@ -1135,7 +1058,6 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_NULL_IS_WRONG_LENGTH 144
- # define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
- # define ASN1_R_ODD_NUMBER_OF_CHARS 145
--# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146
- # define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
- # define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
- # define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
-@@ -1145,7 +1067,6 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_STREAMING_NOT_SUPPORTED 202
- # define ASN1_R_STRING_TOO_LONG 151
- # define ASN1_R_STRING_TOO_SHORT 152
--# define ASN1_R_TAG_VALUE_TOO_HIGH 153
- # define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
- # define ASN1_R_TIME_NOT_ASCII_FORMAT 193
- # define ASN1_R_TOO_LARGE 223
-@@ -1153,8 +1074,6 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_TOO_SMALL 224
- # define ASN1_R_TYPE_NOT_CONSTRUCTED 156
- # define ASN1_R_TYPE_NOT_PRIMITIVE 195
--# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
--# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
- # define ASN1_R_UNEXPECTED_EOC 159
- # define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215
- # define ASN1_R_UNKNOWN_FORMAT 160
-@@ -1164,16 +1083,13 @@ void ERR_load_ASN1_strings(void);
- # define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199
- # define ASN1_R_UNKNOWN_TAG 194
- # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
--# define ASN1_R_UNSUPPORTED_CIPHER 165
--# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
- # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
- # define ASN1_R_UNSUPPORTED_TYPE 196
- # define ASN1_R_WRONG_INTEGER_TYPE 225
- # define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200
- # define ASN1_R_WRONG_TAG 168
--# define ASN1_R_WRONG_TYPE 169
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- /dev/null
-+++ b/include/openssl/asn1_mac.h
-@@ -0,0 +1,10 @@
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#error "This file is obsolete; please update your software."
---- a/include/openssl/asn1t.h
-+++ b/include/openssl/asn1t.h
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef HEADER_ASN1T_H
- # define HEADER_ASN1T_H
-
-@@ -228,7 +180,7 @@ extern "C" {
- ASN1_ITEM_end(tname)
- # define static_ASN1_NDEF_SEQUENCE_END(tname) \
- ;\
-- static_ASN1_ITEM_start(tname) \
-+ static_ASN1_ITEM_start(tname) \
- ASN1_ITYPE_NDEF_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
-@@ -240,7 +192,7 @@ extern "C" {
-
- # define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
- # define static_ASN1_BROKEN_SEQUENCE_END(stname) \
-- static_ASN1_SEQUENCE_END_ref(stname, stname)
-+ static_ASN1_SEQUENCE_END_ref(stname, stname)
-
- # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-@@ -700,13 +652,6 @@ struct ASN1_TLC_st {
- };
-
- /* Typedefs for ASN1 function pointers */
--
--typedef ASN1_VALUE *ASN1_new_func(void);
--typedef void ASN1_free_func(ASN1_VALUE *a);
--typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in,
-- long length);
--typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in);
--
- typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_ITEM *it, int tag, int aclass, char opt,
- ASN1_TLC *ctx);
---- a/include/openssl/async.h
-+++ b/include/openssl/async.h
-@@ -1,53 +1,10 @@
- /*
-- * Written by Matt Caswell (matt at openssl.org) for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdlib.h>
-@@ -56,9 +13,11 @@
- # define HEADER_ASYNC_H
-
- #if defined(_WIN32)
--#include <windows.h>
-+# if defined(BASETYPES) || defined(_WINDEF_H)
-+/* application has to include <windows.h> to use this */
- #define OSSL_ASYNC_FD HANDLE
- #define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE
-+# endif
- #else
- #define OSSL_ASYNC_FD int
- #define OSSL_BAD_ASYNC_FD -1
-@@ -80,6 +39,7 @@ typedef struct async_wait_ctx_st ASYNC_W
- int ASYNC_init_thread(size_t max_size, size_t init_size);
- void ASYNC_cleanup_thread(void);
-
-+#ifdef OSSL_ASYNC_FD
- ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
- void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
- int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
-@@ -95,6 +55,7 @@ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC
- size_t *numaddfds, OSSL_ASYNC_FD *delfd,
- size_t *numdelfds);
- int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
-+#endif
-
- int ASYNC_is_capable(void);
-
-@@ -112,7 +73,8 @@ void ASYNC_unblock_pause(void);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_ASYNC_strings(void);
-+
-+int ERR_load_ASYNC_strings(void);
-
- /* Error codes for the ASYNC functions. */
-
-@@ -125,14 +87,12 @@ void ERR_load_ASYNC_strings(void);
- # define ASYNC_F_ASYNC_START_JOB 105
-
- /* Reason codes. */
--# define ASYNC_R_CANNOT_CREATE_WAIT_PIPE 100
- # define ASYNC_R_FAILED_TO_SET_POOL 101
- # define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102
- # define ASYNC_R_INIT_FAILED 105
- # define ASYNC_R_INVALID_POOL_SIZE 103
--# define ASYNC_R_POOL_ALREADY_INITED 104
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/bio.h
-+++ b/include/openssl/bio.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BIO_H
-@@ -135,7 +87,6 @@ extern "C" {
- # define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */
- # define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */
- # define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */
--/* callback is int cb(BIO *bio,state,ret); */
- # define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */
- # define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */
-
-@@ -284,11 +235,10 @@ void BIO_clear_flags(BIO *b, int flags);
- # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
- # define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
-
--long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
-- int, long, long);
--void BIO_set_callback(BIO *b,
-- long (*callback) (struct bio_st *, int, const char *,
-- int, long, long));
-+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
-+ long argl, long ret);
-+BIO_callback_fn BIO_get_callback(const BIO *b);
-+void BIO_set_callback(BIO *b, BIO_callback_fn callback);
- char *BIO_get_callback_arg(const BIO *b);
- void BIO_set_callback_arg(BIO *b, char *arg);
-
-@@ -297,8 +247,7 @@ typedef struct bio_method_st BIO_METHOD;
- const char *BIO_method_name(const BIO *b);
- int BIO_method_type(const BIO *b);
-
--typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
-- long);
-+typedef void bio_info_cb(BIO *, int, const char *, int, long, long);
-
- DEFINE_STACK_OF(BIO)
-
-@@ -400,48 +349,51 @@ struct bio_dgram_sctp_prinfo {
- # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
- # define BIO_get_app_data(s) BIO_get_ex_data(s,0)
-
-+# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-+
-+# ifndef OPENSSL_NO_SOCK
- /* IP families we support, for BIO_s_connect() and BIO_s_accept() */
- /* Note: the underlying operating system may not support some of them */
--# define BIO_FAMILY_IPV4 4
--# define BIO_FAMILY_IPV6 6
--# define BIO_FAMILY_IPANY 256
-+# define BIO_FAMILY_IPV4 4
-+# define BIO_FAMILY_IPV6 6
-+# define BIO_FAMILY_IPANY 256
-
- /* BIO_s_connect() */
--# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
--# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
--# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
--# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
--# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0,NULL))
--# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1,NULL))
--# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL))
--# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
--# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
--
--# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-+# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
-+# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
-+# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0,NULL))
-+# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1,NULL))
-+# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL))
-+# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
-+# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
-
- /* BIO_s_accept() */
--# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
--# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port)
--# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
--# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
--# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
--# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
-+# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-+# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port)
-+# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
-+# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
-+# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
-+# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
- /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
--# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
--# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio)
--# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
--# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
-+# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
-+# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio)
-+# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
-+# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
-
- /* Aliases kept for backward compatibility */
--# define BIO_BIND_NORMAL 0
--# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR
--# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR
--# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
--# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-+# define BIO_BIND_NORMAL 0
-+# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR
-+# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR
-+# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-+# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
- /* BIO_s_accept() and BIO_s_connect() */
--# define BIO_do_connect(b) BIO_do_handshake(b)
--# define BIO_do_accept(b) BIO_do_handshake(b)
-+# define BIO_do_connect(b) BIO_do_handshake(b)
-+# define BIO_do_accept(b) BIO_do_handshake(b)
-+# endif /* OPENSSL_NO_SOCK */
-+
- # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
- /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
-@@ -487,11 +439,11 @@ int BIO_read_filename(BIO *b, const char
- # define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
- # define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
- # define BIO_set_ssl_renegotiate_bytes(b,num) \
-- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
- # define BIO_get_num_renegotiates(b) \
-- BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
-+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
- # define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
-
- /* defined in evp.h */
- /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-@@ -581,7 +533,6 @@ BIO *BIO_new_file(const char *filename,
- BIO *BIO_new_fp(FILE *stream, int close_flag);
- # endif
- BIO *BIO_new(const BIO_METHOD *type);
--int BIO_set(BIO *a, const BIO_METHOD *type);
- int BIO_free(BIO *a);
- void BIO_set_data(BIO *a, void *ptr);
- void *BIO_get_data(BIO *a);
-@@ -598,8 +549,7 @@ int BIO_puts(BIO *bp, const char *buf);
- int BIO_indent(BIO *b, int indent, int max);
- long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
- long BIO_callback_ctrl(BIO *b, int cmd,
-- void (*fp) (struct bio_st *, int, const char *, int,
-- long, long));
-+ void (*fp) (BIO *, int, const char *, int, long, long));
- void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
- long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
- BIO *BIO_push(BIO *b, BIO *append);
-@@ -624,9 +574,11 @@ long BIO_debug_callback(BIO *bio, int cm
- const BIO_METHOD *BIO_s_mem(void);
- const BIO_METHOD *BIO_s_secmem(void);
- BIO *BIO_new_mem_buf(const void *buf, int len);
-+# ifndef OPENSSL_NO_SOCK
- const BIO_METHOD *BIO_s_socket(void);
- const BIO_METHOD *BIO_s_connect(void);
- const BIO_METHOD *BIO_s_accept(void);
-+# endif
- const BIO_METHOD *BIO_s_fd(void);
- const BIO_METHOD *BIO_s_log(void);
- const BIO_METHOD *BIO_s_bio(void);
-@@ -637,14 +589,26 @@ const BIO_METHOD *BIO_f_linebuffer(void)
- const BIO_METHOD *BIO_f_nbio_test(void);
- # ifndef OPENSSL_NO_DGRAM
- const BIO_METHOD *BIO_s_datagram(void);
-+int BIO_dgram_non_fatal_error(int error);
-+BIO *BIO_new_dgram(int fd, int close_flag);
- # ifndef OPENSSL_NO_SCTP
- const BIO_METHOD *BIO_s_datagram_sctp(void);
-+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
-+int BIO_dgram_is_sctp(BIO *bio);
-+int BIO_dgram_sctp_notification_cb(BIO *b,
-+ void (*handle_notifications) (BIO *bio,
-+ void *context,
-+ void *buf),
-+ void *context);
-+int BIO_dgram_sctp_wait_for_dry(BIO *b);
-+int BIO_dgram_sctp_msg_waiting(BIO *b);
- # endif
- # endif
-
-+# ifndef OPENSSL_NO_SOCK
- int BIO_sock_should_retry(int i);
- int BIO_sock_non_fatal_error(int error);
--int BIO_dgram_non_fatal_error(int error);
-+# endif
-
- int BIO_fd_should_retry(int i);
- int BIO_fd_non_fatal_error(int error);
-@@ -661,6 +625,7 @@ int BIO_dump_indent_fp(FILE *fp, const c
- int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
- int datalen);
-
-+# ifndef OPENSSL_NO_SOCK
- BIO_ADDR *BIO_ADDR_new(void);
- int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
- const void *where, size_t wherelen, unsigned short port);
-@@ -695,9 +660,9 @@ int BIO_sock_error(int sock);
- int BIO_socket_ioctl(int fd, long type, void *arg);
- int BIO_socket_nbio(int fd, int mode);
- int BIO_sock_init(void);
--#if OPENSSL_API_COMPAT < 0x10100000L
--# define BIO_sock_cleanup() while(0) continue
--#endif
-+# if OPENSSL_API_COMPAT < 0x10100000L
-+# define BIO_sock_cleanup() while(0) continue
-+# endif
- int BIO_set_tcp_ndelay(int sock, int turn_on);
-
- DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
-@@ -715,11 +680,11 @@ enum BIO_sock_info_type {
- int BIO_sock_info(int sock,
- enum BIO_sock_info_type type, union BIO_sock_info_u *info);
-
--# define BIO_SOCK_REUSEADDR 0x01
--# define BIO_SOCK_V6_ONLY 0x02
--# define BIO_SOCK_KEEPALIVE 0x04
--# define BIO_SOCK_NONBLOCK 0x08
--# define BIO_SOCK_NODELAY 0x10
-+# define BIO_SOCK_REUSEADDR 0x01
-+# define BIO_SOCK_V6_ONLY 0x02
-+# define BIO_SOCK_KEEPALIVE 0x04
-+# define BIO_SOCK_NONBLOCK 0x08
-+# define BIO_SOCK_NODELAY 0x10
-
- int BIO_socket(int domain, int socktype, int protocol, int options);
- int BIO_connect(int sock, const BIO_ADDR *addr, int options);
-@@ -728,22 +693,11 @@ int BIO_accept_ex(int accept_sock, BIO_A
- int BIO_closesocket(int sock);
-
- BIO *BIO_new_socket(int sock, int close_flag);
--BIO *BIO_new_dgram(int fd, int close_flag);
--# ifndef OPENSSL_NO_SCTP
--BIO *BIO_new_dgram_sctp(int fd, int close_flag);
--int BIO_dgram_is_sctp(BIO *bio);
--int BIO_dgram_sctp_notification_cb(BIO *b,
-- void (*handle_notifications) (BIO *bio,
-- void
-- *context,
-- void *buf),
-- void *context);
--int BIO_dgram_sctp_wait_for_dry(BIO *b);
--int BIO_dgram_sctp_msg_waiting(BIO *b);
--# endif
--BIO *BIO_new_fd(int fd, int close_flag);
- BIO *BIO_new_connect(const char *host_port);
- BIO *BIO_new_accept(const char *host_port);
-+# endif /* OPENSSL_NO_SOCK*/
-+
-+BIO *BIO_new_fd(int fd, int close_flag);
-
- int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
- BIO **bio2, size_t writebuf2);
-@@ -807,7 +761,8 @@ int BIO_meth_set_callback_ctrl(BIO_METHO
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_BIO_strings(void);
-+
-+int ERR_load_BIO_strings(void);
-
- /* Error codes for the BIO functions. */
-
-@@ -816,13 +771,11 @@ void ERR_load_BIO_strings(void);
- # define BIO_F_ADDR_STRINGS 134
- # define BIO_F_BIO_ACCEPT 101
- # define BIO_F_BIO_ACCEPT_EX 137
--# define BIO_F_BIO_BER_GET_HEADER 102
-+# define BIO_F_BIO_ADDR_NEW 144
- # define BIO_F_BIO_CALLBACK_CTRL 131
- # define BIO_F_BIO_CONNECT 138
- # define BIO_F_BIO_CTRL 103
--# define BIO_F_BIO_GETHOSTBYNAME 120
- # define BIO_F_BIO_GETS 104
--# define BIO_F_BIO_GET_ACCEPT_SOCKET 105
- # define BIO_F_BIO_GET_HOST_IP 106
- # define BIO_F_BIO_GET_PORT 107
- # define BIO_F_BIO_LISTEN 139
-@@ -851,45 +804,32 @@ void ERR_load_BIO_strings(void);
- # define BIO_F_FILE_CTRL 116
- # define BIO_F_FILE_READ 130
- # define BIO_F_LINEBUFFER_CTRL 129
--# define BIO_F_MEM_READ 128
- # define BIO_F_MEM_WRITE 117
- # define BIO_F_SSL_NEW 118
--# define BIO_F_WSASTARTUP 119
-
- /* Reason codes. */
- # define BIO_R_ACCEPT_ERROR 100
- # define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141
- # define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129
- # define BIO_R_BAD_FOPEN_MODE 101
--# define BIO_R_BAD_HOSTNAME_LOOKUP 102
- # define BIO_R_BROKEN_PIPE 124
- # define BIO_R_CONNECT_ERROR 103
--# define BIO_R_EOF_ON_MEMORY_BIO 127
--# define BIO_R_ERROR_SETTING_NBIO 104
--# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105
--# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106
- # define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107
- # define BIO_R_GETSOCKNAME_ERROR 132
- # define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133
- # define BIO_R_GETTING_SOCKTYPE 134
- # define BIO_R_INVALID_ARGUMENT 125
--# define BIO_R_INVALID_IP_ADDRESS 108
- # define BIO_R_INVALID_SOCKET 135
- # define BIO_R_IN_USE 123
--# define BIO_R_KEEPALIVE 109
- # define BIO_R_LISTEN_V6_ONLY 136
- # define BIO_R_LOOKUP_RETURNED_NOTHING 142
- # define BIO_R_MALFORMED_HOST_OR_SERVICE 130
- # define BIO_R_NBIO_CONNECT_ERROR 110
- # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143
--# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111
- # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144
--# define BIO_R_NO_HOSTNAME_SPECIFIED 112
- # define BIO_R_NO_PORT_DEFINED 113
--# define BIO_R_NO_SERVICE_SPECIFIED 114
- # define BIO_R_NO_SUCH_FILE 128
- # define BIO_R_NULL_PARAMETER 115
--# define BIO_R_TAG_MISMATCH 116
- # define BIO_R_UNABLE_TO_BIND_SOCKET 117
- # define BIO_R_UNABLE_TO_CREATE_SOCKET 118
- # define BIO_R_UNABLE_TO_KEEPALIVE 137
-@@ -905,7 +845,7 @@ void ERR_load_BIO_strings(void);
- # define BIO_R_WRITE_TO_READ_ONLY_BIO 126
- # define BIO_R_WSASTARTUP 122
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/blowfish.h
-+++ b/include/openssl/blowfish.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BLOWFISH_H
---- a/include/openssl/bn.h
-+++ b/include/openssl/bn.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -190,7 +90,7 @@ int BN_get_flags(const BIGNUM *b, int n)
- */
- void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
-
--/* Wrapper function to make using BN_GENCB easier, */
-+/* Wrapper function to make using BN_GENCB easier */
- int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-
- BN_GENCB *BN_GENCB_new(void);
-@@ -569,7 +469,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM
- BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
- BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
-
--# if OPENSSL_API_COMPAT < 0x00101000L
-+# if OPENSSL_API_COMPAT < 0x10100000L
- # define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
- # define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
- # define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
-@@ -587,7 +487,8 @@ int BN_bntest_rand(BIGNUM *rnd, int bits
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_BN_strings(void);
-+
-+int ERR_load_BN_strings(void);
-
- /* Error codes for the BN functions. */
-
-@@ -605,10 +506,8 @@ void ERR_load_BN_strings(void);
- # define BN_F_BN_CTX_NEW 106
- # define BN_F_BN_CTX_START 129
- # define BN_F_BN_DIV 107
--# define BN_F_BN_DIV_NO_BRANCH 138
- # define BN_F_BN_DIV_RECP 130
- # define BN_F_BN_EXP 123
--# define BN_F_BN_EXPAND2 108
- # define BN_F_BN_EXPAND_INTERNAL 120
- # define BN_F_BN_GENCB_NEW 143
- # define BN_F_BN_GENERATE_DSA_NONCE 140
-@@ -630,7 +529,6 @@ void ERR_load_BN_strings(void);
- # define BN_F_BN_MOD_INVERSE 110
- # define BN_F_BN_MOD_INVERSE_NO_BRANCH 139
- # define BN_F_BN_MOD_LSHIFT_QUICK 119
--# define BN_F_BN_MOD_MUL_RECIPROCAL 111
- # define BN_F_BN_MOD_SQRT 121
- # define BN_F_BN_MPI2BN 112
- # define BN_F_BN_NEW 113
-@@ -662,7 +560,7 @@ void ERR_load_BN_strings(void);
- # define BN_R_TOO_MANY_ITERATIONS 113
- # define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/buffer.h
-+++ b/include/openssl/buffer.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_BUFFER_H
-@@ -84,7 +36,7 @@ extern "C" {
- # define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size)
- # define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
- # define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
--
-+
- struct buf_mem_st {
- size_t length; /* current number of bytes */
- char *data;
-@@ -106,7 +58,8 @@ void BUF_reverse(unsigned char *out, con
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_BUF_strings(void);
-+
-+int ERR_load_BUF_strings(void);
-
- /* Error codes for the BUF functions. */
-
-@@ -117,7 +70,7 @@ void ERR_load_BUF_strings(void);
-
- /* Reason codes. */
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/camellia.h
-+++ b/include/openssl/camellia.h
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CAMELLIA_H
---- a/include/openssl/cast.h
-+++ b/include/openssl/cast.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CAST_H
---- a/include/openssl/cmac.h
-+++ b/include/openssl/cmac.h
-@@ -1,59 +1,17 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CMAC_H
- # define HEADER_CMAC_H
-
-+# ifndef OPENSSL_NO_CMAC
-+
- #ifdef __cplusplus
- extern "C" {
- #endif
-@@ -78,4 +36,6 @@ int CMAC_resume(CMAC_CTX *ctx);
- #ifdef __cplusplus
- }
- #endif
-+
-+# endif
- #endif
---- a/include/openssl/cms.h
-+++ b/include/openssl/cms.h
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CMS_H
-@@ -117,7 +73,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentI
- # define CMS_KEY_PARAM 0x40000
- # define CMS_ASCIICRLF 0x80000
-
--const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
-
- BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
- int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-@@ -188,7 +144,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV
- int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
- int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
- unsigned char *key, size_t keylen,
-- unsigned char *id, size_t idlen);
-+ const unsigned char *id, size_t idlen);
- int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
- unsigned char *pass, ossl_ssize_t passlen);
-
-@@ -378,7 +334,8 @@ int CMS_SharedInfo_encode(unsigned char
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_CMS_strings(void);
-+
-+int ERR_load_CMS_strings(void);
-
- /* Error codes for the CMS functions. */
-
-@@ -483,7 +440,6 @@ void ERR_load_CMS_strings(void);
- # define CMS_R_CTRL_ERROR 110
- # define CMS_R_CTRL_FAILURE 111
- # define CMS_R_DECRYPT_ERROR 112
--# define CMS_R_DIGEST_ERROR 161
- # define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
- # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
- # define CMS_R_ERROR_SETTING_KEY 115
-@@ -549,9 +505,8 @@ void ERR_load_CMS_strings(void);
- # define CMS_R_VERIFICATION_FAILURE 158
- # define CMS_R_WRAP_ERROR 159
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/comp.h
-+++ b/include/openssl/comp.h
-@@ -1,58 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--
- #ifndef HEADER_COMP_H
- # define HEADER_COMP_H
-
-@@ -95,7 +49,8 @@ const BIO_METHOD *BIO_f_zlib(void);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_COMP_strings(void);
-+
-+int ERR_load_COMP_strings(void);
-
- /* Error codes for the COMP functions. */
-
-@@ -110,9 +65,8 @@ void ERR_load_COMP_strings(void);
- # define COMP_R_ZLIB_INFLATE_ERROR 100
- # define COMP_R_ZLIB_NOT_SUPPORTED 101
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/conf.h
-+++ b/include/openssl/conf.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CONF_H
-@@ -215,16 +167,15 @@ void OPENSSL_load_builtin_modules(void);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_CONF_strings(void);
-+
-+int ERR_load_CONF_strings(void);
-
- /* Error codes for the CONF functions. */
-
- /* Function codes. */
- # define CONF_F_CONF_DUMP_FP 104
- # define CONF_F_CONF_LOAD 100
--# define CONF_F_CONF_LOAD_BIO 102
- # define CONF_F_CONF_LOAD_FP 103
--# define CONF_F_CONF_MODULES_LOAD 116
- # define CONF_F_CONF_PARSE_LIST 119
- # define CONF_F_DEF_LOAD 120
- # define CONF_F_DEF_LOAD_BIO 121
-@@ -233,7 +184,6 @@ void ERR_load_CONF_strings(void);
- # define CONF_F_MODULE_RUN 118
- # define CONF_F_NCONF_DUMP_BIO 105
- # define CONF_F_NCONF_DUMP_FP 106
--# define CONF_F_NCONF_GET_NUMBER 107
- # define CONF_F_NCONF_GET_NUMBER_E 112
- # define CONF_F_NCONF_GET_SECTION 108
- # define CONF_F_NCONF_GET_STRING 109
-@@ -248,7 +198,6 @@ void ERR_load_CONF_strings(void);
- # define CONF_R_LIST_CANNOT_BE_NULL 115
- # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100
- # define CONF_R_MISSING_EQUAL_SIGN 101
--# define CONF_R_MISSING_FINISH_FUNCTION 111
- # define CONF_R_MISSING_INIT_FUNCTION 112
- # define CONF_R_MODULE_INITIALIZATION_ERROR 109
- # define CONF_R_NO_CLOSE_BRACE 102
-@@ -261,7 +210,7 @@ void ERR_load_CONF_strings(void);
- # define CONF_R_UNKNOWN_MODULE_NAME 113
- # define CONF_R_VARIABLE_HAS_NO_VALUE 104
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/conf_api.h
-+++ b/include/openssl/conf_api.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_CONF_API_H
---- a/include/openssl/crypto.h
-+++ b/include/openssl/crypto.h
-@@ -1,112 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -188,9 +88,6 @@ int CRYPTO_atomic_add(int *val, int amou
- # define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */
- # define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */
-
--/* predec of the BIO type */
--typedef struct bio_st BIO_dummy;
--
- struct crypto_ex_data_st {
- STACK_OF(void) *sk;
- };
-@@ -276,7 +173,7 @@ typedef void CRYPTO_EX_new (void *parent
- int idx, long argl, void *argp);
- typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
--typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
- void *srcp, int idx, long argl, void *argp);
- __owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-@@ -290,7 +187,7 @@ int CRYPTO_free_ex_index(int class_index
- */
- int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
- int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-- CRYPTO_EX_DATA *from);
-+ const CRYPTO_EX_DATA *from);
-
- void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-
-@@ -318,12 +215,22 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX
- * On the other hand, the locking callbacks are no longer used. Consequently,
- * the callback management functions can be safely replaced with no-op macros.
- */
--# define CRYPTO_num_locks() (0)
-+# define CRYPTO_num_locks() (1)
- # define CRYPTO_set_locking_callback(func)
- # define CRYPTO_get_locking_callback() (NULL)
- # define CRYPTO_set_add_lock_callback(func)
- # define CRYPTO_get_add_lock_callback() (NULL)
-
-+/*
-+ * These defines where used in combination with the old locking callbacks,
-+ * they are not called anymore, but old code that's not called might still
-+ * use them.
-+ */
-+# define CRYPTO_LOCK 1
-+# define CRYPTO_UNLOCK 2
-+# define CRYPTO_READ 4
-+# define CRYPTO_WRITE 8
-+
- /* This structure is no longer used */
- typedef struct crypto_threadid_st {
- int dummy;
-@@ -374,7 +281,7 @@ void *CRYPTO_clear_realloc(void *addr, s
- const char *file, int line);
-
- int CRYPTO_secure_malloc_init(size_t sz, int minsize);
--void CRYPTO_secure_malloc_done(void);
-+int CRYPTO_secure_malloc_done(void);
- void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
- void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
- void CRYPTO_secure_free(void *ptr, const char *file, int line);
-@@ -409,19 +316,17 @@ void CRYPTO_mem_debug_free(void *addr, i
- # ifndef OPENSSL_NO_STDIO
- int CRYPTO_mem_leaks_fp(FILE *);
- # endif
--int CRYPTO_mem_leaks(struct bio_st *bio);
-+int CRYPTO_mem_leaks(BIO *bio);
- # endif
-
- /* die if we have to */
-+ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
- # if OPENSSL_API_COMPAT < 0x10100000L
- # define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
- # endif
--void OPENSSL_die(const char *assertion, const char *file, int line);
- # define OPENSSL_assert(e) \
- (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
-
--unsigned int *OPENSSL_ia32cap_loc(void);
--# define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
- int OPENSSL_isservice(void);
-
- int FIPS_mode(void);
-@@ -482,18 +387,56 @@ void OPENSSL_thread_stop(void);
-
- /* Low-level control of initialization */
- OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
--#ifndef OPENSSL_NO_STDIO
--void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
-- const char *config_file);
--#endif
-+# ifndef OPENSSL_NO_STDIO
-+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
-+ const char *config_file);
-+# endif
- void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
-
-+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
-+# if defined(_WIN32)
-+# if defined(BASETYPES) || defined(_WINDEF_H)
-+/* application has to include <windows.h> in order to use this */
-+typedef DWORD CRYPTO_THREAD_LOCAL;
-+typedef DWORD CRYPTO_THREAD_ID;
-+
-+typedef LONG CRYPTO_ONCE;
-+# define CRYPTO_ONCE_STATIC_INIT 0
-+# endif
-+# else
-+# include <pthread.h>
-+typedef pthread_once_t CRYPTO_ONCE;
-+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
-+typedef pthread_t CRYPTO_THREAD_ID;
-+
-+# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
-+# endif
-+# endif
-+
-+# if !defined(CRYPTO_ONCE_STATIC_INIT)
-+typedef unsigned int CRYPTO_ONCE;
-+typedef unsigned int CRYPTO_THREAD_LOCAL;
-+typedef unsigned int CRYPTO_THREAD_ID;
-+# define CRYPTO_ONCE_STATIC_INIT 0
-+# endif
-+
-+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
-+
-+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
-+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
-+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
-+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
-+
-+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
-+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
-+
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_CRYPTO_strings(void);
-+
-+int ERR_load_CRYPTO_strings(void);
-
- /* Error codes for the CRYPTO functions. */
-
-@@ -501,29 +444,21 @@ void ERR_load_CRYPTO_strings(void);
- # define CRYPTO_F_CRYPTO_DUP_EX_DATA 110
- # define CRYPTO_F_CRYPTO_FREE_EX_DATA 111
- # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
--# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103
--# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101
- # define CRYPTO_F_CRYPTO_MEMDUP 115
- # define CRYPTO_F_CRYPTO_NEW_EX_DATA 112
- # define CRYPTO_F_CRYPTO_SET_EX_DATA 102
--# define CRYPTO_F_DEF_ADD_INDEX 104
--# define CRYPTO_F_DEF_GET_CLASS 105
- # define CRYPTO_F_FIPS_MODE_SET 109
- # define CRYPTO_F_GET_AND_LOCK 113
--# define CRYPTO_F_INT_DUP_EX_DATA 106
--# define CRYPTO_F_INT_FREE_EX_DATA 107
--# define CRYPTO_F_INT_NEW_EX_DATA 108
- # define CRYPTO_F_OPENSSL_BUF2HEXSTR 117
--# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116
--# define CRYPTO_F_OPENSSL_MEMDUP 114
- # define CRYPTO_F_OPENSSL_HEXSTR2BUF 118
-+# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116
-
- /* Reason codes. */
- # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
- # define CRYPTO_R_ILLEGAL_HEX_DIGIT 102
- # define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/ct.h
-+++ b/include/openssl/ct.h
-@@ -1,55 +1,11 @@
- /*
--* Public API for Certificate Transparency (CT).
--* Written by Rob Percival (robpercival at google.com) for the OpenSSL project.
--*/
--/* ====================================================================
--* Copyright (c) 2016 The OpenSSL Project. All rights reserved.
--*
--* Redistribution and use in source and binary forms, with or without
--* modification, are permitted provided that the following conditions
--* are met:
--*
--* 1. Redistributions of source code must retain the above copyright
--* notice, this list of conditions and the following disclaimer.
--*
--* 2. Redistributions in binary form must reproduce the above copyright
--* notice, this list of conditions and the following disclaimer in
--* the documentation and/or other materials provided with the
--* distribution.
--*
--* 3. All advertising materials mentioning features or use of this
--* software must display the following acknowledgment:
--* "This product includes software developed by the OpenSSL Project
--* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
--*
--* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--* endorse or promote products derived from this software without
--* prior written permission. For written permission, please contact
--* licensing at OpenSSL.org.
--*
--* 5. Products derived from this software may not be called "OpenSSL"
--* nor may "OpenSSL" appear in their names without prior written
--* permission of the OpenSSL Project.
--*
--* 6. Redistributions of any form whatsoever must retain the following
--* acknowledgment:
--* "This product includes software developed by the OpenSSL Project
--* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
--*
--* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--* OF THE POSSIBILITY OF SUCH DAMAGE.
--* ====================================================================
--*/
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #ifndef HEADER_CT_H
- # define HEADER_CT_H
-@@ -357,7 +313,7 @@ sct_validation_status_t SCT_get_validati
- * for data that caller is responsible for freeing (only if function returns
- * successfully).
- * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
-- * that "*pp" is large enough to accept all of the serializied data.
-+ * that "*pp" is large enough to accept all of the serialized data.
- * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
- * on success.
- */
-@@ -384,7 +340,7 @@ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT
- * for data that caller is responsible for freeing (only if function returns
- * successfully).
- * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
-- * that "*pp" is large enough to accept all of the serializied data.
-+ * that "*pp" is large enough to accept all of the serialized data.
- * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
- * on success.
- */
-@@ -418,7 +374,7 @@ STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT
- * Parses an SCT in TLS format and returns it.
- * If |psct| is not null, it will end up pointing to the parsed SCT. If it
- * already points to a non-null pointer, the pointer will be free'd.
-- * |in| should be a pointer to a string contianing the TLS-format SCT.
-+ * |in| should be a pointer to a string containing the TLS-format SCT.
- * |in| will be advanced to the end of the SCT if parsing succeeds.
- * |len| should be the length of the SCT in |in|.
- * Returns NULL if an error occurs.
-@@ -439,7 +395,7 @@ SCT *o2i_SCT(SCT **psct, const unsigned
-
- /*
- * Parses an SCT signature in TLS format and populates the |sct| with it.
--* |in| should be a pointer to a string contianing the TLS-format signature.
-+* |in| should be a pointer to a string containing the TLS-format signature.
- * |in| will be advanced to the end of the signature if parsing succeeds.
- * |len| should be the length of the signature in |in|.
- * Returns the number of bytes parsed, or a negative integer if an error occurs.
-@@ -463,10 +419,11 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, c
- CTLOG *CTLOG_new_null(void);
-
- /*
-- * Creates a new CT log instance with the given base64 public_key and |name|.
-+ * Creates a new CT |ct_log| instance with the given base64 public_key and |name|.
- * Should be deleted by the caller using CTLOG_free when no longer needed.
- */
--CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name);
-+int CTLOG_new_from_base64(CTLOG ** ct_log,
-+ const char *pkey_base64, const char *name);
-
- /*
- * Deletes a CT log instance and its fields.
-@@ -523,7 +480,8 @@ const CTLOG *CTLOG_STORE_get0_log_by_id(
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_CT_strings(void);
-+
-+int ERR_load_CT_strings(void);
-
- /* Error codes for the CT functions. */
-
-@@ -532,20 +490,13 @@ void ERR_load_CT_strings(void);
- # define CT_F_CTLOG_NEW_FROM_BASE64 118
- # define CT_F_CTLOG_NEW_FROM_CONF 119
- # define CT_F_CTLOG_NEW_NULL 120
--# define CT_F_CTLOG_STORE_GET0_LOG_BY_ID 121
- # define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122
- # define CT_F_CTLOG_STORE_LOAD_FILE 123
-+# define CT_F_CTLOG_STORE_LOAD_LOG 130
-+# define CT_F_CTLOG_STORE_NEW 131
- # define CT_F_CT_BASE64_DECODE 124
--# define CT_F_CT_POLICY_EVAL_CTX_GET0_CERT 130
--# define CT_F_CT_POLICY_EVAL_CTX_GET0_ISSUER 131
--# define CT_F_CT_POLICY_EVAL_CTX_GET0_LOG_STORE 132
- # define CT_F_CT_POLICY_EVAL_CTX_NEW 133
--# define CT_F_CT_POLICY_EVAL_CTX_SET0_CERT 134
--# define CT_F_CT_POLICY_EVAL_CTX_SET0_ISSUER 135
--# define CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE 136
- # define CT_F_CT_V1_LOG_ID_FROM_PKEY 125
--# define CT_F_D2I_SCT_LIST 105
--# define CT_F_I2D_SCT_LIST 106
- # define CT_F_I2O_SCT 107
- # define CT_F_I2O_SCT_LIST 108
- # define CT_F_I2O_SCT_SIGNATURE 109
-@@ -553,7 +504,6 @@ void ERR_load_CT_strings(void);
- # define CT_F_O2I_SCT_LIST 111
- # define CT_F_O2I_SCT_SIGNATURE 112
- # define CT_F_SCT_CTX_NEW 126
--# define CT_F_SCT_LIST_VALIDATE 139
- # define CT_F_SCT_NEW 100
- # define CT_F_SCT_NEW_FROM_BASE64 127
- # define CT_F_SCT_SET0_LOG_ID 101
-@@ -563,8 +513,6 @@ void ERR_load_CT_strings(void);
- # define CT_F_SCT_SET_LOG_ENTRY_TYPE 102
- # define CT_F_SCT_SET_SIGNATURE_NID 103
- # define CT_F_SCT_SET_VERSION 104
--# define CT_F_SCT_SIGNATURE_IS_VALID 113
--# define CT_F_SCT_VALIDATE 140
- # define CT_F_SCT_VERIFY 128
- # define CT_F_SCT_VERIFY_V1 129
-
-@@ -576,21 +524,18 @@ void ERR_load_CT_strings(void);
- # define CT_R_LOG_CONF_MISSING_DESCRIPTION 111
- # define CT_R_LOG_CONF_MISSING_KEY 112
- # define CT_R_LOG_KEY_INVALID 113
--# define CT_R_NOT_ENOUGH_SCTS 116
- # define CT_R_SCT_INVALID 104
- # define CT_R_SCT_INVALID_SIGNATURE 107
- # define CT_R_SCT_LIST_INVALID 105
- # define CT_R_SCT_LOG_ID_MISMATCH 114
- # define CT_R_SCT_NOT_SET 106
- # define CT_R_SCT_UNSUPPORTED_VERSION 115
--# define CT_R_SCT_VALIDATION_STATUS_NOT_SET 117
- # define CT_R_UNRECOGNIZED_SIGNATURE_NID 101
- # define CT_R_UNSUPPORTED_ENTRY_TYPE 102
- # define CT_R_UNSUPPORTED_VERSION 103
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/des.h
-+++ b/include/openssl/des.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_DES_H
-@@ -113,8 +65,6 @@ typedef struct DES_ks {
-
- OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
- # define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
--OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */
--# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
-
- const char *DES_options(void);
- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-@@ -182,10 +132,6 @@ void DES_ede3_ofb64_encrypt(const unsign
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec, int *num);
--int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-- DES_cblock *iv);
--int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
-- DES_cblock *iv);
- char *DES_fcrypt(const char *buf, const char *salt, char *ret);
- char *DES_crypt(const char *buf, const char *salt);
- void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-@@ -218,12 +164,6 @@ void DES_ofb64_encrypt(const unsigned ch
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int *num);
-
--#ifndef OPENSSL_NO_UI
--int DES_read_password(DES_cblock *key, const char *prompt, int verify);
--int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
-- const char *prompt, int verify);
--#endif
--
- # define DES_fixup_key_parity DES_set_odd_parity
-
- # ifdef __cplusplus
---- a/include/openssl/dh.h
-+++ b/include/openssl/dh.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_DH_H
-@@ -80,12 +32,18 @@ extern "C" {
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-
- # define DH_FLAG_CACHE_MONT_P 0x01
--# define DH_FLAG_NO_EXP_CONSTTIME 0x02
-+
-+# if OPENSSL_API_COMPAT < 0x10100000L
-+/*
-+ * Does nothing. Previously this switched off constant time behaviour.
-+ */
-+# define DH_FLAG_NO_EXP_CONSTTIME 0x00
-+# endif
-
- /*
- * If this flag is set the DH method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
-- * sets this flag in its own methods it is its reposibility to ensure the
-+ * sets this flag in its own methods it is its responsibility to ensure the
- * result is compliant.
- */
-
-@@ -193,9 +151,11 @@ int DH_KDF_X9_42(unsigned char *out, siz
- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
- # endif
-
--void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g);
-+void DH_get0_pqg(const DH *dh,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
- int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
--void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key);
-+void DH_get0_key(const DH *dh,
-+ const BIGNUM **pub_key, const BIGNUM **priv_key);
- int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
- void DH_clear_flags(DH *dh, int flags);
- int DH_test_flags(const DH *dh, int flags);
-@@ -335,7 +295,8 @@ int DH_meth_set_generate_params(DH_METHO
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_DH_strings(void);
-+
-+int ERR_load_DH_strings(void);
-
- /* Error codes for the DH functions. */
-
-@@ -346,6 +307,9 @@ void ERR_load_DH_strings(void);
- # define DH_F_DH_CMS_DECRYPT 114
- # define DH_F_DH_CMS_SET_PEERKEY 115
- # define DH_F_DH_CMS_SET_SHARED_INFO 116
-+# define DH_F_DH_METH_DUP 117
-+# define DH_F_DH_METH_NEW 118
-+# define DH_F_DH_METH_SET1_NAME 119
- # define DH_F_DH_NEW_METHOD 105
- # define DH_F_DH_PARAM_DECODE 107
- # define DH_F_DH_PRIV_DECODE 110
-@@ -354,7 +318,6 @@ void ERR_load_DH_strings(void);
- # define DH_F_DH_PUB_ENCODE 109
- # define DH_F_DO_DH_PRINT 100
- # define DH_F_GENERATE_KEY 103
--# define DH_F_GENERATE_PARAMETERS 104
- # define DH_F_PKEY_DH_DERIVE 112
- # define DH_F_PKEY_DH_KEYGEN 113
-
-@@ -366,7 +329,6 @@ void ERR_load_DH_strings(void);
- # define DH_R_INVALID_PUBKEY 102
- # define DH_R_KDF_PARAMETER_ERROR 112
- # define DH_R_KEYS_NOT_SET 108
--# define DH_R_KEY_SIZE_TOO_SMALL 110
- # define DH_R_MODULUS_TOO_LARGE 103
- # define DH_R_NO_PARAMETERS_SET 107
- # define DH_R_NO_PRIVATE_VALUE 100
-@@ -374,9 +336,8 @@ void ERR_load_DH_strings(void);
- # define DH_R_PEER_KEY_ERROR 111
- # define DH_R_SHARED_INFO_ERROR 113
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/dsa.h
-+++ b/include/openssl/dsa.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -86,17 +38,17 @@ extern "C" {
- # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-
- # define DSA_FLAG_CACHE_MONT_P 0x01
-+# if OPENSSL_API_COMPAT < 0x10100000L
- /*
-- * new with 0.9.7h; the built-in DSA implementation now uses constant time
-- * modular exponentiation for secret exponents by default. This flag causes
-- * the faster variable sliding window method to be used for all exponents.
-+ * Does nothing. Previously this switched off constant time behaviour.
- */
--# define DSA_FLAG_NO_EXP_CONSTTIME 0x02
-+# define DSA_FLAG_NO_EXP_CONSTTIME 0x00
-+# endif
-
- /*
- * If this flag is set the DSA method is FIPS compliant and can be used in
- * FIPS mode. This is set in the validated module method. If an application
-- * sets this flag in its own methods it is its reposibility to ensure the
-+ * sets this flag in its own methods it is its responsibility to ensure the
- * result is compliant.
- */
-
-@@ -129,7 +81,8 @@ DSA_SIG *DSA_SIG_new(void);
- void DSA_SIG_free(DSA_SIG *a);
- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
--void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const DSA_SIG *sig);
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-@@ -148,6 +101,7 @@ void DSA_free(DSA *r);
- /* "up" the DSA object's reference count */
- int DSA_up_ref(DSA *r);
- int DSA_size(const DSA *);
-+int DSA_bits(const DSA *d);
- int DSA_security_bits(const DSA *d);
- /* next 4 return -1 on error */
- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-@@ -216,9 +170,11 @@ DH *DSA_dup_DH(const DSA *r);
- # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
- # define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
-
--void DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g);
-+void DSA_get0_pqg(const DSA *d,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
- int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
--void DSA_get0_key(const DSA *d, BIGNUM **pub_key, BIGNUM **priv_key);
-+void DSA_get0_key(const DSA *d,
-+ const BIGNUM **pub_key, const BIGNUM **priv_key);
- int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
- void DSA_clear_flags(DSA *d, int flags);
- int DSA_test_flags(const DSA *d, int flags);
-@@ -247,16 +203,17 @@ int (*DSA_meth_get_verify(const DSA_METH
- int DSA_meth_set_verify(DSA_METHOD *dsam,
- int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
- int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
-- (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
-- BN_CTX *, BN_MONT_CTX *);
-+ (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
-+ const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
- int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
-- int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
-- BIGNUM *, BN_CTX *, BN_MONT_CTX *));
-+ int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
-+ const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
-+ BN_MONT_CTX *));
- int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
-- (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
-- BN_MONT_CTX *);
-+ (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
-+ BN_CTX *, BN_MONT_CTX *);
- int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
-- int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
-+ int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
- const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
- int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
- int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
-@@ -276,20 +233,21 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_DSA_strings(void);
-+
-+int ERR_load_DSA_strings(void);
-
- /* Error codes for the DSA functions. */
-
- /* Function codes. */
--# define DSA_F_D2I_DSA_SIG 110
--# define DSA_F_DO_DSA_PRINT 104
- # define DSA_F_DSAPARAMS_PRINT 100
- # define DSA_F_DSAPARAMS_PRINT_FP 101
--# define DSA_F_DSA_BUILTIN_KEYGEN 124
- # define DSA_F_DSA_BUILTIN_PARAMGEN 125
- # define DSA_F_DSA_BUILTIN_PARAMGEN2 126
- # define DSA_F_DSA_DO_SIGN 112
- # define DSA_F_DSA_DO_VERIFY 113
-+# define DSA_F_DSA_METH_DUP 127
-+# define DSA_F_DSA_METH_NEW 128
-+# define DSA_F_DSA_METH_SET1_NAME 129
- # define DSA_F_DSA_NEW_METHOD 103
- # define DSA_F_DSA_PARAM_DECODE 119
- # define DSA_F_DSA_PRINT_FP 105
-@@ -299,34 +257,26 @@ void ERR_load_DSA_strings(void);
- # define DSA_F_DSA_PUB_ENCODE 118
- # define DSA_F_DSA_SIGN 106
- # define DSA_F_DSA_SIGN_SETUP 107
--# define DSA_F_DSA_SIG_NEW 109
--# define DSA_F_DSA_SIG_PRINT 123
--# define DSA_F_DSA_VERIFY 108
--# define DSA_F_I2D_DSA_SIG 111
-+# define DSA_F_DSA_SIG_NEW 102
- # define DSA_F_OLD_DSA_PRIV_DECODE 122
- # define DSA_F_PKEY_DSA_CTRL 120
- # define DSA_F_PKEY_DSA_KEYGEN 121
--# define DSA_F_SIG_CB 114
-
- /* Reason codes. */
- # define DSA_R_BAD_Q_VALUE 102
- # define DSA_R_BN_DECODE_ERROR 108
- # define DSA_R_BN_ERROR 109
--# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
- # define DSA_R_DECODE_ERROR 104
- # define DSA_R_INVALID_DIGEST_TYPE 106
- # define DSA_R_INVALID_PARAMETERS 112
--# define DSA_R_KEY_SIZE_TOO_SMALL 111
- # define DSA_R_MISSING_PARAMETERS 101
- # define DSA_R_MODULUS_TOO_LARGE 103
--# define DSA_R_NEED_NEW_SETUP_VALUES 110
- # define DSA_R_NO_PARAMETERS_SET 107
- # define DSA_R_PARAMETER_ENCODING_ERROR 105
- # define DSA_R_Q_NOT_PRIME 113
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/dtls1.h
-+++ b/include/openssl/dtls1.h
-@@ -1,59 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_DTLS1_H
---- a/include/openssl/e_os2.h
-+++ b/include/openssl/e_os2.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_E_OS2_H
-@@ -264,7 +219,11 @@ extern "C" {
-
- # ifndef ossl_ssize_t
- # define ossl_ssize_t ssize_t
--# define OSSL_SSIZE_MAX SSIZE_MAX
-+# if defined(SSIZE_MAX)
-+# define OSSL_SSIZE_MAX SSIZE_MAX
-+# elif defined(_POSIX_SSIZE_MAX)
-+# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
-+# endif
- # endif
-
- # ifdef DEBUG_UNUSED
-@@ -286,7 +245,7 @@ typedef UINT64 uint64_t;
- # define PRIu64 "%Lu"
- # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
- defined(__osf__) || defined(__sgi) || defined(__hpux) || \
-- defined(OPENSSL_SYS_VMS)
-+ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
- # include <inttypes.h>
- # elif defined(_MSC_VER) && _MSC_VER<=1500
- /*
-@@ -338,6 +297,14 @@ typedef unsigned __int64 uint64_t;
- # define ossl_inline inline
- # endif
-
-+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
-+# define ossl_noreturn _Noreturn
-+# elif defined(__GNUC__) && __GNUC__ >= 2
-+# define ossl_noreturn __attribute__((noreturn))
-+# else
-+# define ossl_noreturn
-+# endif
-+
- #ifdef __cplusplus
- }
- #endif
---- a/include/openssl/ebcdic.h
-+++ b/include/openssl/ebcdic.h
-@@ -1,8 +1,16 @@
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #ifndef HEADER_EBCDIC_H
- # define HEADER_EBCDIC_H
-
--# include <sys/types.h>
-+# include <stdlib.h>
-
- #ifdef __cplusplus
- extern "C" {
---- a/include/openssl/ec.h
-+++ b/include/openssl/ec.h
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -127,7 +80,6 @@ const EC_METHOD *EC_GFp_mont_method(void
- const EC_METHOD *EC_GFp_nist_method(void);
-
- # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
--# ifndef OPENSSL_SYS_WIN32
- /** Returns 64-bit optimized methods for nistp224
- * \return EC_METHOD object
- */
-@@ -142,7 +94,6 @@ const EC_METHOD *EC_GFp_nistp256_method(
- * \return EC_METHOD object
- */
- const EC_METHOD *EC_GFp_nistp521_method(void);
--# endif
- # endif
-
- # ifndef OPENSSL_NO_EC2M
-@@ -222,7 +173,7 @@ const EC_POINT *EC_GROUP_get0_generator(
-
- /** Returns the montgomery data for order(Generator)
- * \param group EC_GROUP object
-- * \return the currently used generator (possibly NULL).
-+ * \return the currently used montgomery data (possibly NULL).
- */
- BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
-
-@@ -238,14 +189,12 @@ int EC_GROUP_get_order(const EC_GROUP *g
- * \param group EC_GROUP object
- * \return the group order
- */
--
- const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
-
--/** Gets the number of bits of ther order of an EC_GROUP
-+/** Gets the number of bits of the order of an EC_GROUP
- * \param group EC_GROUP object
- * \return number of bits of group order.
- */
--
- int EC_GROUP_order_bits(const EC_GROUP *group);
-
- /** Gets the cofactor of a EC_GROUP
-@@ -261,7 +210,6 @@ int EC_GROUP_get_cofactor(const EC_GROUP
- * \param group EC_GROUP object
- * \return the group cofactor
- */
--
- const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
-
- /** Sets the name of a EC_GROUP object
-@@ -356,7 +304,7 @@ int EC_GROUP_check_discriminant(const EC
- * \param a first EC_GROUP object
- * \param b second EC_GROUP object
- * \param ctx BN_CTX object (optional)
-- * \return 0 if both groups are equal and 1 otherwise
-+ * \return 0 if the groups are equal, 1 if not, or -1 on error
- */
- int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
-
-@@ -438,7 +386,7 @@ typedef struct {
-
- /*
- * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
-- * available curves or zero if a error occurred. In case r ist not zero
-+ * available curves or zero if a error occurred. In case r is not zero,
- * nitems EC_builtin_curve structures are filled with the data of the first
- * nitems internal groups
- */
-@@ -688,7 +636,7 @@ int EC_POINT_is_at_infinity(const EC_GRO
- * \param group underlying EC_GROUP object
- * \param point EC_POINT object to check
- * \param ctx BN_CTX object (optional)
-- * \return 1 if point if on the curve and 0 otherwise
-+ * \return 1 if the point is on the curve, 0 if not, or -1 on error
- */
- int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
- BN_CTX *ctx);
-@@ -698,7 +646,7 @@ int EC_POINT_is_on_curve(const EC_GROUP
- * \param a first EC_POINT object
- * \param b second EC_POINT object
- * \param ctx BN_CTX object (optional)
-- * \return 0 if both points are equal and a value != 0 otherwise
-+ * \return 1 if the points are not equal, 0 if they are, or -1 on error
- */
- int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
- BN_CTX *ctx);
-@@ -707,11 +655,11 @@ int EC_POINT_make_affine(const EC_GROUP
- int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
- EC_POINT *points[], BN_CTX *ctx);
-
--/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
-+/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
- * \param group underlying EC_GROUP object
- * \param r EC_POINT object for the result
- * \param n BIGNUM with the multiplier for the group generator (optional)
-- * \param num number futher summands
-+ * \param num number further summands
- * \param p array of size num of EC_POINT objects
- * \param m array of size num of BIGNUM objects
- * \param ctx BN_CTX object (optional)
-@@ -823,13 +771,13 @@ void EC_KEY_free(EC_KEY *key);
- * \param src src EC_KEY object
- * \return dst or NULL if an error occurred.
- */
--EC_KEY *EC_KEY_copy(EC_KEY *dst, EC_KEY *src);
-+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-
- /** Creates a new EC_KEY object and copies the content from src to it.
- * \param src the source EC_KEY object
- * \return newly created EC_KEY object or NULL if an error occurred.
- */
--EC_KEY *EC_KEY_dup(EC_KEY *src);
-+EC_KEY *EC_KEY_dup(const EC_KEY *src);
-
- /** Increases the internal reference count of a EC_KEY object.
- * \param key EC_KEY object
-@@ -918,7 +866,7 @@ int EC_KEY_check_key(const EC_KEY *key);
- */
- int EC_KEY_can_sign(const EC_KEY *eckey);
-
--/** Sets a public key from affine coordindates performing
-+/** Sets a public key from affine coordinates performing
- * necessary NIST PKV tests.
- * \param key the EC_KEY object
- * \param x public key x coordinate
-@@ -958,7 +906,7 @@ int EC_KEY_oct2key(EC_KEY *key, const un
- * \return 1 on success and 0 if an error occurred
- */
-
--int EC_KEY_oct2priv(EC_KEY *key, unsigned char *buf, size_t len);
-+int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
-
- /** Encodes a EC_KEY private key to an octet string
- * \param key key to encode
-@@ -1125,7 +1073,14 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig
- * \param pr pointer to BIGNUM pointer for r (may be NULL)
- * \param ps pointer to BIGNUM pointer for s (may be NULL)
- */
--void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, const ECDSA_SIG *sig);
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+
-+/** Setter for r and s fields of ECDSA_SIG
-+ * \param sig pointer to ECDSA_SIG pointer
-+ * \param r pointer to BIGNUM for r (may be NULL)
-+ * \param s pointer to BIGNUM for s (may be NULL)
-+ */
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
- /** Computes the ECDSA signature of the given hash value using
- * the supplied private key and returns the created signature.
-@@ -1142,7 +1097,7 @@ ECDSA_SIG *ECDSA_do_sign(const unsigned
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param kinv BIGNUM with a pre-computed inverse k (optional)
-- * \param rp BIGNUM with a pre-computed rp value (optioanl),
-+ * \param rp BIGNUM with a pre-computed rp value (optional),
- * see ECDSA_sign_setup
- * \param eckey EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
-@@ -1193,7 +1148,7 @@ int ECDSA_sign(int type, const unsigned
- * \param sig buffer to hold the DER encoded signature
- * \param siglen pointer to the length of the returned signature
- * \param kinv BIGNUM with a pre-computed inverse k (optional)
-- * \param rp BIGNUM with a pre-computed rp value (optioanl),
-+ * \param rp BIGNUM with a pre-computed rp value (optional),
- * see ECDSA_sign_setup
- * \param eckey EC_KEY object containing a private EC key
- * \return 1 on success and 0 otherwise
-@@ -1404,13 +1359,13 @@ void EC_KEY_METHOD_get_verify(EC_KEY_MET
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_EC_strings(void);
-+
-+int ERR_load_EC_strings(void);
-
- /* Error codes for the EC functions. */
-
- /* Function codes. */
- # define EC_F_BN_TO_FELEM 224
--# define EC_F_COMPUTE_WNAF 143
- # define EC_F_D2I_ECPARAMETERS 144
- # define EC_F_D2I_ECPKPARAMETERS 145
- # define EC_F_D2I_ECPRIVATEKEY 146
-@@ -1423,6 +1378,7 @@ void ERR_load_EC_strings(void);
- # define EC_F_ECDSA_DO_VERIFY 252
- # define EC_F_ECDSA_SIGN_EX 254
- # define EC_F_ECDSA_SIGN_SETUP 248
-+# define EC_F_ECDSA_SIG_NEW 265
- # define EC_F_ECDSA_VERIFY 253
- # define EC_F_ECKEY_PARAM2TYPE 223
- # define EC_F_ECKEY_PARAM_DECODE 212
-@@ -1440,17 +1396,8 @@ void ERR_load_EC_strings(void);
- # define EC_F_ECP_NISTZ256_POINTS_MUL 241
- # define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244
- # define EC_F_ECP_NISTZ256_WINDOWED_MUL 242
--# define EC_F_ECP_NIST_MOD_192 203
--# define EC_F_ECP_NIST_MOD_224 204
--# define EC_F_ECP_NIST_MOD_256 205
--# define EC_F_ECP_NIST_MOD_521 206
- # define EC_F_EC_ASN1_GROUP2CURVE 153
- # define EC_F_EC_ASN1_GROUP2FIELDID 154
--# define EC_F_EC_ASN1_GROUP2PARAMETERS 155
--# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156
--# define EC_F_EC_ASN1_PARAMETERS2GROUP 157
--# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158
--# define EC_F_EC_EX_DATA_SET_DATA 211
- # define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208
- # define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159
- # define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195
-@@ -1465,7 +1412,6 @@ void ERR_load_EC_strings(void);
- # define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209
- # define EC_F_EC_GFP_MONT_FIELD_SQR 132
- # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189
--# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135
- # define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225
- # define EC_F_EC_GFP_NISTP224_POINTS_MUL 228
- # define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
-@@ -1480,29 +1426,21 @@ void ERR_load_EC_strings(void);
- # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202
- # define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165
- # define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166
--# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100
--# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101
- # define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102
- # define EC_F_EC_GFP_SIMPLE_OCT2POINT 103
- # define EC_F_EC_GFP_SIMPLE_POINT2OCT 104
- # define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137
- # define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167
--# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
- # define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168
--# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
- # define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169
--# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
- # define EC_F_EC_GROUP_CHECK 170
- # define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171
- # define EC_F_EC_GROUP_COPY 106
--# define EC_F_EC_GROUP_GET0_GENERATOR 139
--# define EC_F_EC_GROUP_GET_COFACTOR 140
- # define EC_F_EC_GROUP_GET_CURVE_GF2M 172
- # define EC_F_EC_GROUP_GET_CURVE_GFP 130
- # define EC_F_EC_GROUP_GET_DEGREE 173
- # define EC_F_EC_GROUP_GET_ECPARAMETERS 261
- # define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262
--# define EC_F_EC_GROUP_GET_ORDER 141
- # define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193
- # define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194
- # define EC_F_EC_GROUP_NEW 108
-@@ -1510,10 +1448,8 @@ void ERR_load_EC_strings(void);
- # define EC_F_EC_GROUP_NEW_FROM_DATA 175
- # define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263
- # define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264
--# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142
- # define EC_F_EC_GROUP_SET_CURVE_GF2M 176
- # define EC_F_EC_GROUP_SET_CURVE_GFP 109
--# define EC_F_EC_GROUP_SET_EXTRA_DATA 110
- # define EC_F_EC_GROUP_SET_GENERATOR 111
- # define EC_F_EC_KEY_CHECK_KEY 177
- # define EC_F_EC_KEY_COPY 178
-@@ -1540,7 +1476,6 @@ void ERR_load_EC_strings(void);
- # define EC_F_EC_POINT_IS_AT_INFINITY 118
- # define EC_F_EC_POINT_IS_ON_CURVE 119
- # define EC_F_EC_POINT_MAKE_AFFINE 120
--# define EC_F_EC_POINT_MUL 184
- # define EC_F_EC_POINT_NEW 121
- # define EC_F_EC_POINT_OCT2POINT 122
- # define EC_F_EC_POINT_POINT2OCT 123
-@@ -1550,7 +1485,6 @@ void ERR_load_EC_strings(void);
- # define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125
- # define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
- # define EC_F_EC_POINT_SET_TO_INFINITY 127
--# define EC_F_EC_PRE_COMP_DUP 207
- # define EC_F_EC_PRE_COMP_NEW 196
- # define EC_F_EC_WNAF_MUL 187
- # define EC_F_EC_WNAF_PRECOMPUTE_MULT 188
-@@ -1575,7 +1509,6 @@ void ERR_load_EC_strings(void);
-
- /* Reason codes. */
- # define EC_R_ASN1_ERROR 115
--# define EC_R_ASN1_UNKNOWN_FIELD 116
- # define EC_R_BAD_SIGNATURE 156
- # define EC_R_BIGNUM_OUT_OF_RANGE 144
- # define EC_R_BUFFER_TOO_SMALL 100
-@@ -1605,17 +1538,14 @@ void ERR_load_EC_strings(void);
- # define EC_R_INVALID_PENTANOMIAL_BASIS 132
- # define EC_R_INVALID_PRIVATE_KEY 123
- # define EC_R_INVALID_TRINOMIAL_BASIS 137
--# define EC_R_KDF_FAILED 153
- # define EC_R_KDF_PARAMETER_ERROR 148
- # define EC_R_KEYS_NOT_SET 140
- # define EC_R_MISSING_PARAMETERS 124
- # define EC_R_MISSING_PRIVATE_KEY 125
- # define EC_R_NEED_NEW_SETUP_VALUES 157
- # define EC_R_NOT_A_NIST_PRIME 135
--# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136
- # define EC_R_NOT_IMPLEMENTED 126
- # define EC_R_NOT_INITIALIZED 111
--# define EC_R_NO_FIELD_MOD 133
- # define EC_R_NO_PARAMETERS_SET 139
- # define EC_R_NO_PRIVATE_VALUE 154
- # define EC_R_OPERATION_NOT_SUPPORTED 152
-@@ -1636,9 +1566,8 @@ void ERR_load_EC_strings(void);
- # define EC_R_WRONG_CURVE_PARAMETERS 145
- # define EC_R_WRONG_ORDER 130
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/ecdh.h
-+++ b/include/openssl/ecdh.h
-@@ -1 +1,10 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <openssl/ec.h>
---- a/include/openssl/ecdsa.h
-+++ b/include/openssl/ecdsa.h
-@@ -1 +1,10 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <openssl/ec.h>
---- a/include/openssl/engine.h
-+++ b/include/openssl/engine.h
-@@ -1,60 +1,12 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -744,7 +696,7 @@ typedef unsigned long (*dynamic_v_check_
- # define IMPLEMENT_DYNAMIC_CHECK_FN() \
- OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
- OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
-- if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
-+ if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
- return 0; }
-
- /*
-@@ -772,13 +724,13 @@ typedef int (*dynamic_bind_engine) (ENGI
- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
- OPENSSL_EXPORT \
- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-- if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-- CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
-- fns->mem_fns.realloc_fn, \
-- fns->mem_fns.free_fn); \
-+ if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-+ CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
-+ fns->mem_fns.realloc_fn, \
-+ fns->mem_fns.free_fn); \
- skip_cbs: \
-- if(!fn(e,id)) return 0; \
-- return 1; }
-+ if (!fn(e, id)) return 0; \
-+ return 1; }
-
- /*
- * If the loading application (or library) and the loaded ENGINE library
-@@ -794,7 +746,7 @@ typedef int (*dynamic_bind_engine) (ENGI
- void *ENGINE_get_static_state(void);
-
- # if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
--void ENGINE_setup_bsd_cryptodev(void);
-+DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
- # endif
-
- /* BEGIN ERROR CODES */
-@@ -802,7 +754,8 @@ void ENGINE_setup_bsd_cryptodev(void);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_ENGINE_strings(void);
-+
-+int ERR_load_ENGINE_strings(void);
-
- /* Error codes for the ENGINE functions. */
-
-@@ -818,10 +771,10 @@ void ERR_load_ENGINE_strings(void);
- # define ENGINE_F_ENGINE_CTRL_CMD 178
- # define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
- # define ENGINE_F_ENGINE_FINISH 107
--# define ENGINE_F_ENGINE_FREE_UTIL 108
- # define ENGINE_F_ENGINE_GET_CIPHER 185
--# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
- # define ENGINE_F_ENGINE_GET_DIGEST 186
-+# define ENGINE_F_ENGINE_GET_FIRST 195
-+# define ENGINE_F_ENGINE_GET_LAST 196
- # define ENGINE_F_ENGINE_GET_NEXT 115
- # define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
- # define ENGINE_F_ENGINE_GET_PKEY_METH 192
-@@ -833,19 +786,17 @@ void ERR_load_ENGINE_strings(void);
- # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
- # define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
- # define ENGINE_F_ENGINE_NEW 122
-+# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197
- # define ENGINE_F_ENGINE_REMOVE 123
- # define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
--# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
- # define ENGINE_F_ENGINE_SET_ID 129
- # define ENGINE_F_ENGINE_SET_NAME 130
- # define ENGINE_F_ENGINE_TABLE_REGISTER 184
--# define ENGINE_F_ENGINE_UNLOAD_KEY 152
- # define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
- # define ENGINE_F_ENGINE_UP_REF 190
- # define ENGINE_F_INT_CTRL_HELPER 172
- # define ENGINE_F_INT_ENGINE_CONFIGURE 188
- # define ENGINE_F_INT_ENGINE_MODULE_INIT 187
--# define ENGINE_F_LOG_MESSAGE 141
-
- /* Reason codes. */
- # define ENGINE_R_ALREADY_LOADED 100
-@@ -855,8 +806,6 @@ void ERR_load_ENGINE_strings(void);
- # define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
- # define ENGINE_R_CONFLICTING_ENGINE_ID 103
- # define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
--# define ENGINE_R_DH_NOT_IMPLEMENTED 139
--# define ENGINE_R_DSA_NOT_IMPLEMENTED 140
- # define ENGINE_R_DSO_FAILURE 104
- # define ENGINE_R_DSO_NOT_FOUND 132
- # define ENGINE_R_ENGINES_SECTION_ERROR 148
-@@ -866,7 +815,6 @@ void ERR_load_ENGINE_strings(void);
- # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
- # define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
- # define ENGINE_R_FINISH_FAILED 106
--# define ENGINE_R_GET_HANDLE_FAILED 107
- # define ENGINE_R_ID_OR_NAME_MISSING 108
- # define ENGINE_R_INIT_FAILED 109
- # define ENGINE_R_INTERNAL_LIST_ERROR 110
-@@ -882,17 +830,13 @@ void ERR_load_ENGINE_strings(void);
- # define ENGINE_R_NO_LOAD_FUNCTION 125
- # define ENGINE_R_NO_REFERENCE 130
- # define ENGINE_R_NO_SUCH_ENGINE 116
--# define ENGINE_R_NO_UNLOAD_FUNCTION 126
--# define ENGINE_R_PROVIDE_PARAMETERS 113
--# define ENGINE_R_RSA_NOT_IMPLEMENTED 141
- # define ENGINE_R_UNIMPLEMENTED_CIPHER 146
- # define ENGINE_R_UNIMPLEMENTED_DIGEST 147
- # define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
- # define ENGINE_R_VERSION_INCOMPATIBILITY 145
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/err.h
-+++ b/include/openssl/err.h
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_ERR_H
-@@ -235,11 +134,10 @@ typedef struct err_state_st {
- # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-
- # define ERR_PACK(l,f,r) \
-- ( (((l) & 0x0FF) << 24L) | (((f) & 0xFFF) << 12L) | ((r) & 0xFFF) )
-+ ( ((unsigned int)((l) & 0x0FF) << 24L) | (((f) & 0xFFF) << 12L) | ((r) & 0xFFF) )
- # define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL)
- # define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL)
- # define ERR_GET_REASON(l) (int)((l)&0xfffL)
--# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL)
-
- /* OS functions */
- # define SYS_F_FOPEN 1
-@@ -272,30 +170,14 @@ typedef struct err_state_st {
- # define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */
- # define ERR_R_X509_LIB ERR_LIB_X509/* 11 */
- # define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */
--# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */
--# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */
- # define ERR_R_EC_LIB ERR_LIB_EC/* 16 */
--# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */
- # define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */
- # define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
- # define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
--# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */
--# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */
--# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */
- # define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
--# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */
--# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */
--# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */
- # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
--# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */
--# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */
--# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */
-
- # define ERR_R_NESTED_ASN1_ERROR 58
--# define ERR_R_BAD_ASN1_OBJECT_HEADER 59
--# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60
--# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61
--# define ERR_R_ASN1_LENGTH_MISMATCH 62
- # define ERR_R_MISSING_ASN1_EOS 63
-
- /* fatal error */
-@@ -306,7 +188,7 @@ typedef struct err_state_st {
- # define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
- # define ERR_R_DISABLED (5|ERR_R_FATAL)
- # define ERR_R_INIT_FAIL (6|ERR_R_FATAL)
--# define ERR_R_PASSED_INVALID_ARGUMENT (7)
-+# define ERR_R_PASSED_INVALID_ARGUMENT (7)
-
- /*
- * 99 is the maximum possible ERR_R_... code, higher values are reserved for
-@@ -349,9 +231,9 @@ void ERR_print_errors_fp(FILE *fp);
- void ERR_print_errors(BIO *bp);
- void ERR_add_error_data(int num, ...);
- void ERR_add_error_vdata(int num, va_list args);
--void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
--void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
--void ERR_load_ERR_strings(void);
-+int ERR_load_strings(int lib, ERR_STRING_DATA str[]);
-+int ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
-+int ERR_load_ERR_strings(void);
-
- #if OPENSSL_API_COMPAT < 0x10100000L
- # define ERR_load_crypto_strings() \
-@@ -359,9 +241,8 @@ void ERR_load_ERR_strings(void);
- # define ERR_free_strings() while(0) continue
- #endif
-
--void ERR_remove_thread_state(void);
--DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) /* if zero we
-- * look it up */
-+DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
-+DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
- ERR_STATE *ERR_get_state(void);
-
- LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
---- a/include/openssl/evp.h
-+++ b/include/openssl/evp.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_ENVELOPE_H
-@@ -548,22 +500,22 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
- # define EVP_MD_CTX_create() EVP_MD_CTX_new()
- # define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx))
- # define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
--/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-+__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
- void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
- void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
- int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
--/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
-+__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
- ENGINE *impl);
--/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
-+__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
- size_t cnt);
--/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
-+__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
--/*__owur*/ int EVP_Digest(const void *data, size_t count,
-+__owur int EVP_Digest(const void *data, size_t count,
- unsigned char *md, unsigned int *size,
- const EVP_MD *type, ENGINE *impl);
-
--/*__owur*/ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
--/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-+__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
-+__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- __owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
-
-@@ -656,10 +608,11 @@ int EVP_CIPHER_CTX_test_flags(const EVP_
-
- EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
- void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
-+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
- int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
- void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
--void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-- const unsigned char *in, int inl);
-+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-+ const unsigned char *in, int inl);
- void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
- int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-@@ -949,6 +902,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, in
- int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
- int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
- void *EVP_PKEY_get0(const EVP_PKEY *pkey);
-+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
-
- # ifndef OPENSSL_NO_RSA
- struct rsa_st;
-@@ -976,7 +930,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(E
- # endif
-
- EVP_PKEY *EVP_PKEY_new(void);
--void EVP_PKEY_up_ref(EVP_PKEY *pkey);
-+int EVP_PKEY_up_ref(EVP_PKEY *pkey);
- void EVP_PKEY_free(EVP_PKEY *pkey);
-
- EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
-@@ -1486,35 +1440,29 @@ void EVP_add_alg_module(void);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_EVP_strings(void);
-+
-+int ERR_load_EVP_strings(void);
-
- /* Error codes for the EVP functions. */
-
- /* Function codes. */
- # define EVP_F_AESNI_INIT_KEY 165
--# define EVP_F_AESNI_XTS_CIPHER 176
- # define EVP_F_AES_INIT_KEY 133
- # define EVP_F_AES_T4_INIT_KEY 178
--# define EVP_F_AES_XTS 172
--# define EVP_F_AES_XTS_CIPHER 175
- # define EVP_F_ALG_MODULE_INIT 177
- # define EVP_F_CAMELLIA_INIT_KEY 159
- # define EVP_F_CHACHA20_POLY1305_CTRL 182
--# define EVP_F_CMAC_INIT 173
- # define EVP_F_CMLL_T4_INIT_KEY 179
--# define EVP_F_D2I_PKEY 100
- # define EVP_F_DO_SIGVER_INIT 161
--# define EVP_F_DSAPKEY2PKCS8 134
--# define EVP_F_DSA_PKEY2PKCS8 135
--# define EVP_F_ECDSA_PKEY2PKCS8 129
--# define EVP_F_ECKEY_PKEY2PKCS8 132
- # define EVP_F_EVP_CIPHERINIT_EX 123
- # define EVP_F_EVP_CIPHER_CTX_COPY 163
- # define EVP_F_EVP_CIPHER_CTX_CTRL 124
- # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
- # define EVP_F_EVP_DECRYPTFINAL_EX 101
-+# define EVP_F_EVP_DECRYPTUPDATE 166
- # define EVP_F_EVP_DIGESTINIT_EX 128
- # define EVP_F_EVP_ENCRYPTFINAL_EX 127
-+# define EVP_F_EVP_ENCRYPTUPDATE 167
- # define EVP_F_EVP_MD_CTX_COPY_EX 110
- # define EVP_F_EVP_MD_SIZE 162
- # define EVP_F_EVP_OPENINIT 102
-@@ -1539,8 +1487,8 @@ void ERR_load_EVP_strings(void);
- # define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
- # define EVP_F_EVP_PKEY_GET0_DH 119
- # define EVP_F_EVP_PKEY_GET0_DSA 120
--# define EVP_F_EVP_PKEY_GET0_ECDSA 130
- # define EVP_F_EVP_PKEY_GET0_EC_KEY 131
-+# define EVP_F_EVP_PKEY_GET0_HMAC 183
- # define EVP_F_EVP_PKEY_GET0_RSA 121
- # define EVP_F_EVP_PKEY_KEYGEN 146
- # define EVP_F_EVP_PKEY_KEYGEN_INIT 147
-@@ -1553,35 +1501,20 @@ void ERR_load_EVP_strings(void);
- # define EVP_F_EVP_PKEY_VERIFY_INIT 143
- # define EVP_F_EVP_PKEY_VERIFY_RECOVER 144
- # define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145
--# define EVP_F_EVP_RIJNDAEL 126
- # define EVP_F_EVP_SIGNFINAL 107
- # define EVP_F_EVP_VERIFYFINAL 108
--# define EVP_F_FIPS_CIPHERINIT 166
--# define EVP_F_FIPS_CIPHER_CTX_COPY 170
--# define EVP_F_FIPS_CIPHER_CTX_CTRL 167
--# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171
--# define EVP_F_FIPS_DIGESTINIT 168
--# define EVP_F_FIPS_MD_CTX_COPY 169
--# define EVP_F_HMAC_INIT_EX 174
- # define EVP_F_INT_CTX_NEW 157
- # define EVP_F_PKCS5_PBE_KEYIVGEN 117
- # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
- # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
- # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
--# define EVP_F_PKCS8_SET_BROKEN 112
- # define EVP_F_PKEY_SET_TYPE 158
- # define EVP_F_RC2_MAGIC_TO_METH 109
- # define EVP_F_RC5_CTRL 125
-
- /* Reason codes. */
--# define EVP_R_AES_IV_SETUP_FAILED 162
- # define EVP_R_AES_KEY_SETUP_FAILED 143
--# define EVP_R_ASN1_LIB 140
--# define EVP_R_BAD_BLOCK_LENGTH 136
- # define EVP_R_BAD_DECRYPT 100
--# define EVP_R_BAD_KEY_LENGTH 137
--# define EVP_R_BN_DECODE_ERROR 112
--# define EVP_R_BN_PUBKEY_ERROR 113
- # define EVP_R_BUFFER_TOO_SMALL 155
- # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
- # define EVP_R_CIPHER_PARAMETER_ERROR 122
-@@ -1593,15 +1526,12 @@ void ERR_load_EVP_strings(void);
- # define EVP_R_DECODE_ERROR 114
- # define EVP_R_DIFFERENT_KEY_TYPES 101
- # define EVP_R_DIFFERENT_PARAMETERS 153
--# define EVP_R_DISABLED_FOR_FIPS 163
--# define EVP_R_ENCODE_ERROR 115
- # define EVP_R_ERROR_LOADING_SECTION 165
- # define EVP_R_ERROR_SETTING_FIPS_MODE 166
--# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
-+# define EVP_R_EXPECTING_AN_HMAC_KEY 174
- # define EVP_R_EXPECTING_AN_RSA_KEY 127
- # define EVP_R_EXPECTING_A_DH_KEY 128
- # define EVP_R_EXPECTING_A_DSA_KEY 129
--# define EVP_R_EXPECTING_A_ECDSA_KEY 141
- # define EVP_R_EXPECTING_A_EC_KEY 142
- # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
- # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
-@@ -1611,7 +1541,6 @@ void ERR_load_EVP_strings(void);
- # define EVP_R_INVALID_FIPS_MODE 168
- # define EVP_R_INVALID_KEY_LENGTH 130
- # define EVP_R_INVALID_OPERATION 148
--# define EVP_R_IV_TOO_LARGE 102
- # define EVP_R_KEYGEN_FAILURE 120
- # define EVP_R_MEMORY_LIMIT_EXCEEDED 172
- # define EVP_R_MESSAGE_DIGEST_IS_NULL 159
-@@ -1620,18 +1549,14 @@ void ERR_load_EVP_strings(void);
- # define EVP_R_NO_CIPHER_SET 131
- # define EVP_R_NO_DEFAULT_DIGEST 158
- # define EVP_R_NO_DIGEST_SET 139
--# define EVP_R_NO_DSA_PARAMETERS 116
- # define EVP_R_NO_KEY_SET 154
- # define EVP_R_NO_OPERATION_SET 149
--# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
--# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
- # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
- # define EVP_R_OPERATON_NOT_INITIALIZED 151
--# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
-+# define EVP_R_PARTIALLY_OVERLAPPING 162
- # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
- # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
- # define EVP_R_PUBLIC_KEY_NOT_RSA 106
--# define EVP_R_TOO_LARGE 164
- # define EVP_R_UNKNOWN_CIPHER 160
- # define EVP_R_UNKNOWN_DIGEST 161
- # define EVP_R_UNKNOWN_OPTION 169
-@@ -1647,9 +1572,8 @@ void ERR_load_EVP_strings(void);
- # define EVP_R_UNSUPPORTED_SALT_TYPE 126
- # define EVP_R_WRAP_MODE_NOT_ALLOWED 170
- # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
--# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/hmac.h
-+++ b/include/openssl/hmac.h
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef HEADER_HMAC_H
- # define HEADER_HMAC_H
-
-@@ -67,7 +20,7 @@
- extern "C" {
- #endif
-
--size_t HMAC_size(HMAC_CTX *e);
-+size_t HMAC_size(const HMAC_CTX *e);
- HMAC_CTX *HMAC_CTX_new(void);
- int HMAC_CTX_reset(HMAC_CTX *ctx);
- void HMAC_CTX_free(HMAC_CTX *ctx);
-@@ -87,6 +40,7 @@ unsigned char *HMAC(const EVP_MD *evp_md
- __owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-
- void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
-
- #ifdef __cplusplus
- }
---- a/include/openssl/idea.h
-+++ b/include/openssl/idea.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_IDEA_H
-@@ -93,7 +45,7 @@ void IDEA_ofb64_encrypt(const unsigned c
- int *num);
- void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-
--# if OPENSSL_API_COMPAT < 0x00101000L
-+# if OPENSSL_API_COMPAT < 0x10100000L
- # define idea_options IDEA_options
- # define idea_ecb_encrypt IDEA_ecb_encrypt
- # define idea_set_encrypt_key IDEA_set_encrypt_key
---- a/include/openssl/kdf.h
-+++ b/include/openssl/kdf.h
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_KDF_H
-@@ -99,7 +55,8 @@ extern "C" {
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_KDF_strings(void);
-+
-+int ERR_load_KDF_strings(void);
-
- /* Error codes for the KDF functions. */
-
-@@ -112,7 +69,7 @@ void ERR_load_KDF_strings(void);
- # define KDF_R_MISSING_PARAMETER 101
- # define KDF_R_VALUE_MISSING 102
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/lhash.h
-+++ b/include/openssl/lhash.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -69,16 +21,12 @@
- extern "C" {
- #endif
-
--typedef struct lhash_node_st {
-- void *data;
-- struct lhash_node_st *next;
-- unsigned long hash;
--} LHASH_NODE;
--
--typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *);
--typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *);
--typedef void (*LHASH_DOALL_FN_TYPE) (void *);
--typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *);
-+typedef struct lhash_node_st OPENSSL_LH_NODE;
-+typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *);
-+typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *);
-+typedef void (*OPENSSL_LH_DOALL_FUNC) (void *);
-+typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *);
-+typedef struct lhash_st OPENSSL_LHASH;
-
- /*
- * Macros for declaring and implementing type-safe wrappers for LHASH
-@@ -118,62 +66,53 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)
- name##_doall_arg(a, b); }
- # define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-
--typedef struct lhash_st {
-- LHASH_NODE **b;
-- LHASH_COMP_FN_TYPE comp;
-- LHASH_HASH_FN_TYPE hash;
-- unsigned int num_nodes;
-- unsigned int num_alloc_nodes;
-- unsigned int p;
-- unsigned int pmax;
-- unsigned long up_load; /* load times 256 */
-- unsigned long down_load; /* load times 256 */
-- unsigned long num_items;
-- unsigned long num_expands;
-- unsigned long num_expand_reallocs;
-- unsigned long num_contracts;
-- unsigned long num_contract_reallocs;
-- unsigned long num_hash_calls;
-- unsigned long num_comp_calls;
-- unsigned long num_insert;
-- unsigned long num_replace;
-- unsigned long num_delete;
-- unsigned long num_no_delete;
-- unsigned long num_retrieve;
-- unsigned long num_retrieve_miss;
-- unsigned long num_hash_comps;
-- int error;
--} _LHASH; /* Do not use _LHASH directly, use LHASH_OF
-- * and friends */
-
- # define LH_LOAD_MULT 256
-
--/*
-- * Indicates a malloc() error in the last call, this is only bad in
-- * lh_insert().
-- */
--int lh_error(_LHASH *lh);
--
--_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
--void lh_free(_LHASH *lh);
--void *lh_insert(_LHASH *lh, void *data);
--void *lh_delete(_LHASH *lh, const void *data);
--void *lh_retrieve(_LHASH *lh, const void *data);
--void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
--void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
--unsigned long lh_strhash(const char *c);
--unsigned long lh_num_items(const _LHASH *lh);
--unsigned long lh_get_down_load(const _LHASH *lh);
--void lh_set_down_load(_LHASH *lh, unsigned long down_load);
-+int OPENSSL_LH_error(OPENSSL_LHASH *lh);
-+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c);
-+void OPENSSL_LH_free(OPENSSL_LHASH *lh);
-+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data);
-+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
-+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data);
-+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);
-+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);
-+unsigned long OPENSSL_LH_strhash(const char *c);
-+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh);
-+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh);
-+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load);
-
- # ifndef OPENSSL_NO_STDIO
--void lh_stats(const _LHASH *lh, FILE *fp);
--void lh_node_stats(const _LHASH *lh, FILE *fp);
--void lh_node_usage_stats(const _LHASH *lh, FILE *fp);
-+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
-+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
-+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
-+# endif
-+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
-+
-+# if OPENSSL_API_COMPAT < 0x10100000L
-+# define _LHASH OPENSSL_LHASH
-+# define LHASH_NODE OPENSSL_LH_NODE
-+# define lh_error OPENSSL_LH_error
-+# define lh_new OPENSSL_lh_new
-+# define lh_free OPENSSL_LH_free
-+# define lh_insert OPENSSL_LH_insert
-+# define lh_delete OPENSSL_LH_delete
-+# define lh_retrieve OPENSSL_LH_retrieve
-+# define lh_doall OPENSSL_LH_doall
-+# define lh_doall_arg OPENSSL_LH_doall_arg
-+# define lh_strhash OPENSSL_LH_strhash
-+# define lh_num_items OPENSSL_LH_num_items
-+# ifndef OPENSSL_NO_STDIO
-+# define lh_stats OPENSSL_LH_stats
-+# define lh_node_stats OPENSSL_LH_node_stats
-+# define lh_node_usage_stats OPENSSL_LH_node_usage_stats
-+# endif
-+# define lh_stats_bio OPENSSL_LH_stats_bio
-+# define lh_node_stats_bio OPENSSL_LH_node_stats_bio
-+# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio
- # endif
--void lh_stats_bio(const _LHASH *lh, BIO *out);
--void lh_node_stats_bio(const _LHASH *lh, BIO *out);
--void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
-
- /* Type checking... */
-
-@@ -186,56 +125,56 @@ void lh_node_usage_stats_bio(const _LHAS
- int (*cfn)(const type *, const type *)) \
- { \
- return (LHASH_OF(type) *) \
-- lh_new((LHASH_HASH_FN_TYPE) hfn, (LHASH_COMP_FN_TYPE)cfn); \
-+ OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
- } \
- static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
- { \
-- lh_free((_LHASH *)lh); \
-+ OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
- } \
- static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
- { \
-- return (type *)lh_insert((_LHASH *)lh, d); \
-+ return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
- } \
- static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
- { \
-- return (type *)lh_delete((_LHASH *)lh, d); \
-+ return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
- } \
- static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
- { \
-- return (type *)lh_retrieve((_LHASH *)lh, d); \
-+ return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
- } \
- static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
- { \
-- return lh_error((_LHASH *)lh); \
-+ return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
- } \
- static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
- { \
-- return lh_num_items((_LHASH *)lh); \
-+ return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
- } \
- static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
- { \
-- lh_node_stats_bio((_LHASH *)lh, out); \
-+ OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
- } \
- static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
- { \
-- lh_node_usage_stats_bio((_LHASH *)lh, out); \
-+ OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
- } \
- static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
- { \
-- lh_stats_bio((_LHASH *)lh, out); \
-+ OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
- } \
- static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
- { \
-- return lh_get_down_load((_LHASH *)lh); \
-+ return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
- } \
- static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
- { \
-- lh_set_down_load((_LHASH *)lh, dl); \
-+ OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
- } \
- static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
- void (*doall)(type *)) \
- { \
-- lh_doall((_LHASH *)lh, (LHASH_DOALL_FN_TYPE)doall); \
-+ OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
- } \
- LHASH_OF(type)
-
-@@ -251,17 +190,10 @@ void lh_node_usage_stats_bio(const _LHAS
- void (*fn)(cbargtype *, argtype *), \
- argtype *arg) \
- { \
-- lh_doall_arg((_LHASH *)lh, (LHASH_DOALL_ARG_FN_TYPE)fn, (void *)arg); \
-+ OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
- } \
- LHASH_OF(type)
-
--# define CHECKED_LHASH_OF(type,lh) \
-- ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
--
--/* Define wrapper functions. */
--# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
-- lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
--
- DEFINE_LHASH_OF(OPENSSL_STRING);
- DEFINE_LHASH_OF(OPENSSL_CSTRING);
-
---- a/include/openssl/md2.h
-+++ b/include/openssl/md2.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_MD2_H
---- a/include/openssl/md4.h
-+++ b/include/openssl/md4.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_MD4_H
---- a/include/openssl/md5.h
-+++ b/include/openssl/md5.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_MD5_H
---- a/include/openssl/mdc2.h
-+++ b/include/openssl/mdc2.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_MDC2_H
-@@ -61,6 +13,7 @@
- # include <openssl/opensslconf.h>
-
- #ifndef OPENSSL_NO_MDC2
-+# include <stdlib.h>
- # include <openssl/des.h>
- # ifdef __cplusplus
- extern "C" {
---- a/include/openssl/modes.h
-+++ b/include/openssl/modes.h
-@@ -1,8 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Rights for redistribution and usage in source and binary
-- * forms are granted according to the OpenSSL license.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stddef.h>
---- a/include/openssl/obj_mac.h
-+++ b/include/openssl/obj_mac.h
-@@ -1,63 +1,12 @@
- /*
-- * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
-- * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
-- */
--
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-+ * WARNING: do not edit!
-+ * Generated by crypto/objects/objects.pl
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define SN_undef "UNDEF"
-@@ -851,10 +800,22 @@
- #define NID_id_smime_ct_compressedData 786
- #define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
-
-+#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection"
-+#define NID_id_smime_ct_contentCollection 1058
-+#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L
-+
-+#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData"
-+#define NID_id_smime_ct_authEnvelopedData 1059
-+#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L
-+
- #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
- #define NID_id_ct_asciiTextWithCRLF 787
- #define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
-
-+#define SN_id_ct_xml "id-ct-xml"
-+#define NID_id_ct_xml 1060
-+#define OBJ_id_ct_xml OBJ_id_smime_ct,28L
-+
- #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
- #define NID_id_smime_aa_receiptRequest 212
- #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
---- a/include/openssl/objects.h
-+++ b/include/openssl/objects.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_OBJECTS_H
-@@ -1121,7 +1073,8 @@ void OBJ_sigid_free(void);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_OBJ_strings(void);
-+
-+int ERR_load_OBJ_strings(void);
-
- /* Error codes for the OBJ functions. */
-
-@@ -1135,10 +1088,10 @@ void ERR_load_OBJ_strings(void);
- # define OBJ_F_OBJ_NID2SN 104
-
- /* Reason codes. */
--# define OBJ_R_MALLOC_FAILURE 100
-+# define OBJ_R_OID_EXISTS 102
- # define OBJ_R_UNKNOWN_NID 101
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/ocsp.h
-+++ b/include/openssl/ocsp.h
-@@ -1,75 +1,50 @@
- /*
-- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
-- * project.
-- */
--
--/*
-- * History: This file was transferred to Richard Levitte from CertCo by Kathy
-- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
-- * patch kit.
-- */
--
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_OCSP_H
- # define HEADER_OCSP_H
-
--# include <openssl/ossl_typ.h>
--# include <openssl/x509.h>
--# include <openssl/x509v3.h>
--# include <openssl/safestack.h>
-+#include <openssl/opensslconf.h>
-+
-+/*
-+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
-+ * historical reasons they have OCSP_* names, they can actually be used
-+ * independently of OCSP. E.g. see RFC5280
-+ */
-+/*-
-+ * CRLReason ::= ENUMERATED {
-+ * unspecified (0),
-+ * keyCompromise (1),
-+ * cACompromise (2),
-+ * affiliationChanged (3),
-+ * superseded (4),
-+ * cessationOfOperation (5),
-+ * certificateHold (6),
-+ * removeFromCRL (8) }
-+ */
-+# define OCSP_REVOKED_STATUS_NOSTATUS -1
-+# define OCSP_REVOKED_STATUS_UNSPECIFIED 0
-+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
-+# define OCSP_REVOKED_STATUS_CACOMPROMISE 2
-+# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
-+# define OCSP_REVOKED_STATUS_SUPERSEDED 4
-+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
-+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
-+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
-+
-+
-+# ifndef OPENSSL_NO_OCSP
-+
-+# include <openssl/ossl_typ.h>
-+# include <openssl/x509.h>
-+# include <openssl/x509v3.h>
-+# include <openssl/safestack.h>
-
- #ifdef __cplusplus
- extern "C" {
-@@ -77,20 +52,20 @@ extern "C" {
-
- /* Various flags and values */
-
--# define OCSP_DEFAULT_NONCE_LENGTH 16
-+# define OCSP_DEFAULT_NONCE_LENGTH 16
-
--# define OCSP_NOCERTS 0x1
--# define OCSP_NOINTERN 0x2
--# define OCSP_NOSIGS 0x4
--# define OCSP_NOCHAIN 0x8
--# define OCSP_NOVERIFY 0x10
--# define OCSP_NOEXPLICIT 0x20
--# define OCSP_NOCASIGN 0x40
--# define OCSP_NODELEGATED 0x80
--# define OCSP_NOCHECKS 0x100
--# define OCSP_TRUSTOTHER 0x200
--# define OCSP_RESPID_KEY 0x400
--# define OCSP_NOTIME 0x800
-+# define OCSP_NOCERTS 0x1
-+# define OCSP_NOINTERN 0x2
-+# define OCSP_NOSIGS 0x4
-+# define OCSP_NOCHAIN 0x8
-+# define OCSP_NOVERIFY 0x10
-+# define OCSP_NOEXPLICIT 0x20
-+# define OCSP_NOCASIGN 0x40
-+# define OCSP_NODELEGATED 0x80
-+# define OCSP_NOCHECKS 0x100
-+# define OCSP_TRUSTOTHER 0x200
-+# define OCSP_RESPID_KEY 0x400
-+# define OCSP_NOTIME 0x800
-
- typedef struct ocsp_cert_id_st OCSP_CERTID;
-
-@@ -104,26 +79,26 @@ typedef struct ocsp_req_info_st OCSP_REQ
- typedef struct ocsp_signature_st OCSP_SIGNATURE;
- typedef struct ocsp_request_st OCSP_REQUEST;
-
--# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
--# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
--# define OCSP_RESPONSE_STATUS_INTERNALERROR 2
--# define OCSP_RESPONSE_STATUS_TRYLATER 3
--# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
--# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
-+# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
-+# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
-+# define OCSP_RESPONSE_STATUS_INTERNALERROR 2
-+# define OCSP_RESPONSE_STATUS_TRYLATER 3
-+# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
-+# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
-
- typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
-
--# define V_OCSP_RESPID_NAME 0
--# define V_OCSP_RESPID_KEY 1
-+# define V_OCSP_RESPID_NAME 0
-+# define V_OCSP_RESPID_KEY 1
-
- DEFINE_STACK_OF(OCSP_RESPID)
- DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-
- typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
-
--# define V_OCSP_CERTSTATUS_GOOD 0
--# define V_OCSP_CERTSTATUS_REVOKED 1
--# define V_OCSP_CERTSTATUS_UNKNOWN 2
-+# define V_OCSP_CERTSTATUS_GOOD 0
-+# define V_OCSP_CERTSTATUS_REVOKED 1
-+# define V_OCSP_CERTSTATUS_UNKNOWN 2
-
- typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
- typedef struct ocsp_single_response_st OCSP_SINGLERESP;
-@@ -134,75 +109,54 @@ typedef struct ocsp_response_data_st OCS
-
- typedef struct ocsp_basic_response_st OCSP_BASICRESP;
-
--/*-
-- * CRLReason ::= ENUMERATED {
-- * unspecified (0),
-- * keyCompromise (1),
-- * cACompromise (2),
-- * affiliationChanged (3),
-- * superseded (4),
-- * cessationOfOperation (5),
-- * certificateHold (6),
-- * removeFromCRL (8) }
-- */
--# define OCSP_REVOKED_STATUS_NOSTATUS -1
--# define OCSP_REVOKED_STATUS_UNSPECIFIED 0
--# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
--# define OCSP_REVOKED_STATUS_CACOMPROMISE 2
--# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
--# define OCSP_REVOKED_STATUS_SUPERSEDED 4
--# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
--# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
--# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
--
- typedef struct ocsp_crl_id_st OCSP_CRLID;
- typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
-
--# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
--# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-+# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
-+# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-
--# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
-+# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
-
--# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
-+# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
-
--# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
-+# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
-
--# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
-+# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
- (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
-
--# define PEM_write_bio_OCSP_REQUEST(bp,o) \
-+# define PEM_write_bio_OCSP_REQUEST(bp,o) \
- PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
- bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
--# define PEM_write_bio_OCSP_RESPONSE(bp,o) \
-+# define PEM_write_bio_OCSP_RESPONSE(bp,o) \
- PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
- bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
--# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
-+# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
-
--# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
-+# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
-
--# define OCSP_REQUEST_sign(o,pkey,md) \
-+# define OCSP_REQUEST_sign(o,pkey,md) \
- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
- &o->optionalSignature->signatureAlgorithm,NULL,\
- o->optionalSignature->signature,&o->tbsRequest,pkey,md)
-
--# define OCSP_BASICRESP_sign(o,pkey,md,d) \
-+# define OCSP_BASICRESP_sign(o,pkey,md,d) \
- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
- o->signature,&o->tbsResponseData,pkey,md)
-
--# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-+# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
- &a->optionalSignature->signatureAlgorithm,\
- a->optionalSignature->signature,&a->tbsRequest,r)
-
--# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-+# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
- &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
-
--# define ASN1_BIT_STRING_digest(data,type,md,len) \
-+# define ASN1_BIT_STRING_digest(data,type,md,len) \
- ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-
--# define OCSP_CERTSTATUS_dup(cs)\
-+# define OCSP_CERTSTATUS_dup(cs)\
- (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
- (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-
-@@ -259,6 +213,11 @@ ASN1_OCTET_STRING *OCSP_resp_get0_signat
- int OCSP_resp_count(OCSP_BASICRESP *bs);
- OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
- ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs);
-+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
-+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
-+ const ASN1_OCTET_STRING **pid,
-+ const X509_NAME **pname);
-+
- int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
- int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
- ASN1_GENERALIZEDTIME **revtime,
-@@ -392,12 +351,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_OCSP_strings(void);
-+
-+int ERR_load_OCSP_strings(void);
-
- /* Error codes for the OCSP functions. */
-
- /* Function codes. */
--# define OCSP_F_ASN1_STRING_ENCODE 100
- # define OCSP_F_D2I_OCSP_NONCE 102
- # define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
- # define OCSP_F_OCSP_BASIC_SIGN 104
-@@ -412,13 +371,9 @@ void ERR_load_OCSP_strings(void);
- # define OCSP_F_OCSP_REQUEST_SIGN 110
- # define OCSP_F_OCSP_REQUEST_VERIFY 116
- # define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
--# define OCSP_F_OCSP_SENDREQ_BIO 112
--# define OCSP_F_OCSP_SENDREQ_NBIO 117
- # define OCSP_F_PARSE_HTTP_LINE1 118
--# define OCSP_F_REQUEST_VERIFY 113
-
- /* Reason codes. */
--# define OCSP_R_BAD_DATA 100
- # define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
- # define OCSP_R_DIGEST_ERR 102
- # define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
-@@ -428,8 +383,6 @@ void ERR_load_OCSP_strings(void);
- # define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
- # define OCSP_R_NOT_BASIC_RESPONSE 104
- # define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
--# define OCSP_R_NO_CONTENT 106
--# define OCSP_R_NO_PUBLIC_KEY 107
- # define OCSP_R_NO_RESPONSE_DATA 108
- # define OCSP_R_NO_REVOKED_TIME 109
- # define OCSP_R_NO_SIGNER_KEY 130
-@@ -437,10 +390,8 @@ void ERR_load_OCSP_strings(void);
- # define OCSP_R_REQUEST_NOT_SIGNED 128
- # define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
- # define OCSP_R_ROOT_CA_NOT_TRUSTED 112
--# define OCSP_R_SERVER_READ_ERROR 113
- # define OCSP_R_SERVER_RESPONSE_ERROR 114
- # define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
--# define OCSP_R_SERVER_WRITE_ERROR 116
- # define OCSP_R_SIGNATURE_FAILURE 117
- # define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
- # define OCSP_R_STATUS_EXPIRED 125
-@@ -450,7 +401,8 @@ void ERR_load_OCSP_strings(void);
- # define OCSP_R_UNKNOWN_NID 120
- # define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
-+# endif
- #endif
---- a/include/openssl/opensslconf.h.in
-+++ b/include/openssl/opensslconf.h.in
-@@ -1,5 +1,12 @@
- /*
- * {- join("\n * ", @autowarntext) -}
-+ *
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef __cplusplus
---- a/include/openssl/opensslv.h
-+++ b/include/openssl/opensslv.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #ifndef HEADER_OPENSSLV_H
- # define HEADER_OPENSSLV_H
-
-@@ -30,11 +39,11 @@ extern "C" {
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- * major minor fix final patch/beta)
- */
--# define OPENSSL_VERSION_NUMBER 0x10100005L
-+# define OPENSSL_VERSION_NUMBER 0x10100006L
- # ifdef OPENSSL_FIPS
--# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-pre5-fips (beta) 19 Apr 2016"
-+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-pre6-fips-dev xx XXX xxxx"
- # else
--# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-pre5 (beta) 19 Apr 2016"
-+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-pre6-dev xx XXX xxxx"
- # endif
-
- /*-
---- a/include/openssl/ossl_typ.h
-+++ b/include/openssl/ossl_typ.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_OPENSSL_TYPES_H
-@@ -108,10 +63,11 @@ typedef struct ASN1_ITEM_st ASN1_ITEM;
- typedef struct asn1_pctx_st ASN1_PCTX;
- typedef struct asn1_sctx_st ASN1_SCTX;
-
--# ifdef OPENSSL_SYS_WIN32
-+# ifdef _WIN32
- # undef X509_NAME
- # undef X509_EXTENSIONS
- # undef PKCS7_ISSUER_AND_SERIAL
-+# undef PKCS7_SIGNER_INFO
- # undef OCSP_REQUEST
- # undef OCSP_RESPONSE
- # endif
---- a/include/openssl/pem.h
-+++ b/include/openssl/pem.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_PEM_H
-@@ -407,6 +359,11 @@ DECLARE_PEM_write_const(DHxparams, DH)
- DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
- DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
-
-+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
-+ const EVP_CIPHER *enc,
-+ unsigned char *kstr, int klen,
-+ pem_password_cb *cb, void *u);
-+
- int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-@@ -421,7 +378,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp,
- EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
- void *u);
-
--#ifndef OPENSSL_NO_STDIO
-+# ifndef OPENSSL_NO_STDIO
- int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-@@ -438,20 +395,22 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *f
- int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen, pem_password_cb *cd,
- void *u);
--#endif
-+# endif
- EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
- int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
-
-+# ifndef OPENSSL_NO_DSA
- EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
- EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
- EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
- EVP_PKEY *b2i_PublicKey_bio(BIO *in);
- int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
- int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
--# ifndef OPENSSL_NO_RC4
-+# ifndef OPENSSL_NO_RC4
- EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
- int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
- pem_password_cb *cb, void *u);
-+# endif
- # endif
-
- /* BEGIN ERROR CODES */
-@@ -459,7 +418,8 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk,
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_PEM_strings(void);
-+
-+int ERR_load_PEM_strings(void);
-
- /* Error codes for the PEM functions. */
-
-@@ -487,9 +447,7 @@ void ERR_load_PEM_strings(void);
- # define PEM_F_PEM_ASN1_WRITE_BIO 105
- # define PEM_F_PEM_DEF_CALLBACK 100
- # define PEM_F_PEM_DO_HEADER 106
--# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118
- # define PEM_F_PEM_GET_EVP_CIPHER_INFO 107
--# define PEM_F_PEM_PK8PKEY 119
- # define PEM_F_PEM_READ 108
- # define PEM_F_PEM_READ_BIO 109
- # define PEM_F_PEM_READ_BIO_DHPARAMS 141
-@@ -518,24 +476,26 @@ void ERR_load_PEM_strings(void);
- # define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
- # define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
- # define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
-+# define PEM_R_HEADER_TOO_LONG 128
- # define PEM_R_INCONSISTENT_HEADER 121
- # define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
- # define PEM_R_KEYBLOB_TOO_SHORT 123
-+# define PEM_R_MISSING_DEK_IV 129
- # define PEM_R_NOT_DEK_INFO 105
- # define PEM_R_NOT_ENCRYPTED 106
- # define PEM_R_NOT_PROC_TYPE 107
- # define PEM_R_NO_START_LINE 108
- # define PEM_R_PROBLEMS_GETTING_PASSWORD 109
--# define PEM_R_PUBLIC_KEY_NO_RSA 110
- # define PEM_R_PVK_DATA_TOO_SHORT 124
- # define PEM_R_PVK_TOO_SHORT 125
- # define PEM_R_READ_KEY 111
- # define PEM_R_SHORT_HEADER 112
-+# define PEM_R_UNEXPECTED_DEK_IV 130
- # define PEM_R_UNSUPPORTED_CIPHER 113
- # define PEM_R_UNSUPPORTED_ENCRYPTION 114
- # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/pem2.h
-+++ b/include/openssl/pem2.h
-@@ -1,60 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * This header only exists to break a circular dependency between pem and err
-- * Ben 30 Jan 1999.
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifdef __cplusplus
-@@ -62,7 +12,7 @@ extern "C" {
- #endif
-
- #ifndef HEADER_PEM_H
--void ERR_load_PEM_strings(void);
-+int ERR_load_PEM_strings(void);
- #endif
-
- #ifdef __cplusplus
---- a/include/openssl/pkcs12.h
-+++ b/include/openssl/pkcs12.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_PKCS12_H
-@@ -237,40 +188,35 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
- void PKCS12_PBE_add(void);
- int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
- STACK_OF(X509) **ca);
--PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
-- int mac_iter, int keytype);
-+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
-+ X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
-+ int iter, int mac_iter, int keytype);
-
- PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
- PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
- EVP_PKEY *key, int key_usage, int iter,
-- int key_nid, char *pass);
-+ int key_nid, const char *pass);
- int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-- int safe_nid, int iter, char *pass);
-+ int safe_nid, int iter, const char *pass);
- PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
-
- int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
- int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
- PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
- PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
--int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
-
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_PKCS12_strings(void);
-+
-+int ERR_load_PKCS12_strings(void);
-
- /* Error codes for the PKCS12 functions. */
-
- /* Function codes. */
--# define PKCS12_F_PARSE_BAG 129
--# define PKCS12_F_PARSE_BAGS 103
--# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
--# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
--# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
--# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
- # define PKCS12_F_PKCS12_CREATE 105
- # define PKCS12_F_PKCS12_GEN_MAC 107
- # define PKCS12_F_PKCS12_INIT 109
-@@ -293,7 +239,6 @@ void ERR_load_PKCS12_strings(void);
- # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
- # define PKCS12_F_PKCS12_UNPACK_P7DATA 131
- # define PKCS12_F_PKCS12_VERIFY_MAC 126
--# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
- # define PKCS12_F_PKCS8_ENCRYPT 125
- # define PKCS12_F_PKCS8_SET0_PBE 132
-
-@@ -312,7 +257,6 @@ void ERR_load_PKCS12_strings(void);
- # define PKCS12_R_MAC_GENERATION_ERROR 109
- # define PKCS12_R_MAC_SETUP_ERROR 110
- # define PKCS12_R_MAC_STRING_SET_ERROR 111
--# define PKCS12_R_MAC_VERIFY_ERROR 112
- # define PKCS12_R_MAC_VERIFY_FAILURE 113
- # define PKCS12_R_PARSE_ERROR 114
- # define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
-@@ -321,7 +265,7 @@ void ERR_load_PKCS12_strings(void);
- # define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
- # define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/pkcs7.h
-+++ b/include/openssl/pkcs7.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_PKCS7_H
-@@ -69,12 +21,6 @@
- extern "C" {
- #endif
-
--# ifdef OPENSSL_SYS_WIN32
--/* Under Win32 thes are defined in wincrypt.h */
--# undef PKCS7_ISSUER_AND_SERIAL
--# undef PKCS7_SIGNER_INFO
--# endif
--
- /*-
- Encryption_ID DES-CBC
- Digest_ID MD5
-@@ -371,15 +317,13 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_PKCS7_strings(void);
-+
-+int ERR_load_PKCS7_strings(void);
-
- /* Error codes for the PKCS7 functions. */
-
- /* Function codes. */
--# define PKCS7_F_B64_READ_PKCS7 120
--# define PKCS7_F_B64_WRITE_PKCS7 121
- # define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136
--# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140
- # define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135
- # define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
- # define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
-@@ -393,7 +337,6 @@ void ERR_load_PKCS7_strings(void);
- # define PKCS7_F_PKCS7_DATADECODE 112
- # define PKCS7_F_PKCS7_DATAFINAL 128
- # define PKCS7_F_PKCS7_DATAINIT 105
--# define PKCS7_F_PKCS7_DATASIGN 106
- # define PKCS7_F_PKCS7_DATAVERIFY 107
- # define PKCS7_F_PKCS7_DECRYPT 114
- # define PKCS7_F_PKCS7_DECRYPT_RINFO 133
-@@ -414,8 +357,6 @@ void ERR_load_PKCS7_strings(void);
- # define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137
- # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
- # define PKCS7_F_PKCS7_VERIFY 117
--# define PKCS7_F_SMIME_READ_PKCS7 122
--# define PKCS7_F_SMIME_TEXT 123
-
- /* Reason codes. */
- # define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
-@@ -423,46 +364,29 @@ void ERR_load_PKCS7_strings(void);
- # define PKCS7_R_CIPHER_NOT_INITIALIZED 116
- # define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
- # define PKCS7_R_CTRL_ERROR 152
--# define PKCS7_R_DECODE_ERROR 130
--# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
- # define PKCS7_R_DECRYPT_ERROR 119
- # define PKCS7_R_DIGEST_FAILURE 101
- # define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149
- # define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
- # define PKCS7_R_ERROR_ADDING_RECIPIENT 120
- # define PKCS7_R_ERROR_SETTING_CIPHER 121
--# define PKCS7_R_INVALID_MIME_TYPE 131
- # define PKCS7_R_INVALID_NULL_POINTER 143
- # define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155
--# define PKCS7_R_MIME_NO_CONTENT_TYPE 132
--# define PKCS7_R_MIME_PARSE_ERROR 133
--# define PKCS7_R_MIME_SIG_PARSE_ERROR 134
--# define PKCS7_R_MISSING_CERIPEND_INFO 103
- # define PKCS7_R_NO_CONTENT 122
--# define PKCS7_R_NO_CONTENT_TYPE 135
- # define PKCS7_R_NO_DEFAULT_DIGEST 151
- # define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154
--# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
--# define PKCS7_R_NO_MULTIPART_BOUNDARY 137
- # define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
--# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146
- # define PKCS7_R_NO_SIGNATURES_ON_DATA 123
- # define PKCS7_R_NO_SIGNERS 142
--# define PKCS7_R_NO_SIG_CONTENT_TYPE 138
- # define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
- # define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
- # define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153
--# define PKCS7_R_PKCS7_DATAFINAL 126
--# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
- # define PKCS7_R_PKCS7_DATASIGN 145
--# define PKCS7_R_PKCS7_PARSE_ERROR 139
--# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
- # define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
- # define PKCS7_R_SIGNATURE_FAILURE 105
- # define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
- # define PKCS7_R_SIGNING_CTRL_FAILURE 147
- # define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148
--# define PKCS7_R_SIG_INVALID_MIME_TYPE 141
- # define PKCS7_R_SMIME_TEXT_ERROR 129
- # define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
- # define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
-@@ -474,7 +398,7 @@ void ERR_load_PKCS7_strings(void);
- # define PKCS7_R_WRONG_CONTENT_TYPE 113
- # define PKCS7_R_WRONG_PKCS7_TYPE 114
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/rand.h
-+++ b/include/openssl/rand.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RAND_H
-@@ -62,10 +14,6 @@
- # include <openssl/ossl_typ.h>
- # include <openssl/e_os2.h>
-
--# if defined(OPENSSL_SYS_WINDOWS)
--# include <windows.h>
--# endif
--
- #ifdef __cplusplus
- extern "C" {
- #endif
-@@ -113,41 +61,29 @@ int RAND_egd_bytes(const char *path, int
- # endif
- int RAND_poll(void);
-
--# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
--
--void RAND_screen(void);
--int RAND_event(UINT, WPARAM, LPARAM);
--
--# endif
-+#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
-+/* application has to include <windows.h> in order to use these */
-+DEPRECATEDIN_1_1_0(void RAND_screen(void))
-+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
-+#endif
-
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_RAND_strings(void);
-+
-+int ERR_load_RAND_strings(void);
-
- /* Error codes for the RAND functions. */
-
- /* Function codes. */
--# define RAND_F_FIPS_RAND 102
--# define RAND_F_FIPS_RAND_SET_DT 103
--# define RAND_F_FIPS_SET_PRNG_SEED 104
--# define RAND_F_FIPS_SET_TEST_MODE 105
--# define RAND_F_FIPS_X931_SET_DT 106
- # define RAND_F_RAND_BYTES 100
--# define RAND_F_RAND_GET_RAND_METHOD 101
-
- /* Reason codes. */
--# define RAND_R_NOT_IN_TEST_MODE 101
--# define RAND_R_NO_KEY_SET 102
--# define RAND_R_PRNG_ERROR 103
--# define RAND_R_PRNG_KEYED 104
- # define RAND_R_PRNG_NOT_SEEDED 100
--# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 105
--# define RAND_R_PRNG_STUCK 106
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/rc2.h
-+++ b/include/openssl/rc2.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RC2_H
---- a/include/openssl/rc4.h
-+++ b/include/openssl/rc4.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RC4_H
---- a/include/openssl/rc5.h
-+++ b/include/openssl/rc5.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RC5_H
---- a/include/openssl/ripemd.h
-+++ b/include/openssl/ripemd.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RIPEMD_H
---- a/include/openssl/rsa.h
-+++ b/include/openssl/rsa.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_RSA_H
-@@ -114,18 +66,12 @@ extern "C" {
- * but other engines might not need it
- */
- # define RSA_FLAG_NO_BLINDING 0x0080
-+# if OPENSSL_API_COMPAT < 0x10100000L
- /*
-- * new with 0.9.8f; the built-in RSA
-- * implementation now uses constant time
-- * operations by default in private key operations,
-- * e.g., constant time modular exponentiation,
-- * modular inverse without leaking branches,
-- * division without leaking branches. This
-- * flag disables these constant time
-- * operations and results in faster RSA
-- * private key operations.
-+ * Does nothing. Previously this switched off constant time behaviour.
- */
--# define RSA_FLAG_NO_CONSTTIME 0x0100
-+# define RSA_FLAG_NO_CONSTTIME 0x0000
-+# endif
- # if OPENSSL_API_COMPAT < 0x00908000L
- /* deprecated name for the flag*/
- /*
-@@ -232,14 +178,16 @@ int RSA_security_bits(const RSA *rsa);
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
- int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
- int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
--void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d);
--void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q);
-+void RSA_get0_key(const RSA *r,
-+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
- void RSA_get0_crt_params(const RSA *r,
-- BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp);
-+ const BIGNUM **dmp1, const BIGNUM **dmq1,
-+ const BIGNUM **iqmp);
- void RSA_clear_flags(RSA *r, int flags);
- int RSA_test_flags(const RSA *r, int flags);
- void RSA_set_flags(RSA *r, int flags);
--ENGINE *RSA_get0_engine(RSA *r);
-+ENGINE *RSA_get0_engine(const RSA *r);
-
- /* Deprecated version */
- DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
-@@ -278,9 +226,6 @@ const RSA_METHOD *RSA_get_default_method
- const RSA_METHOD *RSA_get_method(const RSA *rsa);
- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
--/* This function needs the memory locking malloc callbacks to be installed */
--int RSA_memory_lock(RSA *r);
--
- /* these are the actual RSA functions */
- const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
-
-@@ -510,18 +455,14 @@ int RSA_meth_set_keygen(RSA_METHOD *rsa,
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_RSA_strings(void);
-+
-+int ERR_load_RSA_strings(void);
-
- /* Error codes for the RSA functions. */
-
- /* Function codes. */
- # define RSA_F_CHECK_PADDING_MD 140
--# define RSA_F_DO_RSA_PRINT 146
--# define RSA_F_FIPS_RSA_SIGN_DIGEST 149
--# define RSA_F_FIPS_RSA_VERIFY 150
--# define RSA_F_FIPS_RSA_VERIFY_DIGEST 151
- # define RSA_F_INT_RSA_VERIFY 145
--# define RSA_F_MEMORY_LOCK 100
- # define RSA_F_OLD_RSA_PRIV_DECODE 147
- # define RSA_F_PKEY_RSA_CTRL 143
- # define RSA_F_PKEY_RSA_CTRL_STR 144
-@@ -532,22 +473,21 @@ void ERR_load_RSA_strings(void);
- # define RSA_F_RSA_CHECK_KEY 123
- # define RSA_F_RSA_CHECK_KEY_EX 160
- # define RSA_F_RSA_CMS_DECRYPT 159
--# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101
--# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102
--# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103
--# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104
--# define RSA_F_RSA_GENERATE_KEY 105
- # define RSA_F_RSA_ITEM_VERIFY 148
--# define RSA_F_RSA_MEMORY_LOCK 130
-+# define RSA_F_RSA_METH_DUP 161
-+# define RSA_F_RSA_METH_NEW 162
-+# define RSA_F_RSA_METH_SET1_NAME 163
- # define RSA_F_RSA_MGF1_TO_MD 157
- # define RSA_F_RSA_NEW_METHOD 106
- # define RSA_F_RSA_NULL 124
--# define RSA_F_RSA_NULL_MOD_EXP 131
- # define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132
- # define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
- # define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
- # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
--# define RSA_F_RSA_OAEP_TO_CTX 158
-+# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101
-+# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102
-+# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103
-+# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104
- # define RSA_F_RSA_PADDING_ADD_NONE 107
- # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
- # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154
-@@ -566,7 +506,6 @@ void ERR_load_RSA_strings(void);
- # define RSA_F_RSA_PADDING_CHECK_X931 128
- # define RSA_F_RSA_PRINT 115
- # define RSA_F_RSA_PRINT_FP 116
--# define RSA_F_RSA_PRIV_DECODE 137
- # define RSA_F_RSA_PRIV_ENCODE 138
- # define RSA_F_RSA_PSS_TO_CTX 155
- # define RSA_F_RSA_PUB_DECODE 139
-@@ -601,7 +540,6 @@ void ERR_load_RSA_strings(void);
- # define RSA_R_INVALID_DIGEST 157
- # define RSA_R_INVALID_DIGEST_LENGTH 143
- # define RSA_R_INVALID_HEADER 137
--# define RSA_R_INVALID_KEYBITS 145
- # define RSA_R_INVALID_LABEL 160
- # define RSA_R_INVALID_MESSAGE_LENGTH 131
- # define RSA_R_INVALID_MGF1_MD 156
-@@ -635,7 +573,6 @@ void ERR_load_RSA_strings(void);
- # define RSA_R_UNKNOWN_DIGEST 166
- # define RSA_R_UNKNOWN_MASK_DIGEST 151
- # define RSA_R_UNKNOWN_PADDING_TYPE 118
--# define RSA_R_UNKNOWN_PSS_DIGEST 152
- # define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162
- # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
- # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
-@@ -644,9 +581,8 @@ void ERR_load_RSA_strings(void);
- # define RSA_R_VALUE_MISSING 147
- # define RSA_R_WRONG_SIGNATURE_LENGTH 119
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/safestack.h
-+++ b/include/openssl/safestack.h
-@@ -1,56 +1,10 @@
--/* automatically generated by util/mkstack.pl */
--/* ====================================================================
-- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_SAFESTACK_H
-@@ -63,128 +17,111 @@
- extern "C" {
- #endif
-
--# ifndef CHECKED_PTR_OF
--# define CHECKED_PTR_OF(type, p) ((void*) (1 ? p : (type*)0))
--# endif
--
--/*
-- * In C++ we get problems because an explicit cast is needed from (void *) we
-- * use CHECKED_STACK_OF to ensure the correct type is passed in the macros
-- * below.
-- */
--
--# define CHECKED_STACK_OF(type, p) \
-- ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
--
--# define CHECKED_SK_COPY_FUNC(type, p) \
-- ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0)))
--
--# define CHECKED_SK_FREE_FUNC(type, p) \
-- ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
--
--# define CHECKED_SK_CMP_FUNC(type, p) \
-- ((int (*)(const void *, const void *)) \
-- ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
--
- # define STACK_OF(type) struct stack_st_##type
-
- # define SKM_DEFINE_STACK_OF(t1, t2, t3) \
- STACK_OF(t1); \
-+ typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
-+ typedef void (*sk_##t1##_freefunc)(t3 *a); \
-+ typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
- static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
- { \
-- return sk_num((_STACK *)sk); \
-+ return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
- } \
- static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
- { \
-- return (t2 *)sk_value((_STACK *)sk, idx); \
-+ return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
- } \
-- static ossl_inline STACK_OF(t1) *sk_##t1##_new(int (*cmpf)(const t3 * const *a, const t3 * const *b)) \
-+ static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
- { \
-- return (STACK_OF(t1) *)sk_new((int (*)(const void *a, const void *b))cmpf); \
-+ return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \
- } \
- static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
- { \
-- return (STACK_OF(t1) *)sk_new_null(); \
-+ return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
- } \
-- static ossl_inline void sk_##t1##_free(const STACK_OF(t1) *sk) \
-+ static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
- { \
-- sk_free((_STACK *)sk); \
-+ OPENSSL_sk_free((OPENSSL_STACK *)sk); \
- } \
-- static ossl_inline void sk_##t1##_zero(const STACK_OF(t1) *sk) \
-+ static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
- { \
-- sk_zero((_STACK *)sk); \
-+ OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
- } \
- static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
- { \
-- return (t2 *)sk_delete((_STACK *)sk, i); \
-+ return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
- } \
- static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
- { \
-- return (t2 *)sk_delete_ptr((_STACK *)sk, (void *)ptr); \
-+ return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
-+ (const void *)ptr); \
- } \
- static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
- { \
-- return sk_push((_STACK *)sk, (void *)ptr); \
-+ return OPENSSL_sk_push((OPENSSL_STACK *)sk, (void *)ptr); \
- } \
- static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
- { \
-- return sk_unshift((_STACK *)sk, (void *)ptr); \
-+ return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (void *)ptr); \
- } \
- static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
- { \
-- return (t2 *)sk_pop((_STACK *)sk); \
-+ return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
- } \
- static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
- { \
-- return (t2 *)sk_shift((_STACK *)sk); \
-+ return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
- } \
-- static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, void (*func)(t3 *a)) \
-+ static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
- { \
-- sk_pop_free((_STACK *)sk, (void (*)(void *))func); \
-+ OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \
- } \
- static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
- { \
-- return sk_insert((_STACK *)sk, (void *)ptr, idx); \
-+ return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (void *)ptr, idx); \
- } \
- static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
- { \
-- return (t2 *)sk_set((_STACK *)sk, idx, (void *)ptr); \
-+ return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (void *)ptr); \
- } \
- static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
- { \
-- return sk_find((_STACK *)sk, (void *)ptr); \
-+ return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
- } \
- static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
- { \
-- return sk_find_ex((_STACK *)sk, (void *)ptr); \
-+ return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
- } \
-- static ossl_inline void sk_##t1##_sort(const STACK_OF(t1) *sk) \
-+ static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
- { \
-- sk_sort((_STACK *)sk); \
-+ OPENSSL_sk_sort((OPENSSL_STACK *)sk); \
- } \
- static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
- { \
-- return sk_is_sorted((_STACK *)sk); \
-+ return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
- } \
-- static ossl_inline STACK_OF(t1) * sk_##t1##_dup(STACK_OF(t1) *sk) \
-+ static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
- { \
-- return (STACK_OF(t1) *)sk_dup((_STACK *)sk); \
-+ return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
- } \
-- static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(STACK_OF(t1) *sk, \
-- t3 *(*copyfn)(const t3 *), \
-- void (*freefn)(t3 *)) \
-+ static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
-+ sk_##t1##_copyfunc copyfunc, \
-+ sk_##t1##_freefunc freefunc) \
- { \
-- return (STACK_OF(t1) *)sk_deep_copy((_STACK *)sk, \
-- (void * (*)(void *a))copyfn, \
-- (void (*)(void *a))freefn); \
-+ return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((OPENSSL_STACK *)sk, \
-+ (OPENSSL_sk_copyfunc)copyfunc, \
-+ (OPENSSL_sk_freefunc)freefunc); \
- } \
-- static ossl_inline int (*sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, int (*cmpf)(const t3 * const *a, const t3 * const *b)))(const t3 * const *, const t3 * const *) \
-+ static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
- { \
-- return (int (*)(const t3 * const *,const t3 * const *))sk_set_cmp_func((_STACK *)sk, (int (*)(const void *a, const void *b))cmpf); \
-+ return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
- }
-
- # define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
- # define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
-+# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \
-+ SKM_DEFINE_STACK_OF(t1, const t2, t2)
- # define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
-
- /*-
-@@ -212,6 +149,7 @@ typedef const char *OPENSSL_CSTRING;
- * dealt with in the autogenerated macros below.
- */
- DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
-+DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
-
- /*
- * Similarly, we sometimes use a block of characters, NOT nul-terminated.
---- a/include/openssl/seed.h
-+++ b/include/openssl/seed.h
-@@ -1,4 +1,13 @@
- /*
-+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -21,60 +30,6 @@
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-- *
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
- */
-
- #ifndef HEADER_SEED_H
---- a/include/openssl/sha.h
-+++ b/include/openssl/sha.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_SHA_H
---- a/include/openssl/srp.h
-+++ b/include/openssl/srp.h
-@@ -1,61 +1,12 @@
- /*
-- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
-- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
-- * EdelKey project and contributed to the OpenSSL project 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef HEADER_SRP_H
- # define HEADER_SRP_H
-
-@@ -101,17 +52,17 @@ typedef struct SRP_VBASE_st {
- STACK_OF(SRP_gN_cache) *gN_cache;
- /* to simulate a user */
- char *seed_key;
-- BIGNUM *default_g;
-- BIGNUM *default_N;
-+ const BIGNUM *default_g;
-+ const BIGNUM *default_N;
- } SRP_VBASE;
-
- /*
-- * Structure interne pour retenir les couples N et g
-+ * Internal structure storing N and g pair
- */
- typedef struct SRP_gN_st {
- char *id;
-- BIGNUM *g;
-- BIGNUM *N;
-+ const BIGNUM *g;
-+ const BIGNUM *N;
- } SRP_gN;
-
- DEFINE_STACK_OF(SRP_gN)
-@@ -152,22 +103,23 @@ int SRP_create_verifier_BN(const char *u
- # define DB_SRP_MODIF 'v'
-
- /* see srp.c */
--char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
-+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
- SRP_gN *SRP_get_default_gN(const char *id);
-
- /* server side .... */
--BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-- BIGNUM *N);
--BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
--int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
--BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
-+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
-+ const BIGNUM *b, const BIGNUM *N);
-+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
-+ const BIGNUM *v);
-+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
-+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);
-
- /* client side .... */
--BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
--BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
--BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-- BIGNUM *a, BIGNUM *u);
--int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
-+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
-+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
-+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
-+ const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
-+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);
-
- # define SRP_MINIMAL_N 1024
-
---- a/include/openssl/srtp.h
-+++ b/include/openssl/srtp.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /*
- * DTLS code by Eric Rescorla <ekr at rtfm.com>
- *
---- a/include/openssl/ssl.h
-+++ b/include/openssl/ssl.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -419,7 +319,7 @@ typedef int (*custom_ext_parse_cb) (SSL
- # define SSL_OP_SINGLE_ECDH_USE 0x0
- /* Does nothing: retained for compatibility */
- # define SSL_OP_SINGLE_DH_USE 0x0
--/* Does nothing: retained for compatibiity */
-+/* Does nothing: retained for compatibility */
- # define SSL_OP_EPHEMERAL_RSA 0x0
- /*
- * Set on servers to choose the cipher according to the server's preferences
-@@ -507,7 +407,7 @@ typedef int (*custom_ext_parse_cb) (SSL
- /* Cert related flags */
- /*
- * Many implementations ignore some aspects of the TLS standards such as
-- * enforcing certifcate chain algorithms. When this is set we enforce them.
-+ * enforcing certificate chain algorithms. When this is set we enforce them.
- */
- # define SSL_CERT_FLAG_TLS_STRICT 0x00000001U
-
-@@ -884,6 +784,7 @@ const char *SSL_get_psk_identity(const S
- # define SSL_READING 3
- # define SSL_X509_LOOKUP 4
- # define SSL_ASYNC_PAUSED 5
-+# define SSL_ASYNC_NO_JOBS 6
-
- /* These will only be used when doing non-blocking IO */
- # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
-@@ -891,6 +792,7 @@ const char *SSL_get_psk_identity(const S
- # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
- # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
- # define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED)
-+# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS)
-
- # define SSL_MAC_FLAG_READ_MAC_STREAM 1
- # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-@@ -1122,6 +1024,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
- # define SSL_ERROR_WANT_CONNECT 7
- # define SSL_ERROR_WANT_ACCEPT 8
- # define SSL_ERROR_WANT_ASYNC 9
-+# define SSL_ERROR_WANT_ASYNC_JOB 10
- # define SSL_CTRL_SET_TMP_DH 3
- # define SSL_CTRL_SET_TMP_ECDH 4
- # define SSL_CTRL_SET_TMP_DH_CB 6
-@@ -1230,6 +1133,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
- # define SSL_CTRL_SET_MAX_PROTO_VERSION 124
- # define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125
- # define SSL_CTRL_SET_MAX_PIPELINES 126
-+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
- # define SSL_CERT_SET_FIRST 1
- # define SSL_CERT_SET_NEXT 2
- # define SSL_CERT_SET_SERVER 3
-@@ -1366,6 +1270,19 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
- #define SSL_set_max_proto_version(s, version) \
- SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
-
-+#if OPENSSL_API_COMPAT < 0x10100000L
-+/* Provide some compatibility macros for removed functionality. */
-+# define SSL_CTX_need_tmp_RSA(ctx) 0
-+# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
-+# define SSL_need_tmp_RSA(ssl) 0
-+# define SSL_set_tmp_rsa(ssl,rsa) 1
-+/*
-+ * We "pretend" to call the callback to avoid warnings about unused static
-+ * functions.
-+ */
-+# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0)
-+# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0)
-+#endif
-
- __owur const BIO_METHOD *BIO_f_ssl(void);
- __owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
-@@ -1376,7 +1293,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
-
- __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
- __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
--void SSL_CTX_up_ref(SSL_CTX *ctx);
-+int SSL_CTX_up_ref(SSL_CTX *ctx);
- void SSL_CTX_free(SSL_CTX *);
- __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
- __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-@@ -1409,8 +1326,8 @@ void SSL_CTX_flush_sessions(SSL_CTX *ctx
- __owur int SSL_set_rfd(SSL *s, int fd);
- __owur int SSL_set_wfd(SSL *s, int fd);
- # endif
--void SSL_set_rbio(SSL *s, BIO *rbio);
--void SSL_set_wbio(SSL *s, BIO *wbio);
-+void SSL_set0_rbio(SSL *s, BIO *rbio);
-+void SSL_set0_wbio(SSL *s, BIO *wbio);
- void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
- __owur BIO *SSL_get_rbio(const SSL *s);
- __owur BIO *SSL_get_wbio(const SSL *s);
-@@ -1473,6 +1390,7 @@ int SSL_add_dir_cert_subjects_to_stack(S
- __owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
- __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
- __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
- __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
- __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
- __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
-@@ -1551,7 +1469,8 @@ void *SSL_get_default_passwd_cb_userdata
- unsigned int sid_ctx_len);
-
- SSL *SSL_new(SSL_CTX *ctx);
--void SSL_up_ref(SSL *s);
-+int SSL_up_ref(SSL *s);
-+int SSL_is_dtls(const SSL *s);
- __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-@@ -1580,6 +1499,13 @@ void SSL_set_hostflags(SSL *s, unsigned
- * offline testing in test/danetest.c
- */
- SSL_DANE *SSL_get0_dane(SSL *ssl);
-+/*
-+ * DANE flags
-+ */
-+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
-+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
-+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
-+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
-
- __owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
- __owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-@@ -1613,11 +1539,16 @@ int SSL_set_srp_server_param_pw(SSL *s,
-
- void SSL_certs_clear(SSL *s);
- void SSL_free(SSL *ssl);
-+# ifdef OSSL_ASYNC_FD
-+/*
-+ * Windows application developer has to include windows.h to use these.
-+ */
- __owur int SSL_waiting_for_async(SSL *s);
- __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
- __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
- size_t *numaddfds, OSSL_ASYNC_FD *delfd,
- size_t *numdelfds);
-+# endif
- __owur int SSL_accept(SSL *ssl);
- __owur int SSL_connect(SSL *ssl);
- __owur int SSL_read(SSL *ssl, void *buf, int num);
-@@ -1738,6 +1669,7 @@ void SSL_set_quiet_shutdown(SSL *ssl, in
- void SSL_set_shutdown(SSL *ssl, int mode);
- __owur int SSL_get_shutdown(const SSL *ssl);
- __owur int SSL_version(const SSL *ssl);
-+__owur int SSL_client_version(const SSL *s);
- __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
- __owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
- __owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
-@@ -1820,8 +1752,8 @@ void *SSL_CTX_get_ex_data(const SSL_CTX
- void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
- void SSL_set_default_read_buffer_len(SSL *s, size_t len);
-
-- /* NB: the keylength is only applicable when is_export is true */
- # ifndef OPENSSL_NO_DH
-+/* NB: the |keylength| is only applicable when is_export is true */
- void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*dh) (SSL *ssl, int is_export,
- int keylength));
-@@ -2103,7 +2035,8 @@ extern const char SSL_version_str[];
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_SSL_strings(void);
-+
-+int ERR_load_SSL_strings(void);
-
- /* Error codes for the SSL functions. */
-
-@@ -2117,21 +2050,14 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_DANE_TLSA_ADD 394
- # define SSL_F_DO_DTLS1_WRITE 245
- # define SSL_F_DO_SSL3_WRITE 104
--# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
- # define SSL_F_DTLS1_BUFFER_RECORD 247
- # define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318
--# define SSL_F_DTLS1_ENC 250
--# define SSL_F_DTLS1_GET_HELLO_VERIFY 251
--# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
--# define SSL_F_DTLS1_HANDLE_TIMEOUT 297
- # define SSL_F_DTLS1_HEARTBEAT 305
- # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
--# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
- # define SSL_F_DTLS1_PROCESS_RECORD 257
- # define SSL_F_DTLS1_READ_BYTES 258
--# define SSL_F_DTLS1_READ_FAILED 259
--# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
--# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
-+# define SSL_F_DTLS1_READ_FAILED 339
-+# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390
- # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
- # define SSL_F_DTLSV1_LISTEN 350
- # define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371
-@@ -2139,12 +2065,11 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
- # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
- # define SSL_F_OPENSSL_INIT_SSL 342
-+# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417
-+# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418
- # define SSL_F_READ_STATE_MACHINE 352
--# define SSL_F_SSL3_ADD_CERT_TO_BUF 296
--# define SSL_F_SSL3_CALLBACK_CTRL 233
- # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
- # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
--# define SSL_F_SSL3_CHECK_FINISHED 339
- # define SSL_F_SSL3_CTRL 213
- # define SSL_F_SSL3_CTX_CTRL 133
- # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
-@@ -2153,9 +2078,8 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
- # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
- # define SSL_F_SSL3_GET_RECORD 143
--# define SSL_F_SSL3_NEW_SESSION_TICKET 287
-+# define SSL_F_SSL3_INIT_FINISHED_MAC 397
- # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
--# define SSL_F_SSL3_PEEK 235
- # define SSL_F_SSL3_READ_BYTES 148
- # define SSL_F_SSL3_READ_N 149
- # define SSL_F_SSL3_SETUP_KEY_BLOCK 157
-@@ -2163,7 +2087,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
- # define SSL_F_SSL3_WRITE_BYTES 158
- # define SSL_F_SSL3_WRITE_PENDING 159
--# define SSL_F_SSL_ACCEPT 390
- # define SSL_F_SSL_ADD_CERT_CHAIN 316
- # define SSL_F_SSL_ADD_CERT_TO_BUF 319
- # define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
-@@ -2179,7 +2102,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
- # define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346
- # define SSL_F_SSL_CERT_DUP 221
--# define SSL_F_SSL_CERT_INSTANTIATE 214
- # define SSL_F_SSL_CERT_NEW 162
- # define SSL_F_SSL_CERT_SET0_CHAIN 340
- # define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-@@ -2200,10 +2122,8 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
- # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
- # define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396
--# define SSL_F_SSL_CTX_SET_PURPOSE 226
- # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
- # define SSL_F_SSL_CTX_SET_SSL_VERSION 170
--# define SSL_F_SSL_CTX_SET_TRUST 229
- # define SSL_F_SSL_CTX_USE_CERTIFICATE 171
- # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
- # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
-@@ -2216,16 +2136,15 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
- # define SSL_F_SSL_CTX_USE_SERVERINFO 336
- # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337
-+# define SSL_F_SSL_DANE_DUP 403
- # define SSL_F_SSL_DANE_ENABLE 395
- # define SSL_F_SSL_DO_CONFIG 391
- # define SSL_F_SSL_DO_HANDSHAKE 180
-+# define SSL_F_SSL_DUP_CA_LIST 408
- # define SSL_F_SSL_ENABLE_CT 402
--# define SSL_F_SSL_GET0_PEER_SCTS 397
- # define SSL_F_SSL_GET_NEW_SESSION 181
- # define SSL_F_SSL_GET_PREV_SESSION 217
- # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322
--# define SSL_F_SSL_GET_SERVER_SEND_CERT 182
--# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
- # define SSL_F_SSL_GET_SIGN_PKEY 183
- # define SSL_F_SSL_INIT_WBIO_BUFFER 184
- # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
-@@ -2238,8 +2157,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
- # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
- # define SSL_F_SSL_PEEK 270
--# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
--# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
- # define SSL_F_SSL_READ 223
- # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
- # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
-@@ -2253,17 +2170,14 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399
- # define SSL_F_SSL_SET_FD 192
- # define SSL_F_SSL_SET_PKEY 193
--# define SSL_F_SSL_SET_PURPOSE 227
- # define SSL_F_SSL_SET_RFD 194
- # define SSL_F_SSL_SET_SESSION 195
- # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
- # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
--# define SSL_F_SSL_SET_TRUST 228
- # define SSL_F_SSL_SET_WFD 196
- # define SSL_F_SSL_SHUTDOWN 224
- # define SSL_F_SSL_SRP_CTX_INIT 313
- # define SSL_F_SSL_START_ASYNC_JOB 389
--# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
- # define SSL_F_SSL_UNDEFINED_FUNCTION 197
- # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
- # define SSL_F_SSL_USE_CERTIFICATE 198
-@@ -2283,17 +2197,20 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_TLS12_CHECK_PEER_SIGALG 333
- # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
- # define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341
--# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
- # define SSL_F_TLS1_ENC 401
- # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
- # define SSL_F_TLS1_GET_CURVELIST 338
--# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
--# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
- # define SSL_F_TLS1_PRF 284
- # define SSL_F_TLS1_SETUP_KEY_BLOCK 211
- # define SSL_F_TLS1_SET_SERVER_SIGALGS 335
- # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
- # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
-+# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404
-+# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405
-+# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406
-+# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407
-+# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409
-+# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410
- # define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
- # define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
- # define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
-@@ -2313,6 +2230,12 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_TLS_PROCESS_CERT_STATUS 362
- # define SSL_F_TLS_PROCESS_CERT_VERIFY 379
- # define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363
-+# define SSL_F_TLS_PROCESS_CKE_DHE 411
-+# define SSL_F_TLS_PROCESS_CKE_ECDHE 412
-+# define SSL_F_TLS_PROCESS_CKE_GOST 413
-+# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414
-+# define SSL_F_TLS_PROCESS_CKE_RSA 415
-+# define SSL_F_TLS_PROCESS_CKE_SRP 416
- # define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380
- # define SSL_F_TLS_PROCESS_CLIENT_HELLO 381
- # define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382
-@@ -2323,6 +2246,10 @@ void ERR_load_SSL_strings(void);
- # define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367
- # define SSL_F_TLS_PROCESS_SERVER_DONE 368
- # define SSL_F_TLS_PROCESS_SERVER_HELLO 369
-+# define SSL_F_TLS_PROCESS_SKE_DHE 419
-+# define SSL_F_TLS_PROCESS_SKE_ECDHE 420
-+# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421
-+# define SSL_F_TLS_PROCESS_SKE_SRP 422
- # define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
-
- /* Reason codes. */
-@@ -2330,43 +2257,23 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
- # define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143
- # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158
--# define SSL_R_BAD_ALERT_RECORD 101
- # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
- # define SSL_R_BAD_DATA 390
- # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
- # define SSL_R_BAD_DECOMPRESSION 107
--# define SSL_R_BAD_DH_G_LENGTH 108
--# define SSL_R_BAD_DH_G_VALUE 375
--# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
--# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
--# define SSL_R_BAD_DH_P_LENGTH 110
--# define SSL_R_BAD_DH_P_VALUE 395
- # define SSL_R_BAD_DH_VALUE 102
- # define SSL_R_BAD_DIGEST_LENGTH 111
--# define SSL_R_BAD_DSA_SIGNATURE 112
- # define SSL_R_BAD_ECC_CERT 304
--# define SSL_R_BAD_ECDSA_SIGNATURE 305
- # define SSL_R_BAD_ECPOINT 306
- # define SSL_R_BAD_HANDSHAKE_LENGTH 332
- # define SSL_R_BAD_HELLO_REQUEST 105
- # define SSL_R_BAD_LENGTH 271
--# define SSL_R_BAD_MAC_LENGTH 333
--# define SSL_R_BAD_MESSAGE_TYPE 114
- # define SSL_R_BAD_PACKET_LENGTH 115
- # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
--# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
--# define SSL_R_BAD_RSA_DECRYPT 118
- # define SSL_R_BAD_RSA_ENCRYPT 119
--# define SSL_R_BAD_RSA_E_LENGTH 120
--# define SSL_R_BAD_RSA_MODULUS_LENGTH 121
--# define SSL_R_BAD_RSA_SIGNATURE 122
- # define SSL_R_BAD_SIGNATURE 123
- # define SSL_R_BAD_SRP_A_LENGTH 347
--# define SSL_R_BAD_SRP_B_LENGTH 348
--# define SSL_R_BAD_SRP_G_LENGTH 349
--# define SSL_R_BAD_SRP_N_LENGTH 350
- # define SSL_R_BAD_SRP_PARAMETERS 371
--# define SSL_R_BAD_SRP_S_LENGTH 351
- # define SSL_R_BAD_SRTP_MKI_VALUE 352
- # define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
- # define SSL_R_BAD_SSL_FILETYPE 124
-@@ -2376,7 +2283,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
- # define SSL_R_BN_LIB 130
- # define SSL_R_CA_DN_LENGTH_MISMATCH 131
--# define SSL_R_CA_DN_TOO_LONG 132
- # define SSL_R_CA_KEY_TOO_SMALL 397
- # define SSL_R_CA_MD_TOO_WEAK 398
- # define SSL_R_CCS_RECEIVED_EARLY 133
-@@ -2416,12 +2322,8 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_DIGEST_CHECK_FAILED 149
- # define SSL_R_DTLS_MESSAGE_TOO_BIG 334
- # define SSL_R_DUPLICATE_COMPRESSION_ID 309
--# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
- # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
--# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
--# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
- # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374
--# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
- # define SSL_R_EE_KEY_TOO_SMALL 399
- # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
- # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-@@ -2432,8 +2334,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_FAILED_TO_INIT_ASYNC 405
- # define SSL_R_FRAGMENTED_CLIENT_HELLO 401
- # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
--# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
--# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
- # define SSL_R_HTTPS_PROXY_REQUEST 155
- # define SSL_R_HTTP_REQUEST 156
- # define SSL_R_ILLEGAL_SUITEB_DIGEST 380
-@@ -2445,23 +2345,17 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_INVALID_CONFIGURATION_NAME 113
- # define SSL_R_INVALID_CT_VALIDATION_TYPE 212
- # define SSL_R_INVALID_NULL_CMD_NAME 385
--# define SSL_R_INVALID_PURPOSE 278
- # define SSL_R_INVALID_SEQUENCE_NUMBER 402
- # define SSL_R_INVALID_SERVERINFO_DATA 388
- # define SSL_R_INVALID_SRP_USERNAME 357
- # define SSL_R_INVALID_STATUS_RESPONSE 328
- # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
--# define SSL_R_INVALID_TRUST 279
- # define SSL_R_LENGTH_MISMATCH 159
- # define SSL_R_LENGTH_TOO_LONG 404
- # define SSL_R_LENGTH_TOO_SHORT 160
- # define SSL_R_LIBRARY_BUG 274
- # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
--# define SSL_R_MISSING_DH_DSA_CERT 162
--# define SSL_R_MISSING_DH_KEY 163
--# define SSL_R_MISSING_DH_RSA_CERT 164
- # define SSL_R_MISSING_DSA_SIGNING_CERT 165
--# define SSL_R_MISSING_ECDH_CERT 382
- # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
- # define SSL_R_MISSING_RSA_CERTIFICATE 168
- # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
-@@ -2469,18 +2363,13 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_MISSING_SRP_PARAM 358
- # define SSL_R_MISSING_TMP_DH_KEY 171
- # define SSL_R_MISSING_TMP_ECDH_KEY 311
--# define SSL_R_MISSING_VERIFY_MESSAGE 174
--# define SSL_R_MULTIPLE_SGC_RESTARTS 346
- # define SSL_R_NO_CERTIFICATES_RETURNED 176
- # define SSL_R_NO_CERTIFICATE_ASSIGNED 177
--# define SSL_R_NO_CERTIFICATE_RETURNED 178
- # define SSL_R_NO_CERTIFICATE_SET 179
- # define SSL_R_NO_CIPHERS_AVAILABLE 181
--# define SSL_R_NO_CIPHERS_PASSED 182
- # define SSL_R_NO_CIPHERS_SPECIFIED 183
- # define SSL_R_NO_CIPHER_MATCH 185
- # define SSL_R_NO_CLIENT_CERT_METHOD 331
--# define SSL_R_NO_CLIENT_CERT_RECEIVED 186
- # define SSL_R_NO_COMPRESSION_SPECIFIED 187
- # define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
- # define SSL_R_NO_METHOD_SPECIFIED 188
-@@ -2490,16 +2379,14 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_NO_RENEGOTIATION 339
- # define SSL_R_NO_REQUIRED_DIGEST 324
- # define SSL_R_NO_SHARED_CIPHER 193
--# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376
-+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376
- # define SSL_R_NO_SRTP_PROFILES 359
- # define SSL_R_NO_VALID_SCTS 216
--# define SSL_R_NO_VERIFY_CALLBACK 194
- # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
- # define SSL_R_NULL_SSL_CTX 195
- # define SSL_R_NULL_SSL_METHOD_PASSED 196
- # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
- # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
--# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
- # define SSL_R_PACKET_LENGTH_TOO_LONG 198
- # define SSL_R_PARSE_TLSEXT 227
- # define SSL_R_PATH_TOO_LONG 270
-@@ -2507,7 +2394,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_PEM_NAME_BAD_PREFIX 391
- # define SSL_R_PEM_NAME_TOO_SHORT 392
- # define SSL_R_PIPELINE_FAILURE 406
--# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
- # define SSL_R_PROTOCOL_IS_SHUTDOWN 207
- # define SSL_R_PSK_IDENTITY_NOT_FOUND 223
- # define SSL_R_PSK_NO_CLIENT_CB 224
-@@ -2515,18 +2401,16 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_READ_BIO_NOT_SET 211
- # define SSL_R_READ_TIMEOUT_EXPIRED 312
- # define SSL_R_RECORD_LENGTH_MISMATCH 213
--# define SSL_R_RECORD_TOO_LARGE 214
- # define SSL_R_RECORD_TOO_SMALL 298
- # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
- # define SSL_R_RENEGOTIATION_ENCODING_ERR 336
- # define SSL_R_RENEGOTIATION_MISMATCH 337
- # define SSL_R_REQUIRED_CIPHER_MISSING 215
--# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
-+# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342
- # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
- # define SSL_R_SCT_VERIFICATION_FAILED 208
- # define SSL_R_SERVERHELLO_TLSEXT 275
- # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
--# define SSL_R_SET_FAILED 209
- # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
- # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
- # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
-@@ -2534,11 +2418,20 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
- # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
- # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
--# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
- # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
- # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
- # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
--# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
-+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
- # define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
- # define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
- # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
-@@ -2552,19 +2445,30 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
- # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
- # define SSL_R_SSL_SESSION_VERSION_MISMATCH 210
--# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
-+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
-+# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
-+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
-+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
-+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
-+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
-+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
-+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
-+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
-+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-+# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
-+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
-+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
-+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
-+# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
-+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
- # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
- # define SSL_R_TLS_HEARTBEAT_PENDING 366
- # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
- # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
--# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
--# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
--# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
--# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
--# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
- # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
- # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
--# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
- # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
- # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
- # define SSL_R_UNEXPECTED_MESSAGE 244
-@@ -2580,13 +2484,10 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
- # define SSL_R_UNKNOWN_PKEY_TYPE 251
- # define SSL_R_UNKNOWN_PROTOCOL 252
--# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
- # define SSL_R_UNKNOWN_SSL_VERSION 254
- # define SSL_R_UNKNOWN_STATE 255
- # define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
--# define SSL_R_UNSUPPORTED_CIPHER 256
- # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
--# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
- # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
- # define SSL_R_UNSUPPORTED_PROTOCOL 258
- # define SSL_R_UNSUPPORTED_SSL_VERSION 259
-@@ -2597,7 +2498,6 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_WRONG_CERTIFICATE_TYPE 383
- # define SSL_R_WRONG_CIPHER_RETURNED 261
- # define SSL_R_WRONG_CURVE 378
--# define SSL_R_WRONG_MESSAGE_TYPE 262
- # define SSL_R_WRONG_SIGNATURE_LENGTH 264
- # define SSL_R_WRONG_SIGNATURE_SIZE 265
- # define SSL_R_WRONG_SIGNATURE_TYPE 370
-@@ -2606,7 +2506,7 @@ void ERR_load_SSL_strings(void);
- # define SSL_R_X509_LIB 268
- # define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/ssl2.h
-+++ b/include/openssl/ssl2.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_SSL2_H
---- a/include/openssl/ssl3.h
-+++ b/include/openssl/ssl3.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
---- a/include/openssl/stack.h
-+++ b/include/openssl/stack.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_STACK_H
-@@ -62,33 +14,62 @@
- extern "C" {
- #endif
-
--typedef struct stack_st _STACK; /* Use STACK_OF(...) instead */
--
--int sk_num(const _STACK *);
--void *sk_value(const _STACK *, int);
--
--void *sk_set(_STACK *, int, void *);
-+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
-
--_STACK *sk_new(int (*cmp) (const void *, const void *));
--_STACK *sk_new_null(void);
--void sk_free(_STACK *);
--void sk_pop_free(_STACK *st, void (*func) (void *));
--_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
--int sk_insert(_STACK *sk, void *data, int where);
--void *sk_delete(_STACK *st, int loc);
--void *sk_delete_ptr(_STACK *st, void *p);
--int sk_find(_STACK *st, void *data);
--int sk_find_ex(_STACK *st, void *data);
--int sk_push(_STACK *st, void *data);
--int sk_unshift(_STACK *st, void *data);
--void *sk_shift(_STACK *st);
--void *sk_pop(_STACK *st);
--void sk_zero(_STACK *st);
--int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
-- (const void *, const void *);
--_STACK *sk_dup(_STACK *st);
--void sk_sort(_STACK *st);
--int sk_is_sorted(const _STACK *st);
-+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
-+typedef void (*OPENSSL_sk_freefunc)(void *);
-+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
-+
-+int OPENSSL_sk_num(const OPENSSL_STACK *);
-+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
-+
-+void *OPENSSL_sk_set(OPENSSL_STACK *, int, void *);
-+
-+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
-+OPENSSL_STACK *OPENSSL_sk_new_null(void);
-+void OPENSSL_sk_free(OPENSSL_STACK *);
-+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *));
-+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f);
-+int OPENSSL_sk_insert(OPENSSL_STACK *sk, void *data, int where);
-+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
-+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
-+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
-+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
-+int OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
-+int OPENSSL_sk_unshift(OPENSSL_STACK *st, void *data);
-+void *OPENSSL_sk_shift(OPENSSL_STACK *st);
-+void *OPENSSL_sk_pop(OPENSSL_STACK *st);
-+void OPENSSL_sk_zero(OPENSSL_STACK *st);
-+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc cmp);
-+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
-+void OPENSSL_sk_sort(OPENSSL_STACK *st);
-+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
-+
-+# if OPENSSL_API_COMPAT < 0x10100000L
-+# define _STACK OPENSSL_STACK
-+# define sk_num OPENSSL_sk_num
-+# define sk_value OPENSSL_sk_value
-+# define sk_set OPENSSL_sk_set
-+# define sk_new OPENSSL_sk_new
-+# define sk_new_null OPENSSL_sk_new_null
-+# define sk_free OPENSSL_sk_free
-+# define sk_pop_free OPENSSL_sk_pop_free
-+# define sk_deep_copy OPENSSL_sk_deep_copy
-+# define sk_insert OPENSSL_sk_insert
-+# define sk_delete OPENSSL_sk_delete
-+# define sk_delete_ptr OPENSSL_sk_delete_ptr
-+# define sk_find OPENSSL_sk_find
-+# define sk_find_ex OPENSSL_sk_find_ex
-+# define sk_push OPENSSL_sk_push
-+# define sk_unshift OPENSSL_sk_unshift
-+# define sk_shift OPENSSL_sk_shift
-+# define sk_pop OPENSSL_sk_pop
-+# define sk_zero OPENSSL_sk_zero
-+# define sk_set_cmp_func OPENSSL_sk_set_cmp_func
-+# define sk_dup OPENSSL_sk_dup
-+# define sk_sort OPENSSL_sk_sort
-+# define sk_is_sorted OPENSSL_sk_is_sorted
-+# endif
-
- #ifdef __cplusplus
- }
---- a/include/openssl/symhacks.h
-+++ b/include/openssl/symhacks.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_SYMHACKS_H
---- a/include/openssl/tls1.h
-+++ b/include/openssl/tls1.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -151,12 +51,13 @@
- # define HEADER_TLS1_H
-
- # include <openssl/buffer.h>
-+# include <openssl/x509.h>
-
- #ifdef __cplusplus
- extern "C" {
- #endif
-
--/* Default security level if not overriden at config time */
-+/* Default security level if not overridden at config time */
- # ifndef OPENSSL_TLS_SECURITY_LEVEL
- # define OPENSSL_TLS_SECURITY_LEVEL 1
- # endif
-@@ -179,10 +80,10 @@ extern "C" {
- # define TLS1_2_VERSION_MINOR 0x03
-
- # define TLS1_get_version(s) \
-- ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-+ ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0)
-
- # define TLS1_get_client_version(s) \
-- ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
-+ ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0)
-
- # define TLS1_AD_DECRYPTION_FAILED 21
- # define TLS1_AD_RECORD_OVERFLOW 22
-@@ -351,6 +252,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEX
- # define SSL_set_tlsext_debug_arg(ssl, arg) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-
-+# define SSL_get_tlsext_status_type(ssl) \
-+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL)
-+
- # define SSL_set_tlsext_status_type(ssl, type) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-
-@@ -394,6 +298,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
- # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
- SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
-
-+#define SSL_CTX_set_tlsext_status_type(ssl, type) \
-+ SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)
-+
-+#define SSL_CTX_get_tlsext_status_type(ssl) \
-+ SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
-+
- # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
- SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-
---- a/include/openssl/ts.h
-+++ b/include/openssl/ts.h
-@@ -1,59 +1,10 @@
- /*
-- * Written by Zoltan Glozik (zglozik at opentsa.org) for the OpenSSL project
-- * 2002, 2003, 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_TS_H
-@@ -76,11 +27,6 @@
- extern "C" {
- # endif
-
--# ifdef WIN32
--/* Under Win32 this is defined in wincrypt.h */
--# undef X509_NAME
--# endif
--
- # include <openssl/x509.h>
- # include <openssl/x509v3.h>
-
-@@ -210,8 +156,6 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(E
- const unsigned char **pp, long length);
- ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
-
--void ERR_load_TS_strings(void);
--
- int TS_REQ_set_version(TS_REQ *a, long version);
- long TS_REQ_get_version(const TS_REQ *a);
-
-@@ -355,7 +299,7 @@ typedef int (*TS_extension_cb) (struct T
-
- typedef struct TS_resp_ctx TS_RESP_CTX;
-
--DEFINE_STACK_OF(EVP_MD)
-+DEFINE_STACK_OF_CONST(EVP_MD)
-
- /* Creates a response context that can be used for generating responses. */
- TS_RESP_CTX *TS_RESP_CTX_new(void);
-@@ -585,12 +529,12 @@ int TS_CONF_set_ess_cert_id_chain(CONF *
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_TS_strings(void);
-+
-+int ERR_load_TS_strings(void);
-
- /* Error codes for the TS functions. */
-
- /* Function codes. */
--# define TS_F_D2I_TS_RESP 147
- # define TS_F_DEF_SERIAL_CB 110
- # define TS_F_DEF_TIME_CB 111
- # define TS_F_ESS_ADD_SIGNING_CERT 112
-@@ -635,7 +579,6 @@ void ERR_load_TS_strings(void);
- # define TS_F_TS_RESP_SET_TST_INFO 150
- # define TS_F_TS_RESP_SIGN 136
- # define TS_F_TS_RESP_VERIFY_SIGNATURE 106
--# define TS_F_TS_RESP_VERIFY_TOKEN 107
- # define TS_F_TS_TST_INFO_SET_ACCURACY 137
- # define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138
- # define TS_F_TS_TST_INFO_SET_NONCE 139
-@@ -655,7 +598,6 @@ void ERR_load_TS_strings(void);
- # define TS_R_CERTIFICATE_VERIFY_ERROR 100
- # define TS_R_COULD_NOT_SET_ENGINE 127
- # define TS_R_COULD_NOT_SET_TIME 115
--# define TS_R_D2I_TS_RESP_INT_FAILED 128
- # define TS_R_DETACHED_CONTENT 134
- # define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116
- # define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101
-@@ -688,9 +630,8 @@ void ERR_load_TS_strings(void);
- # define TS_R_VAR_LOOKUP_FAILURE 136
- # define TS_R_WRONG_CONTENT_TYPE 114
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
-+# endif
- # endif
--# endif
--
- #endif
---- a/include/openssl/txt_db.h
-+++ b/include/openssl/txt_db.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_TXT_DB_H
-@@ -92,7 +44,7 @@ typedef struct txt_db_st {
- TXT_DB *TXT_DB_read(BIO *in, int num);
- long TXT_DB_write(BIO *out, TXT_DB *db);
- int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
-- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
-+ OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp);
- void TXT_DB_free(TXT_DB *db);
- OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
- OPENSSL_STRING *value);
---- a/include/openssl/ui.h
-+++ b/include/openssl/ui.h
-@@ -1,79 +1,29 @@
- /*
-- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
-- * 2001.
-- */
--/* ====================================================================
-- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_UI_H
- # define HEADER_UI_H
-
--# if OPENSSL_API_COMPAT < 0x10100000L
--# include <openssl/crypto.h>
--# endif
--# include <openssl/safestack.h>
--# include <openssl/ossl_typ.h>
- # include <openssl/opensslconf.h>
-
-+# ifndef OPENSSL_NO_UI
-+
-+# if OPENSSL_API_COMPAT < 0x10100000L
-+# include <openssl/crypto.h>
-+# endif
-+# include <openssl/safestack.h>
-+# include <openssl/ossl_typ.h>
-+
- #ifdef __cplusplus
- extern "C" {
- #endif
-
--/* Declared already in ossl_typ.h */
--/* typedef struct ui_st UI; */
--/* typedef struct ui_method_st UI_METHOD; */
--
- /*
- * All the following functions return -1 or NULL on error and in some cases
- * (UI_process()) -2 if interrupted or in some other way cancelled. When
-@@ -160,7 +110,7 @@ int UI_dup_error_string(UI *ui, const ch
- * each UI being marked with this flag, or the application might get
- * confused.
- */
--# define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-+# define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-
- /*-
- * The user of these routines may want to define flags of their own. The core
-@@ -172,7 +122,7 @@ int UI_dup_error_string(UI *ui, const ch
- * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
- *
- */
--# define UI_INPUT_FLAG_USER_BASE 16
-+# define UI_INPUT_FLAG_USER_BASE 16
-
- /*-
- * The following function helps construct a prompt. object_desc is a
-@@ -229,7 +179,7 @@ int UI_ctrl(UI *ui, int cmd, long i, voi
- * OpenSSL error stack before printing any info or added error messages and
- * before any prompting.
- */
--# define UI_CTRL_PRINT_ERRORS 1
-+# define UI_CTRL_PRINT_ERRORS 1
- /*
- * Check if a UI_process() is possible to do again with the same instance of
- * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0
-@@ -270,7 +220,7 @@ UI_METHOD *UI_OpenSSL(void);
- display a dialog box after it has been built.
- a reader This function is called to read a given prompt,
- maybe from the tty, maybe from a field in a
-- window. Note that it's called wth all string
-+ window. Note that it's called with all string
- structures, not only the prompt ones, so it must
- check such things itself.
- a closer This function closes the session, maybe by closing
-@@ -319,7 +269,7 @@ enum UI_string_types {
- };
-
- /* Create and manipulate methods */
--UI_METHOD *UI_create_method(char *name);
-+UI_METHOD *UI_create_method(const char *name);
- void UI_destroy_method(UI_METHOD *ui_method);
- int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
- int UI_method_set_writer(UI_METHOD *method,
-@@ -355,7 +305,7 @@ int UI_get_input_flags(UI_STRING *uis);
- /* Return the actual string to output (the prompt, info or error) */
- const char *UI_get0_output_string(UI_STRING *uis);
- /*
-- * Return the optional action string to output (the boolean promtp
-+ * Return the optional action string to output (the boolean prompt
- * instruction)
- */
- const char *UI_get0_action_string(UI_STRING *uis);
-@@ -383,14 +333,15 @@ int UI_UTIL_read_pw(char *buf, char *buf
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_UI_strings(void);
-+
-+int ERR_load_UI_strings(void);
-
- /* Error codes for the UI functions. */
-
- /* Function codes. */
- # define UI_F_GENERAL_ALLOCATE_BOOLEAN 108
- # define UI_F_GENERAL_ALLOCATE_PROMPT 109
--# define UI_F_GENERAL_ALLOCATE_STRING 100
-+# define UI_F_UI_CREATE_METHOD 112
- # define UI_F_UI_CTRL 111
- # define UI_F_UI_DUP_ERROR_STRING 101
- # define UI_F_UI_DUP_INFO_STRING 102
-@@ -410,7 +361,8 @@ void ERR_load_UI_strings(void);
- # define UI_R_RESULT_TOO_SMALL 101
- # define UI_R_UNKNOWN_CONTROL_COMMAND 106
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
-+# endif
- #endif
---- a/include/openssl/whrlpool.h
-+++ b/include/openssl/whrlpool.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #ifndef HEADER_WHRLPOOL_H
- # define HEADER_WHRLPOOL_H
-
---- a/include/openssl/x509.h
-+++ b/include/openssl/x509.h
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
-@@ -64,7 +17,7 @@
- # define HEADER_X509_H
-
- # include <openssl/e_os2.h>
--# include <openssl/opensslconf.h>
-+# include <openssl/ossl_typ.h>
- # include <openssl/symhacks.h>
- # include <openssl/buffer.h>
- # include <openssl/evp.h>
-@@ -87,12 +40,6 @@
- extern "C" {
- #endif
-
--# ifdef OPENSSL_SYS_WIN32
--/* Under Win32 these are defined in wincrypt.h */
--# undef X509_NAME
--# undef X509_EXTENSIONS
--# endif
--
- # define X509_FILETYPE_PEM 1
- # define X509_FILETYPE_ASN1 2
- # define X509_FILETYPE_DEFAULT 3
-@@ -551,6 +498,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP
- EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
- EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
- int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
-+long X509_get_pathlen(X509 *x);
- int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
- EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
- # ifndef OPENSSL_NO_RSA
-@@ -661,20 +609,20 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *
- X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
- void *asn, EVP_MD_CTX *ctx);
-
--long X509_get_version(X509 *x);
-+long X509_get_version(const X509 *x);
- int X509_set_version(X509 *x, long version);
- int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
- ASN1_INTEGER *X509_get_serialNumber(X509 *x);
- int X509_set_issuer_name(X509 *x, X509_NAME *name);
--X509_NAME *X509_get_issuer_name(X509 *a);
-+X509_NAME *X509_get_issuer_name(const X509 *a);
- int X509_set_subject_name(X509 *x, X509_NAME *name);
--X509_NAME *X509_get_subject_name(X509 *a);
--ASN1_TIME * X509_get_notBefore(X509 *x);
-+X509_NAME *X509_get_subject_name(const X509 *a);
-+ASN1_TIME * X509_get_notBefore(const X509 *x);
- int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
--ASN1_TIME *X509_get_notAfter(X509 *x);
-+ASN1_TIME *X509_get_notAfter(const X509 *x);
- int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
- int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
--void X509_up_ref(X509 *x);
-+int X509_up_ref(X509 *x);
- int X509_get_signature_type(const X509 *x);
- /*
- * This one is only used so that a binary form can output, as in
-@@ -685,14 +633,14 @@ STACK_OF(X509_EXTENSION) *X509_get0_exte
- void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x);
- X509_ALGOR *X509_get0_tbs_sigalg(X509 *x);
-
--EVP_PKEY *X509_get0_pubkey(X509 *x);
-+EVP_PKEY *X509_get0_pubkey(const X509 *x);
- EVP_PKEY *X509_get_pubkey(X509 *x);
- ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
- int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
-
--long X509_REQ_get_version(X509_REQ *req);
-+long X509_REQ_get_version(const X509_REQ *req);
- int X509_REQ_set_version(X509_REQ *x, long version);
--X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
-+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
- int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
- void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
- X509_REQ *req);
-@@ -731,12 +679,12 @@ int X509_CRL_set_issuer_name(X509_CRL *x
- int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
- int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
- int X509_CRL_sort(X509_CRL *crl);
--void X509_CRL_up_ref(X509_CRL *crl);
-+int X509_CRL_up_ref(X509_CRL *crl);
-
--long X509_CRL_get_version(X509_CRL *crl);
--ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
--ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
--X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
-+long X509_CRL_get_version(const X509_CRL *crl);
-+ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl);
-+ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl);
-+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
- STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
- STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
- void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
-@@ -748,14 +696,14 @@ ASN1_INTEGER *X509_REVOKED_get0_serialNu
- int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
- ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *x);
- int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
--STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
-+STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
-
- X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
- EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
-
- int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
-
--int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
-+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
- int X509_chain_check_suiteb(int *perror_depth,
- X509 *x, STACK_OF(X509) *chain,
- unsigned long flags);
-@@ -806,13 +754,13 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ
- unsigned long cflag);
- int X509_REQ_print(BIO *bp, X509_REQ *req);
-
--int X509_NAME_entry_count(X509_NAME *name);
-+int X509_NAME_entry_count(const X509_NAME *name);
- int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
- int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
- char *buf, int len);
-
- /*
-- * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
-+ * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
- * lastpos, search after that position on.
- */
- int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
-@@ -822,7 +770,7 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X50
- X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
- int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
- int loc, int set);
--int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc,
- int set);
- int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-@@ -839,10 +787,10 @@ int X509_NAME_add_entry_by_txt(X509_NAME
- const unsigned char *bytes, int len, int loc,
- int set);
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-- ASN1_OBJECT *obj, int type,
-+ const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes,
- int len);
--int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
- int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
- const unsigned char *bytes, int len);
- ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-@@ -864,37 +812,37 @@ X509_EXTENSION *X509v3_delete_ext(STACK_
- STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
- X509_EXTENSION *ex, int loc);
-
--int X509_get_ext_count(X509 *x);
--int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
--int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
--int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
--X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-+int X509_get_ext_count(const X509 *x);
-+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
-+int X509_get_ext_by_OBJ(const X509 *x, ASN1_OBJECT *obj, int lastpos);
-+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
-+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
- X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
- int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
--void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
- int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
- unsigned long flags);
-
--int X509_CRL_get_ext_count(X509_CRL *x);
--int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
--int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
--int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
--X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-+int X509_CRL_get_ext_count(const X509_CRL *x);
-+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
-+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
-+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
-+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
- X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
- int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
--void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
- int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
- unsigned long flags);
-
--int X509_REVOKED_get_ext_count(X509_REVOKED *x);
--int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
--int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
-+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
-+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, ASN1_OBJECT *obj,
- int lastpos);
--int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
--X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
-+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
- X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
- int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
--void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx);
- int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
- unsigned long flags);
-
-@@ -909,7 +857,7 @@ int X509_EXTENSION_set_critical(X509_EXT
- int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
- ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
- ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
--int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
-
- int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
- int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-@@ -952,7 +900,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIB
- const void *data, int len);
- void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
- void *data);
--int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
-+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
- ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
- ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-
-@@ -1035,18 +983,19 @@ int X509_TRUST_get_count(void);
- X509_TRUST *X509_TRUST_get0(int idx);
- int X509_TRUST_get_by_id(int id);
- int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
-- char *name, int arg1, void *arg2);
-+ const char *name, int arg1, void *arg2);
- void X509_TRUST_cleanup(void);
--int X509_TRUST_get_flags(X509_TRUST *xp);
--char *X509_TRUST_get0_name(X509_TRUST *xp);
--int X509_TRUST_get_trust(X509_TRUST *xp);
-+int X509_TRUST_get_flags(const X509_TRUST *xp);
-+char *X509_TRUST_get0_name(const X509_TRUST *xp);
-+int X509_TRUST_get_trust(const X509_TRUST *xp);
-
- /* BEGIN ERROR CODES */
- /*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_X509_strings(void);
-+
-+int ERR_load_X509_strings(void);
-
- /* Error codes for the X509 functions. */
-
-@@ -1054,6 +1003,7 @@ void ERR_load_X509_strings(void);
- # define X509_F_ADD_CERT_DIR 100
- # define X509_F_BUILD_CHAIN 106
- # define X509_F_BY_FILE_CTRL 101
-+# define X509_F_CHECK_NAME_CONSTRAINTS 149
- # define X509_F_CHECK_POLICY 145
- # define X509_F_DANE_I2D 107
- # define X509_F_DIR_CTRL 102
-@@ -1082,6 +1032,7 @@ void ERR_load_X509_strings(void);
- # define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
- # define X509_F_X509_NAME_ONELINE 116
- # define X509_F_X509_NAME_PRINT 117
-+# define X509_F_X509_OBJECT_NEW 150
- # define X509_F_X509_PRINT_EX_FP 118
- # define X509_F_X509_PUBKEY_DECODE 148
- # define X509_F_X509_PUBKEY_GET0 119
-@@ -1096,7 +1047,6 @@ void ERR_load_X509_strings(void);
- # define X509_F_X509_STORE_CTX_INIT 143
- # define X509_F_X509_STORE_CTX_NEW 142
- # define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
--# define X509_F_X509_STORE_GET_X509_BY_SUBJECT 149
- # define X509_F_X509_TO_X509_REQ 126
- # define X509_F_X509_TRUST_ADD 133
- # define X509_F_X509_TRUST_SET 141
-@@ -1111,7 +1061,6 @@ void ERR_load_X509_strings(void);
- # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
- # define X509_R_CRL_ALREADY_DELTA 127
- # define X509_R_CRL_VERIFY_FAILURE 131
--# define X509_R_ERR_ASN1_LIB 102
- # define X509_R_IDP_MISMATCH 128
- # define X509_R_INVALID_DIRECTORY 113
- # define X509_R_INVALID_FIELD_NAME 119
-@@ -1122,6 +1071,7 @@ void ERR_load_X509_strings(void);
- # define X509_R_LOADING_CERT_DIR 103
- # define X509_R_LOADING_DEFAULTS 104
- # define X509_R_METHOD_NOT_SUPPORTED 124
-+# define X509_R_NAME_TOO_LONG 134
- # define X509_R_NEWER_CRL_NOT_NEWER 132
- # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
- # define X509_R_NO_CRL_NUMBER 130
-@@ -1138,7 +1088,7 @@ void ERR_load_X509_strings(void);
- # define X509_R_WRONG_LOOKUP_TYPE 112
- # define X509_R_WRONG_TYPE 122
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/include/openssl/x509_vfy.h
-+++ b/include/openssl/x509_vfy.h
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_X509_VFY_H
-@@ -93,10 +45,14 @@ certificate chain.
- */
-
- typedef enum {
-- X509_LU_RETRY = -1,
-- X509_LU_FAIL, X509_LU_X509, X509_LU_CRL
-+ X509_LU_NONE = 0,
-+ X509_LU_X509, X509_LU_CRL
- } X509_LOOKUP_TYPE;
-
-+#if OPENSSL_API_COMPAT < 0x10100000L
-+#define X509_LU_RETRY -1
-+#define X509_LU_FAIL 0
-+#endif
-
- DEFINE_STACK_OF(X509_LOOKUP)
- DEFINE_STACK_OF(X509_OBJECT)
-@@ -104,8 +60,25 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)
-
- int X509_STORE_set_depth(X509_STORE *store, int depth);
-
--# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
--# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
-+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
-+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
-+ X509_STORE_CTX *ctx, X509 *x);
-+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
-+ X509 *x, X509 *issuer);
-+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
-+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
-+ X509_CRL **crl, X509 *x);
-+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
-+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
-+ X509_CRL *crl, X509 *x);
-+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
-+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
-+ X509_NAME *nm);
-+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
-+ X509_NAME *nm);
-+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
-+
-
- void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
-
-@@ -199,6 +172,14 @@ void X509_STORE_CTX_set_depth(X509_STORE
- # define X509_V_ERR_EE_KEY_TOO_SMALL 66
- # define X509_V_ERR_CA_KEY_TOO_SMALL 67
- # define X509_V_ERR_CA_MD_TOO_WEAK 68
-+/* Caller error */
-+# define X509_V_ERR_INVALID_CALL 69
-+/* Issuer lookup error */
-+# define X509_V_ERR_STORE_LOOKUP 70
-+/* Certificate transparency */
-+# define X509_V_ERR_NO_VALID_SCTS 71
-+
-+# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
-
- /* Certificate verify flags */
-
-@@ -231,7 +212,7 @@ void X509_STORE_CTX_set_depth(X509_STORE
- # define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
- /* Delta CRL support */
- # define X509_V_FLAG_USE_DELTAS 0x2000
--/* Check selfsigned CA signature */
-+/* Check self-signed CA signature */
- # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
- /* Use trusted store first */
- # define X509_V_FLAG_TRUSTED_FIRST 0x8000
-@@ -264,34 +245,80 @@ void X509_STORE_CTX_set_depth(X509_STORE
- | X509_V_FLAG_INHIBIT_ANY \
- | X509_V_FLAG_INHIBIT_MAP)
-
--int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
- X509_NAME *name);
- X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
-- int type, X509_NAME *name);
-+ X509_LOOKUP_TYPE type,
-+ X509_NAME *name);
- X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
- X509_OBJECT *x);
--void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
-+X509_OBJECT *X509_OBJECT_new(void);
- void X509_OBJECT_free(X509_OBJECT *a);
--X509 *X509_OBJECT_get0_X509(X509_OBJECT *a);
--void X509_OBJECT_free_contents(X509_OBJECT *a);
-+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
-+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
-+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
- X509_STORE *X509_STORE_new(void);
- void X509_STORE_free(X509_STORE *v);
-+int X509_STORE_lock(X509_STORE *ctx);
-+int X509_STORE_unlock(X509_STORE *ctx);
- int X509_STORE_up_ref(X509_STORE *v);
-+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
-
--STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
--STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
-+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
-+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
- int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
- int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
- int X509_STORE_set_trust(X509_STORE *ctx, int trust);
- int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
-
-+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
-+#define X509_STORE_set_verify_func(ctx, func) \
-+ X509_STORE_set_verify((ctx),(func))
-+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
- void X509_STORE_set_verify_cb(X509_STORE *ctx,
-- int (*verify_cb) (int, X509_STORE_CTX *));
--
--void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-- STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
-- *ctx,
-- X509_NAME *nm));
-+ X509_STORE_CTX_verify_cb verify_cb);
-+# define X509_STORE_set_verify_cb_func(ctx,func) \
-+ X509_STORE_set_verify_cb((ctx),(func))
-+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx);
-+void X509_STORE_set_get_issuer(X509_STORE *ctx,
-+ X509_STORE_CTX_get_issuer_fn get_issuer);
-+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx);
-+void X509_STORE_set_check_issued(X509_STORE *ctx,
-+ X509_STORE_CTX_check_issued_fn check_issued);
-+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx);
-+void X509_STORE_set_check_revocation(X509_STORE *ctx,
-+ X509_STORE_CTX_check_revocation_fn check_revocation);
-+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx);
-+void X509_STORE_set_get_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_get_crl_fn get_crl);
-+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx);
-+void X509_STORE_set_check_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_check_crl_fn check_crl);
-+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx);
-+void X509_STORE_set_cert_crl(X509_STORE *ctx,
-+ X509_STORE_CTX_cert_crl_fn cert_crl);
-+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx);
-+void X509_STORE_set_check_policy(X509_STORE *ctx,
-+ X509_STORE_CTX_check_policy_fn check_policy);
-+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx);
-+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_certs_fn lookup_certs);
-+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);
-+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
-+ X509_STORE_CTX_lookup_crls_fn lookup_crls);
-+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
-+ X509_STORE_set_lookup_crls((ctx), (func))
-+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx);
-+void X509_STORE_set_cleanup(X509_STORE *ctx,
-+ X509_STORE_CTX_cleanup_fn cleanup);
-+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx);
-+
-+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
-+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx);
-
- X509_STORE_CTX *X509_STORE_CTX_new(void);
-
-@@ -307,14 +334,29 @@ X509_STORE *X509_STORE_CTX_get0_store(X5
- X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
- STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
--typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
--typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
- void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
- X509_STORE_CTX_verify_cb verify);
- X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
--void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
-- X509_STORE_CTX_verify verify);
--X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
-+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
-+
-+#if OPENSSL_API_COMPAT < 0x10100000L
-+# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
-+# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
-+# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
-+# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
-+# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
-+# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
-+#endif
-
- X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
- X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-@@ -323,10 +365,11 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(voi
- int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
- int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-
--int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-- X509_OBJECT *ret);
--X509_OBJECT *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, int type,
-- X509_NAME *name);
-+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, X509_OBJECT *ret);
-+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
-+ X509_LOOKUP_TYPE type,
-+ X509_NAME *name);
-
- int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
- long argl, char **ret);
-@@ -338,15 +381,16 @@ int X509_load_cert_crl_file(X509_LOOKUP
- X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
- void X509_LOOKUP_free(X509_LOOKUP *ctx);
- int X509_LOOKUP_init(X509_LOOKUP *ctx);
--int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-- X509_OBJECT *ret);
--int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-- ASN1_INTEGER *serial, X509_OBJECT *ret);
--int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, X509_OBJECT *ret);
-+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ X509_NAME *name, ASN1_INTEGER *serial,
-+ X509_OBJECT *ret);
-+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- unsigned char *bytes, int len,
- X509_OBJECT *ret);
--int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-- X509_OBJECT *ret);
-+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-+ char *str, int len, X509_OBJECT *ret);
- int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-
- int X509_STORE_load_locations(X509_STORE *ctx,
-@@ -360,7 +404,9 @@ void *X509_STORE_CTX_get_ex_data(X509_ST
- int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
- int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
- X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
- X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
- X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
- X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
-@@ -376,8 +422,6 @@ int X509_STORE_CTX_purpose_inherit(X509_
- void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
- void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
- time_t t);
--void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-- int (*verify_cb) (int, X509_STORE_CTX *));
-
- X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
- int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
-@@ -392,6 +436,7 @@ int X509_STORE_CTX_set_default(X509_STOR
- * offline testing in test/danetest.c
- */
- void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
-+#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
-
- /* X509_VERIFY_PARAM functions */
-
---- a/include/openssl/x509v3.h
-+++ b/include/openssl/x509v3.h
-@@ -1,60 +1,12 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
-- * 1999.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #ifndef HEADER_X509V3_H
- # define HEADER_X509V3_H
-
-@@ -66,12 +18,6 @@
- extern "C" {
- #endif
-
--# ifdef OPENSSL_SYS_WIN32
--/* Under Win32 these are defined in wincrypt.h */
--# undef X509_NAME
--# undef X509_EXTENSIONS
--# endif
--
- /* Forward reference */
- struct v3_ext_method;
- struct v3_ext_ctx;
-@@ -122,8 +68,8 @@ struct v3_ext_method {
- };
-
- typedef struct X509V3_CONF_METHOD_st {
-- char *(*get_string) (void *db, char *section, char *value);
-- STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section);
-+ char *(*get_string) (void *db, const char *section, const char *value);
-+ STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
- void (*free_string) (void *db, char *string);
- void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
- } X509V3_CONF_METHOD;
-@@ -503,13 +449,13 @@ DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS
- DECLARE_ASN1_FUNCTIONS(SXNET)
- DECLARE_ASN1_FUNCTIONS(SXNETID)
-
--int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
--int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
-+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
-+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
- int userlen);
--int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user,
-+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
- int userlen);
-
--ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
-+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
- ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
- ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-
-@@ -529,7 +475,7 @@ STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRIN
- STACK_OF(CONF_VALUE) *extlist);
- char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
- ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-- X509V3_CTX *ctx, char *str);
-+ X509V3_CTX *ctx, const char *str);
-
- STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
- GENERAL_NAME *gen,
-@@ -578,6 +524,7 @@ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POIN
- int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
-
- int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
-+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
-
- DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
- DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-@@ -597,8 +544,8 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
-
- GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
- const X509V3_EXT_METHOD *method,
-- X509V3_CTX *ctx, int gen_type, char *value,
-- int is_nc);
-+ X509V3_CTX *ctx, int gen_type,
-+ const char *value, int is_nc);
-
- # ifdef HEADER_CONF_H
- GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
-@@ -610,31 +557,31 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERA
- void X509V3_conf_free(CONF_VALUE *val);
-
- X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-- char *value);
--X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-- char *value);
--int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-+ const char *value);
-+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
-+ const char *value);
-+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
- STACK_OF(X509_EXTENSION) **sk);
--int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
- X509 *cert);
--int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
- X509_REQ *req);
--int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
- X509_CRL *crl);
-
- X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
- X509V3_CTX *ctx, int ext_nid,
-- char *value);
-+ const char *value);
- X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *name, char *value);
-+ const char *name, const char *value);
- int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *section, X509 *cert);
-+ const char *section, X509 *cert);
- int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *section, X509_REQ *req);
-+ const char *section, X509_REQ *req);
- int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-- char *section, X509_CRL *crl);
-+ const char *section, X509_CRL *crl);
-
--int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
- int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
- int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-@@ -642,8 +589,8 @@ void X509V3_set_nconf(X509V3_CTX *ctx, C
- void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
- # endif
-
--char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
--STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section);
-+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
-+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
- void X509V3_string_free(X509V3_CTX *ctx, char *str);
- void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
- void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-@@ -657,8 +604,8 @@ int X509V3_add_value_bool(const char *na
- STACK_OF(CONF_VALUE) **extlist);
- int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
- STACK_OF(CONF_VALUE) **extlist);
--char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
--ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
-+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
- char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
- char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
- ASN1_ENUMERATED *aint);
-@@ -672,14 +619,14 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_
- int X509V3_add_standard_extensions(void);
- STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
- void *X509V3_EXT_d2i(X509_EXTENSION *ext);
--void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
-+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
- int *idx);
-
- X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
- int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
- int crit, unsigned long flags);
-
--#if OPENSSL_API_COMPAT < 0x00101000L
-+#if OPENSSL_API_COMPAT < 0x10100000L
- /* The new declarations are in crypto.h, but the old ones were here. */
- # define hex_to_string OPENSSL_buf2hexstr
- # define string_to_hex OPENSSL_hexstr2buf
-@@ -702,6 +649,9 @@ int X509_supported_extension(X509_EXTENS
- int X509_PURPOSE_set(int *p, int purpose);
- int X509_check_issued(X509 *issuer, X509 *subject);
- int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
-+void X509_set_proxy_flag(X509 *x);
-+void X509_set_proxy_pathlen(X509 *x, long l);
-+long X509_get_proxy_pathlen(X509 *x);
-
- uint32_t X509_get_extension_flags(X509 *x);
- uint32_t X509_get_key_usage(X509 *x);
-@@ -710,16 +660,16 @@ const ASN1_OCTET_STRING *X509_get0_subje
-
- int X509_PURPOSE_get_count(void);
- X509_PURPOSE *X509_PURPOSE_get0(int idx);
--int X509_PURPOSE_get_by_sname(char *sname);
-+int X509_PURPOSE_get_by_sname(const char *sname);
- int X509_PURPOSE_get_by_id(int id);
- int X509_PURPOSE_add(int id, int trust, int flags,
- int (*ck) (const X509_PURPOSE *, const X509 *, int),
-- char *name, char *sname, void *arg);
--char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
--char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
--int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
-+ const char *name, const char *sname, void *arg);
-+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
-+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
-+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
- void X509_PURPOSE_cleanup(void);
--int X509_PURPOSE_get_id(X509_PURPOSE *);
-+int X509_PURPOSE_get_id(const X509_PURPOSE *);
-
- STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
- STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-@@ -758,7 +708,6 @@ int X509_check_ip_asc(X509 *x, const cha
-
- ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
- ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
--int a2i_ipadd(unsigned char *ipout, const char *ipasc);
- int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
- unsigned long chtype);
-
-@@ -916,7 +865,8 @@ int X509v3_addr_validate_resource_set(ST
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
--void ERR_load_X509V3_strings(void);
-+
-+int ERR_load_X509V3_strings(void);
-
- /* Error codes for the X509V3 functions. */
-
-@@ -928,10 +878,8 @@ void ERR_load_X509V3_strings(void);
- # define X509V3_F_COPY_EMAIL 122
- # define X509V3_F_COPY_ISSUER 123
- # define X509V3_F_DO_DIRNAME 144
--# define X509V3_F_DO_EXT_CONF 124
- # define X509V3_F_DO_EXT_I2D 135
- # define X509V3_F_DO_EXT_NCONF 151
--# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
- # define X509V3_F_GNAMES_FROM_SECTNAME 156
- # define X509V3_F_I2S_ASN1_ENUMERATED 121
- # define X509V3_F_I2S_ASN1_IA5STRING 149
-@@ -946,7 +894,6 @@ void ERR_load_X509V3_strings(void);
- # define X509V3_F_S2I_ASN1_IA5STRING 100
- # define X509V3_F_S2I_ASN1_INTEGER 108
- # define X509V3_F_S2I_ASN1_OCTET_STRING 112
--# define X509V3_F_S2I_ASN1_SKEY_ID 114
- # define X509V3_F_S2I_SKEY_ID 115
- # define X509V3_F_SET_DIST_POINT_NAME 158
- # define X509V3_F_SXNET_ADD_ID_ASC 125
-@@ -976,7 +923,6 @@ void ERR_load_X509V3_strings(void);
- # define X509V3_F_X509V3_ADD_VALUE 105
- # define X509V3_F_X509V3_EXT_ADD 104
- # define X509V3_F_X509V3_EXT_ADD_ALIAS 106
--# define X509V3_F_X509V3_EXT_CONF 107
- # define X509V3_F_X509V3_EXT_I2D 136
- # define X509V3_F_X509V3_EXT_NCONF 152
- # define X509V3_F_X509V3_GET_SECTION 142
-@@ -1036,13 +982,11 @@ void ERR_load_X509V3_strings(void);
- # define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
- # define X509V3_R_NO_PUBLIC_KEY 114
- # define X509V3_R_NO_SUBJECT_DETAILS 125
--# define X509V3_R_ODD_NUMBER_OF_DIGITS 112
- # define X509V3_R_OPERATION_NOT_DEFINED 148
- # define X509V3_R_OTHERNAME_ERROR 147
- # define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155
- # define X509V3_R_POLICY_PATH_LENGTH 156
- # define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157
--# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
- # define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
- # define X509V3_R_SECTION_NOT_FOUND 150
- # define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
-@@ -1055,7 +999,7 @@ void ERR_load_X509V3_strings(void);
- # define X509V3_R_UNSUPPORTED_TYPE 167
- # define X509V3_R_USER_TOO_LONG 132
-
--#ifdef __cplusplus
-+# ifdef __cplusplus
- }
--#endif
-+# endif
- #endif
---- a/ms/applink.c
-+++ b/ms/applink.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #define APPLINK_STDIN 1
- #define APPLINK_STDOUT 2
- #define APPLINK_STDERR 3
---- a/ms/cmp.pl
-+++ b/ms/cmp.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- ($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
-
---- a/ms/segrenam.pl
-+++ b/ms/segrenam.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- my $quiet = 1;
-
---- a/ms/uplink-common.pl
-+++ b/ms/uplink-common.pl
-@@ -1,5 +1,11 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # pull APPLINK_MAX value from applink.c...
- $applink_c=$0;
- $applink_c=~s|[^/\\]+$||g;
---- a/ms/uplink-ia64.pl
-+++ b/ms/uplink-ia64.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- $output = pop;
- open STDOUT,">$output";
---- a/ms/uplink-x86.pl
-+++ b/ms/uplink-x86.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC, "${dir}.", "${dir}../crypto/perlasm");
---- a/ms/uplink-x86_64.pl
-+++ b/ms/uplink-x86_64.pl
-@@ -1,8 +1,14 @@
--#!/usr/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- $output=pop;
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
--open OUT,"| \"$^X\" ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
-+open OUT,"| \"$^X\" \"${dir}../crypto/perlasm/x86_64-xlate.pl\" \"$output\"";
- *STDOUT=*OUT;
- push(@INC,"${dir}.");
-
---- a/ms/uplink.c
-+++ b/ms/uplink.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
- # define UNICODE
- #endif
---- a/ms/uplink.h
-+++ b/ms/uplink.h
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #define APPMACROS_ONLY
- #include "applink.c"
-
---- a/openssl.spec
-+++ /dev/null
-@@ -1,210 +0,0 @@
--%define _unpackaged_files_terminate_build 0
--
--Release: 1
--
--%define openssldir /var/ssl
--
--Summary: Secure Sockets Layer and cryptography libraries and tools
--Name: openssl
--Version: 1.1.0
--#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
--Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
--License: OpenSSL
--Group: System Environment/Libraries
--Provides: SSL
--URL: https://www.openssl.org/
--Packager: Damien Miller <djm at mindrot.org>
--BuildRoot: /var/tmp/%{name}-%{version}-root
--
--%description
--The OpenSSL Project is a collaborative effort to develop a robust,
--commercial-grade, fully featured, and Open Source toolkit implementing the
--Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
--protocols as well as a full-strength general purpose cryptography library.
--The project is managed by a worldwide community of volunteers that use the
--Internet to communicate, plan, and develop the OpenSSL tookit and its related
--documentation.
--
--OpenSSL is based on the excellent SSLeay library developed from Eric A.
--Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
--Apache-style licence, which basically means that you are free to get and
--use it for commercial and non-commercial purposes.
--
--This package contains the base OpenSSL cryptography and SSL/TLS
--libraries and tools.
--
--%package devel
--Summary: Secure Sockets Layer and cryptography static libraries and headers
--Group: Development/Libraries
--Requires: openssl
--%description devel
--The OpenSSL Project is a collaborative effort to develop a robust,
--commercial-grade, fully featured, and Open Source toolkit implementing the
--Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
--protocols as well as a full-strength general purpose cryptography library.
--The project is managed by a worldwide community of volunteers that use the
--Internet to communicate, plan, and develop the OpenSSL tookit and its related
--documentation.
--
--OpenSSL is based on the excellent SSLeay library developed from Eric A.
--Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
--Apache-style licence, which basically means that you are free to get and
--use it for commercial and non-commercial purposes.
--
--This package contains the the OpenSSL cryptography and SSL/TLS
--static libraries and header files required when developing applications.
--
--%package doc
--Summary: OpenSSL miscellaneous files
--Group: Documentation
--Requires: openssl
--%description doc
--The OpenSSL Project is a collaborative effort to develop a robust,
--commercial-grade, fully featured, and Open Source toolkit implementing the
--Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
--protocols as well as a full-strength general purpose cryptography library.
--The project is managed by a worldwide community of volunteers that use the
--Internet to communicate, plan, and develop the OpenSSL tookit and its related
--documentation.
--
--OpenSSL is based on the excellent SSLeay library developed from Eric A.
--Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
--Apache-style licence, which basically means that you are free to get and
--use it for commercial and non-commercial purposes.
--
--This package contains the the OpenSSL cryptography and SSL/TLS extra
--documentation and POD files from which the man pages were produced.
--
--%prep
--
--%setup -q
--
--%build
--
--%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
--
--perl util/perlpath.pl /usr/bin/perl
--
--%ifarch i386 i486 i586 i686
--./Configure %{CONFIG_FLAGS} linux-elf shared
--%endif
--%ifarch ppc
--./Configure %{CONFIG_FLAGS} linux-ppc shared
--%endif
--%ifarch alpha
--./Configure %{CONFIG_FLAGS} linux-alpha shared
--%endif
--%ifarch x86_64
--./Configure %{CONFIG_FLAGS} linux-x86_64 shared
--%endif
--LD_LIBRARY_PATH=`pwd` make
--LD_LIBRARY_PATH=`pwd` make rehash
--LD_LIBRARY_PATH=`pwd` make test
--
--%install
--rm -rf $RPM_BUILD_ROOT
--make MANDIR=/usr/man MANSUFFIX=ssl DESTDIR="$RPM_BUILD_ROOT" install
--
--# Make backwards-compatibility symlink to ssleay
--ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
--
--%clean
--rm -rf $RPM_BUILD_ROOT
--
--%files
--%defattr(0644,root,root,0755)
--%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
--
--%attr(0755,root,root) /usr/bin/*
--%attr(0755,root,root) /usr/lib/*.so*
--%attr(0755,root,root) %{openssldir}/misc/*
--%attr(0644,root,root) /usr/man/man[157]/*
--
--%config %attr(0644,root,root) %{openssldir}/openssl.cnf
--%dir %attr(0755,root,root) %{openssldir}/certs
--%dir %attr(0755,root,root) %{openssldir}/misc
--%dir %attr(0750,root,root) %{openssldir}/private
--
--%files devel
--%defattr(0644,root,root,0755)
--%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
--
--%attr(0644,root,root) /usr/lib/*.a
--%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
--%attr(0644,root,root) /usr/include/openssl/*
--%attr(0644,root,root) /usr/man/man[3]/*
--
--%files doc
--%defattr(0644,root,root,0755)
--%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
--%doc doc
--
--%post
--ldconfig
--
--%postun
--ldconfig
--
--%changelog
--* Sun Jun 6 2005 Richard Levitte <richard at levitte.org>
--- Remove the incorrect installation of '%{openssldir}/lib'.
--* Wed May 7 2003 Richard Levitte <richard at levitte.org>
--- Add /usr/lib/pkgconfig/openssl.pc to the development section.
--* Thu Mar 22 2001 Richard Levitte <richard at levitte.org>
--- Removed redundant subsection that re-installed libcrypto.a and libssl.a
-- as well. Also remove RSAref stuff completely, since it's not needed
-- any more.
--* Thu Mar 15 2001 Jeremiah Johnson <jjohnson at penguincomputing.com>
--- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
-- libssl.so.0.9.6. As well as the subsection that created symlinks for
-- these. make install handles all this.
--* Sat Oct 21 2000 Horms <horms at vergenet.net>
--- Make sure symlinks are created by using -f flag to ln.
-- Otherwise some .so libraries are copied rather than
-- linked in the resulting binary RPM. This causes the package
-- to be larger than necessary and makes ldconfig complain.
--* Fri Oct 13 2000 Horms <horms at vergenet.net>
--- Make defattr is set for files in all packages so packages built as
-- non-root will still be installed with files owned by root.
--* Thu Sep 14 2000 Richard Levitte <richard at levitte.org>
--- Changed to adapt to the new (supported) way of making shared libraries
--- Installs all static libraries, not just libRSAglue.a
--- Extra documents now end up in a separate document package
--* Sun Feb 27 2000 Damien Miller <djm at mindrot.org>
--- Merged patches to spec
--- Updated to 0.9.5beta2 (now with manpages)
--* Sat Feb 5 2000 Michal Jaegermann <michal at harddata.com>
--- added 'linux-alpha' to configuration
--- fixed nasty absolute links
--* Tue Jan 25 2000 Bennett Todd <bet at rahul.net>
--- Added -DSSL_ALLOW_ADH, bumped Release to 4
--* Thu Oct 14 1999 Damien Miller <djm at mindrot.org>
--- Set default permissions
--- Removed documentation from devel sub-package
--* Thu Sep 30 1999 Damien Miller <djm at mindrot.org>
--- Added "make test" stage
--- GPG signed
--* Tue Sep 10 1999 Damien Miller <damien at ibs.com.au>
--- Updated to version 0.9.4
--* Tue May 25 1999 Damien Miller <damien at ibs.com.au>
--- Updated to version 0.9.3
--- Added attributes for all files
--- Paramatised openssl directory
--* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas at jmconsultores.com.pe>
--- Added "official" bnrec patch and taking other out
--- making a link from ssleay to openssl binary
--- putting all changelog together on SPEC file
--* Fri Mar 5 1999 Henri Gomez <gomez at slib.fr>
--- Added bnrec patch
--* Tue Dec 29 1998 Jonathan Ruano <kobalt at james.encomix.es>
--- minimum spec and patches changes for openssl
--- modified for openssl sources
--* Sat Aug 8 1998 Khimenko Victor <khim at sch57.msk.ru>
--- shared library creating process honours $RPM_OPT_FLAGS
--- shared libarry supports threads (as well as static library)
--* Wed Jul 22 1998 Khimenko Victor <khim at sch57.msk.ru>
--- building of shared library completely reworked
--* Tue Jul 21 1998 Khimenko Victor <khim at sch57.msk.ru>
--- RPM is BuildRoot'ed
--* Tue Feb 10 1998 Khimenko Victor <khim at sch57.msk.ru>
--- all stuff is moved out of /usr/local
---- /dev/null
-+++ b/os-dep/haiku.h
-@@ -0,0 +1,2 @@
-+#include <sys/select.h>
-+#include <sys/time.h>
---- a/ssl/Makefile.in
-+++ /dev/null
-@@ -1,81 +0,0 @@
--#
--# OpenSSL/ssl/Makefile
--#
--
--DIR= ssl
--TOP= ..
--CC= cc
--INCLUDES= -I$(TOP) -I../include
--CFLAG=-g
--MAKEFILE= Makefile
--AR= ar r
--
--CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG)
--
--GENERAL=Makefile README ssl-lib.com install.com
--
--LIB=$(TOP)/libssl.a
--SHARED_LIB= libssl$(SHLIB_EXT)
--LIBSRC= \
-- pqueue.c \
-- statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \
-- statem/statem_lib.c s3_cbc.c s3_msg.c \
-- methods.c t1_lib.c t1_enc.c t1_ext.c \
-- d1_lib.c record/rec_layer_d1.c d1_msg.c \
-- statem/statem_dtls.c d1_srtp.c \
-- ssl_lib.c ssl_cert.c ssl_sess.c \
-- ssl_ciph.c ssl_stat.c ssl_rsa.c \
-- ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \
-- bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
-- record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
-- statem/statem.c
--LIBOBJ= \
-- pqueue.o \
-- statem/statem_srvr.o statem/statem_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \
-- statem/statem_lib.o s3_cbc.o s3_msg.o \
-- methods.o t1_lib.o t1_enc.o t1_ext.o \
-- d1_lib.o record/rec_layer_d1.o d1_msg.o \
-- statem/statem_dtls.o d1_srtp.o\
-- ssl_lib.o ssl_cert.o ssl_sess.o \
-- ssl_ciph.o ssl_stat.o ssl_rsa.o \
-- ssl_asn1.o ssl_txt.o ssl_init.o ssl_conf.o ssl_mcnf.o \
-- bio_ssl.o ssl_err.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \
-- record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o \
-- statem/statem.o
--
--SRC= $(LIBSRC)
--
--HEADER= ssl_locl.h record/record_locl.h record/record.h statem/statem.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--# BSD make and GNU make disagree on where output goes
--.c.o:
-- $(CC) $(CFLAGS) -c $< -o $@
--
--top:
-- (cd ..; $(MAKE) DIRS=$(DIR) all)
--
--all: shared
--
--lib: $(LIBOBJ)
-- $(AR) $(LIB) $(LIBOBJ)
-- $(RANLIB) $(LIB) || echo Never mind.
-- @touch lib
--
--shared: lib
-- if [ -n "$(SHARED_LIBS)" ]; then \
-- (cd ..; $(MAKE) $(SHARED_LIB)); \
-- fi
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(LIBSRC)
--
--clean:
-- rm -f $(LIBOBJ) *.obj lib tags core .pure .nfs* *.old *.bak fluff
-- rm -f record/*.obj record/lib record/retags record/core \
-- record/.pure record/.nfs* record/*.old record/*.bak record/fluff
-- rm -f statem/*.obj statem/lib statem/retags statem/core \
-- statem/.pure statem/.nfs* statem/*.old statem/*.bak statem/fluff
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/ssl/bio_ssl.c
-+++ b/ssl/bio_ssl.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -375,23 +327,19 @@ static long ssl_ctrl(BIO *b, int cmd, lo
- break;
- case BIO_CTRL_PUSH:
- if ((next != NULL) && (next != ssl->rbio)) {
-+ /*
-+ * We are going to pass ownership of next to the SSL object...but
-+ * we don't own a reference to pass yet - so up ref
-+ */
-+ BIO_up_ref(next);
- SSL_set_bio(ssl, next, next);
-- BIO_up_ref(b);
- }
- break;
- case BIO_CTRL_POP:
- /* Only detach if we are the BIO explicitly being popped */
- if (b == ptr) {
-- /*
-- * Shouldn't happen in practice because the rbio and wbio are the
-- * same when pushed.
-- */
-- if (ssl->rbio != ssl->wbio)
-- BIO_free_all(ssl->wbio);
-- if (next != NULL)
-- BIO_free(next);
-- ssl->wbio = NULL;
-- ssl->rbio = NULL;
-+ /* This will clear the reference we obtained during push */
-+ SSL_set_bio(ssl, NULL, NULL);
- }
- break;
- case BIO_C_DO_STATE_MACHINE:
-@@ -424,10 +372,11 @@ static long ssl_ctrl(BIO *b, int cmd, lo
- dbs = BIO_get_data(dbio);
- SSL_free(dbs->ssl);
- dbs->ssl = SSL_dup(ssl);
-- dbs->renegotiate_count = dbs->renegotiate_count;
-- dbs->byte_count = dbs->byte_count;
-- dbs->renegotiate_timeout = dbs->renegotiate_timeout;
-- dbs->last_time = dbs->last_time;
-+ dbs->num_renegotiates = bs->num_renegotiates;
-+ dbs->renegotiate_count = bs->renegotiate_count;
-+ dbs->byte_count = bs->byte_count;
-+ dbs->renegotiate_timeout = bs->renegotiate_timeout;
-+ dbs->last_time = bs->last_time;
- ret = (dbs->ssl != NULL);
- break;
- case BIO_C_GET_FD:
---- a/ssl/d1_lib.c
-+++ b/ssl/d1_lib.c
-@@ -1,59 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -131,7 +82,7 @@ int dtls1_new(SSL *s)
- if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
- return 0;
- }
--
-+
- if (!ssl3_new(s))
- return (0);
- if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
-@@ -327,7 +278,7 @@ struct timeval *dtls1_get_timeout(SSL *s
-
- /*
- * If remaining time is less than 15 ms, set it to 0 to prevent issues
-- * because of small devergences with socket timeouts.
-+ * because of small divergences with socket timeouts.
- */
- if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
- memset(timeleft, 0, sizeof(*timeleft));
-@@ -482,7 +433,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
- rbio = SSL_get_rbio(s);
- wbio = SSL_get_wbio(s);
-
-- if(!rbio || !wbio) {
-+ if (!rbio || !wbio) {
- SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
- return -1;
- }
-@@ -536,7 +487,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
- n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
-
- if (n <= 0) {
-- if(BIO_should_retry(rbio)) {
-+ if (BIO_should_retry(rbio)) {
- /* Non-blocking IO */
- goto end;
- }
-@@ -630,7 +581,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
- }
-
- /* Message sequence number can only be 0 or 1 */
-- if(msgseq > 2) {
-+ if (msgseq > 2) {
- SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
- goto end;
- }
-@@ -797,18 +748,18 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
- }
-
- /*
-- * This is unneccessary if rbio and wbio are one and the same - but
-+ * This is unnecessary if rbio and wbio are one and the same - but
- * maybe they're not. We ignore errors here - some BIOs do not
- * support this.
- */
-- if(BIO_dgram_get_peer(rbio, tmpclient) > 0) {
-+ if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
- (void)BIO_dgram_set_peer(wbio, tmpclient);
- }
- BIO_ADDR_free(tmpclient);
- tmpclient = NULL;
-
- if (BIO_write(wbio, buf, reclen) < (int)reclen) {
-- if(BIO_should_retry(wbio)) {
-+ if (BIO_should_retry(wbio)) {
- /*
- * Non-blocking IO...but we're stateless, so we're just
- * going to drop this packet.
-@@ -819,7 +770,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
- }
-
- if (BIO_flush(wbio) <= 0) {
-- if(BIO_should_retry(wbio)) {
-+ if (BIO_should_retry(wbio)) {
- /*
- * Non-blocking IO...but we're stateless, so we're just
- * going to drop this packet.
-@@ -887,6 +838,14 @@ static int dtls1_handshake_write(SSL *s)
- }
-
- #ifndef OPENSSL_NO_HEARTBEATS
-+
-+#define HEARTBEAT_SIZE(payload, padding) ( \
-+ 1 /* heartbeat type */ + \
-+ 2 /* heartbeat length */ + \
-+ (payload) + (padding))
-+
-+#define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16)
-+
- int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
- {
- unsigned char *pl;
-@@ -898,32 +857,27 @@ int dtls1_process_heartbeat(SSL *s, unsi
- s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT,
- p, length, s, s->msg_callback_arg);
-
-- /* Read type and payload length first */
-- if (1 + 2 + 16 > length)
-+ /* Read type and payload length */
-+ if (HEARTBEAT_SIZE_STD(0) > length)
- return 0; /* silently discard */
- if (length > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0; /* silently discard per RFC 6520 sec. 4 */
-
- hbtype = *p++;
- n2s(p, payload);
-- if (1 + 2 + payload + 16 > length)
-+ if (HEARTBEAT_SIZE_STD(payload) > length)
- return 0; /* silently discard per RFC 6520 sec. 4 */
- pl = p;
-
- if (hbtype == TLS1_HB_REQUEST) {
- unsigned char *buffer, *bp;
-- unsigned int write_length = 1 /* heartbeat type */ +
-- 2 /* heartbeat length */ +
-- payload + padding;
-+ unsigned int write_length = HEARTBEAT_SIZE(payload, padding);
- int r;
-
- if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
-
-- /*
-- * Allocate memory for the response, size is 1 byte message type,
-- * plus 2 bytes payload length, plus payload, plus padding
-- */
-+ /* Allocate memory for the response. */
- buffer = OPENSSL_malloc(write_length);
- if (buffer == NULL)
- return -1;
-@@ -975,6 +929,7 @@ int dtls1_heartbeat(SSL *s)
- int ret = -1;
- unsigned int payload = 18; /* Sequence number + random bytes */
- unsigned int padding = 16; /* Use minimum padding */
-+ unsigned int size;
-
- /* Only send if peer supports and accepts HB requests... */
- if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) ||
-@@ -997,15 +952,11 @@ int dtls1_heartbeat(SSL *s)
-
- /*-
- * Create HeartBeat message, we just use a sequence number
-- * as payload to distuingish different messages and add
-+ * as payload to distinguish different messages and add
- * some random stuff.
-- * - Message Type, 1 byte
-- * - Payload Length, 2 bytes (unsigned int)
-- * - Payload, the sequence number (2 bytes uint)
-- * - Payload, random bytes (16 bytes uint)
-- * - Padding
- */
-- buf = OPENSSL_malloc(1 + 2 + payload + padding);
-+ size = HEARTBEAT_SIZE(payload, padding);
-+ buf = OPENSSL_malloc(size);
- if (buf == NULL) {
- SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE);
- return -1;
-@@ -1029,11 +980,11 @@ int dtls1_heartbeat(SSL *s)
- goto err;
- }
-
-- ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-+ ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size);
- if (ret >= 0) {
- if (s->msg_callback)
- s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
-- buf, 3 + payload + padding,
-+ buf, size,
- s, s->msg_callback_arg);
-
- dtls1_start_timer(s);
---- a/ssl/d1_msg.c
-+++ b/ssl/d1_msg.c
-@@ -1,120 +1,15 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define USE_SOCKETS
- #include "ssl_locl.h"
--
-+
- int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
- {
- int i;
---- a/ssl/d1_srtp.c
-+++ b/ssl/d1_srtp.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /*
- * DTLS code by Eric Rescorla <ekr at rtfm.com>
- *
-@@ -181,25 +81,32 @@ static int ssl_ctx_make_profiles(const c
- if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
- SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
- SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-- sk_SRTP_PROTECTION_PROFILE_free(profiles);
-- return 1;
-+ goto err;
- }
-
-- sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
-+ if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
-+ SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
-+ SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
-+ goto err;
-+ }
- } else {
- SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
- SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
-- sk_SRTP_PROTECTION_PROFILE_free(profiles);
-- return 1;
-+ goto err;
- }
-
- if (col)
- ptr = col + 1;
- } while (col);
-
-+ sk_SRTP_PROTECTION_PROFILE_free(*out);
-+
- *out = profiles;
-
- return 0;
-+err:
-+ sk_SRTP_PROTECTION_PROFILE_free(profiles);
-+ return 1;
- }
-
- int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
---- a/ssl/methods.c
-+++ b/ssl/methods.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/ssl/packet_locl.h
-+++ b/ssl/packet_locl.h
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_PACKET_LOCL_H
---- a/ssl/pqueue.c
-+++ b/ssl/pqueue.c
-@@ -1,59 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "ssl_locl.h"
---- a/ssl/record/dtls1_bitmap.c
-+++ b/ssl/record/dtls1_bitmap.c
-@@ -1,115 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "../ssl_locl.h"
---- a/ssl/record/rec_layer_d1.c
-+++ b/ssl/record/rec_layer_d1.c
-@@ -1,115 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -118,13 +13,12 @@
- #include "../ssl_locl.h"
- #include <openssl/evp.h>
- #include <openssl/buffer.h>
--#include <openssl/rand.h>
- #include "record_locl.h"
-
- int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
- {
- DTLS_RECORD_LAYER *d;
--
-+
- if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
- return (0);
-
-@@ -168,7 +62,7 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYE
- pqueue *buffered_app_data;
-
- d = rl->d;
--
-+
- while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) {
- rdata = (DTLS1_RECORD_DATA *)item->data;
- OPENSSL_free(rdata->rbuf.buf);
-@@ -569,7 +463,7 @@ int dtls1_read_bytes(SSL *s, int type, i
-
- memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
- if (!peek) {
-- SSL3_RECORD_add_length(rr, -n);
-+ SSL3_RECORD_sub_length(rr, n);
- SSL3_RECORD_add_off(rr, n);
- if (SSL3_RECORD_get_length(rr) == 0) {
- s->rlayer.rstate = SSL_ST_READ_HEADER;
-@@ -666,7 +560,7 @@ int dtls1_read_bytes(SSL *s, int type, i
-
- if (dest_maxlen > 0) {
- /*
-- * XDTLS: In a pathalogical case, the Client Hello may be
-+ * XDTLS: In a pathological case, the Client Hello may be
- * fragmented--don't always expect dest_maxlen bytes
- */
- if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
-@@ -845,7 +739,7 @@ int dtls1_read_bytes(SSL *s, int type, i
- BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
- ERR_add_error_data(2, "SSL alert number ", tmp);
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-- SSL_CTX_remove_session(s->ctx, s->session);
-+ SSL_CTX_remove_session(s->session_ctx, s->session);
- return (0);
- } else {
- al = SSL_AD_ILLEGAL_PARAMETER;
---- a/ssl/record/rec_layer_s3.c
-+++ b/ssl/record/rec_layer_s3.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -125,8 +24,7 @@
- #if defined(OPENSSL_SMALL_FOOTPRINT) || \
- !( defined(AES_ASM) && ( \
- defined(__x86_64) || defined(__x86_64__) || \
-- defined(_M_AMD64) || defined(_M_X64) || \
-- defined(__INTEL__) ) \
-+ defined(_M_AMD64) || defined(_M_X64) ) \
- )
- # undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
- # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
-@@ -162,14 +60,15 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl
- rl->wpend_buf = NULL;
-
- SSL3_BUFFER_clear(&rl->rbuf);
-- for(pipes = 0; pipes < rl->numwpipes; pipes++)
-+ for (pipes = 0; pipes < rl->numwpipes; pipes++)
- SSL3_BUFFER_clear(&rl->wbuf[pipes]);
- rl->numwpipes = 0;
-+ rl->numrpipes = 0;
- SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
-
- RECORD_LAYER_reset_read_sequence(rl);
- RECORD_LAYER_reset_write_sequence(rl);
--
-+
- if (rl->d)
- DTLS_RECORD_LAYER_clear(rl);
- }
-@@ -303,7 +202,7 @@ int ssl3_read_n(SSL *s, int n, int max,
- left = rb->left;
- #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
-- align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
-+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
- #endif
-
- if (!extend) {
-@@ -495,7 +394,7 @@ int ssl3_write_bytes(SSL *s, int type, c
- /*
- * Depending on platform multi-block can deliver several *times*
- * better performance. Downside is that it has to allocate
-- * jumbo buffer to accomodate up to 8 records, but the
-+ * jumbo buffer to accommodate up to 8 records, but the
- * compromise is considered worthy.
- */
- if (type == SSL3_RT_APPLICATION_DATA &&
-@@ -524,23 +423,21 @@ int ssl3_write_bytes(SSL *s, int type, c
- else
- packlen *= 4;
-
-- wb->buf = OPENSSL_malloc(packlen);
-- if (wb->buf == NULL) {
-+ if (!ssl3_setup_write_buffer(s, 1, packlen)) {
- SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
- return -1;
- }
-- wb->len = packlen;
- } else if (tot == len) { /* done? */
-- OPENSSL_free(wb->buf); /* free jumbo buffer */
-- wb->buf = NULL;
-+ /* free jumbo buffer */
-+ ssl3_release_write_buffer(s);
- return tot;
- }
-
- n = (len - tot);
- for (;;) {
- if (n < 4 * max_send_fragment) {
-- OPENSSL_free(wb->buf); /* free jumbo buffer */
-- wb->buf = NULL;
-+ /* free jumbo buffer */
-+ ssl3_release_write_buffer(s);
- break;
- }
-
-@@ -572,8 +469,8 @@ int ssl3_write_bytes(SSL *s, int type, c
- sizeof(mb_param), &mb_param);
-
- if (packlen <= 0 || packlen > (int)wb->len) { /* never happens */
-- OPENSSL_free(wb->buf); /* free jumbo buffer */
-- wb->buf = NULL;
-+ /* free jumbo buffer */
-+ ssl3_release_write_buffer(s);
- break;
- }
-
-@@ -603,15 +500,15 @@ int ssl3_write_bytes(SSL *s, int type, c
- i = ssl3_write_pending(s, type, &buf[tot], nw);
- if (i <= 0) {
- if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
-- OPENSSL_free(wb->buf);
-- wb->buf = NULL;
-+ /* free jumbo buffer */
-+ ssl3_release_write_buffer(s);
- }
- s->rlayer.wnum = tot;
- return i;
- }
- if (i == (int)n) {
-- OPENSSL_free(wb->buf); /* free jumbo buffer */
-- wb->buf = NULL;
-+ /* free jumbo buffer */
-+ ssl3_release_write_buffer(s);
- return tot + i;
- }
- n -= i;
-@@ -631,7 +528,7 @@ int ssl3_write_bytes(SSL *s, int type, c
- split_send_fragment = s->split_send_fragment;
- /*
- * If max_pipelines is 0 then this means "undefined" and we default to
-- * 1 pipeline. Similaraly if the cipher does not support pipelined
-+ * 1 pipeline. Similarly if the cipher does not support pipelined
- * processing then we also only use 1 pipeline, or if we're not using
- * explicit IVs
- */
-@@ -751,7 +648,7 @@ int do_ssl3_write(SSL *s, int type, cons
- }
-
- if (s->rlayer.numwpipes < numpipes)
-- if (!ssl3_setup_write_buffer(s, numpipes))
-+ if (!ssl3_setup_write_buffer(s, numpipes, 0))
- return -1;
-
- if (totlen == 0 && !create_empty_fragment)
-@@ -810,10 +707,10 @@ int do_ssl3_write(SSL *s, int type, cons
- /*
- * extra fragment would be couple of cipher blocks, which would be
- * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
-- * payload, then we can just pretent we simply have two headers.
-+ * payload, then we can just pretend we simply have two headers.
- */
- align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
-- align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
-+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
- #endif
- outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
- SSL3_BUFFER_set_offset(wb, align);
-@@ -826,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, cons
- wb = &s->rlayer.wbuf[j];
- #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
- align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
-- align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
- #endif
- outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
- SSL3_BUFFER_set_offset(wb, align);
-@@ -862,7 +759,7 @@ int do_ssl3_write(SSL *s, int type, cons
-
- *(outbuf[j]++) = (s->version >> 8);
- /*
-- * Some servers hang if iniatial client hello is larger than 256 bytes
-+ * Some servers hang if initial client hello is larger than 256 bytes
- * and record version number > TLS 1.0
- */
- if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
-@@ -1158,9 +1055,9 @@ int ssl3_read_bytes(SSL *s, int type, in
- goto f_err;
- }
- }
-- /* Skip over any records we have already used or are zero in length */
-+ /* Skip over any records we have already read */
- for (curr_rec = 0;
-- curr_rec < num_recs && SSL3_RECORD_get_length(&rr[curr_rec]) == 0;
-+ curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
- curr_rec++);
- if (curr_rec == num_recs) {
- RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
-@@ -1233,11 +1130,12 @@ int ssl3_read_bytes(SSL *s, int type, in
- memcpy(buf, &(rr->data[rr->off]), n);
- buf += n;
- if (!peek) {
-- SSL3_RECORD_add_length(rr, -n);
-+ SSL3_RECORD_sub_length(rr, n);
- SSL3_RECORD_add_off(rr, n);
- if (SSL3_RECORD_get_length(rr) == 0) {
- s->rlayer.rstate = SSL_ST_READ_HEADER;
- SSL3_RECORD_set_off(rr, 0);
-+ SSL3_RECORD_set_read(rr);
- }
- }
- if (SSL3_RECORD_get_length(rr) == 0
-@@ -1248,6 +1146,10 @@ int ssl3_read_bytes(SSL *s, int type, in
- read_bytes += n;
- } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
- && read_bytes < (unsigned int)len);
-+ if (read_bytes == 0) {
-+ /* We must have read empty records. Get more data */
-+ goto start;
-+ }
- if (!peek && curr_rec == num_recs
- && (s->mode & SSL_MODE_RELEASE_BUFFERS)
- && SSL3_BUFFER_get_left(rbuf) == 0)
-@@ -1282,7 +1184,7 @@ int ssl3_read_bytes(SSL *s, int type, in
- goto f_err;
- }
-
-- if(s->method->version == TLS_ANY_VERSION
-+ if (s->method->version == TLS_ANY_VERSION
- && (s->server || rr->type != SSL3_RT_ALERT)) {
- /*
- * If we've got this far and still haven't decided on what version
-@@ -1328,8 +1230,10 @@ int ssl3_read_bytes(SSL *s, int type, in
- SSL3_RECORD_add_length(rr, -1);
- }
-
-- if (*dest_len < dest_maxlen)
-+ if (*dest_len < dest_maxlen) {
-+ SSL3_RECORD_set_read(rr);
- goto start; /* fragment was too small */
-+ }
- }
- }
-
-@@ -1412,6 +1316,7 @@ int ssl3_read_bytes(SSL *s, int type, in
- (s->session != NULL) && (s->session->cipher != NULL) &&
- !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- SSL3_RECORD_set_length(rr, 0);
-+ SSL3_RECORD_set_read(rr);
- ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
- goto start;
- }
-@@ -1438,6 +1343,7 @@ int ssl3_read_bytes(SSL *s, int type, in
-
- if (alert_level == SSL3_AL_WARNING) {
- s->s3->warn_alert = alert_descr;
-+ SSL3_RECORD_set_read(rr);
- if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return (0);
-@@ -1445,7 +1351,7 @@ int ssl3_read_bytes(SSL *s, int type, in
- /*
- * This is a warning but we receive it if we requested
- * renegotiation and the peer denied it. Terminate with a fatal
-- * alert because if application tried to renegotiatie it
-+ * alert because if application tried to renegotiate it
- * presumably had a good reason and expects it to succeed. In
- * future we might have a renegotiation where we don't care if
- * the peer refused it where we carry on.
-@@ -1468,7 +1374,8 @@ int ssl3_read_bytes(SSL *s, int type, in
- BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
- ERR_add_error_data(2, "SSL alert number ", tmp);
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-- SSL_CTX_remove_session(s->ctx, s->session);
-+ SSL3_RECORD_set_read(rr);
-+ SSL_CTX_remove_session(s->session_ctx, s->session);
- return (0);
- } else {
- al = SSL_AD_ILLEGAL_PARAMETER;
-@@ -1483,6 +1390,7 @@ int ssl3_read_bytes(SSL *s, int type, in
- * shutdown */
- s->rwstate = SSL_NOTHING;
- SSL3_RECORD_set_length(rr, 0);
-+ SSL3_RECORD_set_read(rr);
- return (0);
- }
-
-@@ -1539,6 +1447,7 @@ int ssl3_read_bytes(SSL *s, int type, in
- */
- if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
- SSL3_RECORD_set_length(rr, 0);
-+ SSL3_RECORD_set_read(rr);
- goto start;
- }
- al = SSL_AD_UNEXPECTED_MESSAGE;
---- a/ssl/record/record.h
-+++ b/ssl/record/record.h
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*****************************************************************************
-@@ -166,6 +65,10 @@ typedef struct ssl3_record_st {
- /* r */
- unsigned char *comp;
-
-+ /* Whether the data from this record has already been read or not */
-+ /* r */
-+ unsigned int read;
-+
- /* epoch number, needed by DTLS1 */
- /* r */
- unsigned long epoch;
-@@ -282,6 +185,9 @@ typedef struct record_layer_st {
- unsigned char handshake_fragment[4];
- unsigned int handshake_fragment_len;
-
-+ /* The number of consecutive empty records we have received */
-+ unsigned int empty_record_count;
-+
- /* partial write - check the numbers match */
- /* number bytes written */
- int wpend_tot;
-@@ -292,7 +198,7 @@ typedef struct record_layer_st {
-
- unsigned char read_sequence[SEQ_NUM_SIZE];
- unsigned char write_sequence[SEQ_NUM_SIZE];
--
-+
- DTLS_RECORD_LAYER *d;
- } RECORD_LAYER;
-
---- a/ssl/record/record_locl.h
-+++ b/ssl/record/record_locl.h
-@@ -1,113 +1,11 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
-
- /*****************************************************************************
- * *
-@@ -129,6 +27,10 @@
- #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
- #define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes)
- #define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n))
-+#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
-+#define RECORD_LAYER_reset_empty_record_count(rl) \
-+ ((rl)->empty_record_count = 0)
-+#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
- #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
-
- __owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold);
-@@ -167,7 +69,7 @@ void SSL3_BUFFER_clear(SSL3_BUFFER *b);
- void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n);
- void SSL3_BUFFER_release(SSL3_BUFFER *b);
- __owur int ssl3_setup_read_buffer(SSL *s);
--__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes);
-+__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len);
- int ssl3_release_read_buffer(SSL *s);
- int ssl3_release_write_buffer(SSL *s);
-
-@@ -178,6 +80,7 @@ int ssl3_release_write_buffer(SSL *s);
- #define SSL3_RECORD_get_length(r) ((r)->length)
- #define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
- #define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
-+#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l))
- #define SSL3_RECORD_get_data(r) ((r)->data)
- #define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
- #define SSL3_RECORD_get_input(r) ((r)->input)
-@@ -190,6 +93,8 @@ int ssl3_release_write_buffer(SSL *s);
- #define SSL3_RECORD_get_epoch(r) ((r)->epoch)
- #define SSL3_RECORD_is_sslv2_record(r) \
- ((r)->rec_version == SSL2_VERSION)
-+#define SSL3_RECORD_is_read(r) ((r)->read)
-+#define SSL3_RECORD_set_read(r) ((r)->read = 1)
-
- void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs);
- void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs);
---- a/ssl/record/ssl3_buffer.c
-+++ b/ssl/record/ssl3_buffer.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "../ssl_locl.h"
-@@ -140,7 +39,7 @@ int ssl3_setup_read_buffer(SSL *s)
- unsigned char *p;
- size_t len, align = 0, headerlen;
- SSL3_BUFFER *b;
--
-+
- b = RECORD_LAYER_get_rbuf(&s->rlayer);
-
- if (SSL_IS_DTLS(s))
-@@ -175,33 +74,34 @@ int ssl3_setup_read_buffer(SSL *s)
- return 0;
- }
-
--int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes)
-+int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len)
- {
- unsigned char *p;
-- size_t len, align = 0, headerlen;
-+ size_t align = 0, headerlen;
- SSL3_BUFFER *wb;
- unsigned int currpipe;
-
- s->rlayer.numwpipes = numwpipes;
-
--
-- if (SSL_IS_DTLS(s))
-- headerlen = DTLS1_RT_HEADER_LENGTH + 1;
-- else
-- headerlen = SSL3_RT_HEADER_LENGTH;
-+ if (len == 0) {
-+ if (SSL_IS_DTLS(s))
-+ headerlen = DTLS1_RT_HEADER_LENGTH + 1;
-+ else
-+ headerlen = SSL3_RT_HEADER_LENGTH;
-
- #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-- align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-+ align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
- #endif
-
-- len = s->max_send_fragment
-- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-+ len = s->max_send_fragment
-+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
- #ifndef OPENSSL_NO_COMP
-- if (ssl_allow_compression(s))
-- len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-+ if (ssl_allow_compression(s))
-+ len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
- #endif
-- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-- len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-+ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-+ len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-+ }
-
- wb = RECORD_LAYER_get_wbuf(&s->rlayer);
- for (currpipe = 0; currpipe < numwpipes; currpipe++) {
-@@ -226,7 +126,7 @@ int ssl3_setup_buffers(SSL *s)
- {
- if (!ssl3_setup_read_buffer(s))
- return 0;
-- if (!ssl3_setup_write_buffer(s, 1))
-+ if (!ssl3_setup_write_buffer(s, 1, 0))
- return 0;
- return 1;
- }
---- a/ssl/record/ssl3_record.c
-+++ b/ssl/record/ssl3_record.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "../ssl_locl.h"
-@@ -235,7 +134,6 @@ int ssl3_get_record(SSL *s)
- unsigned char md[EVP_MAX_MD_SIZE];
- short version;
- unsigned mac_size;
-- unsigned empty_record_count = 0, curr_empty = 0;
- unsigned int num_recs = 0;
- unsigned int max_recs;
- unsigned int j;
-@@ -247,7 +145,6 @@ int ssl3_get_record(SSL *s)
- max_recs = 1;
- sess = s->session;
-
-- again:
- do {
- /* check if we have the header */
- if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
-@@ -263,20 +160,34 @@ int ssl3_get_record(SSL *s)
-
- /*
- * Check whether this is a regular record or an SSLv2 style record.
-- * The latter is only used in an initial ClientHello for old
-- * clients. We check s->read_hash and s->enc_read_ctx to ensure this
-- * does not apply during renegotiation
-+ * The latter can only be used in the first record of an initial
-+ * ClientHello for old clients. Initial ClientHello means
-+ * s->first_packet is set and s->server is true. The first record
-+ * means we've not received any data so far (s->init_num == 0) and
-+ * have had no empty records. We check s->read_hash and
-+ * s->enc_read_ctx to ensure this does not apply during
-+ * renegotiation.
- */
-- if (s->first_packet && s->server && !s->read_hash
-- && !s->enc_read_ctx
-+ if (s->first_packet && s->server
-+ && s->init_num == 0
-+ && RECORD_LAYER_get_empty_record_count(&s->rlayer) == 0
-+ && s->read_hash == NULL && s->enc_read_ctx == NULL
- && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
-- /* SSLv2 style record */
-+ /*
-+ * SSLv2 style record
-+ *
-+ * |num_recs| here will actually always be 0 because
-+ * |num_recs > 0| only ever occurs when we are processing
-+ * multiple app data records - which we know isn't the case here
-+ * because it is an SSLv2ClientHello. We keep it using
-+ * |num_recs| for the sake of consistency
-+ */
- rr[num_recs].type = SSL3_RT_HANDSHAKE;
- rr[num_recs].rec_version = SSL2_VERSION;
-
- rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1];
-
-- if (rr[num_recs].length > SSL3_BUFFER_get_len(&rbuf[num_recs])
-+ if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf)
- - SSL2_RT_HEADER_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
-@@ -386,7 +297,7 @@ int ssl3_get_record(SSL *s)
- * or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length
- * and we have that many bytes in s->packet
- */
-- if(rr[num_recs].rec_version == SSL2_VERSION) {
-+ if (rr[num_recs].rec_version == SSL2_VERSION) {
- rr[num_recs].input =
- &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
- } else {
-@@ -416,11 +327,16 @@ int ssl3_get_record(SSL *s)
- /* decrypt in place in 'rr->input' */
- rr[num_recs].data = rr[num_recs].input;
- rr[num_recs].orig_len = rr[num_recs].length;
-+
-+ /* Mark this record as not read by upper layers yet */
-+ rr[num_recs].read = 0;
-+
- num_recs++;
-
- /* we have pulled in a full packet so zero things */
- RECORD_LAYER_reset_packet_length(&s->rlayer);
-- } while (num_recs < max_recs && rr->type == SSL3_RT_APPLICATION_DATA
-+ } while (num_recs < max_recs
-+ && rr[num_recs-1].type == SSL3_RT_APPLICATION_DATA
- && SSL_USE_EXPLICIT_IV(s)
- && s->enc_read_ctx != NULL
- && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
-@@ -578,21 +494,17 @@ int ssl3_get_record(SSL *s)
-
- /* just read a 0 length packet */
- if (rr[j].length == 0) {
-- curr_empty++;
-- empty_record_count++;
-- if (empty_record_count > MAX_EMPTY_RECORDS) {
-+ RECORD_LAYER_inc_empty_record_count(&s->rlayer);
-+ if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
-+ > MAX_EMPTY_RECORDS) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
- goto f_err;
- }
-+ } else {
-+ RECORD_LAYER_reset_empty_record_count(&s->rlayer);
- }
- }
-- if (curr_empty == num_recs) {
-- /* We have no data - do it all again */
-- num_recs = 0;
-- curr_empty = 0;
-- goto again;
-- }
-
- RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
- return 1;
-@@ -797,8 +709,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
- bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
-
- if (n_recs > 1) {
-- if(!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
-- & EVP_CIPH_FLAG_PIPELINE)) {
-+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
-+ & EVP_CIPH_FLAG_PIPELINE)) {
- /*
- * We shouldn't have been called with pipeline data if the
- * cipher doesn't support pipelining
-@@ -871,7 +783,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
- unsigned char *data[SSL_MAX_PIPELINES];
-
- /* Set the output buffers */
-- for(ctr = 0; ctr < n_recs; ctr++) {
-+ for (ctr = 0; ctr < n_recs; ctr++) {
- data[ctr] = recs[ctr].data;
- }
- if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
-@@ -879,7 +791,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs,
- SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
- }
- /* Set the input buffers */
-- for(ctr = 0; ctr < n_recs; ctr++) {
-+ for (ctr = 0; ctr < n_recs; ctr++) {
- data[ctr] = recs[ctr].input;
- }
- if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
-@@ -1109,9 +1021,12 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec,
- return -1;
- }
- if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
-- tls_fips_digest_extra(ssl->enc_read_ctx,
-- mac_ctx, rec->input,
-- rec->length, rec->orig_len);
-+ if (!tls_fips_digest_extra(ssl->enc_read_ctx,
-+ mac_ctx, rec->input,
-+ rec->length, rec->orig_len)) {
-+ EVP_MD_CTX_free(hmac);
-+ return -1;
-+ }
- }
-
- EVP_MD_CTX_free(hmac);
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/constant_time_locl.h"
-@@ -535,13 +490,13 @@ int ssl3_cbc_digest_record(const EVP_MD_
- * digesting additional data.
- */
-
--void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-+int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
- EVP_MD_CTX *mac_ctx, const unsigned char *data,
- size_t data_len, size_t orig_len)
- {
- size_t block_size, digest_pad, blocks_data, blocks_orig;
- if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
-- return;
-+ return 1;
- block_size = EVP_MD_CTX_block_size(mac_ctx);
- /*-
- * We are in FIPS mode if we get this far so we know we have only SHA*
-@@ -571,6 +526,6 @@ void tls_fips_digest_extra(const EVP_CIP
- * The "data" pointer should always have enough space to perform this
- * operation as it is large enough for a maximum length TLS buffer.
- */
-- EVP_DigestSignUpdate(mac_ctx, data,
-- (blocks_orig - blocks_data + 1) * block_size);
-+ return EVP_DigestSignUpdate(mac_ctx, data,
-+ (blocks_orig - blocks_data + 1) * block_size);
- }
---- a/ssl/s3_enc.c
-+++ b/ssl/s3_enc.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
-@@ -170,23 +70,26 @@ static int ssl3_generate_key_block(SSL *
- for (j = 0; j < k; j++)
- buf[j] = c;
- c++;
-- EVP_DigestInit_ex(s1, EVP_sha1(), NULL);
-- EVP_DigestUpdate(s1, buf, k);
-- EVP_DigestUpdate(s1, s->session->master_key,
-- s->session->master_key_length);
-- EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE);
-- EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE);
-- EVP_DigestFinal_ex(s1, smd, NULL);
--
-- EVP_DigestInit_ex(m5, EVP_md5(), NULL);
-- EVP_DigestUpdate(m5, s->session->master_key,
-- s->session->master_key_length);
-- EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH);
-+ if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
-+ || !EVP_DigestUpdate(s1, buf, k)
-+ || !EVP_DigestUpdate(s1, s->session->master_key,
-+ s->session->master_key_length)
-+ || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
-+ || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
-+ || !EVP_DigestFinal_ex(s1, smd, NULL)
-+ || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
-+ || !EVP_DigestUpdate(m5, s->session->master_key,
-+ s->session->master_key_length)
-+ || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH))
-+ goto err;
- if ((int)(i + MD5_DIGEST_LENGTH) > num) {
-- EVP_DigestFinal_ex(m5, smd, NULL);
-+ if (!EVP_DigestFinal_ex(m5, smd, NULL))
-+ goto err;
- memcpy(km, smd, (num - i));
-- } else
-- EVP_DigestFinal_ex(m5, km, NULL);
-+ } else {
-+ if (!EVP_DigestFinal_ex(m5, km, NULL))
-+ goto err;
-+ }
-
- km += MD5_DIGEST_LENGTH;
- }
-@@ -231,7 +134,7 @@ int ssl3_change_cipher_state(SSL *s, int
- goto err;
- else
- /*
-- * make sure it's intialized in case we exit later with an error
-+ * make sure it's initialised in case we exit later with an error
- */
- EVP_CIPHER_CTX_reset(s->enc_read_ctx);
- dd = s->enc_read_ctx;
-@@ -262,7 +165,7 @@ int ssl3_change_cipher_state(SSL *s, int
- goto err;
- else
- /*
-- * make sure it's intialized in case we exit later with an error
-+ * make sure it's initialised in case we exit later with an error
- */
- EVP_CIPHER_CTX_reset(s->enc_write_ctx);
- dd = s->enc_write_ctx;
-@@ -426,11 +329,18 @@ void ssl3_cleanup_key_block(SSL *s)
- s->s3->tmp.key_block_length = 0;
- }
-
--void ssl3_init_finished_mac(SSL *s)
-+int ssl3_init_finished_mac(SSL *s)
- {
-+ BIO *buf = BIO_new(BIO_s_mem());
-+
-+ if (buf == NULL) {
-+ SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
- ssl3_free_digest_list(s);
-- s->s3->handshake_buffer = BIO_new(BIO_s_mem());
-+ s->s3->handshake_buffer = buf;
- (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
-+ return 1;
- }
-
- /*
-@@ -446,12 +356,13 @@ void ssl3_free_digest_list(SSL *s)
- s->s3->handshake_dgst = NULL;
- }
-
--void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
-+int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
- {
- if (s->s3->handshake_dgst == NULL)
-- BIO_write(s->s3->handshake_buffer, (void *)buf, len);
-+ /* Note: this writes to a memory BIO so a failure is a fatal error */
-+ return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len;
- else
-- EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
-+ return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
- }
-
- int ssl3_digest_cached_records(SSL *s, int keep)
-@@ -474,14 +385,13 @@ int ssl3_digest_cached_records(SSL *s, i
- }
-
- md = ssl_handshake_md(s);
-- if (md == NULL) {
-+ if ( md == NULL
-+ || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
-+ || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
-+ {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
- return 0;
- }
--
-- EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL);
-- EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen);
--
- }
- if (keep == 0) {
- BIO_free(s->s3->handshake_buffer);
-@@ -509,7 +419,10 @@ int ssl3_final_finish_mac(SSL *s, const
- SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-- EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst);
-+ if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
-+ SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-
- ret = EVP_MD_CTX_size(ctx);
- if (ret < 0) {
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -208,7 +108,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -223,7 +123,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
-+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -238,7 +138,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -253,7 +153,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
-+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -960,7 +860,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1020,7 +920,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1080,7 +980,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
-+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1293,7 +1193,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1338,7 +1238,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1383,7 +1283,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1699,7 +1599,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH | SSL_FIPS,
-+ SSL_MEDIUM | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1823,7 +1723,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH,
-+ SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1838,7 +1738,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_HIGH,
-+ SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -1853,7 +1753,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
- DTLS1_VERSION, DTLS1_2_VERSION,
-- SSL_NOT_DEFAULT | SSL_HIGH,
-+ SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
-@@ -2506,7 +2406,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- TLS1_VERSION, TLS1_2_VERSION,
-- DTLS1_VERSION, DTLS1_2_VERSION,
-+ 0, 0,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
- 256,
-@@ -2521,7 +2421,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_eNULL,
- SSL_GOST94,
- TLS1_VERSION, TLS1_2_VERSION,
-- DTLS1_VERSION, DTLS1_2_VERSION,
-+ 0, 0,
- SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
- 0,
-@@ -2536,7 +2436,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_eGOST2814789CNT12,
- SSL_GOST89MAC12,
- TLS1_VERSION, TLS1_2_VERSION,
-- DTLS1_VERSION, DTLS1_2_VERSION,
-+ 0, 0,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
- 256,
-@@ -2551,7 +2451,7 @@ static SSL_CIPHER ssl3_ciphers[] =
- SSL_eNULL,
- SSL_GOST12_256,
- TLS1_VERSION, TLS1_2_VERSION,
-- DTLS1_VERSION, DTLS1_2_VERSION,
-+ 0, 0,
- SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
- 0,
-@@ -3071,6 +2971,10 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
- ret = 1;
- break;
-
-+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
-+ ret = s->tlsext_status_type;
-+ break;
-+
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
- s->tlsext_status_type = larg;
- ret = 1;
-@@ -3395,24 +3299,43 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
- case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
- {
- unsigned char *keys = parg;
-- if (!keys)
-- return 48;
-- if (larg != 48) {
-+ long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
-+ sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
-+ if (keys == NULL)
-+ return tlsext_tick_keylen;
-+ if (larg != tlsext_tick_keylen) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
- return 0;
- }
- if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
-- memcpy(ctx->tlsext_tick_key_name, keys, 16);
-- memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
-- memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
-+ memcpy(ctx->tlsext_tick_key_name, keys,
-+ sizeof(ctx->tlsext_tick_key_name));
-+ memcpy(ctx->tlsext_tick_hmac_key,
-+ keys + sizeof(ctx->tlsext_tick_key_name),
-+ sizeof(ctx->tlsext_tick_hmac_key));
-+ memcpy(ctx->tlsext_tick_aes_key,
-+ keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
-+ sizeof(ctx->tlsext_tick_aes_key));
- } else {
-- memcpy(keys, ctx->tlsext_tick_key_name, 16);
-- memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
-- memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
-+ memcpy(keys, ctx->tlsext_tick_key_name,
-+ sizeof(ctx->tlsext_tick_key_name));
-+ memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
-+ ctx->tlsext_tick_hmac_key,
-+ sizeof(ctx->tlsext_tick_hmac_key));
-+ memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
-+ ctx->tlsext_tick_aes_key,
-+ sizeof(ctx->tlsext_tick_aes_key));
- }
- return 1;
- }
-
-+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
-+ return ctx->tlsext_status_type;
-+
-+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-+ ctx->tlsext_status_type = larg;
-+ break;
-+
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
- ctx->tlsext_status_arg = parg;
- return 1;
-@@ -3487,10 +3410,15 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
- /* A Thawte special :-) */
- case SSL_CTRL_EXTRA_CHAIN_CERT:
- if (ctx->extra_certs == NULL) {
-- if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
-- return (0);
-+ if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
-+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+ }
-+ if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
-+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
-+ return 0;
- }
-- sk_X509_push(ctx->extra_certs, (X509 *)parg);
- break;
-
- case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
-@@ -3839,7 +3767,7 @@ int ssl3_shutdown(SSL *s)
- if (ret == -1) {
- /*
- * we only get to return -1 here the 2nd/Nth invocation, we must
-- * have already signalled return 0 upon a previous invoation,
-+ * have already signalled return 0 upon a previous invocation,
- * return WANT_WRITE
- */
- return (ret);
-@@ -3954,7 +3882,10 @@ int ssl3_renegotiate_check(SSL *s)
- */
- long ssl_get_algorithm2(SSL *s)
- {
-- long alg2 = s->s3->tmp.new_cipher->algorithm2;
-+ long alg2;
-+ if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
-+ return -1;
-+ alg2 = s->s3->tmp.new_cipher->algorithm2;
- if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
- if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
- return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
-@@ -3991,9 +3922,9 @@ int ssl_fill_hello_random(SSL *s, int se
- int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
- int free_pms)
- {
--#ifndef OPENSSL_NO_PSK
- unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- if (alg_k & SSL_PSK) {
-+#ifndef OPENSSL_NO_PSK
- unsigned char *pskpms, *t;
- size_t psklen = s->s3->tmp.psklen;
- size_t pskpmslen;
-@@ -4027,15 +3958,19 @@ int ssl_generate_master_secret(SSL *s, u
- s->session->master_key,
- pskpms, pskpmslen);
- OPENSSL_clear_free(pskpms, pskpmslen);
-- } else
-+#else
-+ /* Should never happen */
-+ s->session->master_key_length = 0;
-+ goto err;
- #endif
-+ } else {
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- pms, pmslen);
--#ifndef OPENSSL_NO_PSK
-- err:
--#endif
-+ }
-+
-+ err:
- if (pms) {
- if (free_pms)
- OPENSSL_clear_free(pms, pmslen);
---- a/ssl/s3_msg.c
-+++ b/ssl/s3_msg.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #define USE_SOCKETS
-@@ -173,7 +72,7 @@ int ssl3_send_alert(SSL *s, int level, i
- return -1;
- /* If a fatal one, remove from cache */
- if ((level == SSL3_AL_FATAL) && (s->session != NULL))
-- SSL_CTX_remove_session(s->ctx, s->session);
-+ SSL_CTX_remove_session(s->session_ctx, s->session);
-
- s->s3->alert_dispatch = 1;
- s->s3->send_alert[0] = level;
---- a/ssl/ssl_asn1.c
-+++ b/ssl/ssl_asn1.c
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
---- a/ssl/ssl_cert.c
-+++ b/ssl/ssl_cert.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -127,8 +27,9 @@
- #include <openssl/x509v3.h>
- #include <openssl/dh.h>
- #include <openssl/bn.h>
--#include "internal/threads.h"
-+#include <openssl/crypto.h>
- #include "ssl_locl.h"
-+#include "internal/thread_once.h"
-
- static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op,
- int bits, int nid, void *other,
-@@ -137,17 +38,19 @@ static int ssl_security_default_callback
- static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
- static volatile int ssl_x509_store_ctx_idx = -1;
-
--static void ssl_x509_store_ctx_init(void)
-+DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
- {
- ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
- "SSL for verify callback",
- NULL, NULL, NULL);
-+ return ssl_x509_store_ctx_idx >= 0;
- }
-
- int SSL_get_ex_data_X509_STORE_CTX_idx(void)
- {
-
-- CRYPTO_THREAD_run_once(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init);
-+ if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
-+ return -1;
- return ssl_x509_store_ctx_idx;
- }
-
-@@ -367,7 +270,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX
- CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
- if (!cpk)
- return 0;
-- sk_X509_pop_free(cpk->chain, X509_free);
- for (i = 0; i < sk_X509_num(chain); i++) {
- r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
- if (r != 1) {
-@@ -375,6 +277,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX
- return 0;
- }
- }
-+ sk_X509_pop_free(cpk->chain, X509_free);
- cpk->chain = chain;
- return 1;
- }
-@@ -509,7 +412,9 @@ int ssl_verify_cert_chain(SSL *s, STACK_
-
- /* Set suite B flags if needed */
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
-- X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
-+ if (!X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
-+ goto end;
-+ }
-
- /* Verify via DANE if enabled */
- if (DANETLS_ENABLED(&s->dane))
-@@ -568,11 +473,16 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STA
- X509_NAME *name;
-
- ret = sk_X509_NAME_new_null();
-+ if (ret == NULL) {
-+ SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
- for (i = 0; i < sk_X509_NAME_num(sk); i++) {
- name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
-- if ((name == NULL) || !sk_X509_NAME_push(ret, name)) {
-+ if (name == NULL || !sk_X509_NAME_push(ret, name)) {
- sk_X509_NAME_pop_free(ret, X509_NAME_free);
-- return (NULL);
-+ X509_NAME_free(name);
-+ return NULL;
- }
- }
- return (ret);
-@@ -696,14 +606,17 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_
- if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
- /* Duplicate. */
- X509_NAME_free(xn);
-+ xn = NULL;
- } else {
- lh_X509_NAME_insert(name_hash, xn);
-- sk_X509_NAME_push(ret, xn);
-+ if (!sk_X509_NAME_push(ret, xn))
-+ goto err;
- }
- }
- goto done;
-
- err:
-+ X509_NAME_free(xn);
- sk_X509_NAME_pop_free(ret, X509_NAME_free);
- ret = NULL;
- done:
-@@ -754,17 +667,20 @@ int SSL_add_file_cert_subjects_to_stack(
- xn = X509_NAME_dup(xn);
- if (xn == NULL)
- goto err;
-- if (sk_X509_NAME_find(stack, xn) >= 0)
-+ if (sk_X509_NAME_find(stack, xn) >= 0) {
-+ /* Duplicate. */
- X509_NAME_free(xn);
-- else
-- sk_X509_NAME_push(stack, xn);
-+ } else if (!sk_X509_NAME_push(stack, xn)) {
-+ X509_NAME_free(xn);
-+ goto err;
-+ }
- }
-
- ERR_clear_error();
- goto done;
-
- err:
-- ret = 0;
-+ ret = 0;
- done:
- BIO_free(in);
- X509_free(x);
-@@ -836,19 +752,24 @@ static int ssl_add_cert_to_buf(BUF_MEM *
- unsigned char *p;
-
- n = i2d_X509(x, NULL);
-- if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
-+ if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
- SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
- return 0;
- }
- p = (unsigned char *)&(buf->data[*l]);
- l2n3(n, p);
-- i2d_X509(x, &p);
-+ n = i2d_X509(x, &p);
-+ if (n < 0) {
-+ /* Shouldn't happen */
-+ SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-+ return 0;
-+ }
- *l += n + 3;
-
- return 1;
- }
-
--/* Add certificate chain to internal SSL BUF_MEM strcuture */
-+/* Add certificate chain to internal SSL BUF_MEM structure */
- int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
- {
- BUF_MEM *buf = s->init_buf;
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -140,11 +40,13 @@
- */
-
- #include <stdio.h>
-+#include <ctype.h>
- #include <openssl/objects.h>
- #include <openssl/comp.h>
- #include <openssl/engine.h>
--#include "internal/threads.h"
-+#include <openssl/crypto.h>
- #include "ssl_locl.h"
-+#include "internal/thread_once.h"
-
- #define SSL_ENC_DES_IDX 0
- #define SSL_ENC_3DES_IDX 1
-@@ -578,7 +480,7 @@ static int sk_comp_cmp(const SSL_COMP *c
- return ((*a)->id - (*b)->id);
- }
-
--static void do_load_builtin_compressions(void)
-+DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
- {
- SSL_COMP *comp = NULL;
- COMP_METHOD *method = COMP_zlib();
-@@ -597,12 +499,12 @@ static void do_load_builtin_compressions
- }
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-+ return 1;
- }
-
--static void load_builtin_compressions(void)
-+static int load_builtin_compressions(void)
- {
-- CRYPTO_THREAD_run_once(&ssl_load_builtin_comp_once,
-- do_load_builtin_compressions);
-+ return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
- }
- #endif
-
-@@ -619,7 +521,12 @@ int ssl_cipher_get_evp(const SSL_SESSION
- if (comp != NULL) {
- SSL_COMP ctmp;
- #ifndef OPENSSL_NO_COMP
-- load_builtin_compressions();
-+ if (!load_builtin_compressions()) {
-+ /*
-+ * Currently don't care, since a failure only means that
-+ * ssl_comp_methods is NULL, which is perfectly OK
-+ */
-+ }
- #endif
- *comp = NULL;
- ctmp.id = s->compress_meth;
-@@ -1954,8 +1861,8 @@ int SSL_COMP_add_compression_method(int
- SSL_R_DUPLICATE_COMPRESSION_ID);
- return (1);
- }
-- if ((ssl_comp_methods == NULL)
-- || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
-+ if (ssl_comp_methods == NULL
-+ || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
- OPENSSL_free(comp);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
---- a/ssl/ssl_conf.c
-+++ b/ssl/ssl_conf.c
-@@ -1,58 +1,10 @@
- /*
-- * ! \file ssl/ssl_conf.c \brief SSL configuration functions
-- */
--/* ====================================================================
-- * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -62,7 +14,7 @@
- #include <openssl/dh.h>
-
- /*
-- * structure holding name tables. This is used for pemitted elements in lists
-+ * structure holding name tables. This is used for permitted elements in lists
- * such as TLSv1.
- */
-
---- a/ssl/ssl_err.c
-+++ b/ssl/ssl_err.c
-@@ -1,61 +1,11 @@
--/* ====================================================================
-- * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -78,25 +28,16 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_DANE_TLSA_ADD), "dane_tlsa_add"},
- {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"},
- {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"},
-- {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
- {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "dtls1_buffer_record"},
- {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "dtls1_check_timeout_num"},
-- {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
-- {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
-- {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
-- {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "dtls1_handle_timeout"},
- {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
- {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "dtls1_preprocess_fragment"},
-- {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
-- "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
- {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "dtls1_process_record"},
- {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
- {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
-- {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
-- "DTLS1_SEND_CERTIFICATE_REQUEST"},
-- {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
-- "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
-- {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
-+ {ERR_FUNC(SSL_F_DTLS1_RETRANSMIT_MESSAGE), "dtls1_retransmit_message"},
-+ {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
-+ "dtls1_write_app_data_bytes"},
- {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"},
- {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
- "dtls_construct_change_cipher_spec"},
-@@ -106,25 +47,27 @@ static ERR_STRING_DATA SSL_str_functs[]
- "dtls_get_reassembled_message"},
- {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
- {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
-+ {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION),
-+ "ossl_statem_client_read_transition"},
-+ {ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION),
-+ "ossl_statem_server_read_transition"},
- {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
-- {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
-- {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"},
- {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "ssl3_change_cipher_state"},
- {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),
- "ssl3_check_cert_and_algorithm"},
-- {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"},
- {ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"},
- {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"},
-- {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "ssl3_digest_cached_records"},
-- {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "ssl3_do_change_cipher_spec"},
-+ {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
-+ "ssl3_digest_cached_records"},
-+ {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
-+ "ssl3_do_change_cipher_spec"},
- {ERR_FUNC(SSL_F_SSL3_FINAL_FINISH_MAC), "ssl3_final_finish_mac"},
- {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "ssl3_generate_key_block"},
- {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),
- "ssl3_generate_master_secret"},
- {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "ssl3_get_record"},
-- {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
-+ {ERR_FUNC(SSL_F_SSL3_INIT_FINISHED_MAC), "ssl3_init_finished_mac"},
- {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "ssl3_output_cert_chain"},
-- {ERR_FUNC(SSL_F_SSL3_PEEK), "ssl3_peek"},
- {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"},
- {ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"},
- {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"},
-@@ -132,12 +75,12 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"},
- {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"},
- {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"},
-- {ERR_FUNC(SSL_F_SSL_ACCEPT), "SSL_accept"},
- {ERR_FUNC(SSL_F_SSL_ADD_CERT_CHAIN), "ssl_add_cert_chain"},
- {ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "ssl_add_cert_to_buf"},
- {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
- "ssl_add_clienthello_renegotiate_ext"},
-- {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "ssl_add_clienthello_tlsext"},
-+ {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
-+ "ssl_add_clienthello_tlsext"},
- {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
- "ssl_add_clienthello_use_srtp_ext"},
- {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
-@@ -146,7 +89,8 @@ static ERR_STRING_DATA SSL_str_functs[]
- "SSL_add_file_cert_subjects_to_stack"},
- {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
- "ssl_add_serverhello_renegotiate_ext"},
-- {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "ssl_add_serverhello_tlsext"},
-+ {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
-+ "ssl_add_serverhello_tlsext"},
- {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
- "ssl_add_serverhello_use_srtp_ext"},
- {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
-@@ -154,7 +98,6 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},
- {ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"},
- {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},
-- {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
- {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},
- {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"},
- {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-@@ -162,7 +105,8 @@ static ERR_STRING_DATA SSL_str_functs[]
- "ssl_check_serverhello_tlsext"},
- {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
- "ssl_check_srvr_ecc_cert_and_alg"},
-- {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "ssl_cipher_process_rulestr"},
-+ {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
-+ "ssl_cipher_process_rulestr"},
- {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "ssl_cipher_strength_sort"},
- {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
- {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
-@@ -180,11 +124,9 @@ static ERR_STRING_DATA SSL_str_functs[]
- "SSL_CTX_set_client_cert_engine"},
- {ERR_FUNC(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK),
- "SSL_CTX_set_ct_validation_callback"},
-- {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
- {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),
- "SSL_CTX_set_session_id_context"},
- {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
-- {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
- {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
- {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
- "SSL_CTX_use_certificate_ASN1"},
-@@ -205,16 +147,15 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO), "SSL_CTX_use_serverinfo"},
- {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO_FILE),
- "SSL_CTX_use_serverinfo_file"},
-+ {ERR_FUNC(SSL_F_SSL_DANE_DUP), "ssl_dane_dup"},
- {ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"},
- {ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"},
- {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
-+ {ERR_FUNC(SSL_F_SSL_DUP_CA_LIST), "SSL_dup_CA_list"},
- {ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"},
-- {ERR_FUNC(SSL_F_SSL_GET0_PEER_SCTS), "SSL_get0_peer_scts"},
- {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"},
- {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"},
- {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "ssl_get_server_cert_index"},
-- {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
-- {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "ssl_get_server_send_pkey"},
- {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"},
- {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "ssl_init_wbio_buffer"},
- {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-@@ -233,10 +174,6 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
- "ssl_parse_serverhello_use_srtp_ext"},
- {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
-- {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),
-- "ssl_prepare_clienthello_tlsext"},
-- {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),
-- "ssl_prepare_serverhello_tlsext"},
- {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
- {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT),
- "ssl_scan_clienthello_tlsext"},
-@@ -254,18 +191,16 @@ static ERR_STRING_DATA SSL_str_functs[]
- "SSL_set_ct_validation_callback"},
- {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
- {ERR_FUNC(SSL_F_SSL_SET_PKEY), "ssl_set_pkey"},
-- {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
- {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
- {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
-- {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
-- {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
-- {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
-+ {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
-+ "SSL_set_session_id_context"},
-+ {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
-+ "SSL_set_session_ticket_ext"},
- {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
- {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
- {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
- {ERR_FUNC(SSL_F_SSL_START_ASYNC_JOB), "ssl_start_async_job"},
-- {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),
-- "ssl_undefined_const_function"},
- {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "ssl_undefined_function"},
- {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
- "ssl_undefined_void_function"},
-@@ -277,8 +212,10 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
- {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
- {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
-- {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
-- {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
-+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
-+ "SSL_use_RSAPrivateKey_ASN1"},
-+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
-+ "SSL_use_RSAPrivateKey_file"},
- {ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"},
- {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
- {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-@@ -287,16 +224,10 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"},
- {ERR_FUNC(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS),
- "tls1_check_duplicate_extensions"},
-- {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),
-- "TLS1_CHECK_SERVERHELLO_TLSEXT"},
- {ERR_FUNC(SSL_F_TLS1_ENC), "tls1_enc"},
- {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),
- "tls1_export_keying_material"},
- {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "tls1_get_curvelist"},
-- {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),
-- "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
-- {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),
-- "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
- {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"},
- {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
- {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
-@@ -304,9 +235,17 @@ static ERR_STRING_DATA SSL_str_functs[]
- "tls_client_key_exchange_post_work"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
- "tls_construct_certificate_request"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_ECDHE), "tls_construct_cke_ecdhe"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_GOST), "tls_construct_cke_gost"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE),
-+ "tls_construct_cke_psk_preamble"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
- "tls_construct_client_certificate"},
-- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), "tls_construct_client_hello"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO),
-+ "tls_construct_client_hello"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),
- "tls_construct_client_key_exchange"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),
-@@ -317,7 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
- "tls_construct_server_certificate"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
-- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO), "tls_construct_server_hello"},
-+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO),
-+ "tls_construct_server_hello"},
- {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
- "tls_construct_server_key_exchange"},
- {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},
-@@ -334,6 +274,13 @@ static ERR_STRING_DATA SSL_str_functs[]
- {ERR_FUNC(SSL_F_TLS_PROCESS_CERT_VERIFY), "tls_process_cert_verify"},
- {ERR_FUNC(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC),
- "tls_process_change_cipher_spec"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_DHE), "tls_process_cke_dhe"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_ECDHE), "tls_process_cke_ecdhe"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_GOST), "tls_process_cke_gost"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE),
-+ "tls_process_cke_psk_preamble"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_RSA), "tls_process_cke_rsa"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_SRP), "tls_process_cke_srp"},
- {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE),
- "tls_process_client_certificate"},
- {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_HELLO), "tls_process_client_hello"},
-@@ -348,7 +295,13 @@ static ERR_STRING_DATA SSL_str_functs[]
- "tls_process_server_certificate"},
- {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"},
- {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"},
-- {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_DHE), "tls_process_ske_dhe"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_ECDHE), "tls_process_ske_ecdhe"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE),
-+ "tls_process_ske_psk_preamble"},
-+ {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_SRP), "tls_process_ske_srp"},
-+ {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE),
-+ "use_certificate_chain_file"},
- {0, NULL}
- };
-
-@@ -360,46 +313,25 @@ static ERR_STRING_DATA SSL_str_reasons[]
- "at least TLS 1.0 needed in FIPS mode"},
- {ERR_REASON(SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
- "at least (D)TLS 1.2 needed in Suite B mode"},
-- {ERR_REASON(SSL_R_BAD_ALERT_RECORD), "bad alert record"},
- {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
- {ERR_REASON(SSL_R_BAD_DATA), "bad data"},
- {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
- "bad data returned by callback"},
- {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
-- {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
-- {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
-- {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
-- {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
-- {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
-- {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
- {ERR_REASON(SSL_R_BAD_DH_VALUE), "bad dh value"},
- {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
-- {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
- {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
-- {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE), "bad ecdsa signature"},
- {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
- {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},
- {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
- {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},
-- {ERR_REASON(SSL_R_BAD_MAC_LENGTH), "bad mac length"},
-- {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE), "bad message type"},
- {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
- {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
- "bad protocol version number"},
-- {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),
-- "bad psk identity hint length"},
-- {ERR_REASON(SSL_R_BAD_RSA_DECRYPT), "bad rsa decrypt"},
- {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
-- {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH), "bad rsa e length"},
-- {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
-- {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE), "bad rsa signature"},
- {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
- {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
-- {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH), "bad srp b length"},
-- {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH), "bad srp g length"},
-- {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH), "bad srp n length"},
- {ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
-- {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH), "bad srp s length"},
- {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
- {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
- "bad srtp protection profile list"},
-@@ -407,14 +339,15 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
- {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
- {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
-- {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"},
-+ {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
-+ "block cipher pad is wrong"},
- {ERR_REASON(SSL_R_BN_LIB), "bn lib"},
- {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
-- {ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
- {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
- {ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
- {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
-- {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
-+ {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
-+ "certificate verify failed"},
- {ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
- {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
- {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
-@@ -427,7 +360,8 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
- {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
- "compression id not within private range"},
-- {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"},
-+ {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
-+ "compression library error"},
- {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
- {ERR_REASON(SSL_R_CONTEXT_NOT_DANE_ENABLED), "context not dane enabled"},
- {ERR_REASON(SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
-@@ -439,10 +373,12 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
- "dane cannot override mtype full"},
- {ERR_REASON(SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
-- {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE), "dane tlsa bad certificate"},
-+ {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE),
-+ "dane tlsa bad certificate"},
- {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE),
- "dane tlsa bad certificate usage"},
-- {ERR_REASON(SSL_R_DANE_TLSA_BAD_DATA_LENGTH), "dane tlsa bad data length"},
-+ {ERR_REASON(SSL_R_DANE_TLSA_BAD_DATA_LENGTH),
-+ "dane tlsa bad data length"},
- {ERR_REASON(SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
- "dane tlsa bad digest length"},
- {ERR_REASON(SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
-@@ -462,21 +398,14 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
- {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
- {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
-- {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),
-- "ecc cert not for key agreement"},
- {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
-- {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),
-- "ecc cert should have rsa signature"},
-- {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),
-- "ecc cert should have sha1 signature"},
- {ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),
- "ecdh required for suiteb mode"},
-- {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),
-- "ecgroup too large for cipher"},
- {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
- {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
- "empty srtp protection profile list"},
-- {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
-+ {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
-+ "encrypted length too long"},
- {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
- "error in received cipher list"},
- {ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
-@@ -486,10 +415,6 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"},
- {ERR_REASON(SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"},
- {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
-- {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),
-- "got next proto before a ccs"},
-- {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),
-- "got next proto without seeing extension"},
- {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
- {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
- {ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"},
-@@ -504,24 +429,18 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE),
- "invalid ct validation type"},
- {ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"},
-- {ERR_REASON(SSL_R_INVALID_PURPOSE), "invalid purpose"},
- {ERR_REASON(SSL_R_INVALID_SEQUENCE_NUMBER), "invalid sequence number"},
- {ERR_REASON(SSL_R_INVALID_SERVERINFO_DATA), "invalid serverinfo data"},
- {ERR_REASON(SSL_R_INVALID_SRP_USERNAME), "invalid srp username"},
- {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
- {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
- "invalid ticket keys length"},
-- {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"},
- {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
- {ERR_REASON(SSL_R_LENGTH_TOO_LONG), "length too long"},
- {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
- {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},
- {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
-- {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT), "missing dh dsa cert"},
-- {ERR_REASON(SSL_R_MISSING_DH_KEY), "missing dh key"},
-- {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT), "missing dh rsa cert"},
- {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
-- {ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"},
- {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
- "missing ecdsa signing cert"},
- {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
-@@ -531,18 +450,13 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
- {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
- {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
-- {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
-- {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"},
- {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
- {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
-- {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
- {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
- {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},
-- {ERR_REASON(SSL_R_NO_CIPHERS_PASSED), "no ciphers passed"},
- {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},
- {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},
- {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"},
-- {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
- {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
- {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
- "Peer haven't sent GOST certificate, required for selected ciphersuite"},
-@@ -553,19 +467,18 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
- {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
- {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
-- {ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
-- "no shared sigature algorithms"},
-+ {ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
-+ "no shared signature algorithms"},
- {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
- {ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"},
-- {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"},
-- {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK), "no verify cookie callback"},
-+ {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK),
-+ "no verify cookie callback"},
- {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"},
- {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
- {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
- "old session cipher not returned"},
- {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
- "old session compression algorithm not returned"},
-- {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque prf input too long"},
- {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
- {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
- {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
-@@ -574,7 +487,6 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"},
- {ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
- {ERR_REASON(SSL_R_PIPELINE_FAILURE), "pipeline failure"},
-- {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
- {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
- {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
- {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
-@@ -582,22 +494,20 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
- {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
- {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
-- {ERR_REASON(SSL_R_RECORD_TOO_LARGE), "record too large"},
- {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"},
- {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
- {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),
- "renegotiation encoding err"},
- {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
- {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
-- {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),
-- "required compresssion algorithm missing"},
-+ {ERR_REASON(SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING),
-+ "required compression algorithm missing"},
- {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
- "scsv received when renegotiating"},
- {ERR_REASON(SSL_R_SCT_VERIFICATION_FAILED), "sct verification failed"},
- {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
- {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
- "session id context uninitialized"},
-- {ERR_REASON(SSL_R_SET_FAILED), "set failed"},
- {ERR_REASON(SSL_R_SHUTDOWN_WHILE_IN_INIT), "shutdown while in init"},
- {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
- "signature algorithms error"},
-@@ -610,15 +520,35 @@ static ERR_STRING_DATA SSL_str_reasons[]
- "srtp protection profile list too long"},
- {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
- "srtp unknown protection profile"},
-- {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),
-- "ssl3 ext invalid ecpointformat"},
- {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),
- "ssl3 ext invalid servername"},
- {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
- "ssl3 ext invalid servername type"},
- {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
-- {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
-- {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY), "ssl command section empty"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
-+ "sslv3 alert bad certificate"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
-+ "sslv3 alert bad record mac"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
-+ "sslv3 alert certificate expired"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
-+ "sslv3 alert certificate revoked"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
-+ "sslv3 alert certificate unknown"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
-+ "sslv3 alert decompression failure"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
-+ "sslv3 alert handshake failure"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
-+ "sslv3 alert illegal parameter"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
-+ "sslv3 alert no certificate"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
-+ "sslv3 alert unexpected message"},
-+ {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
-+ "sslv3 alert unsupported certificate"},
-+ {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY),
-+ "ssl command section empty"},
- {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
- "ssl command section not found"},
- {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
-@@ -638,8 +568,39 @@ static ERR_STRING_DATA SSL_str_reasons[]
- "ssl session id has bad length"},
- {ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
- "ssl session version mismatch"},
-- {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),
-- "tls client cert req with anon cipher"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
-+ "tlsv1 alert access denied"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
-+ "tlsv1 alert decryption failed"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
-+ "tlsv1 alert decrypt error"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
-+ "tlsv1 alert export restriction"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
-+ "tlsv1 alert inappropriate fallback"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
-+ "tlsv1 alert insufficient security"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
-+ "tlsv1 alert internal error"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
-+ "tlsv1 alert no renegotiation"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
-+ "tlsv1 alert protocol version"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
-+ "tlsv1 alert record overflow"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
-+ {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
-+ "tlsv1 alert user cancelled"},
-+ {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
-+ "tlsv1 bad certificate hash value"},
-+ {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
-+ "tlsv1 bad certificate status response"},
-+ {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
-+ "tlsv1 certificate unobtainable"},
-+ {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
-+ {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
-+ "tlsv1 unsupported extension"},
- {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
- "peer does not accept heartbeats"},
- {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
-@@ -648,20 +609,10 @@ static ERR_STRING_DATA SSL_str_reasons[]
- "tls illegal exporter label"},
- {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
- "tls invalid ecpointformat list"},
-- {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
-- "tls peer did not respond with certificate list"},
-- {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
-- "tls rsa encrypted value length is wrong"},
-- {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
-- {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
-- "unable to decode ecdh certs"},
-- {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
-- "unable to find dh parameters"},
- {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
- "unable to find ecdh parameters"},
- {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
- "unable to find public key parameters"},
-- {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"},
- {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
- "unable to load ssl3 md5 routines"},
- {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
-@@ -676,18 +627,16 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
- {ERR_REASON(SSL_R_UNKNOWN_COMMAND), "unknown command"},
- {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
-- {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"},
-+ {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
-+ "unknown key exchange type"},
- {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
- {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
-- {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"},
- {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
- {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
- {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
- "unsafe legacy renegotiation disabled"},
-- {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
- {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
- "unsupported compression algorithm"},
-- {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
- {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
- "unsupported elliptic curve"},
- {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
-@@ -699,7 +648,6 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_WRONG_CERTIFICATE_TYPE), "wrong certificate type"},
- {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
- {ERR_REASON(SSL_R_WRONG_CURVE), "wrong curve"},
-- {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE), "wrong message type"},
- {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
- {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
- {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
-@@ -713,7 +661,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
-
- #endif
-
--void ERR_load_SSL_strings(void)
-+int ERR_load_SSL_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -722,4 +670,5 @@ void ERR_load_SSL_strings(void)
- ERR_load_strings(0, SSL_str_reasons);
- }
- #endif
-+ return 1;
- }
---- a/ssl/ssl_init.c
-+++ b/ssl/ssl_init.c
-@@ -1,68 +1,20 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "e_os.h"
-
--#include "internal/threads.h"
- #include "internal/err.h"
- #include <openssl/crypto.h>
- #include <openssl/evp.h>
- #include <assert.h>
- #include "ssl_locl.h"
-+#include "internal/thread_once.h"
-
- static int stopped;
-
-@@ -70,7 +22,7 @@ static void ssl_library_stop(void);
-
- static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT;
- static int ssl_base_inited = 0;
--static void ossl_init_ssl_base(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
- {
- #ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-@@ -157,11 +109,12 @@ static void ossl_init_ssl_base(void)
- */
- OPENSSL_atexit(ssl_library_stop);
- ssl_base_inited = 1;
-+ return 1;
- }
-
- static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
- static int ssl_strings_inited = 0;
--static void ossl_init_load_ssl_strings(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
- {
- /*
- * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
-@@ -175,12 +128,13 @@ static void ossl_init_load_ssl_strings(v
- ERR_load_SSL_strings();
- #endif
- ssl_strings_inited = 1;
-+ return 1;
- }
-
--static void ossl_init_no_load_ssl_strings(void)
-+DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings)
- {
- /* Do nothing in this case */
-- return;
-+ return 1;
- }
-
- static void ssl_library_stop(void)
-@@ -242,17 +196,15 @@ int OPENSSL_init_ssl(uint64_t opts, cons
- | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
- return 0;
-
-- if (!CRYPTO_THREAD_run_once(&ssl_base, ossl_init_ssl_base))
-+ if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
- return 0;
-
- if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
-- && !CRYPTO_THREAD_run_once(&ssl_strings,
-- ossl_init_no_load_ssl_strings))
-+ && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
- return 0;
-
- if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
-- && !CRYPTO_THREAD_run_once(&ssl_strings,
-- ossl_init_load_ssl_strings))
-+ && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
- return 0;
-
- return 1;
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -1,115 +1,12 @@
- /*
-- * ! \file ssl/ssl_lib.c \brief Version independent SSL functions.
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -211,10 +108,14 @@ static int dane_ctx_enable(struct dane_c
- int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */
- size_t i;
-
-+ if (dctx->mdevp != NULL)
-+ return 1;
-+
- mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
- mdord = OPENSSL_zalloc(n * sizeof(*mdord));
-
- if (mdord == NULL || mdevp == NULL) {
-+ OPENSSL_free(mdord);
- OPENSSL_free(mdevp);
- SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
- return 0;
-@@ -284,10 +185,19 @@ static int ssl_dane_dup(SSL *to, SSL *fr
- return 1;
-
- dane_final(&to->dane);
-+ to->dane.flags = from->dane.flags;
-+ to->dane.dctx = &to->ctx->dane;
-+ to->dane.trecs = sk_danetls_record_new_null();
-+
-+ if (to->dane.trecs == NULL) {
-+ SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-
- num = sk_danetls_record_num(from->dane.trecs);
- for (i = 0; i < num; ++i) {
- danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
-+
- if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
- t->data, t->dlen) <= 0)
- return 0;
-@@ -363,6 +273,7 @@ static int dane_tlsa_add(
- const EVP_MD *md = NULL;
- int ilen = (int)dlen;
- int i;
-+ int num;
-
- if (dane->trecs == NULL) {
- SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
-@@ -495,8 +406,10 @@ static int dane_tlsa_add(
- * The choice of order for the selector is not significant, so we
- * use the same descending order for consistency.
- */
-- for (i = 0; i < sk_danetls_record_num(dane->trecs); ++i) {
-+ num = sk_danetls_record_num(dane->trecs);
-+ for (i = 0; i < num; ++i) {
- danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
-+
- if (rec->usage > usage)
- continue;
- if (rec->usage < usage)
-@@ -633,6 +546,7 @@ SSL *SSL_new(SSL_CTX *ctx)
- RECORD_LAYER_init(&s->rlayer, s);
-
- s->options = ctx->options;
-+ s->dane.flags = ctx->dane.flags;
- s->min_proto_version = ctx->min_proto_version;
- s->max_proto_version = ctx->max_proto_version;
- s->mode = ctx->mode;
-@@ -681,7 +595,7 @@ SSL *SSL_new(SSL_CTX *ctx)
- s->tlsext_debug_cb = 0;
- s->tlsext_debug_arg = NULL;
- s->tlsext_ticket_expected = 0;
-- s->tlsext_status_type = -1;
-+ s->tlsext_status_type = ctx->tlsext_status_type;
- s->tlsext_status_expected = 0;
- s->tlsext_ocsp_ids = NULL;
- s->tlsext_ocsp_exts = NULL;
-@@ -739,7 +653,8 @@ SSL *SSL_new(SSL_CTX *ctx)
- if (!SSL_clear(s))
- goto err;
-
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
-+ goto err;
-
- #ifndef OPENSSL_NO_PSK
- s->psk_client_callback = ctx->psk_client_callback;
-@@ -761,10 +676,21 @@ SSL *SSL_new(SSL_CTX *ctx)
- return NULL;
- }
-
--void SSL_up_ref(SSL *s)
-+int SSL_is_dtls(const SSL *s)
-+{
-+ return SSL_IS_DTLS(s) ? 1 : 0;
-+}
-+
-+int SSL_up_ref(SSL *s)
- {
- int i;
-- CRYPTO_atomic_add(&s->references, 1, &i, s->lock);
-+
-+ if (CRYPTO_atomic_add(&s->references, 1, &i, s->lock) <= 0)
-+ return 0;
-+
-+ REF_PRINT_COUNT("SSL", s);
-+ REF_ASSERT_ISNT(i < 2);
-+ return ((i > 1) ? 1 : 0);
- }
-
- int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-@@ -830,9 +756,9 @@ int SSL_has_matching_session_id(const SS
- r.session_id_length = id_len;
- memcpy(r.session_id, id, id_len);
-
-- CRYPTO_THREAD_read_lock(ssl->ctx->lock);
-- p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
-- CRYPTO_THREAD_unlock(ssl->ctx->lock);
-+ CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
-+ p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
-+ CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
- return (p != NULL);
- }
-
-@@ -881,6 +807,22 @@ int SSL_CTX_dane_enable(SSL_CTX *ctx)
- return dane_ctx_enable(&ctx->dane);
- }
-
-+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
-+{
-+ unsigned long orig = ctx->dane.flags;
-+
-+ ctx->dane.flags |= flags;
-+ return orig;
-+}
-+
-+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
-+{
-+ unsigned long orig = ctx->dane.flags;
-+
-+ ctx->dane.flags &= ~flags;
-+ return orig;
-+}
-+
- int SSL_dane_enable(SSL *s, const char *basedomain)
- {
- SSL_DANE *dane = &s->dane;
-@@ -900,9 +842,9 @@ int SSL_dane_enable(SSL *s, const char *
- * invalid input, set the SNI name first.
- */
- if (s->tlsext_hostname == NULL) {
-- if (!SSL_set_tlsext_host_name(s, basedomain)) {
-+ if (!SSL_set_tlsext_host_name(s, basedomain)) {
- SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
-- return -1;
-+ return -1;
- }
- }
-
-@@ -924,6 +866,22 @@ int SSL_dane_enable(SSL *s, const char *
- return 1;
- }
-
-+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
-+{
-+ unsigned long orig = ssl->dane.flags;
-+
-+ ssl->dane.flags |= flags;
-+ return orig;
-+}
-+
-+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
-+{
-+ unsigned long orig = ssl->dane.flags;
-+
-+ ssl->dane.flags &= ~flags;
-+ return orig;
-+}
-+
- int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
- {
- SSL_DANE *dane = &s->dane;
-@@ -1019,17 +977,10 @@ void SSL_free(SSL *s)
- dane_final(&s->dane);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-- if (s->bbio != NULL) {
-- /* If the buffering BIO is in place, pop it off */
-- if (s->bbio == s->wbio) {
-- s->wbio = BIO_pop(s->wbio);
-- }
-- BIO_free(s->bbio);
-- s->bbio = NULL;
-- }
-+ ssl_free_wbio_buffer(s);
-+
-+ BIO_free_all(s->wbio);
- BIO_free_all(s->rbio);
-- if (s->wbio != s->rbio)
-- BIO_free_all(s->wbio);
-
- BUF_MEM_free(s->init_buf);
-
-@@ -1091,48 +1042,88 @@ void SSL_free(SSL *s)
- OPENSSL_free(s);
- }
-
--void SSL_set_rbio(SSL *s, BIO *rbio)
-+void SSL_set0_rbio(SSL *s, BIO *rbio)
- {
-- if (s->rbio != rbio)
-- BIO_free_all(s->rbio);
-+ BIO_free_all(s->rbio);
- s->rbio = rbio;
- }
-
--void SSL_set_wbio(SSL *s, BIO *wbio)
-+void SSL_set0_wbio(SSL *s, BIO *wbio)
- {
- /*
- * If the output buffering BIO is still in place, remove it
- */
-- if (s->bbio != NULL) {
-- if (s->wbio == s->bbio) {
-- s->wbio = BIO_next(s->wbio);
-- BIO_set_next(s->bbio, NULL);
-- }
-- }
-- if (s->wbio != wbio && s->rbio != s->wbio)
-- BIO_free_all(s->wbio);
-+ if (s->bbio != NULL)
-+ s->wbio = BIO_pop(s->wbio);
-+
-+ BIO_free_all(s->wbio);
- s->wbio = wbio;
-+
-+ /* Re-attach |bbio| to the new |wbio|. */
-+ if (s->bbio != NULL)
-+ s->wbio = BIO_push(s->bbio, s->wbio);
- }
-
- void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
- {
-- SSL_set_wbio(s, wbio);
-- SSL_set_rbio(s, rbio);
-+ /*
-+ * For historical reasons, this function has many different cases in
-+ * ownership handling.
-+ */
-+
-+ /* If nothing has changed, do nothing */
-+ if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
-+ return;
-+
-+ /*
-+ * If the two arguments are equal then one fewer reference is granted by the
-+ * caller than we want to take
-+ */
-+ if (rbio != NULL && rbio == wbio)
-+ BIO_up_ref(rbio);
-+
-+ /*
-+ * If only the wbio is changed only adopt one reference.
-+ */
-+ if (rbio == SSL_get_rbio(s)) {
-+ SSL_set0_wbio(s, wbio);
-+ return;
-+ }
-+ /*
-+ * There is an asymmetry here for historical reasons. If only the rbio is
-+ * changed AND the rbio and wbio were originally different, then we only
-+ * adopt one reference.
-+ */
-+ if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
-+ SSL_set0_rbio(s, rbio);
-+ return;
-+ }
-+
-+ /* Otherwise, adopt both references. */
-+ SSL_set0_rbio(s, rbio);
-+ SSL_set0_wbio(s, wbio);
- }
-
- BIO *SSL_get_rbio(const SSL *s)
- {
-- return (s->rbio);
-+ return s->rbio;
- }
-
- BIO *SSL_get_wbio(const SSL *s)
- {
-- return (s->wbio);
-+ if (s->bbio != NULL) {
-+ /*
-+ * If |bbio| is active, the true caller-configured BIO is its
-+ * |next_bio|.
-+ */
-+ return BIO_next(s->bbio);
-+ }
-+ return s->wbio;
- }
-
- int SSL_get_fd(const SSL *s)
- {
-- return (SSL_get_rfd(s));
-+ return SSL_get_rfd(s);
- }
-
- int SSL_get_rfd(const SSL *s)
-@@ -1180,46 +1171,45 @@ int SSL_set_fd(SSL *s, int fd)
-
- int SSL_set_wfd(SSL *s, int fd)
- {
-- int ret = 0;
-- BIO *bio = NULL;
-+ BIO *rbio = SSL_get_rbio(s);
-
-- if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
-- || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
-- bio = BIO_new(BIO_s_socket());
-+ if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
-+ || (int)BIO_get_fd(rbio, NULL) != fd) {
-+ BIO *bio = BIO_new(BIO_s_socket());
-
- if (bio == NULL) {
- SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
-- goto err;
-+ return 0;
- }
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-- SSL_set_bio(s, SSL_get_rbio(s), bio);
-- } else
-- SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
-- ret = 1;
-- err:
-- return (ret);
-+ SSL_set0_wbio(s, bio);
-+ } else {
-+ BIO_up_ref(rbio);
-+ SSL_set0_wbio(s, rbio);
-+ }
-+ return 1;
- }
-
- int SSL_set_rfd(SSL *s, int fd)
- {
-- int ret = 0;
-- BIO *bio = NULL;
-+ BIO *wbio = SSL_get_wbio(s);
-
-- if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
-- || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
-- bio = BIO_new(BIO_s_socket());
-+ if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
-+ || ((int)BIO_get_fd(wbio, NULL) != fd)) {
-+ BIO *bio = BIO_new(BIO_s_socket());
-
- if (bio == NULL) {
- SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
-- goto err;
-+ return 0;
- }
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-- SSL_set_bio(s, bio, SSL_get_wbio(s));
-- } else
-- SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
-- ret = 1;
-- err:
-- return (ret);
-+ SSL_set0_rbio(s, bio);
-+ } else {
-+ BIO_up_ref(wbio);
-+ SSL_set0_rbio(s, wbio);
-+ }
-+
-+ return 1;
- }
- #endif
-
-@@ -1435,7 +1425,7 @@ int SSL_check_private_key(const SSL *ssl
-
- int SSL_waiting_for_async(SSL *s)
- {
-- if(s->job)
-+ if (s->job)
- return 1;
-
- return 0;
-@@ -1494,7 +1484,7 @@ static int ssl_start_async_job(SSL *s, s
- if (s->waitctx == NULL)
- return -1;
- }
-- switch(ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
-+ switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
- sizeof(struct ssl_async_args))) {
- case ASYNC_ERR:
- s->rwstate = SSL_NOTHING;
-@@ -1503,6 +1493,9 @@ static int ssl_start_async_job(SSL *s, s
- case ASYNC_PAUSE:
- s->rwstate = SSL_ASYNC_PAUSED;
- return -1;
-+ case ASYNC_NO_JOBS:
-+ s->rwstate = SSL_ASYNC_NO_JOBS;
-+ return -1;
- case ASYNC_FINISH:
- s->job = NULL;
- return ret;
-@@ -1548,7 +1541,7 @@ int SSL_read(SSL *s, void *buf, int num)
- return (0);
- }
-
-- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
-+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
- struct ssl_async_args args;
-
- args.s = s;
-@@ -1573,7 +1566,7 @@ int SSL_peek(SSL *s, void *buf, int num)
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
- return (0);
- }
-- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
-+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
- struct ssl_async_args args;
-
- args.s = s;
-@@ -1601,7 +1594,7 @@ int SSL_write(SSL *s, const void *buf, i
- return (-1);
- }
-
-- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
-+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
- struct ssl_async_args args;
-
- args.s = s;
-@@ -1631,7 +1624,7 @@ int SSL_shutdown(SSL *s)
- }
-
- if (!SSL_in_init(s)) {
-- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
-+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
- struct ssl_async_args args;
-
- args.s = s;
-@@ -1743,8 +1736,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg
- }
- case SSL_CTRL_GET_EXTMS_SUPPORT:
- if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
-- return -1;
-- if (s->session->flags & SSL_SESS_FLAG_EXTMS)
-+ return -1;
-+ if (s->session->flags & SSL_SESS_FLAG_EXTMS)
- return 1;
- else
- return 0;
-@@ -1862,7 +1855,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd,
- return 0;
- ctx->max_send_fragment = larg;
- if (ctx->max_send_fragment < ctx->split_send_fragment)
-- ctx->split_send_fragment = ctx->split_send_fragment;
-+ ctx->split_send_fragment = ctx->max_send_fragment;
- return 1;
- case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
- if ((unsigned int)larg > ctx->max_send_fragment || larg == 0)
-@@ -2117,7 +2110,7 @@ int SSL_get_servername_type(const SSL *s
- * is indicated to the callback. In this case, the client application has to
- * abort the connection or have a default application level protocol. 2) If
- * the server supports NPN, but advertises an empty list then the client
-- * selects the first protcol in its list, but indicates via the API that this
-+ * selects the first protocol in its list, but indicates via the API that this
- * fallback case was enacted. 3) Otherwise, the client finds the first
- * protocol in the server's list that it supports and selects this protocol.
- * This is because it's assumed that the server has better information about
-@@ -2429,7 +2422,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
- goto err;
-
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
-+ goto err;
-
- /* No compression for DTLS */
- if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
-@@ -2438,10 +2432,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
- ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
-
-- /* Setup RFC4507 ticket keys */
-- if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
-- || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
-- || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
-+ /* Setup RFC5077 ticket keys */
-+ if ((RAND_bytes(ret->tlsext_tick_key_name, sizeof(ret->tlsext_tick_key_name)) <= 0)
-+ || (RAND_bytes(ret->tlsext_tick_hmac_key, sizeof(ret->tlsext_tick_hmac_key)) <= 0)
-+ || (RAND_bytes(ret->tlsext_tick_aes_key, sizeof(ret->tlsext_tick_aes_key)) <= 0))
- ret->options |= SSL_OP_NO_TICKET;
-
- #ifndef OPENSSL_NO_SRP
-@@ -2479,6 +2473,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- */
- ret->options |= SSL_OP_NO_COMPRESSION;
-
-+ ret->tlsext_status_type = -1;
-+
- return ret;
- err:
- SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
-@@ -2487,10 +2483,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- return NULL;
- }
-
--void SSL_CTX_up_ref(SSL_CTX *ctx)
-+int SSL_CTX_up_ref(SSL_CTX *ctx)
- {
- int i;
-- CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock);
-+
-+ if (CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock) <= 0)
-+ return 0;
-+
-+ REF_PRINT_COUNT("SSL_CTX", ctx);
-+ REF_ASSERT_ISNT(i < 2);
-+ return ((i > 1) ? 1 : 0);
- }
-
- void SSL_CTX_free(SSL_CTX *a)
-@@ -2925,56 +2927,65 @@ int SSL_get_error(const SSL *s, int i)
- return (SSL_ERROR_SSL);
- }
-
-- if ((i < 0) && SSL_want_read(s)) {
-- bio = SSL_get_rbio(s);
-- if (BIO_should_read(bio))
-- return (SSL_ERROR_WANT_READ);
-- else if (BIO_should_write(bio))
-- /*
-- * This one doesn't make too much sense ... We never try to write
-- * to the rbio, and an application program where rbio and wbio
-- * are separate couldn't even know what it should wait for.
-- * However if we ever set s->rwstate incorrectly (so that we have
-- * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
-- * wbio *are* the same, this test works around that bug; so it
-- * might be safer to keep it.
-- */
-- return (SSL_ERROR_WANT_WRITE);
-- else if (BIO_should_io_special(bio)) {
-- reason = BIO_get_retry_reason(bio);
-- if (reason == BIO_RR_CONNECT)
-- return (SSL_ERROR_WANT_CONNECT);
-- else if (reason == BIO_RR_ACCEPT)
-- return (SSL_ERROR_WANT_ACCEPT);
-- else
-- return (SSL_ERROR_SYSCALL); /* unknown */
-+ if (i < 0) {
-+ if (SSL_want_read(s)) {
-+ bio = SSL_get_rbio(s);
-+ if (BIO_should_read(bio))
-+ return (SSL_ERROR_WANT_READ);
-+ else if (BIO_should_write(bio))
-+ /*
-+ * This one doesn't make too much sense ... We never try to write
-+ * to the rbio, and an application program where rbio and wbio
-+ * are separate couldn't even know what it should wait for.
-+ * However if we ever set s->rwstate incorrectly (so that we have
-+ * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
-+ * wbio *are* the same, this test works around that bug; so it
-+ * might be safer to keep it.
-+ */
-+ return (SSL_ERROR_WANT_WRITE);
-+ else if (BIO_should_io_special(bio)) {
-+ reason = BIO_get_retry_reason(bio);
-+ if (reason == BIO_RR_CONNECT)
-+ return (SSL_ERROR_WANT_CONNECT);
-+ else if (reason == BIO_RR_ACCEPT)
-+ return (SSL_ERROR_WANT_ACCEPT);
-+ else
-+ return (SSL_ERROR_SYSCALL); /* unknown */
-+ }
- }
-- }
-
-- if ((i < 0) && SSL_want_write(s)) {
-- bio = SSL_get_wbio(s);
-- if (BIO_should_write(bio))
-- return (SSL_ERROR_WANT_WRITE);
-- else if (BIO_should_read(bio))
-+ if (SSL_want_write(s)) {
- /*
-- * See above (SSL_want_read(s) with BIO_should_write(bio))
-+ * Access wbio directly - in order to use the buffered bio if
-+ * present
- */
-- return (SSL_ERROR_WANT_READ);
-- else if (BIO_should_io_special(bio)) {
-- reason = BIO_get_retry_reason(bio);
-- if (reason == BIO_RR_CONNECT)
-- return (SSL_ERROR_WANT_CONNECT);
-- else if (reason == BIO_RR_ACCEPT)
-- return (SSL_ERROR_WANT_ACCEPT);
-- else
-- return (SSL_ERROR_SYSCALL);
-+ bio = s->wbio;
-+ if (BIO_should_write(bio))
-+ return (SSL_ERROR_WANT_WRITE);
-+ else if (BIO_should_read(bio))
-+ /*
-+ * See above (SSL_want_read(s) with BIO_should_write(bio))
-+ */
-+ return (SSL_ERROR_WANT_READ);
-+ else if (BIO_should_io_special(bio)) {
-+ reason = BIO_get_retry_reason(bio);
-+ if (reason == BIO_RR_CONNECT)
-+ return (SSL_ERROR_WANT_CONNECT);
-+ else if (reason == BIO_RR_ACCEPT)
-+ return (SSL_ERROR_WANT_ACCEPT);
-+ else
-+ return (SSL_ERROR_SYSCALL);
-+ }
-+ }
-+ if (SSL_want_x509_lookup(s)) {
-+ return (SSL_ERROR_WANT_X509_LOOKUP);
-+ }
-+ if (SSL_want_async(s)) {
-+ return SSL_ERROR_WANT_ASYNC;
-+ }
-+ if (SSL_want_async_job(s)) {
-+ return SSL_ERROR_WANT_ASYNC_JOB;
- }
-- }
-- if ((i < 0) && SSL_want_x509_lookup(s)) {
-- return (SSL_ERROR_WANT_X509_LOOKUP);
-- }
-- if ((i < 0) && SSL_want_async(s)) {
-- return SSL_ERROR_WANT_ASYNC;
- }
-
- if (i == 0) {
-@@ -3008,7 +3019,7 @@ int SSL_do_handshake(SSL *s)
- s->method->ssl_renegotiate_check(s);
-
- if (SSL_in_init(s) || SSL_in_before(s)) {
-- if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
-+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
- struct ssl_async_args args;
-
- args.s = s;
-@@ -3135,7 +3146,8 @@ SSL *SSL_dup(SSL *s)
- goto err;
- }
-
-- ssl_dane_dup(ret, s);
-+ if (!ssl_dane_dup(ret, s))
-+ goto err;
- ret->version = s->version;
- ret->options = s->options;
- ret->mode = s->mode;
-@@ -3162,8 +3174,10 @@ SSL *SSL_dup(SSL *s)
- if (s->wbio != s->rbio) {
- if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
- goto err;
-- } else
-+ } else {
-+ BIO_up_ref(ret->rbio);
- ret->wbio = ret->rbio;
-+ }
- }
-
- ret->server = s->server;
-@@ -3286,34 +3300,25 @@ const COMP_METHOD *SSL_get_current_expan
- #endif
- }
-
--int ssl_init_wbio_buffer(SSL *s, int push)
-+int ssl_init_wbio_buffer(SSL *s)
- {
- BIO *bbio;
-
-- if (s->bbio == NULL) {
-- bbio = BIO_new(BIO_f_buffer());
-- if (bbio == NULL)
-- return (0);
-- s->bbio = bbio;
-- } else {
-- bbio = s->bbio;
-- if (s->bbio == s->wbio)
-- s->wbio = BIO_pop(s->wbio);
-- }
-- (void)BIO_reset(bbio);
--/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-- if (!BIO_set_read_buffer_size(bbio, 1)) {
-- SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
-- return (0);
-+ if (s->bbio != NULL) {
-+ /* Already buffered. */
-+ return 1;
- }
-- if (push) {
-- if (s->wbio != bbio)
-- s->wbio = BIO_push(bbio, s->wbio);
-- } else {
-- if (s->wbio == bbio)
-- s->wbio = BIO_pop(bbio);
-+
-+ bbio = BIO_new(BIO_f_buffer());
-+ if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
-+ BIO_free(bbio);
-+ SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
-+ return 0;
- }
-- return (1);
-+ s->bbio = bbio;
-+ s->wbio = BIO_push(bbio, s->wbio);
-+
-+ return 1;
- }
-
- void ssl_free_wbio_buffer(SSL *s)
-@@ -3322,11 +3327,8 @@ void ssl_free_wbio_buffer(SSL *s)
- if (s->bbio == NULL)
- return;
-
-- if (s->bbio == s->wbio) {
-- /* remove buffering */
-- s->wbio = BIO_pop(s->wbio);
-- assert(s->wbio != NULL);
-- }
-+ s->wbio = BIO_pop(s->wbio);
-+ assert(s->wbio != NULL);
- BIO_free(s->bbio);
- s->bbio = NULL;
- }
-@@ -3358,17 +3360,22 @@ void SSL_set_shutdown(SSL *s, int mode)
-
- int SSL_get_shutdown(const SSL *s)
- {
-- return (s->shutdown);
-+ return s->shutdown;
- }
-
- int SSL_version(const SSL *s)
- {
-- return (s->version);
-+ return s->version;
-+}
-+
-+int SSL_client_version(const SSL *s)
-+{
-+ return s->client_version;
- }
-
- SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
- {
-- return (ssl->ctx);
-+ return ssl->ctx;
- }
-
- SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
-@@ -3709,7 +3716,7 @@ void SSL_set_not_resumable_session_callb
-
- /*
- * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
-- * vairable, freeing EVP_MD_CTX previously stored in that variable, if any.
-+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
- * allocated ctx;
- */
-@@ -3921,7 +3928,7 @@ static int ct_move_scts(STACK_OF(SCT) **
- err:
- if (sct != NULL)
- sk_SCT_push(src, sct); /* Put the SCT back */
-- return scts_moved;
-+ return -1;
- }
-
- /*
-@@ -4179,7 +4186,7 @@ int ssl_validate_ct(SSL *s)
- * value is negative.
- *
- * XXX: One might well argue that the return value of this function is an
-- * unforunate design choice. Its job is only to determine the validation
-+ * unfortunate design choice. Its job is only to determine the validation
- * status of each of the provided SCTs. So long as it correctly separates
- * the wheat from the chaff it should return success. Failure in this case
- * ought to correspond to an inability to carry out its duties.
-@@ -4195,6 +4202,23 @@ int ssl_validate_ct(SSL *s)
-
- end:
- CT_POLICY_EVAL_CTX_free(ctx);
-+ /*
-+ * With SSL_VERIFY_NONE the session may be cached and re-used despite a
-+ * failure return code here. Also the application may wish the complete
-+ * the handshake, and then disconnect cleanly at a higher layer, after
-+ * checking the verification status of the completed connection.
-+ *
-+ * We therefore force a certificate verification failure which will be
-+ * visible via SSL_get_verify_result() and cached as part of any resumed
-+ * session.
-+ *
-+ * Note: the permissive callback is for information gathering only, always
-+ * returns success, and does not affect verification status. Only the
-+ * strict callback or a custom application-specified callback can trigger
-+ * connection failure or record a verification error.
-+ */
-+ if (ret <= 0)
-+ s->verify_result = X509_V_ERR_NO_VALID_SCTS;
- return ret;
- }
-
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -147,6 +47,9 @@
- # include <errno.h>
-
- # include "e_os.h"
-+# if defined(__unix) || defined(__unix__)
-+# include <sys/time.h> /* struct timeval for DTLS */
-+# endif
-
- # include <openssl/buffer.h>
- # include <openssl/comp.h>
-@@ -238,18 +141,18 @@
- } \
- }
-
--# define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
-- (((unsigned int)(c[1])) )),c+=2)
--# define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
-- c[1]=(unsigned char)(((s) )&0xff)),c+=2)
--
--# define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
-- (((unsigned long)(c[1]))<< 8)| \
-- (((unsigned long)(c[2])) )),c+=3)
--
--# define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
-- c[1]=(unsigned char)(((l)>> 8)&0xff), \
-- c[2]=(unsigned char)(((l) )&0xff)),c+=3)
-+# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \
-+ (((unsigned int)((c)[1])) )),(c)+=2)
-+# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
-+ (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2)
-+
-+# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \
-+ (((unsigned long)((c)[1]))<< 8)| \
-+ (((unsigned long)((c)[2])) )),(c)+=3)
-+
-+# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
-+ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
-+ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3)
-
- #define DTLS_VERSION_GT(v1, v2) ((v1) < (v2))
- #define DTLS_VERSION_GE(v1, v2) ((v1) <= (v2))
-@@ -453,12 +356,14 @@
- # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \
- ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
- (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
-+/*
-+ * Determine if a client should send signature algorithms extension:
-+ * as with TLS1.2 cipher we can't rely on method flags.
-+ */
-+# define SSL_CLIENT_USE_SIGALGS(s) \
-+ SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
-
--# ifdef TLSEXT_TYPE_encrypt_then_mac
- # define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
--# else
--# define SSL_USE_ETM(s) (0)
--# endif
-
- /* Mostly for SSLv3 */
- # define SSL_PKEY_RSA_ENC 0
-@@ -677,6 +582,8 @@ DEFINE_LHASH_OF(SSL_SESSION);
- /* Needed in ssl_cert.c */
- DEFINE_LHASH_OF(X509_NAME);
-
-+#define TLSEXT_KEYNAME_LENGTH 16
-+
- struct ssl_ctx_st {
- const SSL_METHOD *method;
- STACK_OF(SSL_CIPHER) *cipher_list;
-@@ -848,9 +755,9 @@ struct ssl_ctx_st {
- int (*tlsext_servername_callback) (SSL *, int *, void *);
- void *tlsext_servername_arg;
- /* RFC 4507 session ticket keys */
-- unsigned char tlsext_tick_key_name[16];
-- unsigned char tlsext_tick_hmac_key[16];
-- unsigned char tlsext_tick_aes_key[16];
-+ unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH];
-+ unsigned char tlsext_tick_hmac_key[32];
-+ unsigned char tlsext_tick_aes_key[32];
- /* Callback to support customisation of ticket key setting */
- int (*tlsext_ticket_key_cb) (SSL *ssl,
- unsigned char *name, unsigned char *iv,
-@@ -944,6 +851,10 @@ struct ssl_ctx_st {
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist;
- # endif /* OPENSSL_NO_EC */
-+
-+ /* ext status type used for CSR extension (OCSP Stapling) */
-+ int tlsext_status_type;
-+
- CRYPTO_RWLOCK *lock;
- };
-
-@@ -1872,7 +1783,7 @@ const SSL_METHOD *func_name(void) \
- }
-
- struct openssl_ssl_test_functions {
-- int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
-+ int (*p_ssl_init_wbio_buffer) (SSL *s);
- int (*p_ssl3_setup_buffers) (SSL *s);
- # ifndef OPENSSL_NO_HEARTBEATS
- int (*p_dtls1_process_heartbeat) (SSL *s,
-@@ -1948,7 +1859,7 @@ void ssl_load_ciphers(void);
-
- __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
- __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
--void ssl3_init_finished_mac(SSL *s);
-+int ssl3_init_finished_mac(SSL *s);
- __owur int ssl3_setup_key_block(SSL *s);
- __owur int ssl3_change_cipher_state(SSL *s, int which);
- void ssl3_cleanup_key_block(SSL *s);
-@@ -1964,7 +1875,7 @@ int ssl3_renegotiate_check(SSL *ssl);
- __owur int ssl3_dispatch_alert(SSL *s);
- __owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
- unsigned char *p);
--void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
- void ssl3_free_digest_list(SSL *s);
- __owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
- __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
-@@ -2048,7 +1959,7 @@ long dtls1_ctrl(SSL *s, int cmd, long la
-
- __owur int dtls1_dispatch_alert(SSL *s);
-
--__owur int ssl_init_wbio_buffer(SSL *s, int push);
-+__owur int ssl_init_wbio_buffer(SSL *s);
- void ssl_free_wbio_buffer(SSL *s);
-
- __owur int tls1_change_cipher_state(SSL *s, int which);
-@@ -2093,7 +2004,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_CO
- __owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
- void ssl_set_default_md(SSL *s);
- __owur int tls1_set_server_sigalgs(SSL *s);
--__owur int ssl_check_clienthello_tlsext_late(SSL *s);
-+__owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
- __owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);
- __owur int ssl_prepare_clienthello_tlsext(SSL *s);
- __owur int ssl_prepare_serverhello_tlsext(SSL *s);
-@@ -2174,9 +2085,9 @@ void ssl_set_client_disabled(SSL *s);
- const unsigned char *mac_secret,
- unsigned mac_secret_length, char is_sslv3);
-
--void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-- EVP_MD_CTX *mac_ctx, const unsigned char *data,
-- size_t data_len, size_t orig_len);
-+__owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-+ EVP_MD_CTX *mac_ctx, const unsigned char *data,
-+ size_t data_len, size_t orig_len);
-
- __owur int srp_generate_server_master_secret(SSL *s);
- __owur int srp_generate_client_master_secret(SSL *s);
---- a/ssl/ssl_mcnf.c
-+++ b/ssl/ssl_mcnf.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
-- * 2015.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -109,7 +60,7 @@ static int ssl_module_init(CONF_IMODULE
- STACK_OF(CONF_VALUE) *cmd_lists;
- ssl_conf_section = CONF_imodule_get_value(md);
- cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
-- if (sk_CONF_VALUE_num(cmd_lists) <= 0){
-+ if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
- if (cmd_lists == NULL)
- SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_SECTION_NOT_FOUND);
- else
-@@ -223,7 +174,7 @@ static int ssl_do_config(SSL *s, SSL_CTX
- if (rv <= 0) {
- if (rv == -2)
- SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
-- else
-+ else
- SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
- ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd,
- ", arg=", cmd->arg);
---- a/ssl/ssl_rsa.c
-+++ b/ssl/ssl_rsa.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -158,6 +110,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA
- RSA_up_ref(rsa);
- if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
- RSA_free(rsa);
-+ EVP_PKEY_free(pkey);
- return 0;
- }
-
-@@ -500,6 +453,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *c
- RSA_up_ref(rsa);
- if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
- RSA_free(rsa);
-+ EVP_PKEY_free(pkey);
- return 0;
- }
-
-@@ -831,7 +785,7 @@ static int serverinfo_srv_add_cb(SSL *s,
- return 0; /* No extension found, don't send extension */
- return 1; /* Send extension */
- }
-- return -1; /* No serverinfo data found, don't send
-+ return 0; /* No serverinfo data found, don't send
- * extension */
- }
-
-@@ -860,12 +814,26 @@ static int serverinfo_process_buffer(con
-
- /* Register callbacks for extensions */
- ext_type = (serverinfo[0] << 8) + serverinfo[1];
-- if (ctx && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
-- serverinfo_srv_add_cb,
-- NULL, NULL,
-- serverinfo_srv_parse_cb,
-- NULL))
-- return 0;
-+ if (ctx) {
-+ int have_ext_cbs = 0;
-+ size_t i;
-+ custom_ext_methods *exts = &ctx->cert->srv_ext;
-+ custom_ext_method *meth = exts->meths;
-+
-+ for (i = 0; i < exts->meths_count; i++, meth++) {
-+ if (ext_type == meth->ext_type) {
-+ have_ext_cbs = 1;
-+ break;
-+ }
-+ }
-+
-+ if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
-+ serverinfo_srv_add_cb,
-+ NULL, NULL,
-+ serverinfo_srv_parse_cb,
-+ NULL))
-+ return 0;
-+ }
-
- serverinfo += 2;
- serverinfo_length -= 2;
-@@ -926,6 +894,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx,
- int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
- {
- unsigned char *serverinfo = NULL;
-+ unsigned char *tmp;
- size_t serverinfo_length = 0;
- unsigned char *extension = 0;
- long extension_length = 0;
-@@ -985,12 +954,13 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX
- goto end;
- }
- /* Append the decoded extension to the serverinfo buffer */
-- serverinfo =
-+ tmp =
- OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
-- if (serverinfo == NULL) {
-+ if (tmp == NULL) {
- SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
- goto end;
- }
-+ serverinfo = tmp;
- memcpy(serverinfo + serverinfo_length, extension, extension_length);
- serverinfo_length += extension_length;
-
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
-@@ -198,8 +98,11 @@ SSL_SESSION *SSL_SESSION_new(void)
- return NULL;
- }
-
-- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
--
-+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
-+ CRYPTO_THREAD_lock_free(ss->lock);
-+ OPENSSL_free(ss);
-+ return NULL;
-+ }
- return ss;
- }
-
-@@ -271,7 +174,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION
- }
- #endif
-
-- if(src->ciphers != NULL) {
-+ if (src->ciphers != NULL) {
- dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
- if (dest->ciphers == NULL)
- goto err;
-@@ -307,7 +210,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION
-
- if (ticket != 0) {
- dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
-- if(dest->tlsext_tick == NULL)
-+ if (dest->tlsext_tick == NULL)
- goto err;
- } else {
- dest->tlsext_tick_lifetime_hint = 0;
-@@ -431,13 +334,13 @@ int ssl_get_new_session(SSL *s, int sess
- * Note that:
- * (a) ssl_get_prev_session() does lookahead into the
- * ClientHello extensions to find the session ticket.
-- * When ssl_get_prev_session() fails, s3_srvr.c calls
-- * ssl_get_new_session() in ssl3_get_client_hello().
-+ * When ssl_get_prev_session() fails, statem_srvr.c calls
-+ * ssl_get_new_session() in tls_process_client_hello().
- * At that point, it has not yet parsed the extensions,
- * however, because of the lookahead, it already knows
- * whether a ticket is expected or not.
- *
-- * (b) s3_clnt.c calls ssl_get_new_session() before parsing
-+ * (b) statem_clnt.c calls ssl_get_new_session() before parsing
- * ServerHello extensions, and before recording the session
- * ID received from the server, so this block is a noop.
- */
-@@ -456,6 +359,7 @@ int ssl_get_new_session(SSL *s, int sess
- CRYPTO_THREAD_unlock(s->session_ctx->lock);
- CRYPTO_THREAD_unlock(s->lock);
- /* Choose a session ID */
-+ memset(ss->session_id, 0, ss->session_id_length);
- tmp = ss->session_id_length;
- if (!cb(s, ss->session_id, &tmp)) {
- /* The callback failed */
-@@ -568,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const P
- SSL_SESSION data;
- size_t local_len;
- data.ssl_version = s->version;
-+ memset(data.session_id, 0, sizeof(data.session_id));
- if (!PACKET_copy_all(session_id, data.session_id,
- sizeof(data.session_id),
- &local_len)) {
-@@ -803,16 +708,16 @@ static int remove_session_lock(SSL_CTX *
- r = lh_SSL_SESSION_delete(ctx->sessions, c);
- SSL_SESSION_list_remove(ctx, c);
- }
-+ c->not_resumable = 1;
-
- if (lck)
- CRYPTO_THREAD_unlock(ctx->lock);
-
-- if (ret) {
-- r->not_resumable = 1;
-- if (ctx->remove_session_cb != NULL)
-- ctx->remove_session_cb(ctx, r);
-+ if (ret)
- SSL_SESSION_free(r);
-- }
-+
-+ if (ctx->remove_session_cb != NULL)
-+ ctx->remove_session_cb(ctx, c);
- } else
- ret = 0;
- return (ret);
-@@ -871,28 +776,20 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss)
-
- int SSL_set_session(SSL *s, SSL_SESSION *session)
- {
-- int ret = 0;
-- if (session != NULL) {
-- if (s->ctx->method != s->method) {
-- if (!SSL_set_ssl_method(s, s->ctx->method))
-- return (0);
-- }
-+ ssl_clear_bad_session(s);
-+ if (s->ctx->method != s->method) {
-+ if (!SSL_set_ssl_method(s, s->ctx->method))
-+ return 0;
-+ }
-
-+ if (session != NULL) {
- SSL_SESSION_up_ref(session);
-- SSL_SESSION_free(s->session);
-- s->session = session;
-- s->verify_result = s->session->verify_result;
-- ret = 1;
-- } else {
-- SSL_SESSION_free(s->session);
-- s->session = NULL;
-- if (s->ctx->method != s->method) {
-- if (!SSL_set_ssl_method(s, s->ctx->method))
-- return (0);
-- }
-- ret = 1;
-+ s->verify_result = session->verify_result;
- }
-- return (ret);
-+ SSL_SESSION_free(s->session);
-+ s->session = session;
-+
-+ return 1;
- }
-
- long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
-@@ -925,6 +822,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s
- return (t);
- }
-
-+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
-+{
-+ return s->ssl_version;
-+}
-+
- const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
- {
- return s->tlsext_hostname;
-@@ -1074,10 +976,10 @@ void SSL_CTX_flush_sessions(SSL_CTX *s,
- return;
- tp.time = t;
- CRYPTO_THREAD_write_lock(s->lock);
-- i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
-- CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
-+ i = lh_SSL_SESSION_get_down_load(s->sessions);
-+ lh_SSL_SESSION_set_down_load(s->sessions, 0);
- lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
-- CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
-+ lh_SSL_SESSION_set_down_load(s->sessions, i);
- CRYPTO_THREAD_unlock(s->lock);
- }
-
-@@ -1086,7 +988,7 @@ int ssl_clear_bad_session(SSL *s)
- if ((s->session != NULL) &&
- !(s->shutdown & SSL_SENT_SHUTDOWN) &&
- !(SSL_in_init(s) || SSL_in_before(s))) {
-- SSL_CTX_remove_session(s->ctx, s->session);
-+ SSL_CTX_remove_session(s->session_ctx, s->session);
- return (1);
- } else
- return (0);
---- a/ssl/ssl_stat.c
-+++ b/ssl/ssl_stat.c
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
-@@ -382,6 +335,8 @@ const char *SSL_alert_desc_string_long(i
- return "bad certificate hash value";
- case TLS1_AD_UNKNOWN_PSK_IDENTITY:
- return "unknown PSK identity";
-+ case TLS1_AD_NO_APPLICATION_PROTOCOL:
-+ return "no application protocol";
- default:
- return "unknown";
- }
---- a/ssl/ssl_txt.c
-+++ b/ssl/ssl_txt.c
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
-@@ -175,7 +128,7 @@ int SSL_SESSION_print(BIO *bp, const SSL
- if (x->tlsext_tick) {
- if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
- goto err;
-- if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4)
-+ if (BIO_dump_indent(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
- <= 0)
- goto err;
- }
-@@ -238,7 +191,7 @@ int SSL_SESSION_print_keylog(BIO *bp, co
-
- /*
- * the RSA prefix is required by the format's definition although there's
-- * nothing RSA-specifc in the output, therefore, we don't have to check if
-+ * nothing RSA-specific in the output, therefore, we don't have to check if
- * the cipher suite is based on RSA
- */
- if (BIO_puts(bp, "RSA ") <= 0)
---- a/ssl/ssl_utst.c
-+++ b/ssl/ssl_utst.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "ssl_locl.h"
---- a/ssl/statem/statem.c
-+++ b/ssl/statem/statem.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/rand.h>
-@@ -368,19 +320,23 @@ static int state_machine(SSL *s, int ser
- */
- s->s3->change_cipher_spec = 0;
-
-- if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
-- /*
-- * Ok, we now need to push on a buffering BIO ...but not with
-- * SCTP
-- */
-+
-+ /*
-+ * Ok, we now need to push on a buffering BIO ...but not with
-+ * SCTP
-+ */
- #ifndef OPENSSL_NO_SCTP
-- if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
-+ if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
- #endif
-- if (!ssl_init_wbio_buffer(s, server ? 1 : 0)) {
-- goto end;
-- }
-+ if (!ssl_init_wbio_buffer(s)) {
-+ goto end;
-+ }
-
-- ssl3_init_finished_mac(s);
-+ if (!server || st->state != MSG_FLOW_RENEGOTIATE) {
-+ if (!ssl3_init_finished_mac(s)) {
-+ ossl_statem_set_error(s);
-+ goto end;
-+ }
- }
-
- if (server) {
-@@ -424,8 +380,8 @@ static int state_machine(SSL *s, int ser
- st->read_state_first_init = 1;
- }
-
-- while(st->state != MSG_FLOW_FINISHED) {
-- if(st->state == MSG_FLOW_READING) {
-+ while (st->state != MSG_FLOW_FINISHED) {
-+ if (st->state == MSG_FLOW_READING) {
- ssret = read_state_machine(s);
- if (ssret == SUB_STATE_FINISHED) {
- st->state = MSG_FLOW_WRITING;
-@@ -528,7 +484,7 @@ static SUB_STATE_RETURN read_state_machi
-
- cb = get_callback(s);
-
-- if(s->server) {
-+ if (s->server) {
- transition = ossl_statem_server_read_transition;
- process_message = ossl_statem_server_process_message;
- max_message_size = ossl_statem_server_max_message_size;
-@@ -545,10 +501,9 @@ static SUB_STATE_RETURN read_state_machi
- st->read_state_first_init = 0;
- }
-
-- while(1) {
-- switch(st->read_state) {
-+ while (1) {
-+ switch (st->read_state) {
- case READ_STATE_HEADER:
-- s->init_num = 0;
- /* Get the state the peer wants to move to */
- if (SSL_IS_DTLS(s)) {
- /*
-@@ -575,9 +530,8 @@ static SUB_STATE_RETURN read_state_machi
- * Validate that we are allowed to move to the new state and move
- * to that state if so
- */
-- if(!transition(s, mt)) {
-- ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
-- SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);
-+ if (!transition(s, mt)) {
-+ ossl_statem_set_error(s);
- return SUB_STATE_ERROR;
- }
-
-@@ -607,6 +561,10 @@ static SUB_STATE_RETURN read_state_machi
- return SUB_STATE_ERROR;
- }
- ret = process_message(s, &pkt);
-+
-+ /* Discard the packet data */
-+ s->init_num = 0;
-+
- if (ret == MSG_PROCESS_ERROR) {
- return SUB_STATE_ERROR;
- }
-@@ -628,7 +586,7 @@ static SUB_STATE_RETURN read_state_machi
-
- case READ_STATE_POST_PROCESS:
- st->read_state_work = post_process_message(s, st->read_state_work);
-- switch(st->read_state_work) {
-+ switch (st->read_state_work) {
- default:
- return SUB_STATE_ERROR;
-
-@@ -725,7 +683,7 @@ static SUB_STATE_RETURN write_state_mach
-
- cb = get_callback(s);
-
-- if(s->server) {
-+ if (s->server) {
- transition = ossl_statem_server_write_transition;
- pre_work = ossl_statem_server_pre_work;
- post_work = ossl_statem_server_post_work;
-@@ -737,8 +695,8 @@ static SUB_STATE_RETURN write_state_mach
- construct_message = ossl_statem_client_construct_message;
- }
-
-- while(1) {
-- switch(st->write_state) {
-+ while (1) {
-+ switch (st->write_state) {
- case WRITE_STATE_TRANSITION:
- if (cb != NULL) {
- /* Notify callback of an impending state change */
-@@ -747,7 +705,7 @@ static SUB_STATE_RETURN write_state_mach
- else
- cb(s, SSL_CB_CONNECT_LOOP, 1);
- }
-- switch(transition(s)) {
-+ switch (transition(s)) {
- case WRITE_TRAN_CONTINUE:
- st->write_state = WRITE_STATE_PRE_WORK;
- st->write_state_work = WORK_MORE_A;
-@@ -763,7 +721,7 @@ static SUB_STATE_RETURN write_state_mach
- break;
-
- case WRITE_STATE_PRE_WORK:
-- switch(st->write_state_work = pre_work(s, st->write_state_work)) {
-+ switch (st->write_state_work = pre_work(s, st->write_state_work)) {
- default:
- return SUB_STATE_ERROR;
-
-@@ -774,7 +732,7 @@ static SUB_STATE_RETURN write_state_mach
- case WORK_FINISHED_STOP:
- return SUB_STATE_END_HANDSHAKE;
- }
-- if(construct_message(s) == 0)
-+ if (construct_message(s) == 0)
- return SUB_STATE_ERROR;
-
- /* Fall through */
-@@ -792,7 +750,7 @@ static SUB_STATE_RETURN write_state_mach
- /* Fall through */
-
- case WRITE_STATE_POST_WORK:
-- switch(st->write_state_work = post_work(s, st->write_state_work)) {
-+ switch (st->write_state_work = post_work(s, st->write_state_work)) {
- default:
- return SUB_STATE_ERROR;
-
---- a/ssl/statem/statem.h
-+++ b/ssl/statem/statem.h
-@@ -1,60 +1,15 @@
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*****************************************************************************
- * *
-- * These emums should be considered PRIVATE to the state machine. No *
-+ * These enums should be considered PRIVATE to the state machine. No *
- * non-state machine code should need to use these *
- * *
- *****************************************************************************/
---- a/ssl/statem/statem_clnt.c
-+++ b/ssl/statem/statem_clnt.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -190,7 +90,6 @@ static ossl_inline int cert_req_allowed(
- * Return values are:
- * 1: Yes
- * 0: No
-- * -1: Error
- */
- static int key_exchange_expected(SSL *s)
- {
-@@ -274,8 +173,6 @@ int ossl_statem_client_read_transition(S
- }
- } else {
- ske_expected = key_exchange_expected(s);
-- if (ske_expected < 0)
-- return 0;
- /* SKE is optional for some PSK ciphersuites */
- if (ske_expected
- || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
-@@ -309,8 +206,6 @@ int ossl_statem_client_read_transition(S
-
- case TLS_ST_CR_CERT_STATUS:
- ske_expected = key_exchange_expected(s);
-- if (ske_expected < 0)
-- return 0;
- /* SKE is optional for some PSK ciphersuites */
- if (ske_expected
- || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
-@@ -319,7 +214,7 @@ int ossl_statem_client_read_transition(S
- st->hand_state = TLS_ST_CR_KEY_EXCH;
- return 1;
- }
-- return 0;
-+ goto err;
- }
- /* Fall through */
-
-@@ -329,7 +224,7 @@ int ossl_statem_client_read_transition(S
- st->hand_state = TLS_ST_CR_CERT_REQ;
- return 1;
- }
-- return 0;
-+ goto err;
- }
- /* Fall through */
-
-@@ -341,9 +236,11 @@ int ossl_statem_client_read_transition(S
- break;
-
- case TLS_ST_CW_FINISHED:
-- if (mt == SSL3_MT_NEWSESSION_TICKET && s->tlsext_ticket_expected) {
-- st->hand_state = TLS_ST_CR_SESSION_TICKET;
-- return 1;
-+ if (s->tlsext_ticket_expected) {
-+ if (mt == SSL3_MT_NEWSESSION_TICKET) {
-+ st->hand_state = TLS_ST_CR_SESSION_TICKET;
-+ return 1;
-+ }
- } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
- st->hand_state = TLS_ST_CR_CHANGE;
- return 1;
-@@ -368,7 +265,10 @@ int ossl_statem_client_read_transition(S
- break;
- }
-
-+ err:
- /* No valid transition found */
-+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
-+ SSLerr(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
- return 0;
- }
-
-@@ -489,13 +389,13 @@ WORK_STATE ossl_statem_client_pre_work(S
- s->shutdown = 0;
- if (SSL_IS_DTLS(s)) {
- /* every DTLS ClientHello resets Finished MAC */
-- ssl3_init_finished_mac(s);
-+ if (!ssl3_init_finished_mac(s)) {
-+ ossl_statem_set_error(s);
-+ return WORK_ERROR;
-+ }
- }
- break;
-
-- case TLS_ST_CW_CERT:
-- return tls_prepare_client_certificate(s, wst);
--
- case TLS_ST_CW_CHANGE:
- if (SSL_IS_DTLS(s)) {
- if (s->hit) {
-@@ -535,20 +435,9 @@ WORK_STATE ossl_statem_client_post_work(
-
- switch(st->hand_state) {
- case TLS_ST_CW_CLNT_HELLO:
-- if (SSL_IS_DTLS(s) && s->d1->cookie_len > 0 && statem_flush(s) != 1)
-+ if (wst == WORK_MORE_A && statem_flush(s) != 1)
- return WORK_MORE_A;
--#ifndef OPENSSL_NO_SCTP
-- /* Disable buffering for SCTP */
-- if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) {
--#endif
-- /*
-- * turn on buffering for the next lot of output
-- */
-- if (s->bbio != s->wbio)
-- s->wbio = BIO_push(s->bbio, s->wbio);
--#ifndef OPENSSL_NO_SCTP
-- }
--#endif
-+
- if (SSL_IS_DTLS(s)) {
- /* Treat the next message as the first packet */
- s->first_packet = 1;
-@@ -771,6 +660,9 @@ WORK_STATE ossl_statem_client_post_proce
- OSSL_STATEM *st = &s->statem;
-
- switch(st->hand_state) {
-+ case TLS_ST_CR_CERT_REQ:
-+ return tls_prepare_client_certificate(s, wst);
-+
- #ifndef OPENSSL_NO_SCTP
- case TLS_ST_CR_SRVR_DONE:
- /* We only get here if we are using SCTP and we are renegotiating */
-@@ -870,7 +762,7 @@ int tls_construct_client_hello(SSL *s)
- * 1. Client hello indicates TLS 1.2
- * 2. Server hello says TLS 1.0
- * 3. RSA encrypted premaster secret uses 1.2.
-- * 4. Handhaked proceeds using TLS 1.0.
-+ * 4. Handshake proceeds using TLS 1.0.
- * 5. Server sends hello request to renegotiate.
- * 6. Client hello indicates TLS v1.0 as we now
- * know that is maximum server supports.
-@@ -1122,6 +1014,7 @@ MSG_PROCESS_RETURN tls_process_server_he
- * overwritten if the server refuses resumption.
- */
- if (s->session->session_id_length > 0) {
-+ s->ctx->stats.sess_miss++;
- if (!ssl_get_new_session(s, 0)) {
- goto f_err;
- }
-@@ -1350,7 +1243,7 @@ MSG_PROCESS_RETURN tls_process_server_ce
- s->session->peer_chain = sk;
- /*
- * Inconsistency alert: cert_chain does include the peer's certificate,
-- * which we don't include in s3_srvr.c
-+ * which we don't include in statem_srvr.c
- */
- x = sk_X509_value(sk, 0);
- sk = NULL;
-@@ -1409,276 +1302,321 @@ MSG_PROCESS_RETURN tls_process_server_ce
- return ret;
- }
-
--MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
-+static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
- {
-- EVP_MD_CTX *md_ctx;
-- int al, j;
-- long alg_k, alg_a;
-- EVP_PKEY *pkey = NULL;
-- const EVP_MD *md = NULL;
--#ifndef OPENSSL_NO_RSA
-- RSA *rsa = NULL;
--#endif
--#ifndef OPENSSL_NO_EC
-- EVP_PKEY_CTX *pctx = NULL;
-+#ifndef OPENSSL_NO_PSK
-+ PACKET psk_identity_hint;
-+
-+ /* PSK ciphersuites are preceded by an identity hint */
-+
-+ if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH);
-+ return 0;
-+ }
-+
-+ /*
-+ * Store PSK identity hint for later use, hint is used in
-+ * tls_construct_client_key_exchange. Assume that the maximum length of
-+ * a PSK identity hint can be as long as the maximum length of a PSK
-+ * identity.
-+ */
-+ if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG);
-+ return 0;
-+ }
-+
-+ if (PACKET_remaining(&psk_identity_hint) == 0) {
-+ OPENSSL_free(s->session->psk_identity_hint);
-+ s->session->psk_identity_hint = NULL;
-+ } else if (!PACKET_strndup(&psk_identity_hint,
-+ &s->session->psk_identity_hint)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+ }
-+
-+ return 1;
-+#else
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
-- PACKET save_param_start, signature;
-+}
-
-- md_ctx = EVP_MD_CTX_new();
-- if (md_ctx == NULL) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-- goto f_err;
-+static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
-+{
-+#ifndef OPENSSL_NO_SRP
-+ PACKET prime, generator, salt, server_pub;
-+
-+ if (!PACKET_get_length_prefixed_2(pkt, &prime)
-+ || !PACKET_get_length_prefixed_2(pkt, &generator)
-+ || !PACKET_get_length_prefixed_1(pkt, &salt)
-+ || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_LENGTH_MISMATCH);
-+ return 0;
- }
-
-- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-+ if ((s->srp_ctx.N =
-+ BN_bin2bn(PACKET_data(&prime),
-+ PACKET_remaining(&prime), NULL)) == NULL
-+ || (s->srp_ctx.g =
-+ BN_bin2bn(PACKET_data(&generator),
-+ PACKET_remaining(&generator), NULL)) == NULL
-+ || (s->srp_ctx.s =
-+ BN_bin2bn(PACKET_data(&salt),
-+ PACKET_remaining(&salt), NULL)) == NULL
-+ || (s->srp_ctx.B =
-+ BN_bin2bn(PACKET_data(&server_pub),
-+ PACKET_remaining(&server_pub), NULL)) == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB);
-+ return 0;
-+ }
-
-- save_param_start = *pkt;
-+ if (!srp_verify_server_param(s, al)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
-+ return 0;
-+ }
-
--#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-- EVP_PKEY_free(s->s3->peer_tmp);
-- s->s3->peer_tmp = NULL;
-+ /* We must check if there is a certificate */
-+ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS))
-+ *pkey = X509_get0_pubkey(s->session->peer);
-+
-+ return 1;
-+#else
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
-+}
-
-- alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-+static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
-+{
-+#ifndef OPENSSL_NO_DH
-+ PACKET prime, generator, pub_key;
-+ EVP_PKEY *peer_tmp = NULL;
-
-- al = SSL_AD_DECODE_ERROR;
-+ DH *dh = NULL;
-+ BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
-
--#ifndef OPENSSL_NO_PSK
-- /* PSK ciphersuites are preceded by an identity hint */
-- if (alg_k & SSL_PSK) {
-- PACKET psk_identity_hint;
-- if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-+ if (!PACKET_get_length_prefixed_2(pkt, &prime)
-+ || !PACKET_get_length_prefixed_2(pkt, &generator)
-+ || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_LENGTH_MISMATCH);
-+ return 0;
-+ }
-
-- /*
-- * Store PSK identity hint for later use, hint is used in
-- * ssl3_send_client_key_exchange. Assume that the maximum length of
-- * a PSK identity hint can be as long as the maximum length of a PSK
-- * identity.
-- */
-- if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);
-- goto f_err;
-- }
-+ peer_tmp = EVP_PKEY_new();
-+ dh = DH_new();
-
-- if (PACKET_remaining(&psk_identity_hint) == 0) {
-- OPENSSL_free(s->session->psk_identity_hint);
-- s->session->psk_identity_hint = NULL;
-- } else if (!PACKET_strndup(&psk_identity_hint,
-- &s->session->psk_identity_hint)) {
-- al = SSL_AD_INTERNAL_ERROR;
-- goto f_err;
-- }
-+ if (peer_tmp == NULL || dh == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_MALLOC_FAILURE);
-+ goto err;
- }
-
-- /* Nothing else to do for plain PSK or RSAPSK */
-- if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
-- } else
--#endif /* !OPENSSL_NO_PSK */
-- /*
-- * Dummy "if" to ensure sane C code in the event of various OPENSSL_NO_*
-- * options
-- */
-- if (0) {
-+ p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
-+ g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator),
-+ NULL);
-+ bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
-+ NULL);
-+ if (p == NULL || g == NULL || bnpub_key == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
-+ goto err;
- }
--#ifndef OPENSSL_NO_SRP
-- else if (alg_k & SSL_kSRP) {
-- PACKET prime, generator, salt, server_pub;
-- if (!PACKET_get_length_prefixed_2(pkt, &prime)
-- || !PACKET_get_length_prefixed_2(pkt, &generator)
-- || !PACKET_get_length_prefixed_1(pkt, &salt)
-- || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-
-- if ((s->srp_ctx.N =
-- BN_bin2bn(PACKET_data(&prime),
-- PACKET_remaining(&prime), NULL)) == NULL
-- || (s->srp_ctx.g =
-- BN_bin2bn(PACKET_data(&generator),
-- PACKET_remaining(&generator), NULL)) == NULL
-- || (s->srp_ctx.s =
-- BN_bin2bn(PACKET_data(&salt),
-- PACKET_remaining(&salt), NULL)) == NULL
-- || (s->srp_ctx.B =
-- BN_bin2bn(PACKET_data(&server_pub),
-- PACKET_remaining(&server_pub), NULL)) == NULL) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-- goto err;
-- }
-+ if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);
-+ goto err;
-+ }
-
-- if (!srp_verify_server_param(s, &al)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS);
-- goto f_err;
-- }
-+ if (!DH_set0_pqg(dh, p, NULL, g)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ p = g = NULL;
-
--/* We must check if there is a certificate */
-- if (alg_a & (SSL_aRSA|SSL_aDSS))
-- pkey = X509_get0_pubkey(s->session->peer);
-+ if (!DH_set0_key(dh, bnpub_key, NULL)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB);
-+ goto err;
- }
--#endif /* !OPENSSL_NO_SRP */
--#ifndef OPENSSL_NO_DH
-- else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-- PACKET prime, generator, pub_key;
-+ bnpub_key = NULL;
-
-- DH *dh;
-- BIGNUM *p, *g, *bnpub_key;
-+ if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_DH_KEY_TOO_SMALL);
-+ goto err;
-+ }
-
-- if (!PACKET_get_length_prefixed_2(pkt, &prime)
-- || !PACKET_get_length_prefixed_2(pkt, &generator)
-- || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-+ if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB);
-+ goto err;
-+ }
-
-- s->s3->peer_tmp = EVP_PKEY_new();
-- dh = DH_new();
-+ s->s3->peer_tmp = peer_tmp;
-
-- if (s->s3->peer_tmp == NULL || dh == NULL) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-- DH_free(dh);
-- goto err;
-- }
-+ /*
-+ * FIXME: This makes assumptions about which ciphersuites come with
-+ * public keys. We should have a less ad-hoc way of doing this
-+ */
-+ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS))
-+ *pkey = X509_get0_pubkey(s->session->peer);
-+ /* else anonymous DH, so no certificate or pkey. */
-
-- if (EVP_PKEY_assign_DH(s->s3->peer_tmp, dh) == 0) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
-- DH_free(dh);
-- goto err;
-- }
-+ return 1;
-
-- p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
-- g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator),
-- NULL);
-- bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
-- NULL);
-- if (p == NULL || g == NULL || bnpub_key == NULL) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-- BN_free(p);
-- BN_free(g);
-- BN_free(bnpub_key);
-- goto err;
-- }
-+ err:
-+ BN_free(p);
-+ BN_free(g);
-+ BN_free(bnpub_key);
-+ DH_free(dh);
-+ EVP_PKEY_free(peer_tmp);
-
-- if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE);
-- BN_free(p);
-- BN_free(g);
-- BN_free(bnpub_key);
-- goto f_err;
-- }
-+ return 0;
-+#else
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+#endif
-+}
-
-- if (!DH_set0_pqg(dh, p, NULL, g)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-- BN_free(p);
-- BN_free(g);
-- BN_free(bnpub_key);
-- goto err;
-- }
-+static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
-+{
-+#ifndef OPENSSL_NO_EC
-+ PACKET encoded_pt;
-+ const unsigned char *ecparams;
-+ int curve_nid;
-+ EVP_PKEY_CTX *pctx = NULL;
-
-- if (!DH_set0_key(dh, bnpub_key, NULL)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
-- BN_free(bnpub_key);
-- goto err;
-- }
-+ /*
-+ * Extract elliptic curve parameters and the server's ephemeral ECDH
-+ * public key. For now we only support named (not generic) curves and
-+ * ECParameters in this case is just three bytes.
-+ */
-+ if (!PACKET_get_bytes(pkt, &ecparams, 3)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_TOO_SHORT);
-+ return 0;
-+ }
-+ /*
-+ * Check curve is one of our preferences, if not server has sent an
-+ * invalid curve. ECParameters is 3 bytes.
-+ */
-+ if (!tls1_check_curve(s, ecparams, 3)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_WRONG_CURVE);
-+ return 0;
-+ }
-
-- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
-- goto f_err;
-- }
-- if (alg_a & (SSL_aRSA|SSL_aDSS))
-- pkey = X509_get0_pubkey(s->session->peer);
-- /* else anonymous DH, so no certificate or pkey. */
-+ curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2));
-+ if (curve_nid == 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
-+ SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
-+ return 0;
- }
--#endif /* !OPENSSL_NO_DH */
-
--#ifndef OPENSSL_NO_EC
-- else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
-- PACKET encoded_pt;
-- const unsigned char *ecparams;
-- int curve_nid;
-+ /* Set up EVP_PKEY with named curve as parameters */
-+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-+ if (pctx == NULL
-+ || EVP_PKEY_paramgen_init(pctx) <= 0
-+ || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
-+ || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
-+ EVP_PKEY_CTX_free(pctx);
-+ return 0;
-+ }
-+ EVP_PKEY_CTX_free(pctx);
-+ pctx = NULL;
-
-- /*
-- * Extract elliptic curve parameters and the server's ephemeral ECDH
-- * public key. For now we only support named (not generic) curves and
-- * ECParameters in this case is just three bytes.
-- */
-- if (!PACKET_get_bytes(pkt, &ecparams, 3)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-- goto f_err;
-- }
-- /*
-- * Check curve is one of our preferences, if not server has sent an
-- * invalid curve. ECParameters is 3 bytes.
-- */
-- if (!tls1_check_curve(s, ecparams, 3)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
-- goto f_err;
-- }
-+ if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH);
-+ return 0;
-+ }
-
-- curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2));
-- if (curve_nid == 0) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
-- SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
-- goto f_err;
-- }
-+ if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp),
-+ PACKET_data(&encoded_pt),
-+ PACKET_remaining(&encoded_pt), NULL) == 0) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_BAD_ECPOINT);
-+ return 0;
-+ }
-
-- /* Set up EVP_PKEY with named curve as parameters */
-- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
-- if (pctx == NULL
-- || EVP_PKEY_paramgen_init(pctx) <= 0
-- || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
-- || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
-- goto f_err;
-- }
-- EVP_PKEY_CTX_free(pctx);
-- pctx = NULL;
-+ /*
-+ * The ECC/TLS specification does not mention the use of DSA to sign
-+ * ECParameters in the server key exchange message. We do support RSA
-+ * and ECDSA.
-+ */
-+ if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
-+ *pkey = X509_get0_pubkey(s->session->peer);
-+ else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
-+ *pkey = X509_get0_pubkey(s->session->peer);
-+ /* else anonymous ECDH, so no certificate or pkey. */
-
-- if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-+ return 1;
-+#else
-+ SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+#endif
-+}
-
-- if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp),
-- PACKET_data(&encoded_pt),
-- PACKET_remaining(&encoded_pt), NULL) == 0) {
-- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
-- goto f_err;
-- }
-+MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
-+{
-+ int al = -1;
-+ long alg_k;
-+ EVP_PKEY *pkey = NULL;
-+ PACKET save_param_start, signature;
-
-- /*
-- * The ECC/TLS specification does not mention the use of DSA to sign
-- * ECParameters in the server key exchange message. We do support RSA
-- * and ECDSA.
-- */
-- if (0) ;
--# ifndef OPENSSL_NO_RSA
-- else if (alg_a & SSL_aRSA)
-- pkey = X509_get0_pubkey(s->session->peer);
--# endif
--# ifndef OPENSSL_NO_EC
-- else if (alg_a & SSL_aECDSA)
-- pkey = X509_get0_pubkey(s->session->peer);
--# endif
-- /* else anonymous ECDH, so no certificate or pkey. */
-+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-+
-+ save_param_start = *pkt;
-+
-+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-+ EVP_PKEY_free(s->s3->peer_tmp);
-+ s->s3->peer_tmp = NULL;
-+#endif
-+
-+ if (alg_k & SSL_PSK) {
-+ if (!tls_process_ske_psk_preamble(s, pkt, &al))
-+ goto err;
-+ }
-+
-+ /* Nothing else to do for plain PSK or RSAPSK */
-+ if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
-+ } else if (alg_k & SSL_kSRP) {
-+ if (!tls_process_ske_srp(s, pkt, &pkey, &al))
-+ goto err;
-+ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-+ if (!tls_process_ske_dhe(s, pkt, &pkey, &al))
-+ goto err;
-+ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
-+ if (!tls_process_ske_ecdhe(s, pkt, &pkey, &al))
-+ goto err;
- } else if (alg_k) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-- goto f_err;
-+ goto err;
- }
--#endif /* !OPENSSL_NO_EC */
-
- /* if it was signed, check the signature */
- if (pkey != NULL) {
- PACKET params;
-+ int maxsig;
-+ const EVP_MD *md = NULL;
-+ EVP_MD_CTX *md_ctx;
-+
- /*
- * |pkt| now points to the beginning of the signature, so the difference
- * equals the length of the parameters.
-@@ -1688,21 +1626,24 @@ MSG_PROCESS_RETURN tls_process_key_excha
- PACKET_remaining(pkt))) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-+ goto err;
- }
-
- if (SSL_USE_SIGALGS(s)) {
- const unsigned char *sigalgs;
- int rv;
- if (!PACKET_get_bytes(pkt, &sigalgs, 2)) {
-+ al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-- goto f_err;
-+ goto err;
- }
- rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey);
-- if (rv == -1)
-+ if (rv == -1) {
-+ al = SSL_AD_INTERNAL_ERROR;
-+ goto err;
-+ } else if (rv == 0) {
-+ al = SSL_AD_DECODE_ERROR;
- goto err;
-- else if (rv == 0) {
-- goto f_err;
- }
- #ifdef SSL_DEBUG
- fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-@@ -1715,23 +1656,34 @@ MSG_PROCESS_RETURN tls_process_key_excha
-
- if (!PACKET_get_length_prefixed_2(pkt, &signature)
- || PACKET_remaining(pkt) != 0) {
-+ al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-+ goto err;
- }
-- j = EVP_PKEY_size(pkey);
-- if (j < 0) {
-+ maxsig = EVP_PKEY_size(pkey);
-+ if (maxsig < 0) {
-+ al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-+ goto err;
- }
-
- /*
- * Check signature length
- */
-- if (PACKET_remaining(&signature) > (size_t)j) {
-+ if (PACKET_remaining(&signature) > (size_t)maxsig) {
- /* wrong packet length */
-+ al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
-- goto f_err;
-+ goto err;
-+ }
-+
-+ md_ctx = EVP_MD_CTX_new();
-+ if (md_ctx == NULL) {
-+ al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-+ goto err;
- }
-+
- if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
- || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE) <= 0
-@@ -1739,44 +1691,46 @@ MSG_PROCESS_RETURN tls_process_key_excha
- SSL3_RANDOM_SIZE) <= 0
- || EVP_VerifyUpdate(md_ctx, PACKET_data(¶ms),
- PACKET_remaining(¶ms)) <= 0) {
-+ EVP_MD_CTX_free(md_ctx);
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
-- goto f_err;
-+ goto err;
- }
- if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
- PACKET_remaining(&signature), pkey) <= 0) {
- /* bad signature */
-+ EVP_MD_CTX_free(md_ctx);
- al = SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
-- goto f_err;
-+ goto err;
- }
-+ EVP_MD_CTX_free(md_ctx);
- } else {
- /* aNULL, aSRP or PSK do not need public keys */
-- if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_PSK)) {
-+ if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-+ && !(alg_k & SSL_PSK)) {
- /* Might be wrong key type, check it */
-- if (ssl3_check_cert_and_algorithm(s))
-+ if (ssl3_check_cert_and_algorithm(s)) {
- /* Otherwise this shouldn't happen */
-+ al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-+ } else {
-+ al = SSL_AD_DECODE_ERROR;
-+ }
- goto err;
- }
- /* still data left over */
- if (PACKET_remaining(pkt) != 0) {
-+ al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
-- goto f_err;
-+ goto err;
- }
- }
-- EVP_MD_CTX_free(md_ctx);
-+
- return MSG_PROCESS_CONTINUE_READING;
-- f_err:
-- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
--#ifndef OPENSSL_NO_RSA
-- RSA_free(rsa);
--#endif
--#ifndef OPENSSL_NO_EC
-- EVP_PKEY_CTX_free(pctx);
--#endif
-- EVP_MD_CTX_free(md_ctx);
-+ if (al != -1)
-+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
- ossl_statem_set_error(s);
- return MSG_PROCESS_ERROR;
- }
-@@ -1893,7 +1847,7 @@ MSG_PROCESS_RETURN tls_process_certifica
- s->s3->tmp.ca_names = ca_sk;
- ca_sk = NULL;
-
-- ret = MSG_PROCESS_CONTINUE_READING;
-+ ret = MSG_PROCESS_CONTINUE_PROCESSING;
- goto done;
- err:
- ossl_statem_set_error(s);
-@@ -1935,16 +1889,9 @@ MSG_PROCESS_RETURN tls_process_new_sessi
- */
- if (i & SSL_SESS_CACHE_CLIENT) {
- /*
-- * Remove the old session from the cache
-+ * Remove the old session from the cache. We carry on if this fails
- */
-- if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
-- if (s->session_ctx->remove_session_cb != NULL)
-- s->session_ctx->remove_session_cb(s->session_ctx,
-- s->session);
-- } else {
-- /* We carry on if this fails */
-- SSL_CTX_remove_session(s->session_ctx, s->session);
-- }
-+ SSL_CTX_remove_session(s->session_ctx, s->session);
- }
-
- if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
-@@ -1984,9 +1931,12 @@ MSG_PROCESS_RETURN tls_process_new_sessi
- * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
- * SHA256 is disabled) hash of the ticket.
- */
-- EVP_Digest(s->session->tlsext_tick, ticklen,
-- s->session->session_id, &s->session->session_id_length,
-- EVP_sha256(), NULL);
-+ if (!EVP_Digest(s->session->tlsext_tick, ticklen,
-+ s->session->session_id, &s->session->session_id_length,
-+ EVP_sha256(), NULL)) {
-+ SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
-+ goto err;
-+ }
- return MSG_PROCESS_CONTINUE_READING;
- f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
-@@ -2105,426 +2055,483 @@ MSG_PROCESS_RETURN tls_process_server_do
- return MSG_PROCESS_FINISHED_READING;
- }
-
--int tls_construct_client_key_exchange(SSL *s)
-+static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
-+ size_t *pskhdrlen, int *al)
- {
-- unsigned char *p;
-- int n;
- #ifndef OPENSSL_NO_PSK
-- size_t pskhdrlen = 0;
-+ int ret = 0;
-+ /*
-+ * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
-+ * \0-terminated identity. The last byte is for us for simulating
-+ * strnlen.
-+ */
-+ char identity[PSK_MAX_IDENTITY_LEN + 1];
-+ size_t identitylen = 0;
-+ unsigned char psk[PSK_MAX_PSK_LEN];
-+ unsigned char *tmppsk = NULL;
-+ char *tmpidentity = NULL;
-+ size_t psklen = 0;
-+
-+ if (s->psk_client_callback == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_CLIENT_CB);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ goto err;
-+ }
-+
-+ memset(identity, 0, sizeof(identity));
-+
-+ psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
-+ identity, sizeof(identity) - 1,
-+ psk, sizeof(psk));
-+
-+ if (psklen > PSK_MAX_PSK_LEN) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ goto err;
-+ } else if (psklen == 0) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
-+ SSL_R_PSK_IDENTITY_NOT_FOUND);
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ goto err;
-+ }
-+
-+ identitylen = strlen(identity);
-+ if (identitylen > PSK_MAX_IDENTITY_LEN) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ goto err;
-+ }
-+
-+ tmppsk = OPENSSL_memdup(psk, psklen);
-+ tmpidentity = OPENSSL_strdup(identity);
-+ if (tmppsk == NULL || tmpidentity == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ goto err;
-+ }
-+
-+ OPENSSL_free(s->s3->tmp.psk);
-+ s->s3->tmp.psk = tmppsk;
-+ s->s3->tmp.psklen = psklen;
-+ tmppsk = NULL;
-+ OPENSSL_free(s->session->psk_identity);
-+ s->session->psk_identity = tmpidentity;
-+ tmpidentity = NULL;
-+ s2n(identitylen, *p);
-+ memcpy(*p, identity, identitylen);
-+ *pskhdrlen = 2 + identitylen;
-+ *p += identitylen;
-+
-+ ret = 1;
-+
-+ err:
-+ OPENSSL_cleanse(psk, psklen);
-+ OPENSSL_cleanse(identity, sizeof(identity));
-+ OPENSSL_clear_free(tmppsk, psklen);
-+ OPENSSL_clear_free(tmpidentity, identitylen);
-+
-+ return ret;
-+#else
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
-- unsigned long alg_k;
-+}
-+
-+static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
-+{
- #ifndef OPENSSL_NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx = NULL;
--#endif
--#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-- EVP_PKEY *ckey = NULL, *skey = NULL;
--#endif
--#ifndef OPENSSL_NO_EC
-- unsigned char *encodedPoint = NULL;
-- int encoded_pt_len = 0;
--#endif
-+ size_t enclen;
- unsigned char *pms = NULL;
- size_t pmslen = 0;
-- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-- p = ssl_handshake_start(s);
--
--
--#ifndef OPENSSL_NO_PSK
-- if (alg_k & SSL_PSK) {
-- int psk_err = 1;
-+ if (s->session->peer == NULL) {
- /*
-- * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
-- * \0-terminated identity. The last byte is for us for simulating
-- * strnlen.
-+ * We should always have a server certificate with SSL_kRSA.
- */
-- char identity[PSK_MAX_IDENTITY_LEN + 1];
-- size_t identitylen;
-- unsigned char psk[PSK_MAX_PSK_LEN];
-- size_t psklen;
--
-- if (s->psk_client_callback == NULL) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- SSL_R_PSK_NO_CLIENT_CB);
-- goto err;
-- }
--
-- memset(identity, 0, sizeof(identity));
--
-- psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
-- identity, sizeof(identity) - 1,
-- psk, sizeof(psk));
--
-- if (psklen > PSK_MAX_PSK_LEN) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto psk_err;
-- } else if (psklen == 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- SSL_R_PSK_IDENTITY_NOT_FOUND);
-- goto psk_err;
-- }
-- OPENSSL_free(s->s3->tmp.psk);
-- s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
-- OPENSSL_cleanse(psk, psklen);
--
-- if (s->s3->tmp.psk == NULL) {
-- OPENSSL_cleanse(identity, sizeof(identity));
-- goto memerr;
-- }
--
-- s->s3->tmp.psklen = psklen;
-- identitylen = strlen(identity);
-- if (identitylen > PSK_MAX_IDENTITY_LEN) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto psk_err;
-- }
-- OPENSSL_free(s->session->psk_identity);
-- s->session->psk_identity = OPENSSL_strdup(identity);
-- if (s->session->psk_identity == NULL) {
-- OPENSSL_cleanse(identity, sizeof(identity));
-- goto memerr;
-- }
--
-- s2n(identitylen, p);
-- memcpy(p, identity, identitylen);
-- pskhdrlen = 2 + identitylen;
-- p += identitylen;
-- psk_err = 0;
--psk_err:
-- OPENSSL_cleanse(identity, sizeof(identity));
-- if (psk_err != 0) {
-- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-- goto err;
-- }
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
-+ return 0;
- }
-- if (alg_k & SSL_kPSK) {
-- n = 0;
-- } else
--#endif
-
-- /* Fool emacs indentation */
-- if (0) {
-+ pkey = X509_get0_pubkey(s->session->peer);
-+ if (EVP_PKEY_get0_RSA(pkey) == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
-+ return 0;
- }
--#ifndef OPENSSL_NO_RSA
-- else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
-- size_t enclen;
-- pmslen = SSL_MAX_MASTER_KEY_LENGTH;
-- pms = OPENSSL_malloc(pmslen);
-- if (pms == NULL)
-- goto memerr;
-
-- if (s->session->peer == NULL) {
-- /*
-- * We should always have a server certificate with SSL_kRSA.
-- */
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
--
-- pkey = X509_get0_pubkey(s->session->peer);
-- if (EVP_PKEY_get0_RSA(pkey) == NULL) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-+ pmslen = SSL_MAX_MASTER_KEY_LENGTH;
-+ pms = OPENSSL_malloc(pmslen);
-+ if (pms == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+ }
-
-- pms[0] = s->client_version >> 8;
-- pms[1] = s->client_version & 0xff;
-- if (RAND_bytes(pms + 2, pmslen - 2) <= 0)
-- goto err;
-+ pms[0] = s->client_version >> 8;
-+ pms[1] = s->client_version & 0xff;
-+ if (RAND_bytes(pms + 2, pmslen - 2) <= 0) {
-+ goto err;
-+ }
-
-- q = p;
-- /* Fix buf for TLS and beyond */
-- if (s->version > SSL3_VERSION)
-- p += 2;
-- pctx = EVP_PKEY_CTX_new(pkey, NULL);
-- if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
-- || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_EVP_LIB);
-- goto err;
-- }
-- if (EVP_PKEY_encrypt(pctx, p, &enclen, pms, pmslen) <= 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- SSL_R_BAD_RSA_ENCRYPT);
-- goto err;
-- }
-- n = enclen;
-- EVP_PKEY_CTX_free(pctx);
-- pctx = NULL;
-+ q = *p;
-+ /* Fix buf for TLS and beyond */
-+ if (s->version > SSL3_VERSION)
-+ *p += 2;
-+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
-+ if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
-+ || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB);
-+ goto err;
-+ }
-+ if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT);
-+ goto err;
-+ }
-+ *len = enclen;
-+ EVP_PKEY_CTX_free(pctx);
-+ pctx = NULL;
- # ifdef PKCS1_CHECK
-- if (s->options & SSL_OP_PKCS1_CHECK_1)
-- p[1]++;
-- if (s->options & SSL_OP_PKCS1_CHECK_2)
-- tmp_buf[0] = 0x70;
-+ if (s->options & SSL_OP_PKCS1_CHECK_1)
-+ (*p)[1]++;
-+ if (s->options & SSL_OP_PKCS1_CHECK_2)
-+ tmp_buf[0] = 0x70;
- # endif
-
-- /* Fix buf for TLS and beyond */
-- if (s->version > SSL3_VERSION) {
-- s2n(n, q);
-- n += 2;
-- }
-+ /* Fix buf for TLS and beyond */
-+ if (s->version > SSL3_VERSION) {
-+ s2n(*len, q);
-+ *len += 2;
- }
-+
-+ s->s3->tmp.pms = pms;
-+ s->s3->tmp.pmslen = pmslen;
-+
-+ return 1;
-+ err:
-+ OPENSSL_clear_free(pms, pmslen);
-+ EVP_PKEY_CTX_free(pctx);
-+
-+ return 0;
-+#else
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
--#ifndef OPENSSL_NO_DH
-- else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-- DH *dh_clnt = NULL;
-- BIGNUM *pub_key;
-- skey = s->s3->peer_tmp;
-- if (skey == NULL) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-- ckey = ssl_generate_pkey(skey, NID_undef);
-- dh_clnt = EVP_PKEY_get0_DH(ckey);
-+}
-
-- if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-+static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
-+{
-+#ifndef OPENSSL_NO_DH
-+ DH *dh_clnt = NULL;
-+ const BIGNUM *pub_key;
-+ EVP_PKEY *ckey = NULL, *skey = NULL;
-
-+ skey = s->s3->peer_tmp;
-+ if (skey == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ ckey = ssl_generate_pkey(skey, NID_undef);
-+ dh_clnt = EVP_PKEY_get0_DH(ckey);
-
-- /* send off the data */
-- DH_get0_key(dh_clnt, &pub_key, NULL);
-- n = BN_num_bytes(pub_key);
-- s2n(n, p);
-- BN_bn2bin(pub_key, p);
-- n += 2;
-+ if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
- EVP_PKEY_free(ckey);
-- ckey = NULL;
-+ return 0;
- }
-+
-+ /* send off the data */
-+ DH_get0_key(dh_clnt, &pub_key, NULL);
-+ *len = BN_num_bytes(pub_key);
-+ s2n(*len, *p);
-+ BN_bn2bin(pub_key, *p);
-+ *len += 2;
-+ EVP_PKEY_free(ckey);
-+
-+ return 1;
-+#else
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
-+}
-
-+static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
-+{
- #ifndef OPENSSL_NO_EC
-- else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
-+ unsigned char *encodedPoint = NULL;
-+ int encoded_pt_len = 0;
-+ EVP_PKEY *ckey = NULL, *skey = NULL;
-
-- skey = s->s3->peer_tmp;
-- if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-+ skey = s->s3->peer_tmp;
-+ if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-
-- ckey = ssl_generate_pkey(skey, NID_undef);
-+ ckey = ssl_generate_pkey(skey, NID_undef);
-
-- if (ssl_derive(s, ckey, skey) == 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
-- goto err;
-- }
-+ if (ssl_derive(s, ckey, skey) == 0) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB);
-+ goto err;
-+ }
-
-- /* Generate encoding of client key */
-- encoded_pt_len = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(ckey),
-- POINT_CONVERSION_UNCOMPRESSED,
-- &encodedPoint, NULL);
-+ /* Generate encoding of client key */
-+ encoded_pt_len = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(ckey),
-+ POINT_CONVERSION_UNCOMPRESSED,
-+ &encodedPoint, NULL);
-
-- if (encoded_pt_len == 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-- goto err;
-- }
-+ if (encoded_pt_len == 0) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EC_LIB);
-+ goto err;
-+ }
-
-- EVP_PKEY_free(ckey);
-- ckey = NULL;
-+ EVP_PKEY_free(ckey);
-+ ckey = NULL;
-
-- n = encoded_pt_len;
-+ *len = encoded_pt_len;
-
-- *p = n; /* length of encoded point */
-- /* Encoded point will be copied here */
-- p += 1;
-- /* copy the point */
-- memcpy(p, encodedPoint, n);
-- /* increment n to account for length field */
-- n += 1;
-+ /* length of encoded point */
-+ **p = *len;
-+ *p += 1;
-+ /* copy the point */
-+ memcpy(*p, encodedPoint, *len);
-+ /* increment len to account for length field */
-+ *len += 1;
-
-- /* Free allocated memory */
-- OPENSSL_free(encodedPoint);
-- }
--#endif /* !OPENSSL_NO_EC */
-+ OPENSSL_free(encodedPoint);
-+
-+ return 1;
-+ err:
-+ EVP_PKEY_free(ckey);
-+ return 0;
-+#else
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+#endif
-+}
-+
-+static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
-+{
- #ifndef OPENSSL_NO_GOST
-- else if (alg_k & SSL_kGOST) {
-- /* GOST key exchange message creation */
-- EVP_PKEY_CTX *pkey_ctx;
-- X509 *peer_cert;
-- size_t msglen;
-- unsigned int md_len;
-- unsigned char shared_ukm[32], tmp[256];
-- EVP_MD_CTX *ukm_hash;
-- int dgst_nid = NID_id_GostR3411_94;
-- if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
-- dgst_nid = NID_id_GostR3411_2012_256;
--
--
-- pmslen = 32;
-- pms = OPENSSL_malloc(pmslen);
-- if (pms == NULL)
-- goto memerr;
-+ /* GOST key exchange message creation */
-+ EVP_PKEY_CTX *pkey_ctx = NULL;
-+ X509 *peer_cert;
-+ size_t msglen;
-+ unsigned int md_len;
-+ unsigned char shared_ukm[32], tmp[256];
-+ EVP_MD_CTX *ukm_hash = NULL;
-+ int dgst_nid = NID_id_GostR3411_94;
-+ unsigned char *pms = NULL;
-+ size_t pmslen = 0;
-
-- /*
-- * Get server sertificate PKEY and create ctx from it
-- */
-- peer_cert = s->session->peer;
-- if (!peer_cert) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-- goto err;
-- }
-+ if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
-+ dgst_nid = NID_id_GostR3411_2012_256;
-
-- pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
-- if (pkey_ctx == NULL) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-- /*
-- * If we have send a certificate, and certificate key
-- * parameters match those of server certificate, use
-- * certificate key for key exchange
-- */
-+ /*
-+ * Get server sertificate PKEY and create ctx from it
-+ */
-+ peer_cert = s->session->peer;
-+ if (!peer_cert) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST,
-+ SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-+ return 0;
-+ }
-
-- /* Otherwise, generate ephemeral key pair */
-+ pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
-+ if (pkey_ctx == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+ /*
-+ * If we have send a certificate, and certificate key
-+ * parameters match those of server certificate, use
-+ * certificate key for key exchange
-+ */
-
-- if (pkey_ctx == NULL
-- || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
-- /* Generate session key */
-- || RAND_bytes(pms, pmslen) <= 0) {
-- EVP_PKEY_CTX_free(pkey_ctx);
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- };
-- /*
-- * If we have client certificate, use its secret as peer key
-- */
-- if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
-- if (EVP_PKEY_derive_set_peer
-- (pkey_ctx, s->cert->key->privatekey) <= 0) {
-- /*
-- * If there was an error - just ignore it. Ephemeral key
-- * * would be used
-- */
-- ERR_clear_error();
-- }
-- }
-- /*
-- * Compute shared IV and store it in algorithm-specific context
-- * data
-- */
-- ukm_hash = EVP_MD_CTX_new();
-- if (EVP_DigestInit(ukm_hash,
-- EVP_get_digestbynid(dgst_nid)) <= 0
-- || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
-- SSL3_RANDOM_SIZE) <= 0
-- || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
-- SSL3_RANDOM_SIZE) <= 0
-- || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
-- EVP_MD_CTX_free(ukm_hash);
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-- EVP_MD_CTX_free(ukm_hash);
-- if (EVP_PKEY_CTX_ctrl
-- (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
-- shared_ukm) < 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- SSL_R_LIBRARY_BUG);
-- goto err;
-- }
-- /* Make GOST keytransport blob message */
-- /*
-- * Encapsulate it into sequence
-- */
-- *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
-- msglen = 255;
-- if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- SSL_R_LIBRARY_BUG);
-- goto err;
-- }
-- if (msglen >= 0x80) {
-- *(p++) = 0x81;
-- *(p++) = msglen & 0xff;
-- n = msglen + 3;
-- } else {
-- *(p++) = msglen & 0xff;
-- n = msglen + 2;
-- }
-- memcpy(p, tmp, msglen);
-- /* Check if pubkey from client certificate was used */
-- if (EVP_PKEY_CTX_ctrl
-- (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
-- /* Set flag "skip certificate verify" */
-- s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-- }
-- EVP_PKEY_CTX_free(pkey_ctx);
-+ /* Otherwise, generate ephemeral key pair */
-+ pmslen = 32;
-+ pms = OPENSSL_malloc(pmslen);
-+ if (pms == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-
-+ if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
-+ /* Generate session key */
-+ || RAND_bytes(pms, pmslen) <= 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ };
-+ /*
-+ * If we have client certificate, use its secret as peer key
-+ */
-+ if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
-+ if (EVP_PKEY_derive_set_peer
-+ (pkey_ctx, s->cert->key->privatekey) <= 0) {
-+ /*
-+ * If there was an error - just ignore it. Ephemeral key
-+ * * would be used
-+ */
-+ ERR_clear_error();
-+ }
-+ }
-+ /*
-+ * Compute shared IV and store it in algorithm-specific context
-+ * data
-+ */
-+ ukm_hash = EVP_MD_CTX_new();
-+ if (ukm_hash == NULL
-+ || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
-+ || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
-+ SSL3_RANDOM_SIZE) <= 0
-+ || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
-+ SSL3_RANDOM_SIZE) <= 0
-+ || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+ EVP_MD_CTX_free(ukm_hash);
-+ ukm_hash = NULL;
-+ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-+ EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
-+ goto err;
-+ }
-+ /* Make GOST keytransport blob message */
-+ /*
-+ * Encapsulate it into sequence
-+ */
-+ *((*p)++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
-+ msglen = 255;
-+ if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
-+ goto err;
- }
-+ if (msglen >= 0x80) {
-+ *((*p)++) = 0x81;
-+ *((*p)++) = msglen & 0xff;
-+ *len = msglen + 3;
-+ } else {
-+ *((*p)++) = msglen & 0xff;
-+ *len = msglen + 2;
-+ }
-+ memcpy(*p, tmp, msglen);
-+ /* Check if pubkey from client certificate was used */
-+ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-+ NULL) > 0) {
-+ /* Set flag "skip certificate verify" */
-+ s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-+ }
-+ EVP_PKEY_CTX_free(pkey_ctx);
-+ s->s3->tmp.pms = pms;
-+ s->s3->tmp.pmslen = pmslen;
-+
-+ return 1;
-+ err:
-+ EVP_PKEY_CTX_free(pkey_ctx);
-+ OPENSSL_clear_free(pms, pmslen);
-+ EVP_MD_CTX_free(ukm_hash);
-+ return 0;
-+#else
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
-+}
-+
-+static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
-+{
- #ifndef OPENSSL_NO_SRP
-- else if (alg_k & SSL_kSRP) {
-- if (s->srp_ctx.A != NULL) {
-- /* send off the data */
-- n = BN_num_bytes(s->srp_ctx.A);
-- s2n(n, p);
-- BN_bn2bin(s->srp_ctx.A, p);
-- n += 2;
-- } else {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-- OPENSSL_free(s->session->srp_username);
-- s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
-- if (s->session->srp_username == NULL) {
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
-- ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-+ if (s->srp_ctx.A != NULL) {
-+ /* send off the data */
-+ *len = BN_num_bytes(s->srp_ctx.A);
-+ s2n(*len, *p);
-+ BN_bn2bin(s->srp_ctx.A, *p);
-+ *len += 2;
-+ } else {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
-+ return 0;
- }
-+ OPENSSL_free(s->session->srp_username);
-+ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
-+ if (s->session->srp_username == NULL) {
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
-+ return 1;
-+#else
-+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
- #endif
-- else {
-+}
-+
-+int tls_construct_client_key_exchange(SSL *s)
-+{
-+ unsigned char *p;
-+ int len;
-+ size_t pskhdrlen = 0;
-+ unsigned long alg_k;
-+ int al = -1;
-+
-+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-+
-+ p = ssl_handshake_start(s);
-+
-+ if ((alg_k & SSL_PSK)
-+ && !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
-+ goto err;
-+
-+ if (alg_k & SSL_kPSK) {
-+ len = 0;
-+ } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
-+ if (!tls_construct_cke_rsa(s, &p, &len, &al))
-+ goto err;
-+ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-+ if (!tls_construct_cke_dhe(s, &p, &len, &al))
-+ goto err;
-+ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
-+ if (!tls_construct_cke_ecdhe(s, &p, &len, &al))
-+ goto err;
-+ } else if (alg_k & SSL_kGOST) {
-+ if (!tls_construct_cke_gost(s, &p, &len, &al))
-+ goto err;
-+ } else if (alg_k & SSL_kSRP) {
-+ if (!tls_construct_cke_srp(s, &p, &len, &al))
-+ goto err;
-+ } else {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
--#ifndef OPENSSL_NO_PSK
-- n += pskhdrlen;
--#endif
-+ len += pskhdrlen;
-
-- if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) {
-+ if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, len)) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
-- if (pms != NULL) {
-- s->s3->tmp.pms = pms;
-- s->s3->tmp.pmslen = pmslen;
-- }
--
- return 1;
-- memerr:
-- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- err:
-- OPENSSL_clear_free(pms, pmslen);
-+ if (al != -1)
-+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
-+ OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
- s->s3->tmp.pms = NULL;
--#ifndef OPENSSL_NO_RSA
-- EVP_PKEY_CTX_free(pctx);
--#endif
--#ifndef OPENSSL_NO_EC
-- OPENSSL_free(encodedPoint);
--#endif
--#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-- EVP_PKEY_free(ckey);
--#endif
- #ifndef OPENSSL_NO_PSK
- OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
- s->s3->tmp.psk = NULL;
-@@ -2538,6 +2545,9 @@ int tls_client_key_exchange_post_work(SS
- unsigned char *pms = NULL;
- size_t pmslen = 0;
-
-+ pms = s->s3->tmp.pms;
-+ pmslen = s->s3->tmp.pmslen;
-+
- #ifndef OPENSSL_NO_SRP
- /* Check for SRP */
- if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-@@ -2549,8 +2559,6 @@ int tls_client_key_exchange_post_work(SS
- return 1;
- }
- #endif
-- pms = s->s3->tmp.pms;
-- pmslen = s->s3->tmp.pmslen;
-
- if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-@@ -2560,8 +2568,13 @@ int tls_client_key_exchange_post_work(SS
- if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
-+ /* ssl_generate_master_secret frees the pms even on error */
-+ pms = NULL;
-+ pmslen = 0;
- goto err;
- }
-+ pms = NULL;
-+ pmslen = 0;
-
- #ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
---- a/ssl/statem/statem_dtls.c
-+++ b/ssl/statem/statem_dtls.c
-@@ -1,115 +1,10 @@
- /*
-- * DTLS implementation written by Nagendra Modadugu
-- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- */
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <limits.h>
-@@ -118,7 +13,6 @@
- #include "../ssl_locl.h"
- #include "statem_locl.h"
- #include <openssl/buffer.h>
--#include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/x509.h>
-@@ -224,8 +118,9 @@ int dtls1_do_write(SSL *s, int type)
- if (!dtls1_query_mtu(s))
- return -1;
-
-- OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something
-- * reasonable now */
-+ if (s->d1->mtu < dtls1_min_mtu(s))
-+ /* should have something reasonable now */
-+ return -1;
-
- if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
- OPENSSL_assert(s->init_num ==
-@@ -287,7 +182,7 @@ int dtls1_do_write(SSL *s, int type)
- }
- }
-
-- used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
-+ used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH
- + mac_size + blocksize;
- if (s->d1->mtu > used_len)
- curr_mtu = s->d1->mtu - used_len;
-@@ -298,7 +193,7 @@ int dtls1_do_write(SSL *s, int type)
- /*
- * grr.. we could get an error if MTU picked was wrong
- */
-- ret = BIO_flush(SSL_get_wbio(s));
-+ ret = BIO_flush(s->wbio);
- if (ret <= 0) {
- s->rwstate = SSL_WRITING;
- return ret;
-@@ -399,7 +294,8 @@ int dtls1_do_write(SSL *s, int type)
- xlen = ret - DTLS1_HM_HEADER_LENGTH;
- }
-
-- ssl3_finish_mac(s, p, xlen);
-+ if (!ssl3_finish_mac(s, p, xlen))
-+ return -1;
- }
-
- if (ret == s->init_num) {
-@@ -480,7 +376,8 @@ int dtls_get_message(SSL *s, int *mt, un
- msg_len += DTLS1_HM_HEADER_LENGTH;
- }
-
-- ssl3_finish_mac(s, p, msg_len);
-+ if (!ssl3_finish_mac(s, p, msg_len))
-+ return 0;
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, msg_len, s, s->msg_callback_arg);
-@@ -831,7 +728,7 @@ static int dtls_get_reassembled_message(
- *len = i;
- return 0;
- }
-- if(recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-+ if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
- if (wire[0] != SSL3_MT_CCS) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
-@@ -1022,7 +919,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
- int dtls1_read_failed(SSL *s, int code)
- {
- if (code > 0) {
-- fprintf(stderr, "dtls1_read_failed(); invalid state reached\n");
-+ SSLerr(SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
- return 1;
- }
-
-@@ -1079,10 +976,8 @@ int dtls1_retransmit_buffered_messages(S
- dtls1_get_queue_priority
- (frag->msg_header.seq,
- frag->msg_header.is_ccs),
-- &found) <= 0 && found) {
-- fprintf(stderr, "dtls1_retransmit_message() failed\n");
-+ &found) <= 0)
- return -1;
-- }
- }
-
- return 1;
-@@ -1174,7 +1069,7 @@ dtls1_retransmit_message(SSL *s, unsigne
-
- item = pqueue_find(s->d1->sent_messages, seq64be);
- if (item == NULL) {
-- fprintf(stderr, "retransmit: message %d non-existant\n", seq);
-+ SSLerr(SSL_F_DTLS1_RETRANSMIT_MESSAGE, ERR_R_INTERNAL_ERROR);
- *found = 0;
- return 0;
- }
-@@ -1225,7 +1120,7 @@ dtls1_retransmit_message(SSL *s, unsigne
-
- s->d1->retransmitting = 0;
-
-- (void)BIO_flush(SSL_get_wbio(s));
-+ (void)BIO_flush(s->wbio);
- return ret;
- }
-
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -119,7 +19,6 @@
- #include "../ssl_locl.h"
- #include "statem_locl.h"
- #include <openssl/buffer.h>
--#include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/x509.h>
-@@ -141,8 +40,10 @@ int ssl3_do_write(SSL *s, int type)
- * should not be done for 'Hello Request's, but in that case we'll
- * ignore the result anyway
- */
-- ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
-- ret);
-+ if (!ssl3_finish_mac(s,
-+ (unsigned char *)&s->init_buf->data[s->init_off],
-+ ret))
-+ return -1;
-
- if (ret == s->init_num) {
- if (s->msg_callback)
-@@ -454,6 +355,16 @@ int tls_get_message_header(SSL *s, int *
- return 0;
- }
- if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-+ /*
-+ * A ChangeCipherSpec must be a single byte and may not occur
-+ * in the middle of a handshake message.
-+ */
-+ if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
-+ al = SSL_AD_UNEXPECTED_MESSAGE;
-+ SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
-+ SSL_R_BAD_CHANGE_CIPHER_SPEC);
-+ goto f_err;
-+ }
- s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
- s->init_num = i - 1;
- s->s3->tmp.message_size = i;
-@@ -490,15 +401,14 @@ int tls_get_message_header(SSL *s, int *
- *mt = *p;
- s->s3->tmp.message_type = *(p++);
-
-- if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
-+ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
- /*
- * Only happens with SSLv3+ in an SSLv2 backward compatible
- * ClientHello
-+ *
-+ * Total message size is the remaining record bytes to read
-+ * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
- */
-- /*
-- * Total message size is the remaining record bytes to read
-- * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
-- */
- l = RECORD_LAYER_get_rrec_length(&s->rlayer)
- + SSL3_HM_HEADER_LENGTH;
- if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
-@@ -571,14 +481,25 @@ int tls_get_message_body(SSL *s, unsigne
- #endif
-
- /* Feed this message into MAC computation. */
-- if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
-- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
-+ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
-+ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
-+ s->init_num)) {
-+ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
-+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-+ *len = 0;
-+ return 0;
-+ }
- if (s->msg_callback)
- s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
- (size_t)s->init_num, s, s->msg_callback_arg);
- } else {
-- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
-- s->init_num + SSL3_HM_HEADER_LENGTH);
-+ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
-+ s->init_num + SSL3_HM_HEADER_LENGTH)) {
-+ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
-+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-+ *len = 0;
-+ return 0;
-+ }
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
- (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
-@@ -648,6 +569,13 @@ int ssl_verify_alarm_type(long type)
- case X509_V_ERR_CRL_NOT_YET_VALID:
- case X509_V_ERR_CERT_UNTRUSTED:
- case X509_V_ERR_CERT_REJECTED:
-+ case X509_V_ERR_HOSTNAME_MISMATCH:
-+ case X509_V_ERR_EMAIL_MISMATCH:
-+ case X509_V_ERR_IP_ADDRESS_MISMATCH:
-+ case X509_V_ERR_DANE_NO_MATCH:
-+ case X509_V_ERR_EE_KEY_TOO_SMALL:
-+ case X509_V_ERR_CA_KEY_TOO_SMALL:
-+ case X509_V_ERR_CA_MD_TOO_WEAK:
- al = SSL_AD_BAD_CERTIFICATE;
- break;
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-@@ -661,7 +589,10 @@ int ssl_verify_alarm_type(long type)
- case X509_V_ERR_CERT_REVOKED:
- al = SSL_AD_CERTIFICATE_REVOKED;
- break;
-+ case X509_V_ERR_UNSPECIFIED:
- case X509_V_ERR_OUT_OF_MEM:
-+ case X509_V_ERR_INVALID_CALL:
-+ case X509_V_ERR_STORE_LOOKUP:
- al = SSL_AD_INTERNAL_ERROR;
- break;
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-@@ -1055,7 +986,7 @@ int ssl_choose_client_version(SSL *s, in
- * or FIPS_mode() constraints and any floor imposed by the security level here,
- * so we don't advertise the wrong protocol version to only reject the outcome later.
- *
-- * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled,
-+ * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled,
- * TLS 1.1 is disabled, but the security level, Suite-B and/or MinProtocol
- * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
- *
---- a/ssl/statem/statem_locl.h
-+++ b/ssl/statem/statem_locl.h
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*****************************************************************************
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -181,7 +81,7 @@ int ossl_statem_server_read_transition(S
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case TLS_ST_BEFORE:
- case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
- if (mt == SSL3_MT_CLIENT_HELLO) {
-@@ -201,13 +101,29 @@ int ossl_statem_server_read_transition(S
- * b) We are running SSL3 (in TLS1.0+ the client must return a 0
- * list if we requested a certificate)
- */
-- if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE
-- && (!s->s3->tmp.cert_request
-- || (!((s->verify_mode & SSL_VERIFY_PEER) &&
-- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-- && (s->version == SSL3_VERSION)))) {
-- st->hand_state = TLS_ST_SR_KEY_EXCH;
-- return 1;
-+ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
-+ if (s->s3->tmp.cert_request) {
-+ if (s->version == SSL3_VERSION) {
-+ if ((s->verify_mode & SSL_VERIFY_PEER)
-+ && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-+ /*
-+ * This isn't an unexpected message as such - we're just
-+ * not going to accept it because we require a client
-+ * cert.
-+ */
-+ ssl3_send_alert(s, SSL3_AL_FATAL,
-+ SSL3_AD_HANDSHAKE_FAILURE);
-+ SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
-+ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-+ return 0;
-+ }
-+ st->hand_state = TLS_ST_SR_KEY_EXCH;
-+ return 1;
-+ }
-+ } else {
-+ st->hand_state = TLS_ST_SR_KEY_EXCH;
-+ return 1;
-+ }
- } else if (s->s3->tmp.cert_request) {
- if (mt == SSL3_MT_CERTIFICATE) {
- st->hand_state = TLS_ST_SR_CERT;
-@@ -297,6 +213,8 @@ int ossl_statem_server_read_transition(S
- }
-
- /* No valid transition found */
-+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
-+ SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);
- return 0;
- }
-
-@@ -368,7 +286,7 @@ static int send_certificate_request(SSL
- && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
- /*
- * ... except when the application insists on
-- * verification (against the specs, but s3_clnt.c accepts
-+ * verification (against the specs, but statem_clnt.c accepts
- * this for SSL 3)
- */
- || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-@@ -393,113 +311,113 @@ WRITE_TRAN ossl_statem_server_write_tran
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-- case TLS_ST_BEFORE:
-- /* Just go straight to trying to read from the client */;
-- return WRITE_TRAN_FINISHED;
--
-- case TLS_ST_OK:
-- /* We must be trying to renegotiate */
-- st->hand_state = TLS_ST_SW_HELLO_REQ;
-- return WRITE_TRAN_CONTINUE;
--
-- case TLS_ST_SW_HELLO_REQ:
-- st->hand_state = TLS_ST_OK;
-- ossl_statem_set_in_init(s, 0);
-- return WRITE_TRAN_CONTINUE;
-+ switch (st->hand_state) {
-+ case TLS_ST_BEFORE:
-+ /* Just go straight to trying to read from the client */;
-+ return WRITE_TRAN_FINISHED;
-
-- case TLS_ST_SR_CLNT_HELLO:
-- if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
-- && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-- st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
-- else
-- st->hand_state = TLS_ST_SW_SRVR_HELLO;
-- return WRITE_TRAN_CONTINUE;
-+ case TLS_ST_OK:
-+ /* We must be trying to renegotiate */
-+ st->hand_state = TLS_ST_SW_HELLO_REQ;
-+ return WRITE_TRAN_CONTINUE;
-
-- case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
-- return WRITE_TRAN_FINISHED;
-+ case TLS_ST_SW_HELLO_REQ:
-+ st->hand_state = TLS_ST_OK;
-+ ossl_statem_set_in_init(s, 0);
-+ return WRITE_TRAN_CONTINUE;
-
-- case TLS_ST_SW_SRVR_HELLO:
-- if (s->hit) {
-- if (s->tlsext_ticket_expected)
-- st->hand_state = TLS_ST_SW_SESSION_TICKET;
-- else
-- st->hand_state = TLS_ST_SW_CHANGE;
-- } else {
-- /* Check if it is anon DH or anon ECDH, */
-- /* normal PSK or SRP */
-- if (!(s->s3->tmp.new_cipher->algorithm_auth &
-- (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
-- st->hand_state = TLS_ST_SW_CERT;
-- } else if (send_server_key_exchange(s)) {
-- st->hand_state = TLS_ST_SW_KEY_EXCH;
-- } else if (send_certificate_request(s)) {
-- st->hand_state = TLS_ST_SW_CERT_REQ;
-- } else {
-- st->hand_state = TLS_ST_SW_SRVR_DONE;
-- }
-- }
-- return WRITE_TRAN_CONTINUE;
-+ case TLS_ST_SR_CLNT_HELLO:
-+ if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
-+ && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-+ st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
-+ else
-+ st->hand_state = TLS_ST_SW_SRVR_HELLO;
-+ return WRITE_TRAN_CONTINUE;
-
-- case TLS_ST_SW_CERT:
-- if (s->tlsext_status_expected) {
-- st->hand_state = TLS_ST_SW_CERT_STATUS;
-- return WRITE_TRAN_CONTINUE;
-- }
-- /* Fall through */
-+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
-+ return WRITE_TRAN_FINISHED;
-
-- case TLS_ST_SW_CERT_STATUS:
-- if (send_server_key_exchange(s)) {
-+ case TLS_ST_SW_SRVR_HELLO:
-+ if (s->hit) {
-+ if (s->tlsext_ticket_expected)
-+ st->hand_state = TLS_ST_SW_SESSION_TICKET;
-+ else
-+ st->hand_state = TLS_ST_SW_CHANGE;
-+ } else {
-+ /* Check if it is anon DH or anon ECDH, */
-+ /* normal PSK or SRP */
-+ if (!(s->s3->tmp.new_cipher->algorithm_auth &
-+ (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
-+ st->hand_state = TLS_ST_SW_CERT;
-+ } else if (send_server_key_exchange(s)) {
- st->hand_state = TLS_ST_SW_KEY_EXCH;
-- return WRITE_TRAN_CONTINUE;
-- }
-- /* Fall through */
--
-- case TLS_ST_SW_KEY_EXCH:
-- if (send_certificate_request(s)) {
-+ } else if (send_certificate_request(s)) {
- st->hand_state = TLS_ST_SW_CERT_REQ;
-- return WRITE_TRAN_CONTINUE;
-+ } else {
-+ st->hand_state = TLS_ST_SW_SRVR_DONE;
- }
-- /* Fall through */
-+ }
-+ return WRITE_TRAN_CONTINUE;
-
-- case TLS_ST_SW_CERT_REQ:
-- st->hand_state = TLS_ST_SW_SRVR_DONE;
-+ case TLS_ST_SW_CERT:
-+ if (s->tlsext_status_expected) {
-+ st->hand_state = TLS_ST_SW_CERT_STATUS;
- return WRITE_TRAN_CONTINUE;
-+ }
-+ /* Fall through */
-
-- case TLS_ST_SW_SRVR_DONE:
-- return WRITE_TRAN_FINISHED;
--
-- case TLS_ST_SR_FINISHED:
-- if (s->hit) {
-- st->hand_state = TLS_ST_OK;
-- ossl_statem_set_in_init(s, 0);
-- return WRITE_TRAN_CONTINUE;
-- } else if (s->tlsext_ticket_expected) {
-- st->hand_state = TLS_ST_SW_SESSION_TICKET;
-- } else {
-- st->hand_state = TLS_ST_SW_CHANGE;
-- }
-+ case TLS_ST_SW_CERT_STATUS:
-+ if (send_server_key_exchange(s)) {
-+ st->hand_state = TLS_ST_SW_KEY_EXCH;
- return WRITE_TRAN_CONTINUE;
-+ }
-+ /* Fall through */
-
-- case TLS_ST_SW_SESSION_TICKET:
-- st->hand_state = TLS_ST_SW_CHANGE;
-+ case TLS_ST_SW_KEY_EXCH:
-+ if (send_certificate_request(s)) {
-+ st->hand_state = TLS_ST_SW_CERT_REQ;
- return WRITE_TRAN_CONTINUE;
-+ }
-+ /* Fall through */
-
-- case TLS_ST_SW_CHANGE:
-- st->hand_state = TLS_ST_SW_FINISHED;
-- return WRITE_TRAN_CONTINUE;
-+ case TLS_ST_SW_CERT_REQ:
-+ st->hand_state = TLS_ST_SW_SRVR_DONE;
-+ return WRITE_TRAN_CONTINUE;
-
-- case TLS_ST_SW_FINISHED:
-- if (s->hit) {
-- return WRITE_TRAN_FINISHED;
-- }
-+ case TLS_ST_SW_SRVR_DONE:
-+ return WRITE_TRAN_FINISHED;
-+
-+ case TLS_ST_SR_FINISHED:
-+ if (s->hit) {
- st->hand_state = TLS_ST_OK;
- ossl_statem_set_in_init(s, 0);
- return WRITE_TRAN_CONTINUE;
-+ } else if (s->tlsext_ticket_expected) {
-+ st->hand_state = TLS_ST_SW_SESSION_TICKET;
-+ } else {
-+ st->hand_state = TLS_ST_SW_CHANGE;
-+ }
-+ return WRITE_TRAN_CONTINUE;
-
-- default:
-- /* Shouldn't happen */
-- return WRITE_TRAN_ERROR;
-+ case TLS_ST_SW_SESSION_TICKET:
-+ st->hand_state = TLS_ST_SW_CHANGE;
-+ return WRITE_TRAN_CONTINUE;
-+
-+ case TLS_ST_SW_CHANGE:
-+ st->hand_state = TLS_ST_SW_FINISHED;
-+ return WRITE_TRAN_CONTINUE;
-+
-+ case TLS_ST_SW_FINISHED:
-+ if (s->hit) {
-+ return WRITE_TRAN_FINISHED;
-+ }
-+ st->hand_state = TLS_ST_OK;
-+ ossl_statem_set_in_init(s, 0);
-+ return WRITE_TRAN_CONTINUE;
-+
-+ default:
-+ /* Shouldn't happen */
-+ return WRITE_TRAN_ERROR;
- }
- }
-
-@@ -511,7 +429,7 @@ WORK_STATE ossl_statem_server_pre_work(S
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case TLS_ST_SW_HELLO_REQ:
- s->shutdown = 0;
- if (SSL_IS_DTLS(s))
-@@ -592,19 +510,24 @@ WORK_STATE ossl_statem_server_post_work(
-
- s->init_num = 0;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case TLS_ST_SW_HELLO_REQ:
- if (statem_flush(s) != 1)
- return WORK_MORE_A;
-- ssl3_init_finished_mac(s);
-+ if (!ssl3_init_finished_mac(s)) {
-+ ossl_statem_set_error(s);
-+ return WORK_ERROR;
-+ }
- break;
-
- case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
- if (statem_flush(s) != 1)
- return WORK_MORE_A;
- /* HelloVerifyRequest resets Finished MAC */
-- if (s->version != DTLS1_BAD_VER)
-- ssl3_init_finished_mac(s);
-+ if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
-+ ossl_statem_set_error(s);
-+ return WORK_ERROR;
-+ }
- /*
- * The next message should be another ClientHello which we need to
- * treat like it was the first packet
-@@ -698,7 +621,7 @@ int ossl_statem_server_construct_message
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
- return dtls_construct_hello_verify_request(s);
-
-@@ -747,6 +670,23 @@ int ossl_statem_server_construct_message
- return 0;
- }
-
-+/*
-+ * Maximum size (excluding the Handshake header) of a ClientHello message,
-+ * calculated as follows:
-+ *
-+ * 2 + # client_version
-+ * 32 + # only valid length for random
-+ * 1 + # length of session_id
-+ * 32 + # maximum size for session_id
-+ * 2 + # length of cipher suites
-+ * 2^16-2 + # maximum length of cipher suites array
-+ * 1 + # length of compression_methods
-+ * 2^8-1 + # maximum length of compression methods
-+ * 2 + # length of extensions
-+ * 2^16-1 # maximum length of extensions
-+ */
-+#define CLIENT_HELLO_MAX_LENGTH 131396
-+
- #define CLIENT_KEY_EXCH_MAX_LENGTH 2048
- #define NEXT_PROTO_MAX_LENGTH 514
-
-@@ -758,9 +698,9 @@ unsigned long ossl_statem_server_max_mes
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case TLS_ST_SR_CLNT_HELLO:
-- return SSL3_RT_MAX_PLAIN_LENGTH;
-+ return CLIENT_HELLO_MAX_LENGTH;
-
- case TLS_ST_SR_CERT:
- return s->max_cert_list;
-@@ -797,7 +737,7 @@ MSG_PROCESS_RETURN ossl_statem_server_pr
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case TLS_ST_SR_CLNT_HELLO:
- return tls_process_client_hello(s, pkt);
-
-@@ -837,7 +777,7 @@ WORK_STATE ossl_statem_server_post_proce
- {
- OSSL_STATEM *st = &s->statem;
-
-- switch(st->hand_state) {
-+ switch (st->hand_state) {
- case TLS_ST_SR_CLNT_HELLO:
- return tls_post_process_client_hello(s, wst);
-
-@@ -971,6 +911,7 @@ MSG_PROCESS_RETURN tls_process_client_he
- /* |cookie| will only be initialized for DTLS. */
- PACKET session_id, cipher_suites, compression, extensions, cookie;
- int is_v2_record;
-+ static const unsigned char null_compression = 0;
-
- is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
-
-@@ -1027,7 +968,7 @@ MSG_PROCESS_RETURN tls_process_client_he
- * use version from inside client hello, not from record header (may
- * differ: see RFC 2246, Appendix E, second paragraph)
- */
-- if(!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) {
-+ if (!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1096,19 +1037,20 @@ MSG_PROCESS_RETURN tls_process_client_he
- goto f_err;
- }
-
-- /* Load the client random */
-+ /* Load the client random and compression list. */
- challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE :
- challenge_len;
- memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
- if (!PACKET_copy_bytes(&challenge,
- s->s3->client_random + SSL3_RANDOM_SIZE -
-- challenge_len, challenge_len)) {
-+ challenge_len, challenge_len)
-+ /* Advertise only null compression. */
-+ || !PACKET_buf_init(&compression, &null_compression, 1)) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
- }
-
-- PACKET_null_init(&compression);
- PACKET_null_init(&extensions);
- } else {
- /* Regular ClientHello. */
-@@ -1376,7 +1318,7 @@ MSG_PROCESS_RETURN tls_process_client_he
- if (k >= complen) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
-- SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
-+ SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
- goto f_err;
- }
- } else if (s->hit)
-@@ -1512,7 +1454,7 @@ WORK_STATE tls_post_process_client_hello
-
- /* Handles TLS extensions that we couldn't check earlier */
- if (s->version >= SSL3_VERSION) {
-- if (ssl_check_clienthello_tlsext_late(s) <= 0) {
-+ if (!ssl_check_clienthello_tlsext_late(s, &al)) {
- SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
- SSL_R_CLIENTHELLO_TLSEXT);
- goto f_err;
-@@ -1666,6 +1608,7 @@ int tls_construct_server_key_exchange(SS
- {
- #ifndef OPENSSL_NO_DH
- EVP_PKEY *pkdh = NULL;
-+ int j;
- #endif
- #ifndef OPENSSL_NO_EC
- unsigned char *encodedPoint = NULL;
-@@ -1678,7 +1621,7 @@ int tls_construct_server_key_exchange(SS
- int al, i;
- unsigned long type;
- int n;
-- BIGNUM *r[4];
-+ const BIGNUM *r[4];
- int nr[4], kn;
- BUF_MEM *buf;
- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
-@@ -1857,6 +1800,16 @@ int tls_construct_server_key_exchange(SS
- n += 1 + nr[i];
- else
- #endif
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * for interoperability with some versions of the Microsoft TLS
-+ * stack, we need to zero pad the DHE pub key to the same length
-+ * as the prime, so use the length of the prime here
-+ */
-+ if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK)))
-+ n += 2 + nr[0];
-+ else
-+#endif
- n += 2 + nr[i];
- }
-
-@@ -1868,6 +1821,11 @@ int tls_construct_server_key_exchange(SS
- goto f_err;
- }
- kn = EVP_PKEY_size(pkey);
-+ /* Allow space for signature algorithm */
-+ if (SSL_USE_SIGALGS(s))
-+ kn += 2;
-+ /* Allow space for signature length */
-+ kn += 2;
- } else {
- pkey = NULL;
- kn = 0;
-@@ -1883,10 +1841,19 @@ int tls_construct_server_key_exchange(SS
- if (type & SSL_PSK) {
- /* copy PSK identity hint */
- if (s->cert->psk_identity_hint) {
-- s2n(strlen(s->cert->psk_identity_hint), p);
-- strncpy((char *)p, s->cert->psk_identity_hint,
-- strlen(s->cert->psk_identity_hint));
-- p += strlen(s->cert->psk_identity_hint);
-+ size_t len = strlen(s->cert->psk_identity_hint);
-+ if (len > PSK_MAX_IDENTITY_LEN) {
-+ /*
-+ * Should not happen - we already checked this when we set
-+ * the identity hint
-+ */
-+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
-+ ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+ s2n(len, p);
-+ memcpy(p, s->cert->psk_identity_hint, len);
-+ p += len;
- } else {
- s2n(0, p);
- }
-@@ -1900,6 +1867,20 @@ int tls_construct_server_key_exchange(SS
- p++;
- } else
- #endif
-+#ifndef OPENSSL_NO_DH
-+ /*
-+ * for interoperability with some versions of the Microsoft TLS
-+ * stack, we need to zero pad the DHE pub key to the same length
-+ * as the prime
-+ */
-+ if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
-+ s2n(nr[0], p);
-+ for (j = 0; j < (nr[0] - nr[2]); ++j) {
-+ *p = 0;
-+ ++p;
-+ }
-+ } else
-+#endif
- s2n(nr[i], p);
- BN_bn2bin(r[i], p);
- p += nr[i];
-@@ -2068,505 +2049,565 @@ int tls_construct_certificate_request(SS
- return 0;
- }
-
--MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
-+static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
- {
-- int al;
-- unsigned long alg_k;
--#ifndef OPENSSL_NO_RSA
-- RSA *rsa = NULL;
--#endif
--#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-- EVP_PKEY *ckey = NULL;
-+#ifndef OPENSSL_NO_PSK
-+ unsigned char psk[PSK_MAX_PSK_LEN];
-+ size_t psklen;
-+ PACKET psk_identity;
-+
-+ if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH);
-+ return 0;
-+ }
-+ if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG);
-+ return 0;
-+ }
-+ if (s->psk_server_callback == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
-+ SSL_R_PSK_NO_SERVER_CB);
-+ return 0;
-+ }
-+
-+ if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+
-+ psklen = s->psk_server_callback(s, s->session->psk_identity,
-+ psk, sizeof(psk));
-+
-+ if (psklen > PSK_MAX_PSK_LEN) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ } else if (psklen == 0) {
-+ /*
-+ * PSK related to the given identity not found
-+ */
-+ *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
-+ SSL_R_PSK_IDENTITY_NOT_FOUND);
-+ return 0;
-+ }
-+
-+ OPENSSL_free(s->s3->tmp.psk);
-+ s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
-+ OPENSSL_cleanse(psk, psklen);
-+
-+ if (s->s3->tmp.psk == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
-+ s->s3->tmp.psklen = psklen;
-+
-+ return 1;
-+#else
-+ /* Should never happen */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
-+ return 0;
- #endif
-+}
-+
-+
-+static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
-+{
-+#ifndef OPENSSL_NO_RSA
-+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-+ int decrypt_len;
-+ unsigned char decrypt_good, version_good;
-+ size_t j, padding_len;
- PACKET enc_premaster;
-- const unsigned char *data;
-+ RSA *rsa = NULL;
- unsigned char *rsa_decrypt = NULL;
-+ int ret = 0;
-
-- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
--
--#ifndef OPENSSL_NO_PSK
-- /* For PSK parse and retrieve identity, obtain PSK key */
-- if (alg_k & SSL_PSK) {
-- unsigned char psk[PSK_MAX_PSK_LEN];
-- size_t psklen;
-- PACKET psk_identity;
-+ rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
-+ if (rsa == NULL) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_MISSING_RSA_CERTIFICATE);
-+ return 0;
-+ }
-
-- if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-- if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_DATA_LENGTH_TOO_LONG);
-- goto f_err;
-- }
-- if (s->psk_server_callback == NULL) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_PSK_NO_SERVER_CB);
-- goto f_err;
-+ /* SSLv3 and pre-standard DTLS omit the length bytes. */
-+ if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
-+ enc_premaster = *pkt;
-+ } else {
-+ if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
-+ || PACKET_remaining(pkt) != 0) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_LENGTH_MISMATCH);
-+ return 0;
- }
-+ }
-
-- if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- al = SSL_AD_INTERNAL_ERROR;
-- goto f_err;
-- }
-+ /*
-+ * We want to be sure that the plaintext buffer size makes it safe to
-+ * iterate over the entire size of a premaster secret
-+ * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
-+ * their ciphertext cannot accommodate a premaster secret anyway.
-+ */
-+ if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return 0;
-+ }
-
-- psklen = s->psk_server_callback(s, s->session->psk_identity,
-- psk, sizeof(psk));
-+ rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
-+ if (rsa_decrypt == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-
-- if (psklen > PSK_MAX_PSK_LEN) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-- } else if (psklen == 0) {
-- /*
-- * PSK related to the given identity not found
-- */
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_PSK_IDENTITY_NOT_FOUND);
-- al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-- goto f_err;
-- }
-+ /*
-+ * We must not leak whether a decryption failure occurs because of
-+ * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
-+ * section 7.4.7.1). The code follows that advice of the TLS RFC and
-+ * generates a random premaster secret for the case that the decrypt
-+ * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
-+ */
-+
-+ if (RAND_bytes(rand_premaster_secret,
-+ sizeof(rand_premaster_secret)) <= 0)
-+ goto err;
-
-- OPENSSL_free(s->s3->tmp.psk);
-- s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
-- OPENSSL_cleanse(psk, psklen);
-+ /*
-+ * Decrypt with no padding. PKCS#1 padding will be removed as part of
-+ * the timing-sensitive code below.
-+ */
-+ decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
-+ PACKET_data(&enc_premaster),
-+ rsa_decrypt, rsa, RSA_NO_PADDING);
-+ if (decrypt_len < 0)
-+ goto err;
-
-- if (s->s3->tmp.psk == NULL) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-- goto f_err;
-- }
-+ /* Check the padding. See RFC 3447, section 7.2.2. */
-
-- s->s3->tmp.psklen = psklen;
-+ /*
-+ * The smallest padded premaster is 11 bytes of overhead. Small keys
-+ * are publicly invalid, so this may return immediately. This ensures
-+ * PS is at least 8 bytes.
-+ */
-+ if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
-+ *al = SSL_AD_DECRYPT_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_DECRYPTION_FAILED);
-+ goto err;
- }
-- if (alg_k & SSL_kPSK) {
-- /* Identity extracted earlier: should be nothing left */
-- if (PACKET_remaining(pkt) != 0) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-- /* PSK handled by ssl_generate_master_secret */
-- if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-- }
-- } else
--#endif
--#ifndef OPENSSL_NO_RSA
-- if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
-- unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-- int decrypt_len;
-- unsigned char decrypt_good, version_good;
-- size_t j;
--
-- /* FIX THIS UP EAY EAY EAY EAY */
-- rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
-- if (rsa == NULL) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_MISSING_RSA_CERTIFICATE);
-- goto f_err;
-- }
-
-- /* SSLv3 and pre-standard DTLS omit the length bytes. */
-- if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
-- enc_premaster = *pkt;
-- } else {
-- if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
-- || PACKET_remaining(pkt) != 0) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-- }
-+ padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
-+ decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
-+ constant_time_eq_int_8(rsa_decrypt[1], 2);
-+ for (j = 2; j < padding_len - 1; j++) {
-+ decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
-+ }
-+ decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
-
-- /*
-- * We want to be sure that the plaintext buffer size makes it safe to
-- * iterate over the entire size of a premaster secret
-- * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
-- * their ciphertext cannot accommodate a premaster secret anyway.
-- */
-- if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- RSA_R_KEY_SIZE_TOO_SMALL);
-- goto f_err;
-- }
-+ /*
-+ * If the version in the decrypted pre-master secret is correct then
-+ * version_good will be 0xff, otherwise it'll be zero. The
-+ * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-+ * (http://eprint.iacr.org/2003/052/) exploits the version number
-+ * check as a "bad version oracle". Thus version checks are done in
-+ * constant time and are treated like any other decryption error.
-+ */
-+ version_good =
-+ constant_time_eq_8(rsa_decrypt[padding_len],
-+ (unsigned)(s->client_version >> 8));
-+ version_good &=
-+ constant_time_eq_8(rsa_decrypt[padding_len + 1],
-+ (unsigned)(s->client_version & 0xff));
-
-- rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
-- if (rsa_decrypt == NULL) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-- goto f_err;
-- }
-+ /*
-+ * The premaster secret must contain the same version number as the
-+ * ClientHello to detect version rollback attacks (strangely, the
-+ * protocol does not offer such protection for DH ciphersuites).
-+ * However, buggy clients exist that send the negotiated protocol
-+ * version instead if the server does not support the requested
-+ * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
-+ * clients.
-+ */
-+ if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
-+ unsigned char workaround_good;
-+ workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
-+ (unsigned)(s->version >> 8));
-+ workaround_good &=
-+ constant_time_eq_8(rsa_decrypt[padding_len + 1],
-+ (unsigned)(s->version & 0xff));
-+ version_good |= workaround_good;
-+ }
-
-- /*
-- * We must not leak whether a decryption failure occurs because of
-- * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
-- * section 7.4.7.1). The code follows that advice of the TLS RFC and
-- * generates a random premaster secret for the case that the decrypt
-- * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
-- */
-+ /*
-+ * Both decryption and version must be good for decrypt_good to
-+ * remain non-zero (0xff).
-+ */
-+ decrypt_good &= version_good;
-
-- if (RAND_bytes(rand_premaster_secret,
-- sizeof(rand_premaster_secret)) <= 0) {
-- goto err;
-- }
-+ /*
-+ * Now copy rand_premaster_secret over from p using
-+ * decrypt_good_mask. If decryption failed, then p does not
-+ * contain valid plaintext, however, a check above guarantees
-+ * it is still sufficiently large to read from.
-+ */
-+ for (j = 0; j < sizeof(rand_premaster_secret); j++) {
-+ rsa_decrypt[padding_len + j] =
-+ constant_time_select_8(decrypt_good,
-+ rsa_decrypt[padding_len + j],
-+ rand_premaster_secret[j]);
-+ }
-
-- decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster),
-- PACKET_data(&enc_premaster),
-- rsa_decrypt, rsa, RSA_PKCS1_PADDING);
-- ERR_clear_error();
-+ if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
-+ sizeof(rand_premaster_secret), 0)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-
-- /*
-- * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
-- * be 0xff if so and zero otherwise.
-- */
-- decrypt_good =
-- constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
-+ ret = 1;
-+ err:
-+ OPENSSL_free(rsa_decrypt);
-+ return ret;
-+#else
-+ /* Should never happen */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+#endif
-+}
-
-- /*
-- * If the version in the decrypted pre-master secret is correct then
-- * version_good will be 0xff, otherwise it'll be zero. The
-- * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-- * (http://eprint.iacr.org/2003/052/) exploits the version number
-- * check as a "bad version oracle". Thus version checks are done in
-- * constant time and are treated like any other decryption error.
-- */
-- version_good =
-- constant_time_eq_8(rsa_decrypt[0],
-- (unsigned)(s->client_version >> 8));
-- version_good &=
-- constant_time_eq_8(rsa_decrypt[1],
-- (unsigned)(s->client_version & 0xff));
-+static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
-+{
-+#ifndef OPENSSL_NO_DH
-+ EVP_PKEY *skey = NULL;
-+ DH *cdh;
-+ unsigned int i;
-+ BIGNUM *pub_key;
-+ const unsigned char *data;
-+ EVP_PKEY *ckey = NULL;
-+ int ret = 0;
-
-- /*
-- * The premaster secret must contain the same version number as the
-- * ClientHello to detect version rollback attacks (strangely, the
-- * protocol does not offer such protection for DH ciphersuites).
-- * However, buggy clients exist that send the negotiated protocol
-- * version instead if the server does not support the requested
-- * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
-- * clients.
-- */
-- if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
-- unsigned char workaround_good;
-- workaround_good =
-- constant_time_eq_8(rsa_decrypt[0], (unsigned)(s->version >> 8));
-- workaround_good &=
-- constant_time_eq_8(rsa_decrypt[1],
-- (unsigned)(s->version & 0xff));
-- version_good |= workaround_good;
-- }
-+ if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
-+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-+ goto err;
-+ }
-+ skey = s->s3->tmp.pkey;
-+ if (skey == NULL) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY);
-+ goto err;
-+ }
-
-- /*
-- * Both decryption and version must be good for decrypt_good to
-- * remain non-zero (0xff).
-- */
-- decrypt_good &= version_good;
-+ if (PACKET_remaining(pkt) == 0L) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY);
-+ goto err;
-+ }
-+ if (!PACKET_get_bytes(pkt, &data, i)) {
-+ /* We already checked we have enough data */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+ ckey = EVP_PKEY_new();
-+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_BN_LIB);
-+ goto err;
-+ }
-+ cdh = EVP_PKEY_get0_DH(ckey);
-+ pub_key = BN_bin2bn(data, i, NULL);
-
-- /*
-- * Now copy rand_premaster_secret over from p using
-- * decrypt_good_mask. If decryption failed, then p does not
-- * contain valid plaintext, however, a check above guarantees
-- * it is still sufficiently large to read from.
-- */
-- for (j = 0; j < sizeof(rand_premaster_secret); j++) {
-- rsa_decrypt[j] =
-- constant_time_select_8(decrypt_good, rsa_decrypt[j],
-- rand_premaster_secret[j]);
-- }
-+ if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
-+ if (pub_key != NULL)
-+ BN_free(pub_key);
-+ goto err;
-+ }
-
-- if (!ssl_generate_master_secret(s, rsa_decrypt,
-- sizeof(rand_premaster_secret), 0)) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-- }
-- OPENSSL_free(rsa_decrypt);
-- rsa_decrypt = NULL;
-- } else
-+ if (ssl_derive(s, skey, ckey) == 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
-+ ret = 1;
-+ EVP_PKEY_free(s->s3->tmp.pkey);
-+ s->s3->tmp.pkey = NULL;
-+ err:
-+ EVP_PKEY_free(ckey);
-+ return ret;
-+#else
-+ /* Should never happen */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
-+ return 0;
- #endif
--#ifndef OPENSSL_NO_DH
-- if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-- EVP_PKEY *skey = NULL;
-- DH *cdh;
-+}
-+
-+static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
-+{
-+#ifndef OPENSSL_NO_EC
-+ EVP_PKEY *skey = s->s3->tmp.pkey;
-+ EVP_PKEY *ckey = NULL;
-+ int ret = 0;
-+
-+ if (PACKET_remaining(pkt) == 0L) {
-+ /* We don't support ECDH client auth */
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_MISSING_TMP_ECDH_KEY);
-+ goto err;
-+ } else {
- unsigned int i;
-- BIGNUM *pub_key;
-+ const unsigned char *data;
-
-- if (!PACKET_get_net_2(pkt, &i)) {
-- if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-- goto f_err;
-- }
-- i = 0;
-- }
-- if (PACKET_remaining(pkt) != i) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-- goto err;
-- }
-- skey = s->s3->tmp.pkey;
-- if (skey == NULL) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_MISSING_TMP_DH_KEY);
-- goto f_err;
-- }
-+ /*
-+ * Get client's public key from encoded point in the
-+ * ClientKeyExchange message.
-+ */
-
-- if (PACKET_remaining(pkt) == 0L) {
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_MISSING_TMP_DH_KEY);
-- goto f_err;
-- }
-- if (!PACKET_get_bytes(pkt, &data, i)) {
-- /* We already checked we have enough data */
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- ERR_R_INTERNAL_ERROR);
-- goto f_err;
-+ /* Get encoded point length */
-+ if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
-+ || PACKET_remaining(pkt) != 0) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH);
-+ goto err;
- }
- ckey = EVP_PKEY_new();
-- if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
-+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
- goto err;
- }
-- cdh = EVP_PKEY_get0_DH(ckey);
-- pub_key = BN_bin2bn(data, i, NULL);
--
-- if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- if (pub_key != NULL)
-- BN_free(pub_key);
-+ if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
-+ NULL) == 0) {
-+ *al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
- goto err;
- }
-+ }
-
-- if (ssl_derive(s, skey, ckey) == 0) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-- }
-+ if (ssl_derive(s, skey, ckey) == 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-
-- EVP_PKEY_free(ckey);
-- ckey = NULL;
-- EVP_PKEY_free(s->s3->tmp.pkey);
-- s->s3->tmp.pkey = NULL;
-+ ret = 1;
-+ EVP_PKEY_free(s->s3->tmp.pkey);
-+ s->s3->tmp.pkey = NULL;
-+ err:
-+ EVP_PKEY_free(ckey);
-
-- } else
-+ return ret;
-+#else
-+ /* Should never happen */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
-+ return 0;
- #endif
-+}
-
--#ifndef OPENSSL_NO_EC
-- if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
-- EVP_PKEY *skey = s->s3->tmp.pkey;
-+static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
-+{
-+#ifndef OPENSSL_NO_SRP
-+ unsigned int i;
-+ const unsigned char *data;
-
-- if (PACKET_remaining(pkt) == 0L) {
-- /* We don't support ECDH client auth */
-- al = SSL_AD_HANDSHAKE_FAILURE;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_MISSING_TMP_ECDH_KEY);
-- goto f_err;
-- } else {
-- unsigned int i;
-+ if (!PACKET_get_net_2(pkt, &i)
-+ || !PACKET_get_bytes(pkt, &data, i)) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH);
-+ return 0;
-+ }
-+ if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB);
-+ return 0;
-+ }
-+ if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
-+ || BN_is_zero(s->srp_ctx.A)) {
-+ *al = SSL_AD_ILLEGAL_PARAMETER;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
-+ return 0;
-+ }
-+ OPENSSL_free(s->session->srp_username);
-+ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
-+ if (s->session->srp_username == NULL) {
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-
-- /*
-- * Get client's public key from encoded point in the
-- * ClientKeyExchange message.
-- */
-+ if (!srp_generate_server_master_secret(s)) {
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-
-- /* Get encoded point length */
-- if (!PACKET_get_1(pkt, &i)) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_LENGTH_MISMATCH);
-- goto f_err;
-- }
-- if (!PACKET_get_bytes(pkt, &data, i)
-- || PACKET_remaining(pkt) != 0) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-- goto err;
-- }
-- ckey = EVP_PKEY_new();
-- if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
-- goto err;
-- }
-- if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
-- NULL) == 0) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-- goto err;
-- }
-- }
-+ return 1;
-+#else
-+ /* Should never happen */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+#endif
-+}
-
-- if (ssl_derive(s, skey, ckey) == 0) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-+static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
-+{
-+#ifndef OPENSSL_NO_GOST
-+ EVP_PKEY_CTX *pkey_ctx;
-+ EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
-+ unsigned char premaster_secret[32];
-+ const unsigned char *start;
-+ size_t outlen = 32, inlen;
-+ unsigned long alg_a;
-+ int Ttag, Tclass;
-+ long Tlen;
-+ long sess_key_len;
-+ const unsigned char *data;
-+ int ret = 0;
-+
-+ /* Get our certificate private key */
-+ alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-+ if (alg_a & SSL_aGOST12) {
-+ /*
-+ * New GOST ciphersuites have SSL_aGOST01 bit too
-+ */
-+ pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
-+ if (pk == NULL) {
-+ pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
-+ }
-+ if (pk == NULL) {
-+ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
- }
-+ } else if (alg_a & SSL_aGOST01) {
-+ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-+ }
-
-- EVP_PKEY_free(ckey);
-- ckey = NULL;
-- EVP_PKEY_free(s->s3->tmp.pkey);
-- s->s3->tmp.pkey = NULL;
-+ pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
-+ if (pkey_ctx == NULL) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+ if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ /*
-+ * If client certificate is present and is of the same type, maybe
-+ * use it for key exchange. Don't mind errors from
-+ * EVP_PKEY_derive_set_peer, because it is completely valid to use a
-+ * client certificate for authorization only.
-+ */
-+ client_pub_pkey = X509_get0_pubkey(s->session->peer);
-+ if (client_pub_pkey) {
-+ if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
-+ ERR_clear_error();
-+ }
-+ /* Decrypt session key */
-+ sess_key_len = PACKET_remaining(pkt);
-+ if (!PACKET_get_bytes(pkt, &data, sess_key_len)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+ if (ASN1_get_object ((const unsigned char **)&data, &Tlen, &Ttag,
-+ &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
-+ || Ttag != V_ASN1_SEQUENCE
-+ || Tclass != V_ASN1_UNIVERSAL) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
-+ goto err;
-+ }
-+ start = data;
-+ inlen = Tlen;
-+ if (EVP_PKEY_decrypt
-+ (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
-+ *al = SSL_AD_DECODE_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
-+ goto err;
-+ }
-+ /* Generate master secret */
-+ if (!ssl_generate_master_secret(s, premaster_secret,
-+ sizeof(premaster_secret), 0)) {
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+ /* Check if pubkey from client certificate was used */
-+ if (EVP_PKEY_CTX_ctrl
-+ (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-+ s->statem.no_cert_verify = 1;
-
-- return MSG_PROCESS_CONTINUE_PROCESSING;
-- } else
-+ ret = 1;
-+ err:
-+ EVP_PKEY_CTX_free(pkey_ctx);
-+ return ret;
-+#else
-+ /* Should never happen */
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
-+ return 0;
- #endif
--#ifndef OPENSSL_NO_SRP
-- if (alg_k & SSL_kSRP) {
-- unsigned int i;
-+}
-
-- if (!PACKET_get_net_2(pkt, &i)
-- || !PACKET_get_bytes(pkt, &data, i)) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BAD_SRP_A_LENGTH);
-- goto f_err;
-- }
-- if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
-- goto err;
-- }
-- if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
-- || BN_is_zero(s->srp_ctx.A)) {
-- al = SSL_AD_ILLEGAL_PARAMETER;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_BAD_SRP_PARAMETERS);
-- goto f_err;
-- }
-- OPENSSL_free(s->session->srp_username);
-- s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
-- if (s->session->srp_username == NULL) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-- goto err;
-- }
-+MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
-+{
-+ int al = -1;
-+ unsigned long alg_k;
-
-- if (!srp_generate_server_master_secret(s)) {
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto err;
-- }
-- } else
--#endif /* OPENSSL_NO_SRP */
--#ifndef OPENSSL_NO_GOST
-- if (alg_k & SSL_kGOST) {
-- EVP_PKEY_CTX *pkey_ctx;
-- EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
-- unsigned char premaster_secret[32];
-- const unsigned char *start;
-- size_t outlen = 32, inlen;
-- unsigned long alg_a;
-- int Ttag, Tclass;
-- long Tlen;
-- long sess_key_len;
--
-- /* Get our certificate private key */
-- alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-- if (alg_a & SSL_aGOST12) {
-- /*
-- * New GOST ciphersuites have SSL_aGOST01 bit too
-- */
-- pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
-- if (pk == NULL) {
-- pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
-- }
-- if (pk == NULL) {
-- pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-- }
-- } else if (alg_a & SSL_aGOST01) {
-- pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-- }
-+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-- pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
-- if (pkey_ctx == NULL) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-- goto f_err;
-- }
-- if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto f_err;
-- }
-- /*
-- * If client certificate is present and is of the same type, maybe
-- * use it for key exchange. Don't mind errors from
-- * EVP_PKEY_derive_set_peer, because it is completely valid to use a
-- * client certificate for authorization only.
-- */
-- client_pub_pkey = X509_get0_pubkey(s->session->peer);
-- if (client_pub_pkey) {
-- if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
-- ERR_clear_error();
-- }
-- /* Decrypt session key */
-- sess_key_len = PACKET_remaining(pkt);
-- if (!PACKET_get_bytes(pkt, &data, sess_key_len)) {
-- al = SSL_AD_INTERNAL_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto gerr;
-+ /* For PSK parse and retrieve identity, obtain PSK key */
-+ if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt, &al))
-+ goto err;
-+
-+ if (alg_k & SSL_kPSK) {
-+ /* Identity extracted earlier: should be nothing left */
-+ if (PACKET_remaining(pkt) != 0) {
-+ al = SSL_AD_HANDSHAKE_FAILURE;
-+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-+ goto err;
- }
-- if (ASN1_get_object ((const unsigned char **)&data, &Tlen, &Ttag,
-- &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
-- || Ttag != V_ASN1_SEQUENCE
-- || Tclass != V_ASN1_UNIVERSAL) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_DECRYPTION_FAILED);
-- goto gerr;
-- }
-- start = data;
-- inlen = Tlen;
-- if (EVP_PKEY_decrypt
-- (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
-- al = SSL_AD_DECODE_ERROR;
-- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
-- SSL_R_DECRYPTION_FAILED);
-- goto gerr;
-- }
-- /* Generate master secret */
-- if (!ssl_generate_master_secret(s, premaster_secret,
-- sizeof(premaster_secret), 0)) {
-+ /* PSK handled by ssl_generate_master_secret */
-+ if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-- goto gerr;
-+ goto err;
- }
-- /* Check if pubkey from client certificate was used */
-- if (EVP_PKEY_CTX_ctrl
-- (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-- s->statem.no_cert_verify = 1;
--
-- EVP_PKEY_CTX_free(pkey_ctx);
-- return MSG_PROCESS_CONTINUE_PROCESSING;
-- gerr:
-- EVP_PKEY_CTX_free(pkey_ctx);
-- goto f_err;
-- } else
--#endif
-- {
-+ } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
-+ if (!tls_process_cke_rsa(s, pkt, &al))
-+ goto err;
-+ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-+ if (!tls_process_cke_dhe(s, pkt, &al))
-+ goto err;
-+ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
-+ if (!tls_process_cke_ecdhe(s, pkt, &al))
-+ goto err;
-+ } else if (alg_k & SSL_kSRP) {
-+ if (!tls_process_cke_srp(s, pkt, &al))
-+ goto err;
-+ } else if (alg_k & SSL_kGOST) {
-+ if (!tls_process_cke_gost(s, pkt, &al))
-+ goto err;
-+ } else {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
-- goto f_err;
-+ goto err;
- }
-
- return MSG_PROCESS_CONTINUE_PROCESSING;
-- f_err:
-- ssl3_send_alert(s, SSL3_AL_FATAL, al);
--#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SRP)
- err:
--#endif
--#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-- EVP_PKEY_free(ckey);
--#endif
-- OPENSSL_free(rsa_decrypt);
-+ if (al != -1)
-+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
- #ifndef OPENSSL_NO_PSK
- OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
- s->s3->tmp.psk = NULL;
-@@ -2621,17 +2662,16 @@ WORK_STATE tls_post_process_client_key_e
- }
- #endif
-
-- if (s->statem.no_cert_verify) {
-- /* No certificate verify so we no longer need the handshake_buffer */
-- BIO_free(s->s3->handshake_buffer);
-- s->s3->handshake_buffer = NULL;
-+ if (s->statem.no_cert_verify || !s->session->peer) {
-+ /* No certificate verify or no peer certificate so we no longer need the
-+ * handshake_buffer
-+ */
-+ if (!ssl3_digest_cached_records(s, 0)) {
-+ ossl_statem_set_error(s);
-+ return WORK_ERROR;
-+ }
- return WORK_FINISHED_CONTINUE;
- } else {
-- if (!s->session->peer) {
-- /* No peer certificate so we no longer need the handshake_buffer */
-- BIO_free(s->s3->handshake_buffer);
-- return WORK_FINISHED_CONTINUE;
-- }
- if (!s->s3->handshake_buffer) {
- SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
-@@ -2909,7 +2949,7 @@ MSG_PROCESS_RETURN tls_process_client_ce
- s->session->peer_chain = sk;
- /*
- * Inconsistency alert: cert_chain does *not* include the peer's own
-- * certificate, while we do include it in s3_clnt.c
-+ * certificate, while we do include it in statem_clnt.c
- */
- sk = NULL;
- ret = MSG_PROCESS_CONTINUE_READING;
-@@ -2956,7 +2996,8 @@ int tls_construct_new_session_ticket(SSL
- unsigned int hlen;
- SSL_CTX *tctx = s->initial_ctx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
-- unsigned char key_name[16];
-+ unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
-+ int iv_len;
-
- /* get session encoding length */
- slen_full = i2d_SSL_SESSION(s->session, NULL);
-@@ -3006,13 +3047,14 @@ int tls_construct_new_session_ticket(SSL
- * Grow buffer if need be: the length calculation is as
- * follows handshake_header_length +
- * 4 (ticket lifetime hint) + 2 (ticket length) +
-- * 16 (key name) + max_iv_len (iv length) +
-- * session_length + max_enc_block_size (max encrypted session
-- * length) + max_md_size (HMAC).
-+ * sizeof(keyname) + max_iv_len (iv length) +
-+ * max_enc_block_size (max encrypted session * length) +
-+ * max_md_size (HMAC) + session_length.
- */
- if (!BUF_MEM_grow(s->init_buf,
-- SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH +
-- EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
-+ SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) +
-+ EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-+ EVP_MAX_MD_SIZE + slen))
- goto err;
-
- p = ssl_handshake_start(s);
-@@ -3021,18 +3063,38 @@ int tls_construct_new_session_ticket(SSL
- * all the work otherwise use generated values from parent ctx.
- */
- if (tctx->tlsext_ticket_key_cb) {
-- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
-+ /* if 0 is returned, write an empty ticket */
-+ int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx,
-+ hctx, 1);
-+
-+ if (ret == 0) {
-+ l2n(0, p); /* timeout */
-+ s2n(0, p); /* length */
-+ if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
-+ goto err;
-+ OPENSSL_free(senc);
-+ EVP_CIPHER_CTX_free(ctx);
-+ HMAC_CTX_free(hctx);
-+ return 1;
-+ }
-+ if (ret < 0)
- goto err;
-+ iv_len = EVP_CIPHER_CTX_iv_length(ctx);
- } else {
-- if (RAND_bytes(iv, 16) <= 0)
-+ const EVP_CIPHER *cipher = EVP_aes_256_cbc();
-+
-+ iv_len = EVP_CIPHER_iv_length(cipher);
-+ if (RAND_bytes(iv, iv_len) <= 0)
- goto err;
-- if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-+ if (!EVP_EncryptInit_ex(ctx, cipher, NULL,
- tctx->tlsext_tick_aes_key, iv))
- goto err;
-- if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
-+ if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-+ sizeof(tctx->tlsext_tick_hmac_key),
- EVP_sha256(), NULL))
- goto err;
-- memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-+ memcpy(key_name, tctx->tlsext_tick_key_name,
-+ sizeof(tctx->tlsext_tick_key_name));
- }
-
- /*
-@@ -3046,11 +3108,11 @@ int tls_construct_new_session_ticket(SSL
- p += 2;
- /* Output key name */
- macstart = p;
-- memcpy(p, key_name, 16);
-- p += 16;
-+ memcpy(p, key_name, sizeof(key_name));
-+ p += sizeof(key_name);
- /* output IV */
-- memcpy(p, iv, EVP_CIPHER_CTX_iv_length(ctx));
-- p += EVP_CIPHER_CTX_iv_length(ctx);
-+ memcpy(p, iv, iv_len);
-+ p += iv_len;
- /* Encrypt session data */
- if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
- goto err;
-@@ -3194,7 +3256,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe
-
- if ((skp == NULL) || (*skp == NULL)) {
- sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-- if(sk == NULL) {
-+ if (sk == NULL) {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- *al = SSL_AD_INTERNAL_ERROR;
- return NULL;
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
-@@ -241,7 +141,7 @@ int tls1_change_cipher_state(SSL *s, int
- goto err;
- else
- /*
-- * make sure it's intialized in case we exit later with an error
-+ * make sure it's initialised in case we exit later with an error
- */
- EVP_CIPHER_CTX_reset(s->enc_read_ctx);
- dd = s->enc_read_ctx;
---- a/ssl/t1_ext.c
-+++ b/ssl/t1_ext.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /* Custom extension utility functions */
-@@ -205,7 +160,7 @@ static int custom_ext_meth_add(custom_ex
- void *add_arg,
- custom_ext_parse_cb parse_cb, void *parse_arg)
- {
-- custom_ext_method *meth;
-+ custom_ext_method *meth, *tmp;
- /*
- * Check application error: if add_cb is not set free_cb will never be
- * called.
-@@ -225,15 +180,17 @@ static int custom_ext_meth_add(custom_ex
- /* Search for duplicate */
- if (custom_ext_find(exts, ext_type))
- return 0;
-- exts->meths = OPENSSL_realloc(exts->meths,
-- (exts->meths_count +
-- 1) * sizeof(custom_ext_method));
-+ tmp = OPENSSL_realloc(exts->meths,
-+ (exts->meths_count + 1) * sizeof(custom_ext_method));
-
-- if (!exts->meths) {
-+ if (tmp == NULL) {
-+ OPENSSL_free(exts->meths);
-+ exts->meths = NULL;
- exts->meths_count = 0;
- return 0;
- }
-
-+ exts->meths = tmp;
- meth = exts->meths + exts->meths_count;
- memset(meth, 0, sizeof(*meth));
- meth->parse_cb = parse_cb;
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1,111 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -114,7 +13,8 @@
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
- #include <openssl/ocsp.h>
--#include <openssl/rand.h>
-+#include <openssl/conf.h>
-+#include <openssl/x509v3.h>
- #include <openssl/dh.h>
- #include <openssl/bn.h>
- #include "ssl_locl.h"
-@@ -767,7 +667,7 @@ static int tls1_check_cert_param(SSL *s,
-
- # ifndef OPENSSL_NO_EC
- /*
-- * tls1_check_ec_tmp_key - Check EC temporary key compatiblity
-+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
- * @s: SSL connection
- * @cid: Cipher ID we're considering using
- *
-@@ -1179,7 +1079,7 @@ unsigned char *ssl_add_clienthello_tlsex
-
- /*-
- * check for enough space.
-- * 4 for the servername type and entension length
-+ * 4 for the servername type and extension length
- * 2 for servernamelist length
- * 1 for the hostname type
- * 2 for hostname length
-@@ -1217,7 +1117,7 @@ unsigned char *ssl_add_clienthello_tlsex
-
- /*-
- * check for enough space.
-- * 4 for the srp type type and entension length
-+ * 4 for the srp type type and extension length
- * 1 for the srp user identity
- * + srp user identity length
- */
-@@ -1329,7 +1229,7 @@ unsigned char *ssl_add_clienthello_tlsex
- }
- skip_ext:
-
-- if (SSL_USE_SIGALGS(s)) {
-+ if (SSL_CLIENT_USE_SIGALGS(s)) {
- size_t salglen;
- const unsigned char *salg;
- unsigned char *etmp;
-@@ -1414,7 +1314,7 @@ unsigned char *ssl_add_clienthello_tlsex
- #ifndef OPENSSL_NO_NEXTPROTONEG
- if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
- /*
-- * The client advertises an emtpy extension to indicate its support
-+ * The client advertises an empty extension to indicate its support
- * for Next Protocol Negotiation
- */
- if (limit - ret - 4 < 0)
-@@ -1466,10 +1366,8 @@ unsigned char *ssl_add_clienthello_tlsex
- /* Add custom TLS Extensions to ClientHello */
- if (!custom_ext_add(s, 0, &ret, limit, al))
- return NULL;
--#ifdef TLSEXT_TYPE_encrypt_then_mac
- s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
- s2n(0, ret);
--#endif
- #ifndef OPENSSL_NO_CT
- if (s->ct_validation_callback != NULL) {
- s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
-@@ -1603,6 +1501,9 @@ unsigned char *ssl_add_serverhello_tlsex
- return NULL;
- s2n(TLSEXT_TYPE_session_ticket, ret);
- s2n(0, ret);
-+ } else {
-+ /* if we don't add the above TLSEXT, we can't add a session ticket later */
-+ s->tlsext_ticket_expected = 0;
- }
-
- if (s->tlsext_status_expected) {
-@@ -1696,7 +1597,6 @@ unsigned char *ssl_add_serverhello_tlsex
- #endif
- if (!custom_ext_add(s, 1, &ret, limit, al))
- return NULL;
--#ifdef TLSEXT_TYPE_encrypt_then_mac
- if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
- /*
- * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
-@@ -1712,7 +1612,6 @@ unsigned char *ssl_add_serverhello_tlsex
- s2n(0, ret);
- }
- }
--#endif
- if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
- s2n(TLSEXT_TYPE_extended_master_secret, ret);
- s2n(0, ret);
-@@ -1779,11 +1678,10 @@ static int tls1_alpn_handle_client_hello
-
- /*
- * Process the ALPN extension in a ClientHello.
-- * ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
- * al: a pointer to the alert value to send in the event of a failure.
-- * returns 1 on success, 0
-+ * returns 1 on success, 0 on error.
- */
--static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
-+static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
- {
- const unsigned char *selected = NULL;
- unsigned char selected_len = 0;
-@@ -1799,7 +1697,6 @@ static int tls1_alpn_handle_client_hello
- s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
- if (s->s3->alpn_selected == NULL) {
- *al = SSL_AD_INTERNAL_ERROR;
-- *ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- return 0;
- }
- s->s3->alpn_selected_len = selected_len;
-@@ -1809,7 +1706,6 @@ static int tls1_alpn_handle_client_hello
- #endif
- } else {
- *al = SSL_AD_NO_APPLICATION_PROTOCOL;
-- *ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- return 0;
- }
- }
-@@ -1925,9 +1821,7 @@ static int ssl_scan_clienthello_tlsext(S
- /* Clear any signature algorithms extension received */
- OPENSSL_free(s->s3->tmp.peer_sigalgs);
- s->s3->tmp.peer_sigalgs = NULL;
--#ifdef TLSEXT_TYPE_encrypt_then_mac
- s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
--#endif
-
- #ifndef OPENSSL_NO_SRP
- OPENSSL_free(s->srp_ctx.login);
-@@ -2004,7 +1898,7 @@ static int ssl_scan_clienthello_tlsext(S
- /*
- * Although the server_name extension was intended to be
- * extensible to new name types, RFC 4366 defined the
-- * syntax inextensibly and OpenSSL 1.0.x parses it as
-+ * syntax inextensibility and OpenSSL 1.0.x parses it as
- * such.
- * RFC 6066 corrected the mistake but adding new name types
- * is nevertheless no longer feasible, so act as if no other
-@@ -2235,7 +2129,7 @@ static int ssl_scan_clienthello_tlsext(S
- *
- * s->new_session will be set on renegotiation, but we
- * probably shouldn't rely that it couldn't be set on
-- * the initial renegotation too in certain cases (when
-+ * the initial renegotiation too in certain cases (when
- * there's some other reason to disallow resuming an
- * earlier session -- the current code won't be doing
- * anything like that, but this might change).
-@@ -2264,10 +2158,8 @@ static int ssl_scan_clienthello_tlsext(S
- return 0;
- }
- #endif
--#ifdef TLSEXT_TYPE_encrypt_then_mac
- else if (type == TLSEXT_TYPE_encrypt_then_mac)
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
--#endif
- /*
- * Note: extended master secret extension handled in
- * tls_check_serverhello_tlsext_early()
-@@ -2337,11 +2229,11 @@ int ssl_parse_clienthello_tlsext(SSL *s,
- */
- static char ssl_next_proto_validate(PACKET *pkt)
- {
-- unsigned int len;
-+ PACKET tmp_protocol;
-
- while (PACKET_remaining(pkt)) {
-- if (!PACKET_get_1(pkt, &len)
-- || !PACKET_forward(pkt, len))
-+ if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
-+ || PACKET_remaining(&tmp_protocol) == 0)
- return 0;
- }
-
-@@ -2367,9 +2259,7 @@ static int ssl_scan_serverhello_tlsext(S
- SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
- #endif
-
--#ifdef TLSEXT_TYPE_encrypt_then_mac
- s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
--#endif
-
- s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
-
-@@ -2581,14 +2471,12 @@ static int ssl_scan_serverhello_tlsext(S
- return 0;
- }
- #endif
--#ifdef TLSEXT_TYPE_encrypt_then_mac
- else if (type == TLSEXT_TYPE_encrypt_then_mac) {
- /* Ignore if inappropriate ciphersuite */
- if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
- && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
- }
--#endif
- else if (type == TLSEXT_TYPE_extended_master_secret) {
- s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
- if (!s->hit)
-@@ -2629,8 +2517,7 @@ static int ssl_scan_serverhello_tlsext(S
- * an attack we should *always* see RI even on initial server hello
- * because the client doesn't see any renegotiation during an attack.
- * However this would mean we could not connect to any server which
-- * doesn't support RI so for the immediate future tolerate RI absence on
-- * initial connect only.
-+ * doesn't support RI so for the immediate future tolerate RI absence
- */
- if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
- && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-@@ -2737,7 +2624,8 @@ int tls1_set_server_sigalgs(SSL *s)
- {
- int al;
- size_t i;
-- /* Clear any shared sigtnature algorithms */
-+
-+ /* Clear any shared signature algorithms */
- OPENSSL_free(s->cert->shared_sigalgs);
- s->cert->shared_sigalgs = NULL;
- s->cert->shared_sigalgslen = 0;
-@@ -2757,7 +2645,7 @@ int tls1_set_server_sigalgs(SSL *s)
- /* Fatal error is no shared signature algorithms */
- if (!s->cert->shared_sigalgs) {
- SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
-- SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
-+ SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
- al = SSL_AD_ILLEGAL_PARAMETER;
- goto err;
- }
-@@ -2770,10 +2658,13 @@ int tls1_set_server_sigalgs(SSL *s)
- return 0;
- }
-
--int ssl_check_clienthello_tlsext_late(SSL *s)
-+/*
-+ * Upon success, returns 1.
-+ * Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
-+ */
-+int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
- {
-- int ret = SSL_TLSEXT_ERR_OK;
-- int al = SSL_AD_INTERNAL_ERROR;
-+ s->tlsext_status_expected = 0;
-
- /*
- * If status request then ask callback what to do. Note: this must be
-@@ -2782,58 +2673,41 @@ int ssl_check_clienthello_tlsext_late(SS
- * influence which certificate is sent
- */
- if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
-- int r;
-+ int ret;
- CERT_PKEY *certpkey;
- certpkey = ssl_get_server_send_pkey(s);
- /* If no certificate can't return certificate status */
-- if (certpkey == NULL) {
-- s->tlsext_status_expected = 0;
-- return 1;
-- }
-- /*
-- * Set current certificate to one we will use so SSL_get_certificate
-- * et al can pick it up.
-- */
-- s->cert->key = certpkey;
-- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-- switch (r) {
-- /* We don't want to send a status request response */
-- case SSL_TLSEXT_ERR_NOACK:
-- s->tlsext_status_expected = 0;
-- break;
-- /* status request response should be sent */
-- case SSL_TLSEXT_ERR_OK:
-- if (s->tlsext_ocsp_resp)
-- s->tlsext_status_expected = 1;
-- else
-+ if (certpkey != NULL) {
-+ /*
-+ * Set current certificate to one we will use so SSL_get_certificate
-+ * et al can pick it up.
-+ */
-+ s->cert->key = certpkey;
-+ ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-+ switch (ret) {
-+ /* We don't want to send a status request response */
-+ case SSL_TLSEXT_ERR_NOACK:
- s->tlsext_status_expected = 0;
-- break;
-- /* something bad happened */
-- case SSL_TLSEXT_ERR_ALERT_FATAL:
-- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-- al = SSL_AD_INTERNAL_ERROR;
-- goto err;
-+ break;
-+ /* status request response should be sent */
-+ case SSL_TLSEXT_ERR_OK:
-+ if (s->tlsext_ocsp_resp)
-+ s->tlsext_status_expected = 1;
-+ break;
-+ /* something bad happened */
-+ case SSL_TLSEXT_ERR_ALERT_FATAL:
-+ default:
-+ *al = SSL_AD_INTERNAL_ERROR;
-+ return 0;
-+ }
- }
-- } else
-- s->tlsext_status_expected = 0;
--
-- if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
-- goto err;
- }
-
-- err:
-- switch (ret) {
-- case SSL_TLSEXT_ERR_ALERT_FATAL:
-- ssl3_send_alert(s, SSL3_AL_FATAL, al);
-- return -1;
--
-- case SSL_TLSEXT_ERR_ALERT_WARNING:
-- ssl3_send_alert(s, SSL3_AL_WARNING, al);
-- return 1;
--
-- default:
-- return 1;
-+ if (!tls1_alpn_handle_client_hello_late(s, al)) {
-+ return 0;
- }
-+
-+ return 1;
- }
-
- int ssl_check_serverhello_tlsext(SSL *s)
-@@ -3075,7 +2949,7 @@ int tls_check_serverhello_tlsext_early(S
- * tls_decrypt_ticket attempts to decrypt a session ticket.
- *
- * etick: points to the body of the session ticket extension.
-- * eticklen: the length of the session tickets extenion.
-+ * eticklen: the length of the session tickets extension.
- * sess_id: points at the session ID.
- * sesslen: the length of the session ID.
- * psess: (output) on return, if a ticket was decrypted, then this is set to
-@@ -3126,15 +3000,17 @@ static int tls_decrypt_ticket(SSL *s, co
- renew_ticket = 1;
- } else {
- /* Check key name matches */
-- if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) {
-+ if (memcmp(etick, tctx->tlsext_tick_key_name,
-+ sizeof(tctx->tlsext_tick_key_name)) != 0) {
- ret = 2;
- goto err;
- }
-- if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
-+ if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-+ sizeof(tctx->tlsext_tick_hmac_key),
- EVP_sha256(), NULL) <= 0
-- || EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-+ || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
- tctx->tlsext_tick_aes_key,
-- etick + 16) <= 0) {
-+ etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) {
- goto err;
- }
- }
-@@ -3711,7 +3587,7 @@ static int sig_cb(const char *elem, int
- }
-
- /*
-- * Set suppored signature algorithms based on a colon separated list of the
-+ * Set supported signature algorithms based on a colon separated list of the
- * form sig+hash e.g. RSA+SHA512:DSA+SHA512
- */
- int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
---- a/ssl/t1_reneg.c
-+++ b/ssl/t1_reneg.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <openssl/objects.h>
- #include "ssl_locl.h"
---- a/ssl/t1_trce.c
-+++ b/ssl/t1_trce.c
-@@ -1,55 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "ssl_locl.h"
-@@ -497,7 +452,9 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
- {TLSEXT_TYPE_heartbeat, "heartbeat"},
- {TLSEXT_TYPE_session_ticket, "session_ticket"},
- {TLSEXT_TYPE_renegotiate, "renegotiate"},
-+#ifndef OPENSSL_NO_NEXTPROTONEG
- {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
-+#endif
- {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
- {TLSEXT_TYPE_padding, "padding"},
- {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
-@@ -771,7 +728,7 @@ static int ssl_print_extension(BIO *bio,
- break;
-
- default:
-- BIO_dump_indent(bio, (char *)ext, extlen, indent + 2);
-+ BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
- }
- return 1;
- }
-@@ -1300,7 +1257,7 @@ static int ssl_print_handshake(BIO *bio,
- default:
- BIO_indent(bio, indent + 2, 80);
- BIO_puts(bio, "Unsupported, hex dump follows:\n");
-- BIO_dump_indent(bio, (char *)msg, msglen, indent + 4);
-+ BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
- }
- return 1;
- }
---- a/ssl/tls_srp.c
-+++ b/ssl/tls_srp.c
-@@ -1,60 +1,10 @@
- /*
-- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
-- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
-- * EdelKey project and contributed to the OpenSSL project 2004.
-- */
--/* ====================================================================
-- * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/test/CAss.cnf
-+++ b/test/CAss.cnf
-@@ -71,6 +71,6 @@ emailAddress = optional
- [ v3_ca ]
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always,issuer:always
--basicConstraints = CA:true,pathlen:1
-+basicConstraints = critical,CA:true,pathlen:1
- keyUsage = cRLSign, keyCertSign
- issuerAltName=issuer:copy
---- a/test/Makefile.in
-+++ /dev/null
-@@ -1,410 +0,0 @@
--#
--# test/Makefile
--#
--
--DIR= test
--TOP= ..
--CC= cc
--INCLUDES= -I$(TOP) -I../include -I../crypto/include -I$(TOP)/fips
--CFLAG= -g
--MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
--PERL= perl
--
--PLIB_LDFLAG=
--EX_LIBS= #-lnsl -lsocket
--
--CFLAGS= $(INCLUDES) $(CFLAG)
--LDFLAGS= $(CFLAGS) $(LDFLAG)
--
--GENERAL=Makefile maketests.com \
-- tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
-- tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
-- testca.com VMSca-response.1 VMSca-response.2
--
--DLIBCRYPTO= ../libcrypto.a
--DLIBSSL= ../libssl.a
--LIBCRYPTO= -L.. -lcrypto
--LIBSSL= -L.. -lssl
--LIBFIPS= -L.. -lfips
--
--# Prefix for logline for each test
--START= @@@ START
--
--NPTEST= nptest
--MEMLEAKTEST= memleaktest
--BNTEST= bntest
--ECTEST= ectest
--ECDSATEST= ecdsatest
--ECDHTEST= ecdhtest
--EXPTEST= exptest
--GMDIFFTEST= gmdifftest
--PBELUTEST= pbelutest
--IDEATEST= ideatest
--SHA1TEST= sha1test
--SHA256TEST= sha256t
--SHA512TEST= sha512t
--MDC2TEST= mdc2test
--RMDTEST= rmdtest
--MD2TEST= md2test
--MD4TEST= md4test
--MD5TEST= md5test
--HMACTEST= hmactest
--WPTEST= wp_test
--RC2TEST= rc2test
--RC4TEST= rc4test
--RC5TEST= rc5test
--BFTEST= bftest
--CASTTEST= casttest
--DESTEST= destest
--RANDTEST= randtest
--DHTEST= dhtest
--DSATEST= dsatest
--SSLTESTOLD= ssltest_old
--DANETEST= danetest
--RSATEST= rsa_test
--ENGINETEST= enginetest
--EVPTEST= evp_test
--EVPEXTRATEST=evp_extra_test
--P5_CRPT2_TEST= p5_crpt2_test
--IGETEST= igetest
--SECMEMTEST= secmemtest
--SRPTEST= srptest
--V3NAMETEST= v3nametest
--HEARTBEATTEST= heartbeat_test
--CONSTTIMETEST= constant_time_test
--VERIFYEXTRATEST= verify_extra_test
--CLIENTHELLOTEST= clienthellotest
--PACKETTEST= packettest
--SSLVERTOLTEST= sslvertoltest
--SSLEXTENSIONTEST= sslextensiontest
--SSLSESSIONTICKTEST= sslsessionticktest
--SSLSKEWITH0PTEST= sslskewith0ptest
--ASYNCTEST= asynctest
--DTLSV1LISTENTEST = dtlsv1listentest
--CTTEST= ct_test
--THREADSTEST= threadstest
--AFALGTEST= afalgtest
--D2ITEST = d2i_test
--SSLTESTCTXTEST = ssl_test_ctx_test
--SSLTEST = ssl_test
--
--TESTS= alltests
--
--EXE= $(NPTEST)$(EXE_EXT) $(MEMLEAKTEST)$(EXE_EXT) \
-- $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) \
-- $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(GMDIFFTEST)$(EXE_EXT) \
-- $(PBELUTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
-- $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
-- $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
-- $(DESTEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
-- $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
-- $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
-- $(DANETEST)$(EXE_EXT) \
-- $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTESTOLD)$(EXE_EXT) \
-- $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
-- $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \
-- $(SECMEMTEST)$(EXE_EXT) \
-- $(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \
-- $(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \
-- $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
-- $(CLIENTHELLOTEST)$(EXE_EXT) $(PACKETTEST)$(EXE_EXT) $(ASYNCTEST)$(EXE_EXT) \
-- $(DTLSV1LISTENTEST)$(EXE_EXT) $(CTTEST)$(EXE_EXT) $(THREADSTEST)$(EXE_EXT) \
-- $(AFALGTEST)$(EXE_EXT) $(D2ITEST)$(EXE_EXT) $(SSLTESTCTXTEST)$(EXE_EXT) \
-- $(SSLTEST)$(EXE_EXT)
--
--# $(METHTEST)$(EXE_EXT)
--
--OBJ= $(NPTEST).o $(MEMLEAKTEST).o \
-- $(BNTEST).o $(ECTEST).o \
-- $(ECDSATEST).o $(ECDHTEST).o $(GMDIFFTEST).o $(PBELUTEST).o $(IDEATEST).o \
-- $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
-- $(HMACTEST).o $(WPTEST).o \
-- $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
-- $(DESTEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
-- $(MDC2TEST).o $(RMDTEST).o $(DANETEST).o \
-- $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
-- $(BFTEST).o $(SSLTESTOLD).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
-- $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(V3NAMETEST).o \
-- $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \
-- $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o \
-- $(PACKETTEST).o $(ASYNCTEST).o $(DTLSV1LISTENTEST).o $(CTTEST).o \
-- $(THREADSTEST).o testutil.o $(AFALGTEST).o $(D2ITEST).o ssl_test_ctx.o \
-- $(SSLTESTCTXTEST).o $(SSLTEST).o handshake_helper.o
--
--SRC= $(NPTEST).c $(MEMLEAKTEST).c \
-- $(BNTEST).c $(ECTEST).c \
-- $(ECDSATEST).c $(ECDHTEST).c $(GMDIFFTEST).c $(PBELUTEST).c $(IDEATEST).c \
-- $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
-- $(HMACTEST).c $(WPTEST).c \
-- $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c $(DANETEST).c \
-- $(DESTEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
-- $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
-- $(BFTEST).c $(SSLTESTOLD).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
-- $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(V3NAMETEST).c \
-- $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \
-- $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c \
-- $(PACKETTEST).c $(ASYNCTEST).c $(DTLSV1LISTENTEST).c $(CTTEST).c \
-- $(THREADSTEST).c testutil.c $(AFALGTEST).c $(D2ITEST).c ssl_test_ctx.c \
-- $(SSLTESTCTXTEST).c $(SSLTEST).c handshake_helper.c
--
--HEADER= testutil.h ssl_test_ctx.h handshake_helper.h
--
--ALL= $(GENERAL) $(SRC) $(HEADER)
--
--top:
-- (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
--
--all: exe
--
--exe: $(EXE) dummytest$(EXE_EXT)
--
--generate: $(SRC)
--$(SRC):
-- @sh $(TOP)/util/point.sh dummytest.c $@
--
--tests: exe apps
-- OPENSSL_ENGINES=../engines TOP=$(TOP) PERL=$(PERL) \
-- $(PERL) run_tests.pl $(TESTS)
--
--errors:
--
--list-tests:
-- @TOP=$(TOP) PERL=$(PERL) $(PERL) run_tests.pl list
--
--apps:
-- @(cd ..; $(MAKE) DIRS=apps all)
--
--depend:
-- $(TOP)/util/domd $(CFLAG) $(INCLUDES) -- $(PROGS) $(SRC)
--
--clean:
-- rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log *.log dummytest
--
--$(DLIBSSL):
-- (cd ..; $(MAKE) build_libssl)
--
--$(DLIBCRYPTO):
-- (cd ..; $(MAKE) build_libcrypto)
--
--BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-- shlib_target="$(SHLIB_TARGET)"; \
-- fi; \
-- LIBRARIES="$(LIBSSL) $(LIBCRYPTO)"; \
-- $(MAKE) -f $(TOP)/Makefile.shared -e \
-- APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o $$testutil" \
-- LDFLAG="$(LDFLAG)" \
-- LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \
-- link_app.$${shlib_target}
--
--BUILD_CMD_STATIC=shlib_target=; \
-- LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO)"; \
-- $(MAKE) -f $(TOP)/Makefile.shared -e \
-- APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o $$testutil" \
-- LDFLAG="$(LDFLAG)" \
-- LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \
-- link_app.$${shlib_target}
--
--$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
-- @target=$(RSATEST); $(BUILD_CMD)
--
--$(NPTEST)$(EXE_EXT): $(NPTEST).o $(DLIBCRYPTO)
-- @target=$(NPTEST); $(BUILD_CMD)
--
--$(MEMLEAKTEST)$(EXE_EXT): $(MEMLEAKTEST).o $(DLIBCRYPTO)
-- @target=$(MEMLEAKTEST); $(BUILD_CMD)
--
--$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
-- @target=$(BNTEST); $(BUILD_CMD)
--
--$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
-- @target=$(ECTEST); $(BUILD_CMD)
--
--$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
-- @target=$(EXPTEST); $(BUILD_CMD)
--
--$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
-- @target=$(IDEATEST); $(BUILD_CMD)
--
--$(GMDIFFTEST)$(EXE_EXT): $(GMDIFFTEST).o $(DLIBCRYPTO)
-- @target=$(GMDIFFTEST); $(BUILD_CMD)
--
--$(PBELUTEST)$(EXE_EXT): $(PBELUTEST).o $(DLIBCRYPTO)
-- @target=$(PBELUTEST); $(BUILD_CMD)
--
--$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
-- @target=$(MD2TEST); $(BUILD_CMD)
--
--$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
-- @target=$(SHA1TEST); $(BUILD_CMD)
--
--$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
-- @target=$(SHA256TEST); $(BUILD_CMD)
--
--$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
-- @target=$(SHA512TEST); $(BUILD_CMD)
--
--FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-- shlib_target="$(SHLIB_TARGET)"; \
-- fi; \
-- if [ "$(FIPSCANLIB)" = "libfips" ]; then \
-- LIBRARIES="-L$(TOP) -lfips"; \
-- elif [ -n "$(FIPSCANLIB)" ]; then \
-- FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-- LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
-- else \
-- LIBRARIES="$(LIBCRYPTO)"; \
-- fi; \
-- $(MAKE) -f $(TOP)/Makefile.shared -e \
-- CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-- LDFLAG="$(LDFLAG)" \
-- LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \
-- link_app.$${shlib_target}
--
--FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
-- shlib_target="$(SHLIB_TARGET)"; \
-- fi; \
-- LIBRARIES="$(LIBSSL) $(LIBCRYPTO)"; \
-- if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
-- FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-- fi; \
-- [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
-- $(MAKE) -f $(TOP)/Makefile.shared -e \
-- CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-- LDFLAG="$(LDFLAG)" \
-- LIBDEPS="$(PLIB_LDFLAG) $$LIBRARIES $(EX_LIBS)" \
-- link_app.$${shlib_target}
--
--$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
-- @target=$(RMDTEST); $(BUILD_CMD)
--
--$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
-- @target=$(MDC2TEST); $(BUILD_CMD)
--
--$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
-- @target=$(MD4TEST); $(BUILD_CMD)
--
--$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
-- @target=$(MD5TEST); $(BUILD_CMD)
--
--$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
-- @target=$(HMACTEST); $(BUILD_CMD)
--
--$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
-- @target=$(WPTEST); $(BUILD_CMD)
--
--$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
-- @target=$(RC2TEST); $(BUILD_CMD)
--
--$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
-- @target=$(BFTEST); $(BUILD_CMD)
--
--$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
-- @target=$(CASTTEST); $(BUILD_CMD)
--
--$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
-- @target=$(RC4TEST); $(BUILD_CMD)
--
--$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
-- @target=$(RC5TEST); $(BUILD_CMD)
--
--$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
-- @target=$(DESTEST); $(BUILD_CMD)
--
--$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
-- @target=$(RANDTEST); $(BUILD_CMD)
--
--$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
-- @target=$(DHTEST); $(BUILD_CMD)
--
--$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
-- @target=$(DSATEST); $(BUILD_CMD)
--
--$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
-- @target=$(METHTEST); $(BUILD_CMD)
--
--$(SSLTESTOLD)$(EXE_EXT): $(SSLTESTOLD).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTESTOLD); $(BUILD_CMD)
--
--$(DANETEST)$(EXE_EXT): $(DANETEST).o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(DANETEST); $(BUILD_CMD)
--
--$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
-- @target=$(ENGINETEST); $(BUILD_CMD)
--
--$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
-- @target=$(EVPTEST); $(BUILD_CMD)
--
--$(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
-- @target=$(EVPEXTRATEST); $(BUILD_CMD)
--
--$(P5_CRPT2_TEST)$(EXE_EXT): $(P5_CRPT2_TEST).o $(DLIBCRYPTO)
-- @target=$(P5_CRPT2_TEST); $(BUILD_CMD)
--
--$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
-- @target=$(ECDSATEST); $(BUILD_CMD)
--
--$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
-- @target=$(ECDHTEST); $(BUILD_CMD)
--
--$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
-- @target=$(IGETEST); $(BUILD_CMD)
--
--$(SECMEMTEST)$(EXE_EXT): $(SECMEMTEST).o $(DLIBCRYPTO)
-- @target=$(SECMEMTEST); $(BUILD_CMD)
--
--$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
-- @target=$(SRPTEST); $(BUILD_CMD)
--
--$(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
-- @target=$(V3NAMETEST); $(BUILD_CMD)
--
--$(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) testutil.o
-- @target=$(HEARTBEATTEST) testutil=testutil.o; $(BUILD_CMD_STATIC)
--
--$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
-- @target=$(CONSTTIMETEST) $(BUILD_CMD)
--
--$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
-- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
--
--$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
-- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
--
--$(PACKETTEST)$(EXE_EXT): $(PACKETTEST).o
-- @target=$(PACKETTEST) $(BUILD_CMD)
--
--$(ASYNCTEST)$(EXE_EXT): $(ASYNCTEST).o
-- @target=$(ASYNCTEST) $(BUILD_CMD)
--
--$(DTLSV1LISTENTEST)$(EXE_EXT): $(DTLSV1LISTENTEST).o
-- @target=$(DTLSV1LISTENTEST) $(BUILD_CMD)
--
--$(CTTEST)$(EXE_EXT): $(CTTEST).o $(DLIBCRYPTO) testutil.o
-- @target=$(CTTEST) testutil=testutil.o; $(BUILD_CMD)
--
--$(THREADSTEST)$(EXE_EXT): $(THREADSTEST).o $(DLIBCRYPTO)
-- @target=$(THREADSTEST) $(BUILD_CMD)
--
--dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
-- @target=dummytest; $(BUILD_CMD)
--
--$(AFALGTEST)$(EXE_EXT): $(AFALGTEST).o $(DLIBCRYPTO)
-- @target=$(AFALGTEST); $(BUILD_CMD)
--
--$(D2ITEST)$(EXE_EXT): $(D2ITEST).o $(DLIBCRYPTO) testutil.o
-- @target=$(D2ITEST) testutil=testutil.o; $(BUILD_CMD)
--
--$(SSLTESTCTXTEST)$(EXE_EXT): $(SSLTESTCTXTEST).o testutil.o $(DLIBCRYPTO)
-- @target=$(SSLTESTCTXTEST); $(BUILD_CMD)
--
--$(SSLTESTCTXTEST)$(EXE_EXT): $(SSLTESTCTXTEST).o testutil.o ssl_test_ctx.o \
-- $(DLIBCRYPTO)
-- @target=$(SSLTESTCTXTEST) testutil="testutil.o ssl_test_ctx.o"; \
-- $(BUILD_CMD)
--
--$(SSLTEST)$(EXE_EXT): $(SSLTEST).o testutil.o ssl_test_ctx.o \
-- handshake_helper.o $(DLIBSSL) $(DLIBCRYPTO)
-- @target=$(SSLTEST) testutil="testutil.o ssl_test_ctx.o \
-- handshake_helper.o"; $(BUILD_CMD)
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/test/README.ssltest.md
-+++ b/test/README.ssltest.md
-@@ -59,6 +59,49 @@ First, give your test a name. The names
- * Protocol - expected negotiated protocol. One of
- SSLv3, TLSv1, TLSv1.1, TLSv1.2.
-
-+* ClientVerifyCallback - the client's custom certificate verify callback.
-+ Used to test callback behaviour. One of
-+ - None - no custom callback (default)
-+ - AcceptAll - accepts all certificates.
-+ - RejectAll - rejects all certificates.
-+
-+* Method - the method to test. One of DTLS or TLS.
-+
-+* ServerName - the server the client should attempt to connect to. One of
-+ - None - do not use SNI (default)
-+ - server1 - the initial context
-+ - server2 - the secondary context
-+ - invalid - an unknown context
-+
-+* ServerNameCallback - the SNI switching callback to use
-+ - None - no callback (default)
-+ - IgnoreMismatch - continue the handshake on SNI mismatch
-+ - RejectMismatch - abort the handshake on SNI mismatch
-+
-+* SessionTicketExpected - whether or not a session ticket is expected
-+ - Ignore - do not check for a session ticket (default)
-+ - Yes - a session ticket is expected
-+ - No - a session ticket is not expected
-+ - Broken - a special test case where the session ticket callback does not
-+ initialize crypto
-+
-+* HandshakeMode - which handshake flavour to test:
-+ - Simple - plain handshake (default)
-+ - Resume - test resumption
-+ - (Renegotiate - test renegotiation, not yet implemented)
-+
-+* ResumptionExpected - whether or not resumption is expected (Resume mode only)
-+ - Yes - resumed handshake
-+ - No - full handshake (default)
-+
-+When HandshakeMode is Resume or Renegotiate, the original handshake is expected
-+to succeed. All configured test expectations are verified against the second handshake.
-+
-+* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol,
-+ ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol -
-+ NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list,
-+ and a callback with the recommended behaviour will be installed automatically.
-+
- ## Configuring the client and server
-
- The client and server configurations can be any valid `SSL_CTX`
-@@ -73,6 +116,22 @@ server => {
- }
- ```
-
-+The following sections may optionally be defined:
-+
-+* server2 - this section configures a secondary context that is selected via the
-+ ServerName test option. This context is used whenever a ServerNameCallback is
-+ specified. If the server2 section is not present, then the configuration
-+ matches server.
-+* resume_server - this section configures the client to resume its session
-+ against a different server. This context is used whenever HandshakeMode is
-+ Resume. If the resume_server section is not present, then the configuration
-+ matches server.
-+* resume_client - this section configures the client to resume its session with
-+ a different configuration. In practice this may occur when, for example,
-+ upgraded clients reuse sessions persisted on disk. This context is used
-+ whenever HandshakeMode is Resume. If the resume_client section is not present,
-+ then the configuration matches client.
-+
- ### Default server and client configurations
-
- The default server certificate and CA files are added to the configurations
---- a/test/aborttest.c
-+++ b/test/aborttest.c
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <openssl/crypto.h>
---- a/test/afalgtest.c
-+++ b/test/afalgtest.c
-@@ -1,56 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <openssl/opensslconf.h>
-
-@@ -146,8 +102,13 @@ int main(int argc, char **argv)
-
- e = ENGINE_by_id("afalg");
- if (e == NULL) {
-- fprintf(stderr, "AFALG Test: Failed to load AFALG Engine\n");
-- return 1;
-+ /*
-+ * A failure to load is probably a platform environment problem so we
-+ * don't treat this as an OpenSSL test failure, i.e. we return 0
-+ */
-+ fprintf(stderr,
-+ "AFALG Test: Failed to load AFALG Engine - skipping test\n");
-+ return 0;
- }
-
- if (test_afalg_aes_128_cbc(e) == 0) {
---- /dev/null
-+++ b/test/asynciotest.c
-@@ -0,0 +1,308 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+#include <string.h>
-+#include <openssl/ssl.h>
-+#include <openssl/bio.h>
-+#include <openssl/err.h>
-+
-+#include "../ssl/packet_locl.h"
-+
-+#include "ssltestlib.h"
-+
-+/* Should we fragment records or not? 0 = no, !0 = yes*/
-+static int fragment = 0;
-+
-+static int async_new(BIO *bi);
-+static int async_free(BIO *a);
-+static int async_read(BIO *b, char *out, int outl);
-+static int async_write(BIO *b, const char *in, int inl);
-+static long async_ctrl(BIO *b, int cmd, long num, void *ptr);
-+static int async_gets(BIO *bp, char *buf, int size);
-+static int async_puts(BIO *bp, const char *str);
-+
-+/* Choose a sufficiently large type likely to be unused for this custom BIO */
-+# define BIO_TYPE_ASYNC_FILTER (0x80 | BIO_TYPE_FILTER)
-+
-+static BIO_METHOD *methods_async = NULL;
-+
-+struct async_ctrs {
-+ unsigned int rctr;
-+ unsigned int wctr;
-+};
-+
-+static const BIO_METHOD *bio_f_async_filter()
-+{
-+ if (methods_async == NULL) {
-+ methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter");
-+ if ( methods_async == NULL
-+ || !BIO_meth_set_write(methods_async, async_write)
-+ || !BIO_meth_set_read(methods_async, async_read)
-+ || !BIO_meth_set_puts(methods_async, async_puts)
-+ || !BIO_meth_set_gets(methods_async, async_gets)
-+ || !BIO_meth_set_ctrl(methods_async, async_ctrl)
-+ || !BIO_meth_set_create(methods_async, async_new)
-+ || !BIO_meth_set_destroy(methods_async, async_free))
-+ return NULL;
-+ }
-+ return methods_async;
-+}
-+
-+static int async_new(BIO *bio)
-+{
-+ struct async_ctrs *ctrs;
-+
-+ ctrs = OPENSSL_zalloc(sizeof(struct async_ctrs));
-+ if (ctrs == NULL)
-+ return 0;
-+
-+ BIO_set_data(bio, ctrs);
-+ BIO_set_init(bio, 1);
-+ return 1;
-+}
-+
-+static int async_free(BIO *bio)
-+{
-+ struct async_ctrs *ctrs;
-+
-+ if (bio == NULL)
-+ return 0;
-+ ctrs = BIO_get_data(bio);
-+ OPENSSL_free(ctrs);
-+ BIO_set_data(bio, NULL);
-+ BIO_set_init(bio, 0);
-+
-+ return 1;
-+}
-+
-+static int async_read(BIO *bio, char *out, int outl)
-+{
-+ struct async_ctrs *ctrs;
-+ int ret = 0;
-+ BIO *next = BIO_next(bio);
-+
-+ if (outl <= 0)
-+ return 0;
-+ if (next == NULL)
-+ return 0;
-+
-+ ctrs = BIO_get_data(bio);
-+
-+ BIO_clear_retry_flags(bio);
-+
-+ if (ctrs->rctr > 0) {
-+ ret = BIO_read(next, out, 1);
-+ if (ret <= 0 && BIO_should_read(next))
-+ BIO_set_retry_read(bio);
-+ ctrs->rctr = 0;
-+ } else {
-+ ctrs->rctr++;
-+ BIO_set_retry_read(bio);
-+ }
-+
-+ return ret;
-+}
-+
-+#define MIN_RECORD_LEN 6
-+
-+#define CONTENTTYPEPOS 0
-+#define VERSIONHIPOS 1
-+#define VERSIONLOPOS 2
-+#define DATAPOS 5
-+
-+static int async_write(BIO *bio, const char *in, int inl)
-+{
-+ struct async_ctrs *ctrs;
-+ int ret = 0;
-+ size_t written = 0;
-+ BIO *next = BIO_next(bio);
-+
-+ if (inl <= 0)
-+ return 0;
-+ if (next == NULL)
-+ return 0;
-+
-+ ctrs = BIO_get_data(bio);
-+
-+ BIO_clear_retry_flags(bio);
-+
-+ if (ctrs->wctr > 0) {
-+ ctrs->wctr = 0;
-+ if (fragment) {
-+ PACKET pkt;
-+
-+ if (!PACKET_buf_init(&pkt, (const unsigned char *)in, inl))
-+ abort();
-+
-+ while (PACKET_remaining(&pkt) > 0) {
-+ PACKET payload;
-+ unsigned int contenttype, versionhi, versionlo, data;
-+
-+ if ( !PACKET_get_1(&pkt, &contenttype)
-+ || !PACKET_get_1(&pkt, &versionhi)
-+ || !PACKET_get_1(&pkt, &versionlo)
-+ || !PACKET_get_length_prefixed_2(&pkt, &payload))
-+ abort();
-+
-+ /* Pretend we wrote out the record header */
-+ written += SSL3_RT_HEADER_LENGTH;
-+
-+ while (PACKET_get_1(&payload, &data)) {
-+ /* Create a new one byte long record for each byte in the
-+ * record in the input buffer
-+ */
-+ char smallrec[MIN_RECORD_LEN] = {
-+ 0, /* Content type */
-+ 0, /* Version hi */
-+ 0, /* Version lo */
-+ 0, /* Length hi */
-+ 1, /* Length lo */
-+ 0 /* Data */
-+ };
-+
-+ smallrec[CONTENTTYPEPOS] = contenttype;
-+ smallrec[VERSIONHIPOS] = versionhi;
-+ smallrec[VERSIONLOPOS] = versionlo;
-+ smallrec[DATAPOS] = data;
-+ ret = BIO_write(next, smallrec, MIN_RECORD_LEN);
-+ if (ret <= 0)
-+ abort();
-+ written++;
-+ }
-+ /*
-+ * We can't fragment anything after the CCS, otherwise we
-+ * get a bad record MAC
-+ */
-+ if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC) {
-+ fragment = 0;
-+ break;
-+ }
-+ }
-+ }
-+ /* Write any data we have left after fragmenting */
-+ ret = 0;
-+ if ((int)written < inl) {
-+ ret = BIO_write(next, in + written , inl - written);
-+ }
-+
-+ if (ret <= 0 && BIO_should_write(next))
-+ BIO_set_retry_write(bio);
-+ else
-+ ret += written;
-+ } else {
-+ ctrs->wctr++;
-+ BIO_set_retry_write(bio);
-+ }
-+
-+ return ret;
-+}
-+
-+static long async_ctrl(BIO *bio, int cmd, long num, void *ptr)
-+{
-+ long ret;
-+ BIO *next = BIO_next(bio);
-+
-+ if (next == NULL)
-+ return 0;
-+
-+ switch (cmd) {
-+ case BIO_CTRL_DUP:
-+ ret = 0L;
-+ break;
-+ default:
-+ ret = BIO_ctrl(next, cmd, num, ptr);
-+ break;
-+ }
-+ return ret;
-+}
-+
-+static int async_gets(BIO *bio, char *buf, int size)
-+{
-+ /* We don't support this - not needed anyway */
-+ return -1;
-+}
-+
-+static int async_puts(BIO *bio, const char *str)
-+{
-+ return async_write(bio, str, strlen(str));
-+}
-+
-+int main(int argc, char *argv[])
-+{
-+ SSL_CTX *serverctx = NULL, *clientctx = NULL;
-+ SSL *serverssl = NULL, *clientssl = NULL;
-+ BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL;
-+ int test, err = 1;
-+
-+ CRYPTO_set_mem_debug(1);
-+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-+
-+ if (argc != 3) {
-+ printf("Invalid argument count\n");
-+ goto end;
-+ }
-+
-+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
-+ &serverctx, &clientctx, argv[1], argv[2])) {
-+ printf("Failed to create SSL_CTX pair\n");
-+ goto end;
-+ }
-+
-+ /*
-+ * We do 2 test runs. The first time around we just do a normal handshake
-+ * with lots of async io going on. The second time around we also break up
-+ * all records so that the content is only one byte length (up until the
-+ * CCS)
-+ */
-+ for (test = 1; test < 3; test++) {
-+ if (test == 2)
-+ fragment = 1;
-+
-+
-+ s_to_c_fbio = BIO_new(bio_f_async_filter());
-+ c_to_s_fbio = BIO_new(bio_f_async_filter());
-+ if (s_to_c_fbio == NULL || c_to_s_fbio == NULL) {
-+ printf("Failed to create filter BIOs\n");
-+ BIO_free(s_to_c_fbio);
-+ BIO_free(c_to_s_fbio);
-+ goto end;
-+ }
-+
-+ /* BIOs get freed on error */
-+ if (!create_ssl_connection(serverctx, clientctx, &serverssl, &clientssl,
-+ s_to_c_fbio, c_to_s_fbio)) {
-+ printf("Test %d failed: Create SSL connection failed\n", test);
-+ goto end;
-+ }
-+
-+ /* Also frees the BIOs */
-+ SSL_free(clientssl);
-+ SSL_free(serverssl);
-+ clientssl = serverssl = NULL;
-+ }
-+
-+ printf("Test success\n");
-+
-+ err = 0;
-+ end:
-+ if (err)
-+ ERR_print_errors_fp(stderr);
-+
-+ SSL_free(clientssl);
-+ SSL_free(serverssl);
-+ SSL_CTX_free(clientctx);
-+ SSL_CTX_free(serverctx);
-+
-+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
-+ CRYPTO_mem_leaks_fp(stderr);
-+# endif
-+
-+ return err;
-+}
---- a/test/asynctest.c
-+++ b/test/asynctest.c
-@@ -1,60 +1,16 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
-+#ifdef _WIN32
-+# include <windows.h>
-+#endif
-+
- #include <stdio.h>
- #include <string.h>
- #include <openssl/async.h>
-@@ -100,7 +56,7 @@ static int waitfd(void *args)
- waitctx = ASYNC_get_wait_ctx(job);
- if (waitctx == NULL)
- return 0;
-- if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
-+ if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
- return 0;
- ASYNC_pause_job();
-
---- a/test/bftest.c
-+++ b/test/bftest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
-@@ -80,7 +32,7 @@ int main(int argc, char *argv[])
- # include <openssl/ebcdic.h>
- # endif
-
--static char *bf_key[2] = {
-+static char bf_key[2][30] = {
- "abcdefghijklmnopqrstuvwxyz",
- "Who is John Galt?"
- };
---- /dev/null
-+++ b/test/bioprinttest.c
-@@ -0,0 +1,225 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/bio.h>
-+
-+static int justprint = 0;
-+
-+static char *fpexpected[][5] = {
-+ /* 0 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
-+ /* 1 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
-+ /* 2 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
-+ /* 3 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
-+ /* 4 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
-+ /* 5 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
-+ /* 6 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
-+ /* 7 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
-+ /* 8 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
-+ /* 9 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
-+ /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
-+ /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
-+ /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
-+ /* 13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
-+ /* 14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
-+ /* 15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
-+ /* 16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
-+ /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
-+ /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
-+ /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
-+ /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" },
-+ /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" },
-+ /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" },
-+ /* 23 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" },
-+ /* 24 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" },
-+ /* 25 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" },
-+ /* 26 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" },
-+ /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" },
-+ /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" },
-+ /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" },
-+ /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" },
-+ /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" },
-+ /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" },
-+ /* 33 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" },
-+ /* 34 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" },
-+ /* 35 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" },
-+ /* 36 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" },
-+ /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" },
-+ /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" },
-+ /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" },
-+ /* 40 */ { "0e+00", "0", "0", "0E+00", "0" },
-+ /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
-+ /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
-+ /* 43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
-+ /* 44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
-+ /* 45 */ { "7e+00", "7", "7", "7E+00", "7" },
-+ /* 46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
-+ /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
-+ /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
-+ /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
-+ /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
-+ /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
-+ /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
-+ /* 53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
-+ /* 54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
-+ /* 55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
-+ /* 56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
-+ /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
-+ /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
-+ /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
-+ /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
-+ /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
-+ /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
-+ /* 63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
-+ /* 64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
-+ /* 65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
-+ /* 66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
-+ /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
-+ /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
-+ /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
-+};
-+
-+static void dofptest(int test, double val, char *width, int prec, int *fail)
-+{
-+ char format[80], result[80];
-+ int i;
-+
-+ for (i = 0; i < 5; i++) {
-+ char *fspec = NULL;
-+ switch (i) {
-+ case 0:
-+ fspec = "e";
-+ break;
-+ case 1:
-+ fspec = "f";
-+ break;
-+ case 2:
-+ fspec = "g";
-+ break;
-+ case 3:
-+ fspec = "E";
-+ break;
-+ case 4:
-+ fspec = "G";
-+ break;
-+ }
-+
-+ if (prec >= 0)
-+ BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec,
-+ fspec);
-+ else
-+ BIO_snprintf(format, sizeof(format), "%%%s%s", width, fspec);
-+ BIO_snprintf(result, sizeof(result), format, val);
-+
-+ if (justprint) {
-+ if (i == 0) {
-+ printf(" /* %3d */ { \"%s\"", test, result);
-+ } else {
-+ printf(", \"%s\"", result);
-+ }
-+ } else {
-+ if (strcmp(fpexpected[test][i], result) != 0) {
-+ printf("Test %d(%d) failed. Expected \"%s\". Got \"%s\". "
-+ "Format \"%s\"\n", test, i, fpexpected[test][i], result,
-+ format);
-+ *fail = 1;
-+ }
-+ }
-+ }
-+ if (justprint) {
-+ printf(" },\n");
-+ }
-+}
-+
-+int main(int argc, char **argv)
-+{
-+ int test = 0;
-+ int i;
-+ int fail = 0;
-+ int prec = -1;
-+ char *width = "";
-+ const double frac = 2.0/3.0;
-+ char buf[80];
-+
-+ if (argc == 2 && strcmp(argv[1], "-expected") == 0) {
-+ justprint = 1;
-+ }
-+
-+ CRYPTO_set_mem_debug(1);
-+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-+
-+ /* Tests for floating point format specifiers */
-+ for (i = 0; i < 7; i++) {
-+ switch (i) {
-+ case 0:
-+ prec = 4;
-+ width = "";
-+ break;
-+ case 1:
-+ prec = 5;
-+ width = "";
-+ break;
-+ case 2:
-+ prec = 4;
-+ width = "12";
-+ break;
-+ case 3:
-+ prec = 5;
-+ width = "12";
-+ break;
-+ case 4:
-+ prec = 0;
-+ width = "";
-+ break;
-+ case 5:
-+ prec = -1;
-+ width = "";
-+ break;
-+ case 6:
-+ prec = 4;
-+ width = "08";
-+ break;
-+ }
-+
-+ dofptest(test++, 0.0, width, prec, &fail);
-+ dofptest(test++, 0.67, width, prec, &fail);
-+ dofptest(test++, frac, width, prec, &fail);
-+ dofptest(test++, frac / 1000, width, prec, &fail);
-+ dofptest(test++, frac / 10000, width, prec, &fail);
-+ dofptest(test++, 6.0 + frac, width, prec, &fail);
-+ dofptest(test++, 66.0 + frac, width, prec, &fail);
-+ dofptest(test++, 666.0 + frac, width, prec, &fail);
-+ dofptest(test++, 6666.0 + frac, width, prec, &fail);
-+ dofptest(test++, 66666.0 + frac, width, prec, &fail);
-+ }
-+
-+ /* Test excessively big number. Should fail */
-+ if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) {
-+ printf("Test %d failed. Unexpected success return from "
-+ "BIO_snprintf()\n", test);
-+ fail = 1;
-+ }
-+
-+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-+ if (CRYPTO_mem_leaks_fp(stderr) <= 0)
-+ return 1;
-+# endif
-+
-+ if (!justprint) {
-+ if (fail) {
-+ printf("FAIL\n");
-+ return 1;
-+ }
-+ printf ("PASS\n");
-+ }
-+ return 0;
-+}
-+
-+
---- a/test/bntest.c
-+++ b/test/bntest.c
-@@ -1,59 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -551,7 +504,7 @@ static void print_word(BIO *bp, BN_ULONG
- int test_div_word(BIO *bp)
- {
- BIGNUM *a, *b;
-- BN_ULONG r, s;
-+ BN_ULONG r, rmod, s;
- int i;
-
- a = BN_new();
-@@ -565,8 +518,14 @@ int test_div_word(BIO *bp)
-
- s = b->d[0];
- BN_copy(b, a);
-+ rmod = BN_mod_word(b, s);
- r = BN_div_word(b, s);
-
-+ if (rmod != r) {
-+ fprintf(stderr, "Mod (word) test failed!\n");
-+ return 0;
-+ }
-+
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
---- a/test/build.info
-+++ b/test/build.info
-@@ -1,8 +1,7 @@
--{- use File::Spec::Functions qw/catdir rel2abs/; -}
- IF[{- !$disabled{tests} -}]
-- PROGRAMS=\
-+ PROGRAMS_NO_INST=\
- aborttest \
-- nptest bntest \
-+ sanitytest bntest \
- ectest ecdsatest ecdhtest gmdifftest pbelutest ideatest \
- md2test md4test md5test \
- hmactest wp_test \
-@@ -11,230 +10,281 @@ IF[{- !$disabled{tests} -}]
- mdc2test rmdtest \
- randtest dhtest enginetest casttest \
- bftest ssltest_old dsatest exptest rsa_test \
-- evp_test evp_extra_test igetest v3nametest \
-+ evp_test evp_extra_test igetest v3nametest v3ext \
- danetest heartbeat_test p5_crpt2_test \
- constant_time_test verify_extra_test clienthellotest \
- packettest asynctest secmemtest srptest memleaktest \
- dtlsv1listentest ct_test threadstest afalgtest d2i_test \
-- ssl_test_ctx_test ssl_test
-+ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
-+ bioprinttest sslapitest
-
- SOURCE[aborttest]=aborttest.c
-- INCLUDE[aborttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[aborttest]=../include
- DEPEND[aborttest]=../libcrypto
-
-- SOURCE[nptest]=nptest.c
-- INCLUDE[nptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-- DEPEND[nptest]=../libcrypto
-+ SOURCE[sanitytest]=sanitytest.c
-+ INCLUDE[sanitytest]=../include
-+ DEPEND[sanitytest]=../libcrypto
-
- SOURCE[bntest]=bntest.c
-- INCLUDE[bntest]={- rel2abs(catdir($builddir,"../crypto/include")) -} {- rel2abs(catdir($builddir,"../include")) -} .. ../crypto/include ../include
-+ INCLUDE[bntest]=.. ../crypto/include ../include
- DEPEND[bntest]=../libcrypto
-
- SOURCE[ectest]=ectest.c
-- INCLUDE[ectest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[ectest]=../include
- DEPEND[ectest]=../libcrypto
-
- SOURCE[ecdsatest]=ecdsatest.c
-- INCLUDE[ecdsatest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[ecdsatest]=../include
- DEPEND[ecdsatest]=../libcrypto
-
- SOURCE[ecdhtest]=ecdhtest.c
-- INCLUDE[ecdhtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[ecdhtest]=../include
- DEPEND[ecdhtest]=../libcrypto
-
- SOURCE[gmdifftest]=gmdifftest.c
-- INCLUDE[gmdifftest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[gmdifftest]=../include
- DEPEND[gmdifftest]=../libcrypto
-
- SOURCE[pbelutest]=pbelutest.c
-- INCLUDE[pbelutest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[pbelutest]=../include
- DEPEND[pbelutest]=../libcrypto
-
- SOURCE[ideatest]=ideatest.c
-- INCLUDE[ideatest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[ideatest]=../include
- DEPEND[ideatest]=../libcrypto
-
- SOURCE[md2test]=md2test.c
-- INCLUDE[md2test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[md2test]=../include
- DEPEND[md2test]=../libcrypto
-
- SOURCE[md4test]=md4test.c
-- INCLUDE[md4test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[md4test]=../include
- DEPEND[md4test]=../libcrypto
-
- SOURCE[md5test]=md5test.c
-- INCLUDE[md5test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[md5test]=../include
- DEPEND[md5test]=../libcrypto
-
- SOURCE[hmactest]=hmactest.c
-- INCLUDE[hmactest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[hmactest]=../include
- DEPEND[hmactest]=../libcrypto
-
- SOURCE[wp_test]=wp_test.c
-- INCLUDE[wp_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[wp_test]=../include
- DEPEND[wp_test]=../libcrypto
-
- SOURCE[rc2test]=rc2test.c
-- INCLUDE[rc2test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[rc2test]=../include
- DEPEND[rc2test]=../libcrypto
-
- SOURCE[rc4test]=rc4test.c
-- INCLUDE[rc4test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[rc4test]=../include
- DEPEND[rc4test]=../libcrypto
-
- SOURCE[rc5test]=rc5test.c
-- INCLUDE[rc5test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[rc5test]=../include
- DEPEND[rc5test]=../libcrypto
-
- SOURCE[destest]=destest.c
-- INCLUDE[destest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[destest]=../include
- DEPEND[destest]=../libcrypto
-
- SOURCE[sha1test]=sha1test.c
-- INCLUDE[sha1test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[sha1test]=../include
- DEPEND[sha1test]=../libcrypto
-
- SOURCE[sha256t]=sha256t.c
-- INCLUDE[sha256t]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[sha256t]=../include
- DEPEND[sha256t]=../libcrypto
-
- SOURCE[sha512t]=sha512t.c
-- INCLUDE[sha512t]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[sha512t]=../include
- DEPEND[sha512t]=../libcrypto
-
- SOURCE[mdc2test]=mdc2test.c
-- INCLUDE[mdc2test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[mdc2test]=../include
- DEPEND[mdc2test]=../libcrypto
-
- SOURCE[rmdtest]=rmdtest.c
-- INCLUDE[rmdtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[rmdtest]=../include
- DEPEND[rmdtest]=../libcrypto
-
- SOURCE[randtest]=randtest.c
-- INCLUDE[randtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[randtest]=../include
- DEPEND[randtest]=../libcrypto
-
- SOURCE[dhtest]=dhtest.c
-- INCLUDE[dhtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[dhtest]=../include
- DEPEND[dhtest]=../libcrypto
-
- SOURCE[enginetest]=enginetest.c
-- INCLUDE[enginetest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[enginetest]=../include
- DEPEND[enginetest]=../libcrypto
-
- SOURCE[casttest]=casttest.c
-- INCLUDE[casttest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[casttest]=../include
- DEPEND[casttest]=../libcrypto
-
- SOURCE[bftest]=bftest.c
-- INCLUDE[bftest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[bftest]=../include
- DEPEND[bftest]=../libcrypto
-
- SOURCE[ssltest_old]=ssltest_old.c
-- INCLUDE[ssltest_old]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[ssltest_old]=.. ../include
- DEPEND[ssltest_old]=../libcrypto ../libssl
-
- SOURCE[dsatest]=dsatest.c
-- INCLUDE[dsatest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[dsatest]=../include
- DEPEND[dsatest]=../libcrypto
-
- SOURCE[exptest]=exptest.c
-- INCLUDE[exptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[exptest]=../include
- DEPEND[exptest]=../libcrypto
-
- SOURCE[rsa_test]=rsa_test.c
-- INCLUDE[rsa_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[rsa_test]=.. ../include
- DEPEND[rsa_test]=../libcrypto
-
- SOURCE[evp_test]=evp_test.c
-- INCLUDE[evp_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[evp_test]=../include
- DEPEND[evp_test]=../libcrypto
-
- SOURCE[evp_extra_test]=evp_extra_test.c
-- INCLUDE[evp_extra_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[evp_extra_test]=../include
- DEPEND[evp_extra_test]=../libcrypto
-
- SOURCE[igetest]=igetest.c
-- INCLUDE[igetest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[igetest]=.. ../include
- DEPEND[igetest]=../libcrypto
-
- SOURCE[v3nametest]=v3nametest.c
-- INCLUDE[v3nametest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[v3nametest]=../include
- DEPEND[v3nametest]=../libcrypto
-
-+ SOURCE[v3ext]=v3ext.c
-+ INCLUDE[v3ext]=../include
-+ DEPEND[v3ext]=../libcrypto
-+
- SOURCE[danetest]=danetest.c
-- INCLUDE[danetest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[danetest]=../include
- DEPEND[danetest]=../libcrypto ../libssl
-
- SOURCE[heartbeat_test]=heartbeat_test.c testutil.c
-- INCLUDE[heartbeat_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[heartbeat_test]=.. ../include
- DEPEND[heartbeat_test]=../libcrypto ../libssl
-
- SOURCE[p5_crpt2_test]=p5_crpt2_test.c
-- INCLUDE[p5_crpt2_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[p5_crpt2_test]=../include
- DEPEND[p5_crpt2_test]=../libcrypto
-
- SOURCE[constant_time_test]=constant_time_test.c
-- INCLUDE[constant_time_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[constant_time_test]=.. ../include
- DEPEND[constant_time_test]=../libcrypto
-
- SOURCE[verify_extra_test]=verify_extra_test.c
-- INCLUDE[verify_extra_test]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[verify_extra_test]=../include
- DEPEND[verify_extra_test]=../libcrypto
-
- SOURCE[clienthellotest]=clienthellotest.c
-- INCLUDE[clienthellotest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[clienthellotest]=../include
- DEPEND[clienthellotest]=../libcrypto ../libssl
-
- SOURCE[packettest]=packettest.c
-- INCLUDE[packettest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[packettest]=../include
- DEPEND[packettest]=../libcrypto
-
- SOURCE[asynctest]=asynctest.c
-- INCLUDE[asynctest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[asynctest]=.. ../include
- DEPEND[asynctest]=../libcrypto
-
- SOURCE[secmemtest]=secmemtest.c
-- INCLUDE[secmemtest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[secmemtest]=../include
- DEPEND[secmemtest]=../libcrypto
-
- SOURCE[srptest]=srptest.c
-- INCLUDE[srptest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[srptest]=../include
- DEPEND[srptest]=../libcrypto
-
- SOURCE[memleaktest]=memleaktest.c
-- INCLUDE[memleaktest]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[memleaktest]=../include
- DEPEND[memleaktest]=../libcrypto
-
- SOURCE[dtlsv1listentest]=dtlsv1listentest.c
-- INCLUDE[dtlsv1listentest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[dtlsv1listentest]=.. ../include
- DEPEND[dtlsv1listentest]=../libssl
-
- SOURCE[ct_test]=ct_test.c testutil.c
-- INCLUDE[ct_test]={- rel2abs(catdir($builddir,"../include")) -} ../crypto/include ../include
-+ INCLUDE[ct_test]=../crypto/include ../include
- DEPEND[ct_test]=../libcrypto
-
- SOURCE[threadstest]=threadstest.c
-- INCLUDE[threadstest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[threadstest]=.. ../include
- DEPEND[threadstest]=../libcrypto
-
- SOURCE[afalgtest]=afalgtest.c
-- INCLUDE[afalgtest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[afalgtest]=.. ../include
- DEPEND[afalgtest]=../libcrypto
-
- SOURCE[d2i_test]=d2i_test.c testutil.c
-- INCLUDE[d2i_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[d2i_test]=.. ../include
- DEPEND[d2i_test]=../libcrypto
-
- SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c testutil.c
-- INCLUDE[ssl_test_ctx_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[ssl_test_ctx_test]=.. ../include
- DEPEND[ssl_test_ctx_test]=../libcrypto
-
- SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c testutil.c handshake_helper.c
-- INCLUDE[ssl_test]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
-+ INCLUDE[ssl_test]=.. ../include
- DEPEND[ssl_test]=../libcrypto ../libssl
-
-+ SOURCE[cipherlist_test]=cipherlist_test.c testutil.c
-+ INCLUDE[cipherlist_test]=.. ../include
-+ DEPEND[cipherlist_test]=../libcrypto ../libssl
-+
- INCLUDE[testutil.o]=..
-- INCLUDE[ssl_test_ctx.o]={- rel2abs(catdir($builddir,"../include")) -} ../include
-- INCLUDE[handshake_helper.o]={- rel2abs(catdir($builddir,"../include")) -} ../include
-+ INCLUDE[ssl_test_ctx.o]=../include
-+ INCLUDE[handshake_helper.o]=../include
-+ INCLUDE[ssltestlib.o]=../include
-+
-+ SOURCE[x509aux]=x509aux.c
-+ INCLUDE[x509aux]=../include
-+ DEPEND[x509aux]=../libcrypto
-+
-+ SOURCE[asynciotest]=asynciotest.c ssltestlib.c
-+ INCLUDE[asynciotest]=../include
-+ DEPEND[asynciotest]=../libcrypto ../libssl
-+
-+ SOURCE[bioprinttest]=bioprinttest.c
-+ INCLUDE[bioprinttest]=../include
-+ DEPEND[bioprinttest]=../libcrypto
-+ {-
-+ use File::Spec::Functions;
-+ use File::Basename;
-+ use if $^O ne "VMS", 'File::Glob' => qw/glob/;
-+
-+ my @nogo_headers = ( "asn1_mac.h",
-+ "__decc_include_prologue.h",
-+ "__decc_include_epilogue.h" );
-+ my @headerfiles = glob catfile($sourcedir,
-+ updir(), "include", "openssl", "*.h");
-+
-+ foreach my $headerfile (@headerfiles) {
-+ my $name = basename($headerfile, ".h");
-+ next if $disabled{$name};
-+ next if grep { $_ eq lc("$name.h") } @nogo_headers;
-+ $OUT .= <<"_____";
-+
-+ PROGRAMS_NO_INST=buildtest_$name
-+ GENERATE[buildtest_$name.c]=generate_buildtest.pl $name
-+ SOURCE[buildtest_$name]=buildtest_$name.c
-+ INCLUDE[buildtest_$name]=../include
-+ DEPEND[buildtest_$name]=../libssl ../libcrypto
-+_____
-+ }
-+ -}
-+
-+ SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c
-+ INCLUDE[sslapitest]=../include
-+ DEPEND[sslapitest]=../libcrypto ../libssl
- ENDIF
---- a/test/casttest.c
-+++ b/test/casttest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- /dev/null
-+++ b/test/certs/alt1-cert.pem
-@@ -0,0 +1,22 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh
-+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
-+Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k
-+LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa
-+3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY
-+Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK
-+gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp
-+xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA
-+YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH
-+xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw
-+HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV
-+HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y
-+Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py
-+8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni
-+ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2
-+Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ
-+Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT
-+P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L
-+vRlTFVjv65nn
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/alt1-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40
-+2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa
-+2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5
-+ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A
-+qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF
-+wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta
-+h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j
-+IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF
-+geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM
-+szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu
-+w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c
-+55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4
-+AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8
-+hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf
-+FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg
-+s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/
-+0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ
-+iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6
-+65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr
-+cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+
-+AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr
-+g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo
-+dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd
-+LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV
-+g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3
-+sXJAoFllBNfAK3aanFOR1Q==
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/alt2-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDVjCCAj6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCUxIzAh
-+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAyMIIBIjANBgkqhkiG9w0B
-+AQEFAAOCAQ8AMIIBCgKCAQEAw+bG1zr36IgcElBxX1vFcfq1NhdwjzUWlYt88oVr
-+Zbn2cKzOZWTA2ft8slJf5b5AgWWuJ1Ph1EdX9evBvUE3qVUPDpJQ7UNBMvScqL8J
-+pCjWBcRK9WWguV6MTqF8dJnadup7qfN0i6IWquA4yDEcJDQR4j0BjoAEsQgkASYi
-+maYN5W7PW5swj7AR4K0W5Cwy+KF4+UXKkHPCmYUlbBa6lXZRp3uwU/gXT0fmLz3W
-+O8eT1PdoPnbRVFIKPhZrHcNAORti4xr4Cn8IEhTaqxIQnCjSCjhksoOuoojhW0qR
-+s9t1lTDxyBX5Uz6smanEyCQ6TQFOdMj4m8ULNYTSZbGYcwIDAQABo4GcMIGZMB0G
-+A1UdDgQWBBT4YmD7D7JsE8BJzNs/5cIpbtZxhjAfBgNVHSMEGDAWgBS6A5+dBiSk
-+V+Zz+vU6Cfm6hcyp+jAJBgNVHRMEAjAAMEwGA1UdEQRFMEOCEHd3dy5hbnl0aGlu
-+Zy5vcmeCDWFueS5vdGhlci5jb22BDW90aGVyQGJhZC5vcmeBEWFueUBzb21ldGhp
-+bmcuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBaH8qg41pSXo2ViEsZWVyUmB7QwVVW
-+bWeR191XTQPfPNEDFmUzzeBllMUedF4HyD36v7Flpo/LdPdXQnZQ/eyKalztFHgm
-+uePN5DNdS5xn9aqiKNF5pkO9WDhhYuwLRM50JeiyvKk2NvNx9oDFUQ7G6jEJu/r9
-+rd+8PCUa0SK1dDPJ9dpGrfsAYwk8kST5/JfyDMrocsijOu3v1uGTttMQ0h0A6w6g
-+EW8p77dVS/a2S3wJo9EiFHhnrAN493cwSXgBZUhKoKOri2u6XKV2D3g8N6bp22Ut
-+S5wx0pC8o3wW5upPsDAnEUt9kJJgVkS0FfCEHhHZ8iQyuwX15Yft2Qsj
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/alt2-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD5sbXOvfoiBwS
-+UHFfW8Vx+rU2F3CPNRaVi3zyhWtlufZwrM5lZMDZ+3yyUl/lvkCBZa4nU+HUR1f1
-+68G9QTepVQ8OklDtQ0Ey9JyovwmkKNYFxEr1ZaC5XoxOoXx0mdp26nup83SLohaq
-+4DjIMRwkNBHiPQGOgASxCCQBJiKZpg3lbs9bmzCPsBHgrRbkLDL4oXj5RcqQc8KZ
-+hSVsFrqVdlGne7BT+BdPR+YvPdY7x5PU92g+dtFUUgo+Fmsdw0A5G2LjGvgKfwgS
-+FNqrEhCcKNIKOGSyg66iiOFbSpGz23WVMPHIFflTPqyZqcTIJDpNAU50yPibxQs1
-+hNJlsZhzAgMBAAECggEAfuMureALDTmD/TTPijV1+TKrRyL9jDSVsT1NLATRIG3I
-+OwkjErek1kw3Y4VJihSl0Wpb2CtT3dxsE+Slc4EXnX1zqDuLYXKre2bHReGfTA4L
-+Omb/Kl2uMgMUnCWq6BdzUozklpsTRRIy3nEnNjvg/24em0xqgrNW1pfwQjJCPQQX
-+5ZLma+msDjT0BW2V7cnVh76A8qjDVRvJzKGRseVZEh+8Uke+SIKKLi1qICcK6MmX
-+1TpGs/Yy+GaXk7HajmKEYEEDSRdS9sqFnvqkf1TsbHrZQqKdtWuXtIvss1ap7y1c
-+PL5Y1z0/zf5WXV9nV3Yjd7F1tTN6S4sY7exOgNenmQKBgQDtkElQSwPHI3GCddfp
-+Eo79w0K0N+PkkQTXkP/3566xTCg78xGU1HW0aw8jabVsSpHC2uD0dBJbkQ0iBa24
-+VOwwGUUy8ZME14M0ToCDm2vXTR8oOw05DBcM4RwQQdGVxdnwScUJnDzefJEUyx57
-+3HO4QWu+h4nBqp5CTk+Y5gu4ZQKBgQDTGsgtIcdQevWay4nXKp+kcUYJy2zmCnBO
-+RFryyvdSSr3Tf7eeEZTicBiBp20fzppHc8/hdWnaF8+jlRx/hYY0M6hO2DEvXg78
-+BbkqxwGV3dOZXEVusy8CPCQuRfQNY8XhQ195VyFdfsRKZ1dKD7C1Gky7dXgA26Ms
-+KdWarvuD9wKBgQCi/h0fBujnp6zIqtvhoQcUmvTYO4STnOAqmuTUjVQxdyQfxazp
-+ZUAA8ndnf66nRx5tB8nSTxUNWB8fma/QSgvnEF+HDXImn0r5B2drZKaACPz4mFOB
-+MYdbIdQkX1RSI3ZdQ+/5oQWuTN8p2hbnOqD26YPoLIxaoRqGOb6pFCU0dQKBgDUm
-++CHM8HdGDlLkTpd7ZuirkJvkuU2OcUpzkYayLeVtZjA7ZwsImDkPSkxS0HoCtfup
-+oDy/KGC+QAyK/brp7ql0HDuF2ZR4lUNFWaL4qmCGksF5Zw4BVaO1atKv0EwSw/78
-+zKwrkP4ObfPh4yuFmdNvhMRqRkXJB2OWQO8Kgc9vAoGBALXo6IGSM6TtHoNrnEwi
-+LozF+eV6ZmYb1miBEBVOyCDl0BVx+6n3iNt17v2EmWLcFYS4ZE+AF9EuRfxuDv+V
-+ZSK8sQKka0YgQmLPIoBXksZGwTUYBaO1ojFKuVzrE0ATnbVzuu5wHLZeyK2soCQF
-+slY5WVhO5Oo2YTGB7Wxzs4Ut
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/alt3-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
-+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowVDEj
-+MCEGA1UECgwaR29vZCBOQyBUZXN0IENlcnRpZmljYXRlIDMxGDAWBgNVBAMMD3d3
-+dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN
-+AQEBBQADggEPADCCAQoCggEBANF68Ty4b18vK4fqVqJMIbwj/mLnF+WA6lvrzEE2
-+79mtKLn6jHAjXWJCJ8U+ib23dRf7K3F3qJcQF3sEZpY3VgbmBMZe6mQ1A4Kfza3k
-+Wm+D2vNy8BTh8esu3P9TsD89679qUaZ2/85RykFmnV8NdJnAgFEQ+NZuBeQck2Ya
-+cZiYyjNCfWEnSsvmO66M99VXzzD9kkpEUXpe2GbLfzE1iP+79sFGGFHYAvmTmhKY
-+DFIEJqKY56bnYBlFtQFTWGqjDe8irV8vFJ+VoXR73DXq/J/k9UvwytwDtsJMeRsj
-+O61UpbBDV+QipZeGC6cXtRzxPDsxz0BAXQeWQl7F4xavc78CAwEAAaOBjTCBijAd
-+BgNVHQ4EFgQU0K7Prr9eRi5yL/vKPFPpfIBCRUwwHwYDVR0jBBgwFoAU8FOJh91W
-+GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADA9BgNVHREENjA0gg93d3cub2suZ29v
-+ZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG
-+9w0BAQsFAAOCAQEAfJyYbBQfCHNwPeKi1/OYZA5CLOzktiiR8Uh/1YQLb80jNtcn
-+f4zZOHURqd4mLDrKNnQ7MVqlj+CC3oN4c/L58yQqLm1fbTKXgH6t6OGgg2IL3Aet
-+XWbHOg0arknwyOKY5jjVkzbZthZ9EaS0QTlN8eULHV3nwImlfc5IFDetzIvPJkz9
-+82fYuUO5jeCB4vjKBX5Ha7rvg/6rnNX71vA3++JrFc0PRFoJvnQ6GQTtBSZE4dFK
-+TOH5jE60bjDUL48jl267HLF5RklGuQRgZ3XfIU8JqDtEQuWJTWHc3NPEl2GOJO86
-+QDfXLy4+TUfWsoAEuoVeOvR5zitzy3Wqcm3Idw==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/alt3-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRevE8uG9fLyuH
-+6laiTCG8I/5i5xflgOpb68xBNu/ZrSi5+oxwI11iQifFPom9t3UX+ytxd6iXEBd7
-+BGaWN1YG5gTGXupkNQOCn82t5Fpvg9rzcvAU4fHrLtz/U7A/Peu/alGmdv/OUcpB
-+Zp1fDXSZwIBREPjWbgXkHJNmGnGYmMozQn1hJ0rL5juujPfVV88w/ZJKRFF6Xthm
-+y38xNYj/u/bBRhhR2AL5k5oSmAxSBCaimOem52AZRbUBU1hqow3vIq1fLxSflaF0
-+e9w16vyf5PVL8MrcA7bCTHkbIzutVKWwQ1fkIqWXhgunF7Uc8Tw7Mc9AQF0HlkJe
-+xeMWr3O/AgMBAAECggEBAJFEuNZq8JEJnR58G+gg86QNMfRUXfYCGIP2WYdAGcTS
-+mFOgtJNvcusZBYt7evndp44h2FavrHJV7nKY8qtpZHcUPGt0lwc23GBRgcj9etmq
-+jsQVCPjyV1nI/ejymF7DCiGMEWNnUq45ehEwoCGyqxGUtWeCZY4Obndqea1s2SoA
-+SIwrP74kSP+cjcOb+KEg5jF5aT0Mzo9ipQuuoxLzjXJhtQuyDYOulq4g/jalMewk
-+GLgRgbzrEDK8/DMVu35rNJ+CHWHowo+1G4lLY4DhajPMXMqb0dgR1JlFF5qyBoTN
-+CJXq4mpuf4ApEd61MTCm0FoqSm/AprSAIISCqapytQECgYEA/ND+C9ZnOOtTxgqI
-+nuq2r1yGFlNnbovcfiU3vrceUvmN+ne1tBtXSTNB4H95AUuoBeVAeYApBKxc0c9K
-+5Pnwp5NdPbana2cfuorzJrIHM09RP/obDP8VTnNJeO7wd+00Cx5ZnV5g8UcicebH
-+hbjfsc/lkd8G8YCIx+DBigzjIO8CgYEA1B4/JjCOuzM7Ag3y+XIIl3Ud4n15uog1
-+5tDD1y3xWzZbL7fh0APf4mT8cTTU0ms4i9Rnpraw8ds9EfhMDXxJBs+LO6Ivw5RY
-+RxWoAB1YTPU+T8EuTzZzIp/jrWTgsvLkjNq25W/lbZLO1n8ofFMgAAbWsN0J40ZN
-+70Sib/JAOjECgYBSiJvXG3h5QYIIzhmJ39Ah8Y+orDPBCBHEcLwBG+Dfb67lDL2Z
-+/a8CK6Se+J51SNCilBP3VlqNtwNaT1UA6YOiAV7YLc/8JR9bk88LW+Uz3/oDa8/2
-+7zNyd/qNa1u/mwV5d8ADuvLk8bcR/ig2xILqlpc4htnKb463ye0E924SqwKBgHKL
-+OtKmmgzg51Z+rdyiBZ20MsUhuOBPubvAtGC4gIMe4TLte1VXIkkg+2kufFZ8a/am
-+ZqqSMQ8JsvrHOFp36P9yh99V/7D/pIQOX8BgGFTGgjWTPiysXJQv/0SdGvHHVD/z
-+w5w2RpBbHLKbzAMG6FrbVof/dN10E5XHXGhTSvehAoGAHA6WgpPFp7iJBoC13NrZ
-+q3DKluiytegvljyDW5hOlRGqdWp7551EGYLnWtc4bSHboIf89Iz4mW/hyYr7frzE
-+A3Ksob4NIUCGMFJGSyTuK7eyhAxlVZbzqepZ+YftfTvW3iVXkxXx6kEgdzwPrNMx
-+DXwfc6G23PX5tUayTZqKC+g=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/bad-pc3-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
-+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NDZaGA8y
-+MTE2MDYxOTE5NTQ0NlowKzEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
-+BAMMB3Byb3h5IDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfkPXh
-+tGaOG5MRdMZ6mSI+OVj13SjQEMO741bjZmZM7/WwJwNx4/ozwy5w3hbcvEom2qe6
-+WCKThzpB+hufIgsElrLL6YHu/eExxfMqSkuUnlYye8JLriqs54i47bvtLn+h/vZd
-+MnsIrS/WGmGCDfVGC3u21h3tTmcVd/jC8vUueXdgoFVCq4elMidmM0ar5+tNAJRc
-+G9ZSeuuGiVbYCiGaYY+7PkyyYy1UiWyrhBPNvdQ3xcakygpWOXSQ19INYTLcAM6G
-+MSnEBK6F55zZyvuq3Ob60+okaSYWAo+7D0/BrzVfCWlzmWeFyJVR3Ps3nLxteahs
-++Fl7D7a9DbgPbY2HAgMBAAGjgZYwgZMwHQYDVR0OBBYEFH18o4bnybHle31aYNRi
-+QZSGJ96XMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7pbh224iVD3Jx8oR2kGzAZMRcw
-+FQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNVHRMEAjAAMCQGCCsGAQUFBwEO
-+AQH/BBUwEwIBADAOBggrBgEFBQcVAAQCQUIwDQYJKoZIhvcNAQELBQADggEBAGKD
-+jTgyuFlwNRgrw0g4IZMmbEWcgW4r1v2yMRyAXhZuVyc8lkUZoe14eM4kqwJ5ayti
-+peN+ETpRk6AS4eaCEBnn4tE/S8TD4KRovio1EWy5TvjPE6M9jPonF5IfNKgGuR3o
-+7gN0KKJpzf9jj5JEJPV/d5AKw9fMdSZseea7bZ6JV8kKCW+9WCSMFnwR7POPWSQa
-+ZNJy1PN6GlvHykdK4QwZT3jHaQMVY/uIC1BXrN3sC3l79jnL5tTeK8JLvZAqjfy5
-++5pNH71k8zqVR2z0fC4oiv8TNsDn2g07wCCcQmzg8JHsP5p/hyUg51RqrQJhAbaf
-+eUmD8lyBBdfcia2UqJM=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/bad-pc3-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDfkPXhtGaOG5MR
-+dMZ6mSI+OVj13SjQEMO741bjZmZM7/WwJwNx4/ozwy5w3hbcvEom2qe6WCKThzpB
-++hufIgsElrLL6YHu/eExxfMqSkuUnlYye8JLriqs54i47bvtLn+h/vZdMnsIrS/W
-+GmGCDfVGC3u21h3tTmcVd/jC8vUueXdgoFVCq4elMidmM0ar5+tNAJRcG9ZSeuuG
-+iVbYCiGaYY+7PkyyYy1UiWyrhBPNvdQ3xcakygpWOXSQ19INYTLcAM6GMSnEBK6F
-+55zZyvuq3Ob60+okaSYWAo+7D0/BrzVfCWlzmWeFyJVR3Ps3nLxteahs+Fl7D7a9
-+DbgPbY2HAgMBAAECggEASAMzkG5BkojDSJ4qyJbG9vAV/awtV0fvJHhIJpt3XFT2
-++LS4YVkj4MSAEw8WoidsYzOPT3DQQmEOnO3pM8sNbX71PMWMeuUAQr4WY4rm6YpP
-+DZfbr/D8AhHacmbxX6bYqd+sj7yQ8OyIOhjpS7EfTl6ojO5PWX8lqT6pvHHyE/Ol
-+1ZH2MG4GaX10IfrF7bw88XozmFfsw6eVX6t3cBK3PNapxj+RNEwcYBAgtXBNVVAJ
-+mSMkgSZ8/kTggRr3ntKvXCiOrm8Iud6Bwqp+aXB8+etT9p6gWDs0J4MCfkWvva+1
-+WuZDgryiVnIdqwalrLMg2IfwJhjtlqZjj0R1Oe2isQKBgQD/JSlg+/ZYAmm/BzzV
-+C3mII94Vw0lvX6qpeKMXvcwVcWRSwJMnMPMxnxebyEZopn0t25CRu0+N+sHNUZKg
-+JVw5wL9nA7815JGTfVV9znN8leSYdhvWh6amrKT+Ku+1vXTBONFAR85eilzYUtff
-+jKGVDhBuZ7a5YIT6+DOLoPbMdQKBgQDgULasEUxNTeVSq6qzM/1tvSR4Z9W2JIFr
-+nDxC/RyPq5LN+3Pg5JiA3FFION6C2Rb+rb2RBlpSxuO4Jv+gPWnqZfuXZiTusiDd
-+dnyFsAoGPnb2SIm3OAO2N3w/7ttmRCsWnm0mkFLkd4XJG/mtDcHrit1SZTEWima2
-+wKf2RJEiiwKBgQCH5+aTp4K/vIFRZOyNWvBgiSJ6GyzZq26/mOfe9JVp8p2KytNX
-+c+aGzwSHUXXXtp9FNwhZ6BlnOmPTFxlwPpZSmQ4bNE68yUSV+JP6UGcJvNooL/mC
-+G320mI/GZ16KQyGW7snfYKBXkYIFJJOim0lSmUw9Uvds5THQcTcbsCDmJQKBgQDE
-+F2sJUnncXkspkO5BiCJ0a1NVepgFiTYmJ0c63F+6bKeCL94l7FAw3eikdSp3QmXq
-+r2E3RVFyaXGqi1UN9IIBqbNdr6p7i/ZVA35ps/Gfcb23IMRbCbmc8jZJAXqElPUB
-+6e7LNoFwPdgTbcQ+9vbd/N/rZpCZ/tU5z4NFMr2ZbwKBgQCPN9KsqsRRK2v+j0wt
-+ArKrWHK5w1Cj5rRbedOn8659edTB5tqrFtZh4YJB842oe4s2XYXtk+Kq9HBRh4Em
-+CkO/JSH7lgVXT1zsf0ZYojaZWLhVTNHa3PO6R0FtyC0h7MtHV9aquPNCeiQDkwbT
-+RBV8wc0Stpj+QEShPIS9gEQVNA==
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/bad-pc4-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
-+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NTBaGA8y
-+MTE2MDYxOTE5NTQ1MFowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
-+BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDQwggEiMA0GCSqGSIb3DQEBAQUA
-+A4IBDwAwggEKAoIBAQC2xxl2G3u38wzrx5uWgKiZ557ZIbLQECZgwmMbGzdrNqbD
-+veVgTEdkIxRk0py1QUqqukhTk9OpkUrYiSUpkAMkc3yRtpCp2KZeuN6OwyeAm8Jf
-+KUHeEvvM+GNZw/AoahgRJ5Cd9OykI4Uv3y0BzwZGXCrKDWr0Bpwcg6aQ/0+dFtd0
-+ElBKq2v2hHpKn4P7ZM0mpvPSEwJ5nPUDY6iuRZNVrihmuZ4UZtKsz7EFbXfqaiLz
-+zfns+Kmh4j5OK3Iunm7gQLpv9RrXxsad2s7gKzgRhuEi6sECg/+4qOKwhUUxVWRX
-+iJYTxJfKfyIb8fjtrQrEWxNb1n/1Ea9nWuOk1N3XAgMBAAGjgZYwgZMwHQYDVR0O
-+BBYEFLFSiWVtSRQ48ziWfxHBtmC/PwPiMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p
-+bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV
-+HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBATAOBggrBgEFBQcVAAQCQUIwDQYJ
-+KoZIhvcNAQELBQADggEBAEg+p78n5eTkl7D6OPecC47nqFp7pNQtWTksTxMgBtz4
-+LeZR0nBX1kZdA0arVd7RAeqjR5wCwGIbdc3hFu/xeoPeTUBFv/7tiTWsCFBmfoSK
-+Tu/NeYrfIc3Qd6KhW9iwUxN7GFAZZFhJ3xVpaDhjpMDlgp9UZ24vN+eY0KRhuHQv
-+hGJcyWs5M0dYGVyTSS5VueJSWlXD98KT49LzdyAfaveQoIMFaSH3rmR4BXvUMjEw
-+ByFwvFeG0lrtvcx3RhvlJQYixUPME6TcNOAWJARJ0qiO1PCufFDlOSjq8GjtxGbc
-+JjMc3GfdaieMM8afXWQPflfLw/Jb1rPOKpikva05ZMI=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/bad-pc4-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2xxl2G3u38wzr
-+x5uWgKiZ557ZIbLQECZgwmMbGzdrNqbDveVgTEdkIxRk0py1QUqqukhTk9OpkUrY
-+iSUpkAMkc3yRtpCp2KZeuN6OwyeAm8JfKUHeEvvM+GNZw/AoahgRJ5Cd9OykI4Uv
-+3y0BzwZGXCrKDWr0Bpwcg6aQ/0+dFtd0ElBKq2v2hHpKn4P7ZM0mpvPSEwJ5nPUD
-+Y6iuRZNVrihmuZ4UZtKsz7EFbXfqaiLzzfns+Kmh4j5OK3Iunm7gQLpv9RrXxsad
-+2s7gKzgRhuEi6sECg/+4qOKwhUUxVWRXiJYTxJfKfyIb8fjtrQrEWxNb1n/1Ea9n
-+WuOk1N3XAgMBAAECggEAQbq33VFk3HH7Y48U1LrP5wj0hwEnXMtyAbnmCglvlI7C
-+ygGwS0EjK0+yNc/HqycfwuXavLOcmo41bEllo9y2RJWDZqNQwsO2kLnKz2w++HEL
-+JU2g8kvBYaSxlcZwxxfgL8saprM9polfjCel99CLYSIkASVyIO9/lIGDlQE7kDHb
-+B+YdDzucQtyi3LXsdcfW8so2DsZla2Qa9305ZAZPEOFXFjsvKR41WdI5r1uwsrYU
-+voMcH9k3aefOd62+e1KodO5w9TxSYTw2bLrGhjB1UzEzRGIgOY7L+VSmYzTn+ARY
-+loXqK4sA9yvr7z+ZXHeA1y0XuMRzkG7qf5Z0pc29AQKBgQDd4piLIt0Rygzud4WQ
-+5UBwwLd1u1A3jdU5EACvG4GBlJiQQPU0hHcTGoFbnTNy+y7QSBl/3viRH5WPx8Cx
-+O1nJ2Qc7mlAmoKq3Gs4gso6utPP2x9Rs/bIPkL/LhAdi9BBnp6H/5dyrvtv8O1OQ
-+S1rXpYTjmYj9X7BSU1PsDUiyWQKBgQDS4TwxXycJYClGufq9mrNuAoMfReXaiwv3
-+b7wfRfOn1cL0hjLjLAhxn8eau+/7ZKS8ScXqHszrz0yXPfxTtWJ/DvhuobWOOWJd
-+RmHN+OAxCLvcZD1hy6bzXqYuuX2WrARUKWZRg7RXxlOwnkcR8/7OrmnsnEiCh8wg
-+9h/GGd4rrwKBgQCXV4BOnrgE8zjAyrtKqmO6xGgeIGZFjjNaWYTt6yf5V358HiJh
-+8Nw7JoAHGgFGsvcqT5M8+bu3WMCtskTHXkEPAT4CtG1o+3uVqu3ftYrGtVwV/hTx
-+RlVWcpevW92h6/DokplXrtRGPMdVkq2bpRpQLnCmwUmD8OmWLYn3XtQv+QKBgCA6
-+jBh/kle8epJ0mf2gRwvpFmERLa/Y0FtgmD+vUS21XbZBTEWr1R6IbNkZH/QrzYF5
-+ROYjDu57IBl9P7MLZaJFh3JhBH5YBtB6kTgJcToNO6jTKQ5pMXrAXGWHs8nzQDYc
-+naaXmlhP1zqG9hWoVKkBvu6KdAp+9pOTCggcq/fBAoGBALHpj0QFvEzROBpLiNtW
-+zrU7jcl4TwAbTh26cjb3Nj/2J+JH3lmLilxT6ltKUvtXFMmAT20at46RMGqY8z7R
-+Z1OgtiraQtSG7BeSMRLJ2aCM8+JotvYMjRauiC00jXZCsusyJ1mLqgWlHu+YORVE
-+9fO6/M0yLLz4mk5z2gdrP9MA
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/bad-pc6-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
-+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MjAxODAwMjRaGA8y
-+MTE2MDYyMTE4MDAyNFowOzEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxIDAOBgNV
-+BAMMB3Byb3h5IDEwDgYDVQQDDAdwcm94eSA2MIIBIjANBgkqhkiG9w0BAQEFAAOC
-+AQ8AMIIBCgKCAQEA5hE+Hzx8w4tAPaYsbdY9ZJSzpzpa8ZBsZxhiJr9ayIU4C71m
-+uV7EMZtUGyAbl1pXzBcvNQq/lUnXL4hpl612h9Pg7H+oaNM1ZVDnRFyIWvaq/oVu
-+msi//4z5QetkM2zRa9T3BtSWNJF+9BnDsdDxi2qLW5xY9xN3tFr234ueri9HNK4O
-+V0vJX67wgmVgGmIX6EQlgX5RF+PdU4SYjqxZZe2v0+ND334svlDAdQfKYf4pYqMB
-+Vs5hi4PYiuU2QDhLOms0m4Fs54mRjRQ/m/I4L/j2R4051xLO1ya5UrZWepkvd4Uk
-+rW7lC5JyFvG3Mp/QChrGZF0cb9iHi81iUNULAwIDAQABo4GWMIGTMB0GA1UdDgQW
-+BBQwWHApUcXg5oqkZdg2JpLWKfsUVjBBBgNVHSMEOjA4gBTTom+GhtAFXG2+6W4d
-+tuIlQ9ycfKEdpBswGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGWCAQIwCQYDVR0T
-+BAIwADAkBggrBgEFBQcBDgEB/wQVMBMCAQAwDgYIKwYBBQUHFQAEAkFCMA0GCSqG
-+SIb3DQEBCwUAA4IBAQBe/pghhwiZk++TtmV/eTLbQ/tMOxlb1Q5MhX+nF42eI52G
-+Hwsg3dBHgy2RSgTE6fzMUt8cyEplG4nqCpR7qm2ZGcHmn/IEO7exZmWTvurun4tF
-+56L2W0oe5hLLJV9W4akVTH6LpRZOR/CgMcew6tvzmuAADcP0KidFSxkd/Y7plhSy
-+hptq50Qey2yyA1UVTCQ8k7OSvL2lyD6F3EasejmK0FuHekgewB54cTMCBBw/7aZc
-+08rvhIi9X/yQKFD1o5kvbTi5//zcCx0RbMVZRFcrFUD+PNwt7QLpFrMs4u08aok4
-+/QzS0G+801JZa1zoUMnnNPNGlfybvANVbovUCc2h
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/bad-pc6-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDmET4fPHzDi0A9
-+pixt1j1klLOnOlrxkGxnGGImv1rIhTgLvWa5XsQxm1QbIBuXWlfMFy81Cr+VSdcv
-+iGmXrXaH0+Dsf6ho0zVlUOdEXIha9qr+hW6ayL//jPlB62QzbNFr1PcG1JY0kX70
-+GcOx0PGLaotbnFj3E3e0Wvbfi56uL0c0rg5XS8lfrvCCZWAaYhfoRCWBflEX491T
-+hJiOrFll7a/T40Pffiy+UMB1B8ph/iliowFWzmGLg9iK5TZAOEs6azSbgWzniZGN
-+FD+b8jgv+PZHjTnXEs7XJrlStlZ6mS93hSStbuULknIW8bcyn9AKGsZkXRxv2IeL
-+zWJQ1QsDAgMBAAECggEAV8MsF25TiaSNFPdW629WbA/tmFVCa/PT5l/+0Rkd4HAx
-+OQk/LmdgICxIoTBWVh44b7pIX8uB2ckZNSCsZxfcp2PD4XOxIouvSr7Z+dHykgCW
-+qhDsaE88LpfwXZ0V1CgmmyPaN9jQk60M6MELTcGO4sf58TBrH5VljH9GvW/dUEQv
-+f85PsN8VMWdZYx5AU97oLxNlZgRgZa72rtRfW3xi+Nnf/TbyqQ7pJAHdGju7kR7C
-+Mv7Kp+us/FzPXJxHdumh8BSAbqn2Fr1hgUyH7v/7n7oSLpBATLOQ49K0X4OnEN3m
-++GYzj9rpnza9QAX3too3EP0tDYZaJUUZiQqdtFIzgQKBgQD6KISBQq7LjRGNOr+R
-+ayA27HlrZ0O0STyOkxOCx8GqdHQjLS/REGnLAJy6ggm3Col4ACXkD8zNLenFCCsA
-+CVq6iEQcGiT5bZyJa7cwLEGdoj8Aqd6OM30TgJ1u9ZJSWukys0BhhQ7huBmxdpm3
-+ykIGQ5DxhnecXJdYylzdunktmwKBgQDrcJ5fyYFSheQjW2TkNTRSDccToGVPIECd
-+/a/FvhzqhwLWt1d0Hpub9M37AwpN3V8IM7PHcDqgpzrD3q+vLW726h68ETAqZX4H
-+FDHLPiENkoBZoj6yjS5fmAkVa7jhGQBFSIQ1s6eYkAHCRwSbF2jfNK1no8fERwkp
-+XjEf6yWiuQKBgFPfQ9Xm2p4qlQjp+pKx/SINFQSaocuPhnsy+qatfNQ+qTWmD9Mj
-+kqTadrHdqY4yPTb7rbiSR5M/YpKKE4i2mjHSQCu/5EewpXw5njjLjdBhNohta833
-+m2bvh1lNgpqUGn3CNcK8junFBPBIGG/To2FgQ/eGoxHMxX2ik5JP1BMjAoGBAJ+K
-+ryeFqua66D+1XQbvrsazo2V/WWdnGaJ2GDhNfdbHKntJvi9n1la2ayZfhwoAqrcq
-+IfdR68iVydKVAkQY64rSV4VluFficqZlXuC09zz1O5iBwy7HUNdidTVYy+1tPau1
-+WjHxze4qF6cI7OwTzvMCBUenymUNJf4sX+mbNOOxAoGAHYK/AbJtXFKcYx8uj0MA
-+YnkWWjTKMJ2TQIu94CaSf1oR4M6fuskgPfuRjW/CyBFQ3zh9+F4l7lG2Ywv16rBb
-+/1B7W5euucM8JYxSGAicqKX7iYV6Ikz0l21Slw6fy+e1U4gIDfZPgx56iV7yVoGc
-+IywUjiA/G1N3M5WBVqBl3K8=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt1-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
-+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDMwggEiMA0GCSqGSIb3DQEB
-+AQUAA4IBDwAwggEKAoIBAQCiqb6LYFYj1uPeIVuzuDL1bfV8+xlrws67I+9yVDiH
-+slYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYfLhF3LQUvXyON0LkjkZseXVFLNokD
-+BXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByCIVUOpiXBbq5FtsuLhquHK0yAsY1g
-+JYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn69+s3nGx9QheboiDVTWqynxDQn2W5
-+ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdnsAJ/pN2Yc3ri53OPodTkmrRha31N4
-+8TA7st35XepAk4vZnSq7cml+85xs8Az/OZDSHH1EV5sDAgMBAAGjgZMwgZAwHQYD
-+VR0OBBYEFOI3TVHkhEPOWw3mh25Ri85AMqJmMB8GA1UdIwQYMBaAFAjRm/nm1WRw
-+oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwQwYDVR0RBDwwOoIMd3d3Lmdvb2Qub3Jn
-+ggxhbnkuZ29vZC5jb22BDm90aGVyQGdvb2Qub3JngQxhbnlAZ29vZC5jb20wDQYJ
-+KoZIhvcNAQELBQADggEBAGpxmDDbqtgDry35nKv2pTDMHW9Yqv80ZQmy61kQiatN
-+vJzxdb+admW+CNXHHqsAeRr6ai2aQkn2bJrMkGuosNrkVOg43Qw7k45nIK4jUgUc
-+dcH7vVp+8isjSYXo2fIxulhE8N8fhhMVAQrhQywkdJW98fDlq+lHqUAEHJ7vNtlb
-+4LssY78+hq1ftjYiItAybc8peU3iDjUl+TTk0ZLTX6E9XE0xRYV9berAyTIUDSIE
-+GpzEtsBqZlTdkvZOfsTs4s4tpkOoZQ1aHniCk8fQ+/nI3CS9EHuWqt/s573rCRl4
-+HfiXnUmwyOm6IKzBLsbgxlByfI7fAS1Nm/hLhgtglfk=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt1-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC8n4gY4wOae4Sg
-+pyqOZf4bg5JDa/NvzZV/g6PawamFQJIAjf41ylZ5Cjdi9+2H9CuFZ4e3im9L6Hu4
-+2ihsTeLmxtIabr2w0bFxTW5ZQ/NogfyNGgdcSqUrQLF8nSqE2NJ88sNVyrMQPLMk
-+LllqvVFhXEBntFfZSXKIz2sA6LIeC/t8UReznRfAKF5lJoBjjDXJLOYmgz44rxqq
-+L7m84ABJYD119LXRc8N5XfEvC7ff61ZrBOrmxtwZY8FJWODsS/CC+RBN8nnt8rh8
-+ICyfh/2gA4x6Mwt6dVMax2dw4u/esgbokjQ16wvFGjWKzufdSPa3Tk7hrhvRC38h
-+8jAqpxtZAgMBAAECggEADW9fhkZFL2+01qyRf2sMWnFYray2vjPqfhamSSKaLH+Y
-+5qk2fiZXWm+72jTGmnRt1Sa2qAAYRVPd3CDN2EkD7GQk+vUAVePZu7REM99/KuZ3
-+UqWT+KLoeNg2zCV1rdizxWqVNzsk3fc021Lh05SAg2rKu5hA2Z09pzj+6iWo6jLY
-+0pFml3LgNjYy7VQ1V8978vtaVhVYklOiAT4dfNirt42F1NBGgaRCLhOlROOJYPz1
-+LCjSlKzF2T6e/4hNvxQXGt2yJ1fq9dIj9h2XaGBbyPhiy7gUvMNC46LB66kOkPwL
-+4rX7OGAEgr/vHpZvPiCVALK7dm92Z87+yem92UrDwQKBgQDzj+HvgfxDsezpZUHh
-+rFEobTx98XOtCDDn9uS1dODGB+DaRROzybqfcf1D3ayWoS0ucajoOsv+/brq5FsA
-+f7aNMbSTZNIIqjOyioWAz/4Jqupcr3RFczaVG+mX+OPHq1WnvCWfD/yNI8MSy+FO
-+b7LdO7idN12M9HNurZGmO0Jv9QKBgQDGQW0efsO55DN/Ve6QdLeqSjVvXhmDKv9i
-+6bBu8zQQWD5hFqirDl8144VY1SqTua3N+QfX0DX0QAxqkVeG9O2sNERumElWaBm+
-+MnOKW/IklXIK7shmjtAzarRD0cX/8di0Wwv0qZfL6iU8tkmh89kNyUE6tHbmpeUj
-+fVeO0G3TVQKBgCWAkw5Y2mnl/I+XasR/zuNFppnR0rji2PzulBqoi2+SiPmyxyzY
-+s+aXG6MWf9uVp6pOD+7qFr0FfoFqdeSmxYoKDD7huEFjS6CDGblSzU/ZxEpPLbz/
-+13iwGpCu3wvAgujX3IcYZA+rYP8E64UzR7wu1OdIPhxVC20QRqvs1fb9AoGAPCgy
-+IiS44zkZXzQF9ZNU/7kQycA14ZU0dSEPxjrJu4PrOa6Uc4Mi5Mkq9y+Hgde/o1ZD
-+SPsGxByDJ/r+IhdD3xLlCOHwruVbmljYsk0ABpXKSwL1kBkZl+By3nlSqT0LUn6l
-+/BFR3DAqKGfvo9LIM+SzhEqqIYaJJuGrpcwc5xkCgYBu0Q1goQd3me/U1KCIRYN1
-+u0f8H1uav2zGp9818PvLny6tMa83Kfam/zT8zGIOBEty530jPFWDnky+CLAm6qYL
-+ANLPHiCErO+3n15C80porioSFnUL7QY/5uRfTwDjcgCjGQgDiL1RhwZJurmFgwM3
-+RBPODQ6vGkTdrJOJr2AWCA==
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt10-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDiTCCAnGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
-+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowVDEj
-+MCEGA1UECgwaQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTAxGDAWBgNVBAMMD3d3
-+dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN
-+AQEBBQADggEPADCCAQoCggEBAM273Y+gNkheA8Ifd/zsmibA0KmeuEKGZsLvv4Vl
-+HXABoOtYli7wkfyZPexHgUUdNe6Tu9de7nYDCx/iWoSdrcKl+/5BBiFcLY72Buqk
-+DF2vmC+un8z4ykHa+dqJ2KaL7j8uLsiSPCOk9+tM+bvCYv4o1wPBsoDmPg50yvXp
-+RVR7487cN29h4BnZC1BMXuwUzEexpYCy7i2GQTI4DrQ+oN1OsIUbHS9qQxrfx+vG
-+TYpeZOkR2Mb6OtPEHCGpCsxNCDzhPAmlH6jaxT2kCkhuAWkqkhHLTuga3kmXuH2r
-+OBOpq9TRhC2kPipcuOcIdnhexovcODVJ0X0prkS3P10K3fcCAwEAAaOBnjCBmzAd
-+BgNVHQ4EFgQUmGUQRhEili5u8F+d8jSgSLailgUwHwYDVR0jBBgwFoAU8FOJh91W
-+GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADBOBgNVHREERzBFgg93d3cub2suZ29v
-+ZC5jb22CD2JhZC5vay5nb29kLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2Qu
-+Y29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBZ4RTnIR7Tgv4rq1Qx7pbx3Hlw
-+Y68L0Nt/8GaFZK0pOrKHuY6HUcUOSabtchcm/CYF1ZowKT5KGWmR8X1WzgHe9Aay
-+4njzcnTu66hc1osZdH2lF1+lkNA+HLvzNNcBu0XwqzCs2f/yp4uznuHZKvX45y4L
-+x5TUh570LVUnnoosdTmzicZdXcw0nzikbueNAFSrZFLPt+lH/t1P7d+gNj6hAOYi
-+6Ac+JEjSAPXZOzbNrf56SC77cvkkFrYONjXgrJfNpZHMCNj1M3bqileTYIV5Leyh
-+PgoXCRyteMyNjwTih90SZPq4dLPx3Mf/WNG2/hXIkC1AvFXpp/u0iuwlw7AO
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt10-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNu92PoDZIXgPC
-+H3f87JomwNCpnrhChmbC77+FZR1wAaDrWJYu8JH8mT3sR4FFHTXuk7vXXu52Awsf
-+4lqEna3Cpfv+QQYhXC2O9gbqpAxdr5gvrp/M+MpB2vnaidimi+4/Li7IkjwjpPfr
-+TPm7wmL+KNcDwbKA5j4OdMr16UVUe+PO3DdvYeAZ2QtQTF7sFMxHsaWAsu4thkEy
-+OA60PqDdTrCFGx0vakMa38frxk2KXmTpEdjG+jrTxBwhqQrMTQg84TwJpR+o2sU9
-+pApIbgFpKpIRy07oGt5Jl7h9qzgTqavU0YQtpD4qXLjnCHZ4XsaL3Dg1SdF9Ka5E
-+tz9dCt33AgMBAAECggEBAJzXPb+C2h8tXRwetXCiR5qHoAvPrpU4tRqjf5SIU3rS
-+IwWIEWZTjFfP039Pu+Mes8Df63HzM0PQaiiyfWNgedlMhOF+XNgN18WHFhrHWY4K
-+kbC4Jacze63c7GGIeRvuzYBpCs1pfmOGHmLJ2hEjzigIpnJ8tkLCREjtDNWQMoSG
-+V5LznbgZ9S/2KjyvTW5ff6m4GQH3BShPPkFDICgQTulwdZT/Y8SDKx5+qX2RAtjY
-+RguaaNSKQnOHroF+FPNPMUsK5gLZLWIdIECTi6YHaba1BThKzeKFKtQ0lWI5ebxg
-+R4kzEPFJmEHbNplxUHSkY4ZIsWK9m09Sn72IrmVY6fECgYEA9e4+w2x/YLtnfwYT
-+tVj+kR5MRTn6t+gOR7o6lsWGvkFqwSi0syfN8D6u3KeoYORUUY7ISCFJgIag5Y5V
-+Hp8T23O4rRcWuoAmolxNyvYiUYsVdflDbAZFKMSvrAv3XlRRf0vJYXym32k8KAhx
-+1qo1zTl7THWM/skv/SF+VMItnO0CgYEA1ihKz8LbtPcbsOaivJX7cXVf1AuRty6F
-+lKX8QIGg0ppq/EFkZDWg7+OCVneO53bFVDDqKoiM4Dq9+aA6Dgx4fjFof8rUaCet
-+H/isEkjcvEmG2a71PU/moamDuZDu8yRodUl4zyjqthQgc2n6ryV/ZIU8vNZmjpIr
-+EhITW8/mbfMCgYEA7UMjpDA5l55VlDPNscihGGpNlQABxYmItWSSf8EjZMwB7UaT
-+RsChKyWeV90cUhYWzvRcf1I18lxwP+eYcUlxw+eaBMvgrp9SJpO8rZHWvCrd0opf
-+pIlMEa/n96k3xva8BX6dU4MKD0IculajVUGzVEIflT1XgLuio6i7k5Qeo2UCgYA3
-+I8SvXbKIE5/Tmm6IM+27tsbnp9rq2VWXgm1Chp3L2+pz7LpWeuBnI6LpdHsc6Z3B
-+IZ8JOINdMIK9hR2thFR52WrYjHbIIn8W3kYfpxb+e8f2wG9wS+RL94NtAf4kKFmk
-+6TfrztMv8lqwnLbo5bS5QvzyehmJ1+SzEGhfmVXxNQKBgQCULij+SMWsFC/gPJHh
-+BCnx12Dx9t5+qE4vrjtNumCCnj9i0nRPludbWapRfHyfe0WlhpnnHo2OTFcl3qna
-+wBln8Km2CWNsX/QeosZBPr5KAakfD+l8LieK350t7yE1LEboYCZkBNCG2gJXIyTs
-+o5DsYNoxX/IWq2EbB6qQ3Cys6w==
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt2-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDSjCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
-+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDIwggEiMA0GCSqGSIb3DQEB
-+AQUAA4IBDwAwggEKAoIBAQCy5dZH9k2pwH5jw7iWD1TwOIqtmkNBOGDDk9jKvovm
-+VUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E7/0yqjIesNPVvqzn2wzuii4VsfDn
-+qN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQHSOHNgzm108XfpubuqleEy+ykHhX
-+bgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHWQDWKE8TiQiGzb0sXWdkXvPt+zGw2
-++C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAkekUzu/dauhHY4aGRoX/EsDTN8K4F
-+YtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7CNiSo6WMzAgMBAAGjgZEwgY4wHQYD
-+VR0OBBYEFPIaUwk0/m0BQNvG30Cm6oNqQFIXMB8GA1UdIwQYMBaAFLoDn50GJKRX
-+5nP69ToJ+bqFzKn6MAkGA1UdEwQCMAAwQQYDVR0RBDowOIIMd3d3Lmdvb2Qub3Jn
-+ggthbnkuYmFkLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29tMA0GCSqG
-+SIb3DQEBCwUAA4IBAQBjicKVS7UDgLCb15ucoKfnrVGvKUs7XSKfF/xae+c/2xWP
-++jCCqbilW0QhVuAYyK6GgVO9cG3PKhCH/Us2Az0oCzwLXibRHcDSRfrjJJ9uiofc
-+f71p9AzAtRMlSwl3UhSLS8xbHLRbniNXi928+1iMoKb8Ua2ZVHzF3s/T3J26EEkR
-+D2DtWq+y7ETlTPS/GklldW1x6qzWRgi4IriApX2taccJtFhaZH/Ih0XtnEWkmtOL
-+dwsadu9bjbLtUsFBeW/bcRBqZoI/7xbSxVwHVXF2MZwHkdFuq/3eJE9RXVGpy86+
-+JXOcEouXyLAVjj9XCWLW8ilVTkYE6EmUvKSF4aON
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt2-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCy5dZH9k2pwH5j
-+w7iWD1TwOIqtmkNBOGDDk9jKvovmVUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E
-+7/0yqjIesNPVvqzn2wzuii4VsfDnqN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQ
-+HSOHNgzm108XfpubuqleEy+ykHhXbgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHW
-+QDWKE8TiQiGzb0sXWdkXvPt+zGw2+C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAk
-+ekUzu/dauhHY4aGRoX/EsDTN8K4FYtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7C
-+NiSo6WMzAgMBAAECggEAe5D7MBt1S0H1Ss1+as/OOFqllwGNYLgjRhOR04BHu2G9
-+Idjp0tcQJRBD9aMxEMOQKLkjFLtQ7aYJD8vAFMWv9rjmqKWaYk9QIFd7O2r73dcq
-+jTTt0l9gjZLAhMzELO6680M/Nd/MeFf2UV1/E76GrM+dBrphmvAUWjFgabMWHDR0
-+vFmZW46MGyDLAmihSYXXtwamYxf4UHYC9QxW2KNu1l+llalrRqzT0tQde93W+lM7
-+fZBXgjdLayqdPpYhKd6QkEfVYrgtkuZern+DlIhfQcBwVqj+2gVfO87hFVEb5V2+
-+Rt4v6xpL2Um+MvojE1NO353WPDBFMYOmoMjSBL+CoQKBgQDXzk0ke/+ZZoOIWLfd
-+z57s9HyoTbiUHNELIhCNjJmpEVMlUn6TSRu8r8s4EciOb9yj4j5dr0p5tdsmP0eL
-+KJZyTvNlEsq93azCuzG82Z+963iqq/1msncjvcbnIll8kGwpr38sLAN/qjc11/o1
-+gLbWuiztGyTPuFtM/Hy/UvkV4wKBgQDUN78TSEGzuKDtyuZNMCnvSJdXm2p3XMaz
-+d52ooRtZ0REH/MGMFW5u1xJxnDflcgnzXRVq8xaw3TMo/3Fx+Op6PGq8zVEwGDBQ
-+0WQqBVB/b4Rw21Kf9fMVMtXvOxIsQcdz2583s6Lojr63H4P11fF60EEVmEW2cXs7
-+MviuHdt+cQKBgQCpgS0ufwbgYpjlu2mQG8fkrpRLTeCw1YGMkREXXVxEY4s/QXCS
-+F1Zl+l5QiAdTeaGAR/BcfZatyp17iTCUqSiiWEjtFrmQMFHGEmqavwStlAqPY9AB
-+niPeOu3EFkLbiESs6V+mPlvxJq1+6UlqRNNYDZvEERH05gUwjxEc5fsnqQKBgQCo
-+Q2cqJ8GIeVyIDreZ/hVR15G/8cdxysr1o2MLQGpKRb0mQx9HLfr4wWirUfzz3P7M
-+ykJgIUwdgdW9rQRLJNztfJf5CSZVZuhwPAYaV0pjMI2nWg7iLAXICh2caI7ZLnKx
-+hzJv3OvPTtcipUdhFXg5M4RXVfv4U3QtFRYeIChX0QKBgQDDQ7mGmWkuR++svxXG
-+A5ITe+7RBRO8kVhXEGYQbIiuk4fM2ZXWnw/MwMVX3cZRfL2DPVmRa5Xcgs9OLwQD
-+hoGqX9LBAkyB1p+ZBqNJaHa86awXR01gWNPW7/GJTp4Q7V4KkGvjIbWVWH/7TpMe
-+d6YkymUz7h0qMN/M5nsB5Xg4jg==
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt3-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzAxMTMzNjIzWhgPMjExNjA3MDIxMzM2MjNaMEIxIjAg
-+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW
-+DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7
-+yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc
-+YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy
-+esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc
-+ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq
-+sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T
-+I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp
-+IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud
-+EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv
-+b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAZSDs
-+XlhVEqGRU5Y/n6EIznEBdDSMSxjrZ62Nf4rWzrQGYT+R9CjUQra9/6wXyjvlTZZO
-+w+BP3y0n2vH1TrCP22fA3n4Tw8WoJfq4Sb3x/eSgTlUYAiZvHv6vfugC7y36c7xh
-+3dCgKWCDxaAplRsMkXIQXgfCNp360Z+OMMeNpcpVnxnp3LfMKCpsDWUKuWvN1AJE
-+mi1VCWQuQIC3vmiZbZc/YKF1kAgUHxCnqHcLtU3GAZUuCVyNrdWXk8IjzjzX+ZpN
-+qr/RUVVZ4IYDUUiGLHW2AvpVv9mt+SBspsCDXyiAf5O6xdek+tiTYLmU9uUOmtJ3
-+ndvhdtnodLRvtBeJUg==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt3-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiqb6LYFYj1uPe
-+IVuzuDL1bfV8+xlrws67I+9yVDiHslYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYf
-+LhF3LQUvXyON0LkjkZseXVFLNokDBXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByC
-+IVUOpiXBbq5FtsuLhquHK0yAsY1gJYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn6
-+9+s3nGx9QheboiDVTWqynxDQn2W5ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdns
-+AJ/pN2Yc3ri53OPodTkmrRha31N48TA7st35XepAk4vZnSq7cml+85xs8Az/OZDS
-+HH1EV5sDAgMBAAECggEAUIndN2NGo04l2vkHT4/XY1/DWdN1/b4h39TmHOSIbN+m
-+9YzBG5JcbKjLgXqEpA/uMqqAa9sv9ZbEDkIgEbLvy0m+79u1n1/bvwgTVTs2UZGn
-+oeyyBuB2bp6pF2y/duzHctPdEJvh+w8vYlsgozUuonyruwbL91SBn1aX9Wx0BHMk
-+rReJHuLxnGGgUVJzmNqKaGKBpuBaLhpytcIuwkNErDHUfzyxDcpu8IPo70jCafrE
-+hlrbs9o8vKcnWF3XZ2LVPdrF0MQeXfvOPc0txiAOU4DQ91gsoZsVsYJCXY4Qw+4S
-+ajpxidF6nQDtRtB/aTq+OCMzCVGog6V8Mg7VbA8u4QKBgQDQSHDEBgvPfoA/6Sxp
-+uzFV7T0Vgl58oV35EqPFl81cBUSwTElx8ueP4kK00964j47Qe/N5TQOzvH+rxlGQ
-+cBgQzG3W83c9HmfHjdx6lSQIruRW/HwqOsJtPcxP3XyxSO73+hqwf3hsOWRq74Lq
-+MHcgvWZ1iy/A0smVQu2sDLDk8QKBgQDH7b+FbKSngDZU+9uEYKkPpmhh0qGXVgSX
-+1W1BKYxIKd2y6aDOCxZJDTJGNBMpVdOTm1VNrL2J+cF73XOJWaG7KnSbxl/tkrS4
-+9hwJ+Ut2VOumFWHEUqp+nxLxwJdCtA2f/YTNqJPLj3GiGJB+xp+dZr4ARn/+P5/N
-+DC5G6S3vMwKBgQCreWg1ShEBI9FsTIi/B1kHuAgZJDqr+qIGQ/1G2MI+Jyw0xKmW
-+wXc48vseKmvroGzgYZvCWtBYcjDd96kA8/gsJFGtrMWXMOgZ10YUOaLv7ySYJMgI
-+cFXPYBhMDDnzLutmhqbgdiFrYBi3HTa3nW0GLEglL5EB+8fwNai8g7pC0QKBgG6A
-+su3NGcjW7bDVMASf5HGY+XKwF85spcdCGMv+aeHs+fOMe+vGZv/jglkZKUocfP/F
-+yEVRZ8WePNn4kYZl+yVXFvKOl7DY+HiO1vqQRqxVzZWTleEMC95GkBL87t3YZPt8
-+BW4iceX+F8GPMDZSFCDMi9HdJZtikTGlPOLGuTPPAoGAAjVUGfbNqnpQv6aDpyWX
-+Szd2uA9TzBCkh1hf7x4+E/Wr0leTGgXVez9uNarfpnVfgHTDv+OYK+Qnrq+UEHQr
-+9xRAgXLEZWXPbkUakB1o7ZW52MxR6C1zZgitTZYVzeX0EMeWc+1Ujjwe7Qu3L6RN
-+kEI6l4ZQL9buxDhqXH1UFbw=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt4-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMEIxIjAg
-+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW
-+DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7
-+yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc
-+YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy
-+esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc
-+ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq
-+sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T
-+I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp
-+IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud
-+EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv
-+b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAiF/+
-+jEoLAFll7JZN9PioyP0i7EEYCCVc7omFaKnIV0A9ZfV/TlHBZH/IQKdUXbSPF6eF
-+4UwOQbkc2gwYEliNsU+rw5PANBEwPhCGKBIClWhReIzQqY8oTRxKOpq3cHd6hsab
-+P3NYRUtinFdoOGlUHQQcql3zYwD/guOvA/zG8sR58ed9Fd0gt3OnSEvUSiR4e9bg
-+gbqgSYgagIDcZn4kEJWVHQGj7lA4ot60X3VYk6vWSB/RmWqbmsGxzoNayGWaCw7l
-+CuipVdk9yi4eROoQAxWvVBDz+7Q9CF7j1PkDMYB+QwiXwNfGplOMAWv6nQUNJPs5
-+dIn/eeha7QWrqG/45A==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt4-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD7yQbYxTDmAxcJ
-+zHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gScYYqC96IrJRwt
-+g+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXyesNTqmUvUS6u
-+XMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37eucymsZucA6pZwG
-+iJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrqsjJunJA9U+5y
-+++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6TI3GC4vN3U9Lv
-+ZrWTj26DAgMBAAECggEAB5KFLTHJBbHkGHxY15xnEM1Y4zsJdE80QGTgOf3ua0Ws
-+mDLeA6+EkqmT7xRYlyJbzyQz2Tp/WxLTpR7JmupMcwyUPykCuSRs0zoJDHzGO/dP
-+TSOISCBUoacp1+Z+7Zc5EtDUXQjL4D9tyvqpUHKrFZkzp7TaOX6foYxg4TGluZxo
-+RDp6qlAOzZJiAcmavgqPpvfgbkNs4cfdh9yu7FDX2Orqa0pQNsPDWp2VyOkDEPiR
-+7LTK0OxQiHLdBbLvjiW34eElyJl2tJhCb08JcRrfbYpeS43j0rOcyDJQZX6tkpxK
-+BJwgWVwqwuKBlZyGT2inASNeqON1tAGWhz59cWXcyQKBgQD++LSllDv7fOZTRKgC
-+e+MGbkCKrPgjUr9NJgcrQhQ+kxE69E3p4iUtj/YTwIc23qxjuZ+jyG1wOFIULRYz
-+KjBbuyEugfmcgWtFWeJokl71IHBk1QUT4xlSSMvccs8pTseBCdVWIkPRIc4qeGRB
-+3RCPrJmmcvsJ7gnYPFfmKL1tRQKBgQD8zQflPYNLPgGPNaCbFiy0aCNYzvd+4ETz
-+3TsKbmITXnq3W2Mf80RctzasFkTxM4Kma2fXbDNt4Z26s2x12FuEg7oaKtGKZBy9
-+anmg4u4Cr1lk9BSSqlQeKsqQOp0mI3hyBW6v9CDhgCbMbKT6DgskwZpQjHLPf8UK
-+DCfJ2Mq1JwKBgFuy8rVCNLhj2SpFXO9XwvSDHm9BehSqI+cJMDbckw9WMTI0vvjI
-+vno+dk/wRDD1sKZFEicDZGihuNNMy9km6TF0gaCKWk1xNjVA+G6HheM/AW0iN6tJ
-+V8gCKl9kYyEGFjZQZQuPUziZod4gYl5VtSkW+EOmwqZ1l9DPEwXRzR7JAoGAAu2A
-+9Oe0eI+cRwNQ+9rS47f9CM9E0IRaaBSc1W8X1a+Xbj4xtLIFjalVicKsQ7rb/X9q
-+8XTAV7pwMDRZwjeiP7Oi2SC70oV8S7lK9VELfp53Q5MMFfLBDKRkOi1jmoh4oaFs
-+eb8zDkmEqYNsmbTF7kQLvHkT71FEf+xKHa1UE6sCgYEA+9bRKxPgngVA1qAhwrDM
-+jjODdUhrlJZDZ7oAVs/CelAO6sSXZ7Yqyujs2YonuQ9aUiLLA/b3b26XEqW/iMzG
-+onhxrQXGlsvqK+V5u+x8yBpBUj9KBw8RXBtdhPEl5iRIeQ17xKRi+9WilOuhwdKJ
-+dlpiKXP638lF4t5jvaCy28o=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt5-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDUTCCAjmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg
-+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEB
-+AQUAA4IBDwAwggEKAoIBAQCzgx886aURB161wWGRp4rr45Di4KhS/wUUSaHTQo5n
-+9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45D05MJVvWsz7M42lA8GLJfKIX90aN
-+PMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiAYuoGoT0gjOEqtoxyEu/buXgNMTdt
-+lZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206Umsna7uje5tBI3CwYy0OD/XVwnSEx
-+OgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//INa6g5ArJy6TCy3IsmE0hCwteaHKB
-+jcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3GjdSVbdZ6hNAgMBAAGjgZgwgZUwHQYD
-+VR0OBBYEFHecitO/eIltLUNkgT19Gn4TVkc2MB8GA1UdIwQYMBaAFAjRm/nm1WRw
-+oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn
-+ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEfwAA
-+AjANBgkqhkiG9w0BAQsFAAOCAQEAOBZXBSNNAAAaII+l4mMoeXCpvofbaHuNlJur
-+G+1uu5ra6VF5Juc5/uBa9zVQa2npe0kKOtx8xcI6QMQW+usphaUEh8t7AgR3efyK
-+bsSKPnGxXtCSaYZIEiwFyAFTx1idzZixEfHUHTO+LQUwNTskDGCWK46V1P1wL478
-+jXikGqc76DSmOXTc93asCMxCBIbHN7LLJIRhbUpiL2JrBPydzERPVoqiEZ9SWG4p
-+DB4T0hHq5FUUnR1Wg7yQoClhyButeB4A2eGwLjhpSeLeXo+w6ENlcm9Lp5rOhbOo
-+xqwgz6kUtU6smxWv0HruLT8Pq9hIKuPz6DWG/vIpiSLwz4B25A==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt5-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzgx886aURB161
-+wWGRp4rr45Di4KhS/wUUSaHTQo5n9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45
-+D05MJVvWsz7M42lA8GLJfKIX90aNPMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiA
-+YuoGoT0gjOEqtoxyEu/buXgNMTdtlZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206U
-+msna7uje5tBI3CwYy0OD/XVwnSExOgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//I
-+Na6g5ArJy6TCy3IsmE0hCwteaHKBjcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3Gjd
-+SVbdZ6hNAgMBAAECggEAcNWYiwcptFx3kbNuCsnPLpqp9ZHU++ZEYQ4vY8VQEdTT
-+00n4Ep+ttpWe43HxwYJOktKb5Yf5p2j6Sa9vPbm10mx0qwC+pgzza0al9H5/oEN2
-++zxqw6Z2u5d3XmxIiUsGdly6xbeRBZrLq1eBVo1/CLjEx75a5VE151zbMx+egYge
-+xETVRushMINQwkMbVUQp6MLX+M5eqEP8c2xyzPVEtxtxpu4yxZWbDuFezModhdvj
-+ncV0QTBvlvB5Eg+4CeZiOvgu8ulnNUJsYGvMGCK8b9FwJhpM1CVtmw070CnRL0hx
-+6Xrhgw26oAUmxWkvzzXsgwxAZFJMpM5Rg3rwrNDzWQKBgQDnR9FIh24gOK6g9dOx
-+i/LVKFZ1V1/HVXTXiBjPHwecNkBXLLlgE46fxSHd1mt1yoHnyp3qOXbCIsqnk0S9
-+KyMN0y7YG0P6QHxdrnhhr2zsZaVBEoLXmBn7vp6M50xt/Je4qvOGwkPTrU2Uftil
-+qMIexti5oO/tOksmWw0Bm0R0WwKBgQDGsthSr9y1zpACJnu9rdMkwqZoxn8n7CPN
-+y2L66WSpCopBKighfvn9ymOkV07TdcY9PEo/Yb5G3jT23trY2GOd6EYTSa0S8yDt
-+lslXTzZJGAK+RiMf5zHBwIS800XSBqXCjL+yJ3w0sQd9uRcQr8XjIJLZfbT10sRg
-+1jQBMK1WdwKBgQDJdsXXaCGF79ouW/ULs9zT0U9+552HBenB1cvGoEEA0kE5rrvL
-+9T1H73CQzTbOZJjEULs+TNAmTCg70Q0Pu4PNhyhHF3kfhQzQjipO7YD0a5aIGJfh
-+NZ1srZ9vHgx1wpJnSoLX4GE1AsGRmO0fYOG37X7cNFTLUPwlbSrnO1lmAQKBgHdR
-+kJve5X/7wfi4mVgnGQMbLIkAof0cTcfYGeEo5HyqSqmlIiIzOPYRYlKe50QOlnPR
-+T5jOHlA6Qb35x5uuHewGPoZ4mMknXR+vi8q1U5kDJSqTvaX71KJP9KXbjTL5MPMq
-+SDc4hNqzcBcsXdB0bTXeKrEWTuPLpIeuOd55F64zAoGBAMooy318nDZ0c2Qek3/N
-++SN+cG5tLH7HjbI9C4XBYVbxXHIvg/nSzFRxBbC2ZFetJ27xvweM1J/Clk7d1Lvq
-+PM7fcVgcc+ccHNM7KX77k0/J+FJF1uNsj9Rgg2TFveLKbtHfmaZd31k1HIYhSS5E
-+a0BZeU4ZpKQJxpf8YbXbPi2Z
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt6-cert.pem
-@@ -0,0 +1,22 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg
-+BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy
-+Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v
-+ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv
-+BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
-+9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
-+7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
-+6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
-+jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
-+1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ
-+MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD
-+VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v
-+cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a
-+YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb
-+JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB
-+2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb
-+WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk
-+zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By
-+GH32QmEN5o5jZQ==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt6-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv
-+BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
-+9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
-+7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
-+6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
-+jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
-+1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3
-+UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq
-+2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH
-+/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp
-+rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+
-+b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc
-+kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9
-+x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1
-+HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU
-+fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec
-+hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2
-+eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD
-+DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE
-+48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh
-+F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9
-+p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb
-+iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75
-+4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z
-+ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo
-+R1UfsJugW9Yetsqd9WB6q3ln
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt7-cert.pem
-@@ -0,0 +1,23 @@
-+-----BEGIN CERTIFICATE-----
-+MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw
-+OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj
-+AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA
-+ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A
-+eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-+ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg
-+QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9
-+GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh
-+1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi
-+Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf
-+UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ
-+2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw
-+CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv
-+bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB
-+CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY
-+gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az
-+uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O
-+WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE
-+phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex
-+IL5WuKFm0XSGKTX8SzyMGErMGeriveL2
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt7-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP
-+Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk
-+l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7
-+dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv
-+OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb
-+uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3
-+3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB
-+We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF
-+jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA
-+mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul
-+mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk
-+yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH
-+NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM
-+oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3
-+LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET
-+GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2
-+uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS
-+CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF
-+M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+
-+J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4
-+Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3
-+t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x
-+s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt
-+mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8
-+M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA
-+cZtQWiEyaf026DdR8YBYn6tf
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt8-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
-+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowUDEi
-+MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgODEVMBMGA1UEAwwMd3d3
-+Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF
-+AAOCAQ8AMIIBCgKCAQEAp5T7voqwIiauadaESOe4RMhRVU9tHp5JZlz1yJ7ZYF81
-+PJJ9XfERTCJQow3BNRbVeXEyI4mvMMcuFwd5cKqy/gP5yfEV01QbpqACKhIK90Nj
-+9fM2QOiYE81FmvQzP6j7QFYt0E6J4kupvj0D8Z2Nri0kXDGe5+hbgLPkZvnh0vvJ
-+Ck7AEQ2iqO4Npe4uHoDx3GXNo2Jb6BKNf+nMsJPLo7sqUuZA0/mFDVPNRvKfiq6b
-+ObFUdbY/qPVPHk9VBWZuO9etk35G2yTSQ9KiGRNgcoWQAozAyLRx0yECHZEbrZ5J
-+JFuPXO/r7saqNuV7L8UpR0Z0SpyXKs7suLGBpYnO/wIDAQABo4GbMIGYMB0GA1Ud
-+DgQWBBRkrc1ZEOlR+93o/6EPrgFeM37AsjAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm
-+IFVvC/wUFdejsjAJBgNVHRMEAjAAMEsGA1UdEQREMEKCD3d3dy5vay5nb29kLmNv
-+bYIMd3d3Lmdvb2QubmV0gQ1nb29kQGdvb2Qub3JngQxhbnlAZ29vZC5jb22HBMCo
-+AAEwDQYJKoZIhvcNAQELBQADggEBAJ/gHSUGV0LahCqlFzhi4iP5JTleZlhsqOQd
-+S2I6KV24gC+Hz4NHv4XhYv9mqZbivNSpf6+TV+77wcncfmkeAGqYMVXVt8DlJ7co
-+NiKJZu3e2InmhLm5b6cYRidPhPEM7qYpxIhjpia1v7U83nNWvwEITmC0H0Qp3Cuf
-+dv1EjAyGZsER05jBsy0qqH/64+djqd92zKNKCEaWXkTlC1XE+/PbEb94X8YbQaUn
-+/wpvioqQ5rv+Bk2Jss23DDh0zOdWrCbKPc9BfsWCfLZYfOAyn5iH1vNdCVd85ggJ
-+YyHBQ4JiF/uqkHZ7iQJ1QinJIJruAsC0BV0S3mdGgGQAmTT3m84=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt8-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnlPu+irAiJq5p
-+1oRI57hEyFFVT20enklmXPXIntlgXzU8kn1d8RFMIlCjDcE1FtV5cTIjia8wxy4X
-+B3lwqrL+A/nJ8RXTVBumoAIqEgr3Q2P18zZA6JgTzUWa9DM/qPtAVi3QToniS6m+
-+PQPxnY2uLSRcMZ7n6FuAs+Rm+eHS+8kKTsARDaKo7g2l7i4egPHcZc2jYlvoEo1/
-+6cywk8ujuypS5kDT+YUNU81G8p+Krps5sVR1tj+o9U8eT1UFZm47162TfkbbJNJD
-+0qIZE2ByhZACjMDItHHTIQIdkRutnkkkW49c7+vuxqo25XsvxSlHRnRKnJcqzuy4
-+sYGlic7/AgMBAAECggEAEnrYZAOxNqLjWuKABfYfmN4qMeknVFgKKhKYO/5gZEM7
-+gKl6z7A0wxuJnuF2a99PvSuhZs/ZFNzyFTIKz0TTpjVUB1Phn0NIJVDBzFffA7NX
-+w5iFZBUCKDTbtyG0wRFmW4rlVHJEvEKxvjvGQo+oPwvVVaFXL6Ws6X1s83oc0AIs
-+U3NKt8Q69o5pMHUo4Cv8Lgv41J2dfmxqf81FPLPl8NO+E5zV8OKT1AEisYh98P8R
-+l7E6qWdPVv8hbqmtpXx2rDvUdooaNZPBczjbb/b6zdqxkR3Weu6xBFKTIJAsb7hi
-+QI/DNxRTKnlDt8QFZi37KwkXAtSIQb7rjZ2OVOGfgQKBgQDQs5+u1ufRxi65Vw/8
-+lkVjuB0L5+2Z58HlNrB8+iXqh9eovph17Y23ADaCUGEgEUyK3SfA2SFaj0C9nGtf
-+SgqI2btQQm53sYq/MDNxKf9f0hJ0K0EK0LVyyl4fmGTSexrz+sEYPmp27/RhFSAR
-+f+uccT0lI/V1V8NKkSKAK30zvwKBgQDNj7FK/+ER7e1+gE5CWKEimOPys3hd91Il
-+2hNWOzllPtOj5C9qayG18XNYZm0+YqQtYZLhV5REMxY2sNtpfMxtqkjUrZnuaqy0
-+thhQQP8BRS7eoyOgZ4lAvizsroAqvM9Hqxu7EMspBVLvKDoyGf+L4QsvWB6A7K9q
-+4EjDrx00wQKBgCxh1paG6zuoKq2Nfz/W8SC4uaybgOLW71wAWl3pkICkrM8c4S1K
-+/HUrXWwvDciVBTMOvvJ6+mXYywrHpenYxA7ARt5Vkkpv/jKUXIw3QzCsavI7dJSJ
-+N90Wfhe3/9DnDx9NdxzhwSBT/SNcK7qs+n0Fc9xfHkb7B/Pmk3CwTurfAoGAKlf7
-+MXPcLRFR5skPVeNj7fiInCoUFWco6NsvOIginpR+jDgo/EbtPslp9T/EKSGwqBh9
-+ZSXhSNstLD7qM6Sdh8mYDxdjqhUXVnJcN8vru5tAuGPqptQtFcUXA/o+NI+IMz8w
-+Cyy+bMjH+LPUqRVp6qqE30/LmMsop19kHcsovQECgYEArGQs1WwBCkKCyjAbUOXF
-+m7pTgqrVEA/+ACrB2/4lCNgBwRvo2/b23pceEIekfcfzlJnsy0i73Jbh6OV5yk1N
-+Glq+druyWBpK6Ao9emVeLWBJVinSB7WMZ2XPPKEUHVQkYSN0rMuBisEa07lai01E
-+RxbCxTFtyUMpmWzDwgiwPbM=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/badalt9-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0
-+IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowUDEi
-+MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgOTEVMBMGA1UEAwwMd3d3
-+Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF
-+AAOCAQ8AMIIBCgKCAQEA9Y+SgizcSJ9TIHvJf0k3cnBDWx8xJKurrmpiuvQMl1YY
-+lzmI4Qxojr5CRDSvCZh50xtF4CDMXW1MnTtYelFhfSmQ09M6lyfjMF+hrYTFkDMX
-+Rz8WhtN6/YP80xuy7NuhsA00/hUJKqsAKT8ggwlf++0e+L0ELiu9dmB46zaxWzr4
-+z+DigvrA+O7xrpiD/NscLNK02uIURKPKqlPL5LxUenC9ROFGNAIYJoWzsjxoVD0D
-+X4bf0COBRzGlLFUHN4FY8LBwGhTcQ+hvsYn0JbT913daX46BuEkrT2V2plCsFDXz
-+TOtKAHEBm/U4slrp1F3CPsXeqdqnB+3Ktaj+UQ5ZRwIDAQABo4GaMIGXMB0GA1Ud
-+DgQWBBSauJ1kxBbvxrSyMER4Eh+hEnOo/TAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm
-+IFVvC/wUFdejsjAJBgNVHRMEAjAAMEoGA1UdEQRDMEGCDHd3dy5nb29kLmNvbYIO
-+b3RoZXIuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA
-+ATANBgkqhkiG9w0BAQsFAAOCAQEAGrRJCrSxYLrkJ2MUyaMmJTrhfijIw9ZdYRLx
-+lkCeW+i6qIV58JQKZeRQVVRJSUEV9OGWn6/46xZZdZWpJIab0EtoNHlMQoB1xni/
-+1D8+gyOdiWy4jgg83arMMulre37T256vOGtNOu7PpDQCoPWCJkb9xuMt3RJrK8N/
-+tFYB8TvWATtY/LGzk9Tmm+C7hNxsWx0l+ewxlqdHvpc7xwXuf8u7Ise0JkCDi8NY
-+z6BxnUyWJ83G20npGnAWXJoaXNDcY0H75dGni3WcRPTAayboEr4xjR9Xqiu3bzlZ
-+eVdPGwLwbgkvj7NDCQDphHl0HseTUToHGJrVj8dbR4lV10gogA==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/badalt9-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1j5KCLNxIn1Mg
-+e8l/STdycENbHzEkq6uuamK69AyXVhiXOYjhDGiOvkJENK8JmHnTG0XgIMxdbUyd
-+O1h6UWF9KZDT0zqXJ+MwX6GthMWQMxdHPxaG03r9g/zTG7Ls26GwDTT+FQkqqwAp
-+PyCDCV/77R74vQQuK712YHjrNrFbOvjP4OKC+sD47vGumIP82xws0rTa4hREo8qq
-+U8vkvFR6cL1E4UY0AhgmhbOyPGhUPQNfht/QI4FHMaUsVQc3gVjwsHAaFNxD6G+x
-+ifQltP3Xd1pfjoG4SStPZXamUKwUNfNM60oAcQGb9TiyWunUXcI+xd6p2qcH7cq1
-+qP5RDllHAgMBAAECggEBAJYazkcOnxUxd0HrCU/qdJ9aqoG//m1ZFxgF5hY76ppz
-+wZJnVBmlWSCwgpdo0Pp/nzCBgmQwCFyv3F5ckYgryPkWeHZTr4QImOLQAmesOowb
-+/wXJNb7y9UKU9O4jB2usEhko6ZTLTRAs+Ws9MGWJTIgV+ZG5ER4cFLOQ4zl89Es7
-+/Z9dQFs4c9SqLfyEY3kbXqSQ2uwbUPvZxk22gEmT1OPJGCLAV/fVIaHlGMwacvDV
-+W2xqNd+uhkqm2ym5u/ROKOCg0jNDkbyHvfTaqCuM1um92nV5kE+JdPiZvAF9XYsf
-+BDWCaYZW7b97drptp3LOCCptjNAqXc0PH8inVvqbjnkCgYEA/jK6BnXM4lzlLUPt
-+Bzec+poqyS6uUjP81Ug5CRP5kr+H9GkpBT3iUIU73S+F6Tg6YpobiSP4vpp5kB1p
-+iZxApte404EtVtOd1M08fx1rQVnyc8RjDENvYQk5hefOg3DrJ28iQzN/c+m8tHfb
-+OjBp90PFDGSsVvvQjJlwtB5oj+0CgYEA900sE2hBGpm5jXgER7CaahcDnHp9qSlB
-+lsQYDTDu751V11iRyUVUqZ8IzmgOu53vXbuCpfuQO0H2aFhbe16fCk223eLPJHWh
-+cGl3FUeLi+uwShMiRWAikMSQ/fUxoOfeal+N+VgiGYZtT7u2s1mpm83/mw3J/gaT
-+CQI19A67H4MCgYBX7xZZC8EvgTEqYngJahycuF4asFJPT3qkEVLhqA5KzITscMBm
-+9sxmTGC0GC97yR6xY1wpKc9vqCJrTzFmEC5xSOjACcy0X4oWxlSqKHQk7Eep8oLN
-+CDrsV3OVteXDpHlEb/ZrRtJNN8s2psuoqnzNs5zjt6PCh2PSb3YEaQyE1QKBgQCp
-+6VfzLZotkJkwXdly+B/f7FgK1w4nf7UUxT5RMeG4uD0WbEAeLYhx0lbWmiAlP+oK
-+WJ73M9RxIm0OXEbeiLB0/9g4s3Dm9/snpQ6wjCuQwyqoemT9jYOyO5vzINgsWaMz
-+Ktv9CVTEfNv2AF8S8vPZnLuV6O9znUjA08gGG2jtyQKBgBisaBV0L3zTllp/KxiN
-+rFf3u42XibhfTuiyaJtUDQftkvfW727nE4nTZ9Q7uVXuK4xdmihfA0htsMbHX7Jc
-+1R6SzJ8x8T/2HXsiHLubqbANWfOYxYxlvmfZ7/Bv1GhBIq4d7A8a/Eyz34j9w/xs
-+C34TbBAlm79KVANPHT+CJoR1
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/ee-client-chain.pem
-@@ -0,0 +1,37 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
-+Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy
-+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
-+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
-+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
-+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
-+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
-+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
-+iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi
-+l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA
-+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl
-+MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9
-+sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO
-+pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh
-+A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF
-+VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws
-+n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx
-+-----END CERTIFICATE-----
-+-----BEGIN CERTIFICATE-----
-+MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
-+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
-+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
-+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
-+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l
-+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc
-+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
-+CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
-+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
-+KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk
-+IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6
-+AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi
-+8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6
-+uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR
-+5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4=
-+-----END CERTIFICATE-----
---- a/test/certs/mkcert.sh
-+++ b/test/certs/mkcert.sh
-@@ -8,12 +8,18 @@
-
- # 100 years should be enough for now
- #
--DAYS=36525
-+if [ -z "$DAYS" ]; then
-+ DAYS=36525
-+fi
-
- if [ -z "$OPENSSL_SIGALG" ]; then
- OPENSSL_SIGALG=sha256
- fi
-
-+if [ -z "$REQMASK" ]; then
-+ REQMASK=utf8only
-+fi
-+
- stderr_onerror() {
- (
- err=$("$@" >&3 2>&1) || {
-@@ -49,17 +55,18 @@ key() {
- fi
- }
-
-+# Usage: $0 req keyname dn1 dn2 ...
- req() {
- local key=$1; shift
-- local cn=$1; shift
-
- key "$key"
- local errs
-
- stderr_onerror \
- openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \
-- -config <(printf "[req]\n%s\n%s\n[dn]\nCN=%s\n" \
-- "prompt = no" "distinguished_name = dn" "${cn}")
-+ -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \
-+ "$REQMASK" "prompt = no" "distinguished_name = dn"
-+ for dn in "$@"; do echo "$dn"; done)
- }
-
- req_nocn() {
-@@ -88,12 +95,12 @@ genroot() {
- local skid="subjectKeyIdentifier = hash"
- local akid="authorityKeyIdentifier = keyid"
-
-- exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true")
-+ exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true")
- for eku in "$@"
- do
- exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
- done
-- csr=$(req "$key" "$cn") || return 1
-+ csr=$(req "$key" "CN = $cn") || return 1
- echo "$csr" |
- cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days "${DAYS}"
- }
-@@ -107,12 +114,15 @@ genca() {
- local skid="subjectKeyIdentifier = hash"
- local akid="authorityKeyIdentifier = keyid"
-
-- exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true")
-+ exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true")
- for eku in "$@"
- do
- exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
- done
-- csr=$(req "$key" "$cn") || return 1
-+ if [ -n "$NC" ]; then
-+ exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
-+ fi
-+ csr=$(req "$key" "CN = $cn") || return 1
- echo "$csr" |
- cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
- -set_serial 2 -days "${DAYS}"
-@@ -133,12 +143,56 @@ gen_nonbc_ca() {
- do
- exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
- done
-- csr=$(req "$key" "$cn") || return 1
-+ csr=$(req "$key" "CN = $cn") || return 1
- echo "$csr" |
- cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
- -set_serial 2 -days "${DAYS}"
- }
-
-+# Usage: $0 genpc keyname certname eekeyname eecertname pcext1 pcext2 ...
-+#
-+# Note: takes csr on stdin, so must be used with $0 req like this:
-+#
-+# $0 req keyname dn | $0 genpc keyname certname eekeyname eecertname pcext ...
-+genpc() {
-+ local key=$1; shift
-+ local cert=$1; shift
-+ local cakey=$1; shift
-+ local ca=$1; shift
-+
-+ exts=$(printf "%s\n%s\n%s\n%s\n" \
-+ "subjectKeyIdentifier = hash" \
-+ "authorityKeyIdentifier = keyid, issuer:always" \
-+ "basicConstraints = CA:false" \
-+ "proxyCertInfo = critical, @pcexts";
-+ echo "[pcexts]";
-+ for x in "$@"; do echo $x; done)
-+ cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
-+ -set_serial 2 -days "${DAYS}"
-+}
-+
-+# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ...
-+#
-+# Note: takes csr on stdin, so must be used with $0 req like this:
-+#
-+# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ...
-+geneealt() {
-+ local key=$1; shift
-+ local cert=$1; shift
-+ local cakey=$1; shift
-+ local ca=$1; shift
-+
-+ exts=$(printf "%s\n%s\n%s\n%s\n" \
-+ "subjectKeyIdentifier = hash" \
-+ "authorityKeyIdentifier = keyid" \
-+ "basicConstraints = CA:false" \
-+ "subjectAltName = @alts";
-+ echo "[alts]";
-+ for x in "$@"; do echo $x; done)
-+ cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
-+ -set_serial 2 -days "${DAYS}"
-+}
-+
- genee() {
- local OPTIND=1
- local purpose=serverAuth
-@@ -165,7 +219,7 @@ genee() {
- "basicConstraints = CA:false" \
- "extendedKeyUsage = $purpose" \
- "subjectAltName = @alts" "DNS=${cn}")
-- csr=$(req "$key" "$cn") || return 1
-+ csr=$(req "$key" "CN = $cn") || return 1
- echo "$csr" |
- cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
- -set_serial 2 -days "${DAYS}" "$@"
-@@ -182,7 +236,7 @@ genss() {
- "basicConstraints = CA:false" \
- "extendedKeyUsage = serverAuth" \
- "subjectAltName = @alts" "DNS=${cn}")
-- csr=$(req "$key" "$cn") || return 1
-+ csr=$(req "$key" "CN = $cn") || return 1
- echo "$csr" |
- cert "$cert" "$exts" -signkey "${key}.pem" \
- -set_serial 1 -days "${DAYS}" "$@"
---- /dev/null
-+++ b/test/certs/ncca-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-+IENBMCAXDTE2MDcwMTExMzQwMloYDzIxMTYwNzAyMTEzNDAyWjAVMRMwEQYDVQQD
-+DApUZXN0IE5DIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuWS
-+Ozk+X7+BorU9o4nDc9jhk+Qajzav6yRFpJFlnxL5I4Az3wQiHFwyDWkR58FKYFLx
-+adAahUYRIJioBwUhKEiMyJcT/Lr+lxioQog268nCUosqr5r3iaAQkXj9j49HXIdo
-+qD+hbMH/82IqYP7vpJl8yvjRCZQ69KJZOQN4F4rHtUxJYLLmmbeIF02uNNib5hiH
-+m3sdn1ic2Cxk1h1mHQqa5fPfKz2NSANKRYVQcOYiFSwroNFbgKo7++N59NGgYY0a
-+n5uz+MZh/10+PsRF7WFsxt0TdExv++mN1fFRkBB4fD7fFp+52Qef27lv37X2JT5U
-+C2gpXXUWQC8jJIijPwIDAQABo4HUMIHRMB0GA1UdDgQWBBRh7exLM2xCRHrP9Slp
-+oxYhlykaqDAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMB
-+Af8EBTADAQH/MH4GA1UdHgR3MHWgOzAOggx3d3cuZ29vZC5vcmcwC4IJLmdvb2Qu
-+Y29tMA+BDWdvb2RAZ29vZC5vcmcwC4EJQGdvb2QuY29toTYwDYILd3d3LmJhZC5v
-+cmcwCoIILmJhZC5jb20wDYELYmFkQGJhZC5vcmcwCoEIQGJhZC5jb20wDQYJKoZI
-+hvcNAQELBQADggEBAEFkGH/0mh93mMCWZ1QZOhlK48arnco0wjC5sYcVX5X/PoO1
-+2DmHFiyHmHablH4d8uWUt9A63Akt0ogIPL4R0I3nOkUU38A1geXruSJDlDVsH75/
-+MT7RVRTqJriVwqX6YlAVj2i0De20BLgyZiN3WaR+nngVC7JjdY+n1qskGByEWrin
-+pwDVdFtWBTPDq1Nh9sm3FewrfOws7KQvjf0Pj88PIrNEDZm9SR512eH7EFPMvHJv
-+7usU33GL34VRZAYtspQ5EwZbspHXe1FFwdhZLr71gChGeNpDfpqVDQQxhDNor7uQ
-+z8L+Xuh7FvhjFgCp1Mnd6VN1q2Pwt5sG8Z3i29Q=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/ncca-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa5ZI7OT5fv4Gi
-+tT2jicNz2OGT5BqPNq/rJEWkkWWfEvkjgDPfBCIcXDINaRHnwUpgUvFp0BqFRhEg
-+mKgHBSEoSIzIlxP8uv6XGKhCiDbrycJSiyqvmveJoBCReP2Pj0dch2ioP6Fswf/z
-+Yipg/u+kmXzK+NEJlDr0olk5A3gXise1TElgsuaZt4gXTa402JvmGIebex2fWJzY
-+LGTWHWYdCprl898rPY1IA0pFhVBw5iIVLCug0VuAqjv743n00aBhjRqfm7P4xmH/
-+XT4+xEXtYWzG3RN0TG/76Y3V8VGQEHh8Pt8Wn7nZB5/buW/ftfYlPlQLaClddRZA
-+LyMkiKM/AgMBAAECggEAfZqBDKMrkArDvUPIes9gfZU1vm3ul4kZ98wO6Ra519dT
-+zVTNOx+n5WVhdPxpd4uGmztG5a3Jg57AjrUbM64WKAtElffkTkD352AoOOMp3eNa
-+PwL4lzNLXP890CjTO9FMZZyr4hrO9FkQCrTkdojjnI6V4iUHpQPdFrh7Lz8/553v
-+sfbXW0o6jRtnN8jslLs7LQY+n0QQeLuvwrJGJRdQSfubtjTOYzlE/WZJmitJMi2X
-+0qnoVK5B91bo3NcdFxstSgv36RL5Txsas8PfXWrFzPxqgjPjlpw1xMrF5bT3rK72
-+oPB+/HunqIJc0OHHs2mi38Jea0yBCaJHzniAp2INcQKBgQDLjP5STKvu+SSZGpBp
-+T3m+i6hbmo1HzYZBSi9jJiyGB8G50G5rbGJ0c/BgjfkhfRhmJ5Ym4NVVgxQgrMHe
-+pFP5L4yDtspFwbRWuuYHoWFupUbqnZfksDHB5xQHFbJPFKBQOKBgM4crDG6PTnYO
-+2M+fNlY7IL/QTlJxUHYH07CPGQKBgQDCzytixBLPB/mmIZNhwyK8pyecu6tCEpBi
-+QiG/gcaLejXMwGieTiZQ/5sCG+oQWywFXqbPsgQ/gAlXsZ0yZ5GW7TTtsOGksnmt
-+W1+bxQQ3Pv99wpg/G71SLdK0em5lAodCT6gccqjbKRj23sRnmL+M2GeEGI5hsNyC
-+OFmyYisIFwKBgHLNk8cRLUu8QzMC834h8BVTKWJ4+cQMm/MJB08Rgb0adN37O7vk
-+xmbN2T5r9J45suAy5ZIJ7uiq5FhFd5a98gqyEbtcBhtv0+mywfh9wbkpCKVcuwWl
-+hnrJfNc+GnJVvNFiDroTdeIGwfiblSRsjjVK7TmuD+FJu1/jtJ5Xe9ZJAoGASHwP
-+N5ufJ/ter6r0jL6vsSQ8//twOJBxuq3CouAlwQYC+KFrC+QmK6M/yOQcDmPuGD1k
-+sgkZvYrlbwS+ad/Rcyfltr9G5iImVhOWmn4PGINPSzrZrTmkEuzL5q1bYCg1rb23
-+3oXnQEylZk3zJFzYgQ6QTb1ZVQ4arjVLYq1WN5cCgYEAxRBqa8ZfwlS5D6bBNgn3
-+DDCwz2kZNXG5U3wIw905NNrpUC55W33qcKe9UzoRZEOzuUjq3EL2maMrJULldLGy
-+g+elvsZhz7cfmestY2cnbxExqwrTrLWfA8s9Hyl7i9tkfRze5WfhNGc3kwm1qrVG
-+5zFZgtb/mTLnvQVIYCX9ks4=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/ncca1-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDWTCCAkGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-+IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD
-+DAxUZXN0IE5DIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
-+XjL5JEImsGFW5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rF
-+mChzN9/+LA40/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9
-+bhxlOk7ADw4e3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgB
-+VZfkoxqesnjD1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiO
-+XawU1QnkrNPxCSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTq
-+fedLPvNw1WPryAumidqTAgMBAAGjgbIwga8wHQYDVR0OBBYEFAjRm/nm1WRwoPFr
-+Gp7tUtrd9VBDMB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud
-+EwEB/wQFMAMBAf8wXAYDVR0eBFUwU6BRMA6CDHd3dy5nb29kLm9yZzAKgghnb29k
-+LmNvbTAPgQ1nb29kQGdvb2Qub3JnMAqBCGdvb2QuY29tMAqHCH8AAAH/////MAqH
-+CMCoAAD//wAAMA0GCSqGSIb3DQEBCwUAA4IBAQDRpRo9txGcsPsfBInz2ctvl37p
-+a7DcrFTSLltADj+7/80OwYBtdmxiU9OfuETxdq5XbkghlmBGrDswtGHhcoDnSugm
-+2n3Ov0YOQHYgStGYEsmXahjZ49Xlh8gzt9NBfzJIm6blBpJo845Z0cbzd1LdCgt/
-+ck83nGnLvhIEZ3nFrT2K9vWQ3UkrFMfR3gCZpu/2X3+5UgK9IpGU+crDcGUcpdoz
-+YaJka2w7rjw0mvQX8JtVBRt4xGRRAXXL2YA421nIzX7tKLHngYp6V9zu7QE2G5zS
-+RewAXU3TERFQi4bF+N9mmwj8z9CYClRH56uFboGGBEGSulsbF5C4DB0p7dbl
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/ncca1-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCXjL5JEImsGFW
-+5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rFmChzN9/+LA40
-+/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9bhxlOk7ADw4e
-+3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgBVZfkoxqesnjD
-+1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiOXawU1QnkrNPx
-+CSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTqfedLPvNw1WPr
-+yAumidqTAgMBAAECggEAcIZCclQYa/eO0tW72ZppdrsEDQWZyK8yn33Y14TZIZnh
-+Go9egumcRC/I2gtW/dx8NtqpCFMfvTFaJDnfkdm2KQmba04d9tsk+BgbqPkzD4X+
-+UPinBI2OVma2Z+eXfQZ9/7lgfQYtkyjkHuAaLxe59fOxqUK7iIgkrpa+xDc5bvkR
-+v3e/ipJ1lrLn7aaQUR87wIkG9hs5UpRHiTd8PgaVavX8SdeXsOChv89owIKya2d3
-+HCZiFVPwHrn7FVmDD41sllC78r+qvsyRs1j9aU5hGk8XlslxrYehphCCUHTUWRfM
-+Mc6iSzuJyHFj1faOSs64eab5FLWp612S709vcfhSqQKBgQD7ycj2VhoPII6sko+k
-+iUS0hzX7qC17cP4RmqGKbyffNW0L5B5+XmqBrw13duSv7O388F9P0+ctxbLgg6ML
-+2r0PxkNTNISJim+vWbwMAFevJ9mzsOMRaPZKqx1MghWJzjR2LdPD5x9nHrYi7uUC
-+NJe6R6pjtPCSU4yMLgu0IOEm7wKBgQDFnocCLCNiHwaJZ0v1wgSpQmYcE6MOKp+1
-+SqOAsWwRtEgMQFoAEC3gGotm0BYF0fwSbM8XFFWqO2NITSV7b8/RkADocvvHWfQN
-+d/ETJy3iL1UZgr012jwa91VuhL4XbqON+CAZSgwmVnOhTaXg1imuorHrwR6f1JzT
-+F9EQhiqmnQKBgCmsYS2cXJ3KVrLrYwjpi0yR4HZxhG2c6wBA5qHB+ghwkEbaj818
-+lQY30fPG4tzXSyCFLFFLEkU6JnwQbYkFwCr/Np9r3s/g8NFF+eDGobykzNx3121H
-+QRRks+m40hXH4lj5Bsay1zi7FYw8m/y8daxoNiRgizy8xVNiP5+lnX5TAoGAQ4bJ
-+50ohxROI7kanxBBJ+3Q+4/Up0FtsO0yH1h/KJ7qMq/MJTeA5bMxlOfp8q/x2v+0C
-+ToaaRxMH99q0phsszhUA2mz/77yjEj8b10mZ+iHmWFM+SDqMM0K0pJEjS2p45LgW
-+b83HnQoJdOLNfahwkcXyOfbBeifydoc63wSZalkCgYEA2gNC+Fvtzv/Zm6yj6M2j
-+RdU2Ncbi3fAKCiOhTcsXSWi0H7IYi/r8Su48946X7GTLgZIFM4HlGbQaStX5MUbJ
-+BjtOyYaUGjzH/7KKiuyuoLVuWWi4llV+Xigc+WSqO5X/DUmjXA9ldbB5/vcDiHk0
-+QZ/pla7vZ4cbNPFd2cFHk84=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/ncca2-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDSDCCAjCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-+IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD
-+DAxUZXN0IE5DIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
-+Dg3FeyXgtP6MAYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM
-+2LATVNS9UHybb/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTl
-+OeUAj7Wd+a2paAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqw
-+PJd8X8nMtM320ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUn
-+CuYevJJwkfiHeg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExV
-+mlM6af1eIjgLhKGAd9cZAgMBAAGjgaEwgZ4wHQYDVR0OBBYEFLoDn50GJKRX5nP6
-+9ToJ+bqFzKn6MB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud
-+EwEB/wQFMAMBAf8wSwYDVR0eBEQwQqFAMA2CC3d3dy5iYWQub3JnMAmCB2JhZC5j
-+b20wDYELYmFkQGJhZC5vcmcwCYEHYmFkLmNvbTAKhwgKAAAA/wAAADANBgkqhkiG
-+9w0BAQsFAAOCAQEAlqqhiquvukmLApryy5ztoy3bGtF6S6k/MGAZAf1ndxpdhHNX
-+vQmjSrFL2IPENwTrPd5T1Muf5C+ZfX/NOf6QWoF3kbD/98K1vfEa6C+3fgsflUQu
-+1Tu20ItN2C7VkMawOhItxBXU9nLcIULUJye0dRC+xvh1ECHiLBh45y/fG0bdZGpd
-+/NajC+1FwBGI2k62mbW8KGpNDKeJWwcDe4SsMs70Y3JybCj5PNO63JF6db9yZGF3
-+2esHfYJ1NQTA9oRsOztlf+PQADQx/HoCJ/BhJSuOcBL/r9uN+YQUtBzG8BKGODE3
-+aOrnkbDctDI3zZXUADTidBVxO5HzizGlRGodSQ==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/ncca2-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8Dg3FeyXgtP6M
-+AYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM2LATVNS9UHyb
-+b/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTlOeUAj7Wd+a2p
-+aAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqwPJd8X8nMtM32
-+0ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUnCuYevJJwkfiH
-+eg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExVmlM6af1eIjgL
-+hKGAd9cZAgMBAAECggEAT1t+5D87lL/MSzi5ljuCOS9u4a6qJK9ZJJzFfv5jjH0D
-+yWGYHsuHprMukHj+ei1yls06QG4j+F/mtZFljY2eJMVdrI3bA+ZJRevK3RoEDm0+
-+UKSDyc6scIOz2gu9Gv6NYM41nS8H7UpXxo1peGuWaQANK6XR0PO9fDni0Y7+a1vc
-+mTbiI5m2mKcYRgLmDBXzTGANszBdgGK9UxHL+Jx+j04ZdcMSg3b/OE1RAZr9zS86
-+2CiZgcEVdddXjQ0HufkeG7gozyX7Y4JulLuqLZiROyHiIv+8kXLyLi7MUBFuizKP
-+GdmJxGhYfbYVLU5KXsLjf/oakYroatxabonn4HnpoQKBgQD3zhL2dEuyhPwxpGHu
-+53hpZmNSbLj7pT441t4WwraoV8SyOb195yeX77IVT1FSctmYi2txXdfe1MAseKcf
-+8P7XuWchEnro5dE7sTcZ4M3uLMDsEFPkWyRz3Y+CIg6IjMz0JsByyVVa8f4Kjw9G
-+99ceZPd+M16YNwYgj/1GB9HOBwKBgQDCRiIlWz8BPnY6xltQPSC4AXffD4V5pzOo
-+/b82y6+aeCvzwZGcXz9ac3fbRkiOKdPa0b+mYm/ZTpO0XIMALkpsQRN5Jnt5UeaP
-+J3n7IAS13Gy2gDXuRrllXbbRZI4VPiI7gADzYYpu68sBnJwH2FC0w2l96Gj6woCI
-+POoClgfp3wKBgQCMLqWHig5wdM59/rHwBj2V0ngJXrvej4H9gX+tfIT8AnqhIAzU
-+Nnmtd8lUSMSGUbZKl0Q2o5HE2rHD9pUEer6PprBygxPIwIl2rS+wkf2s6OBSKoJq
-+wiyC5ymRwlZaZNxkma9wv/hrNE40Bu3rhbTJ2vAvEjxG+4mZzhrHDRFg7QKBgGCK
-+6b0WsyCzIZ3jpM0jE3ddg2xeEj56ULnSH4vjfMiOn4jq0Kmcy6bvasiVDMlZD+bW
-+BR9yG5Mp8UzYDGGyn1lcnYi/Du0jPig1vfCF4NFfUMcAv8xBaTBuecNk7RaxYeGf
-+otlPx7OHicKrSP69CJ5L3cisDj9PGQCbBM90L0qRAoGAcXUoDdI+EYBBqxIOXvvl
-+ZuSOyNPZHwcPw+918uSpuh1xSn/qGD6EdlsBRIxBGk1ztQDNfhOmpFiPSeCmFzhS
-++IEy2NMVWRoJTaVwN2UzpKfyDRIzs6DWTs8fJARNDWO+lp04skToFRPdY5L6RJhP
-+dl0yHofPTNUz2lLmMOhTOw4=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/ncca3-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDQzCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMBkxFzAV
-+BgNVBAMMDlRlc3QgTkMgc3ViIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-+CgKCAQEAu6gOQAcNel3NCbWCctR4Y4BqRNPbo6W3HpFyY+204kGimdNZvE2zkpfs
-+HR6PB7AHUvq+44+NN/l1J//JkT/9rFVoGDbb/L354US/iBJ3zjBSqeeXvofSmsvf
-+6+x6g9W7bFLETJ0mH+vjPQ2f3dS4O4Lc7W3HsldR/WUkesQb3+FsxBph6/84vylM
-+oSsScd/2HFD7lrt+Fk1DGqkMI10tl6PozREAxSJgSFLUtr2P15a7wyi4m5LBM4+L
-+YKMr/vuj7wFtH2BEwh2iRbJ2wYxxjKV42Hg+6l5XlahVr2rTpK6aP9R8spg+Og/P
-+A+d2shD3+q6OkglEyq9rRGa2mRZrwwIDAQABo4GVMIGSMB0GA1UdDgQWBBTwU4mH
-+3VYZwBnmIFVvC/wUFdejsjAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQ
-+QzAPBgNVHRMBAf8EBTADAQH/MD8GA1UdHgQ4MDagHzAOggx3d3cuZ29vZC5uZXQw
-+DYILb2suZ29vZC5jb22hEzARgg9iYWQub2suZ29vZC5jb20wDQYJKoZIhvcNAQEL
-+BQADggEBAMIXGpXdI4jpDzPkqJIoDtAC4KQlC8fm8nW/fEgfHiOZgGHsCkjcvpFU
-+4yQ/ito9qlV4d4SoWLQijc5eJmTvWQKvHfZNCM9nKWQCY/QDMMePT2UO8RLHjkI3
-+V2ARfrFv9NEQ8gd7u0dvsGivacE0vlIS480saVVnda54gOHh5RVe1/mr3EUqnQJr
-+RTothfmTcCH104SUBUB92gD9Cgh3NpvRS/sZI1pv3diUyw1QF9qszWfk1NPDan4g
-+hX6VBeHQ4n6PbZLhdbUawE1tVyoN7Q7siz/ybNH0Uj68k87q+HOIx99Qtihw6xoj
-+UhL2ht4Pmyhy3ACeEI2BTZESEzG/WBI=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/ncca3-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7qA5ABw16Xc0J
-+tYJy1HhjgGpE09ujpbcekXJj7bTiQaKZ01m8TbOSl+wdHo8HsAdS+r7jj403+XUn
-+/8mRP/2sVWgYNtv8vfnhRL+IEnfOMFKp55e+h9Kay9/r7HqD1btsUsRMnSYf6+M9
-+DZ/d1Lg7gtztbceyV1H9ZSR6xBvf4WzEGmHr/zi/KUyhKxJx3/YcUPuWu34WTUMa
-+qQwjXS2Xo+jNEQDFImBIUtS2vY/XlrvDKLibksEzj4tgoyv++6PvAW0fYETCHaJF
-+snbBjHGMpXjYeD7qXleVqFWvatOkrpo/1HyymD46D88D53ayEPf6ro6SCUTKr2tE
-+ZraZFmvDAgMBAAECggEALp/Lopbd/2gs2FuzpIoruzUdsiodKSS0QbELhc56obiD
-+CMsdQY7grex3Kqj8CoHu3+wS34E8Kgsd06lW0HLguR+jNFj1AW/GFPU6zTkhcSZK
-+c5Jp/lnKttEuunRP4E+LOJe70/k7jrTSCcpHzRrcB1U1RPyAoEvXwCiQDryI3G+9
-+jDw1vUvQTlb3u/0j798N8a13ahi2cepauOrxS/Si0fHt9LxOnaRfVJWyQ5hmyh0j
-+MFpAzpqGtI6hlq0HO0Kzu+zFIl9POcrMyAjPdfhIR7zC+pHsyOGXsRpRU0HKHQfC
-+ukImc9wZ9xy2/lQVwWJnjksaZfM6qVG5IOkpIUskIQKBgQDtnhkkGo4BlGA/yCY+
-+2Vt6dZOBEtJlqBVzL4Us0B5PLqE4L09r5pTil7pep8itM5u5Bn1zio839Q0iUDxc
-+omfViJA/y/eJb0trLZXKen8QUcVkBvB4VL4vVPjULcKCpWPNcop2toJDJdDZuSvR
-+DQUYvkd22MlBCg3YCVcDGPXisQKBgQDKLIB2sSwTph6XjBPnsC3br11ymSog5RAq
-+zXpnBczre1CT7dLixbJP6ISbVJwlDrvFum33r3hEOUDE5BZo2aVyQoZ6tPTmIfkG
-+C14xsnvyuGYBTWemd7dyt2rXbvZaq0a3U1IHxt/KQlj99DrSASyfKH0Hk44EZ3dS
-+wsi7Vq4KswKBgAr7dKQDii6ugehQwtvCxgSZ7JBZo1nJc/xX5OrWT6BPQmpLXXta
-+M+VpJ9b6ID9JFFhv4Vp2u/nVHJ9KYA/T/cKTxj78mVtDxpOUjsjF8pt5fAsMew7E
-+s+mSHtIHr2bEaCF1usqT0t9xnv6BHXJTDLpBCSKIEH0uDse+XsQo4ixxAoGAVjgm
-+TPf/8R0+HKkrb/pNhEvEUXQKaF7nxyk8EyWBH8fGNGAPOJDRG4zwyIGL2a3v3EJG
-+VYPqiUXVXmJbQDnZeeHvEfOMIXzJg49ji1Qv0fJb5iBJnM+fV3frQ5bZzw8OKG6L
-+JC/nDo2/AAag8yB3FCUjNRDzVuN9Grlg+6vaq0sCgYEAnpSh/EA1lxKpHFs8dh8l
-+qtoKzBZzBFODMp8avJVYUYI3oVjm4CUXKbMdSNgQiFjfWKe6I0vzFxhIBOEI+5JR
-+N29VMjeFxgXkD4qmz6qjCZr9tmJiiu3tMJfW13D94U5RKi5OFAzlPxtBLe+sx6nq
-+NXMk2XIx1ndW+uWUjtU0EQc=
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/pathlen.pem
-@@ -0,0 +1,22 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
-+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
-+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
-+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
-+FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-+AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
-+h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
-+1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
-+mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
-+FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
-+iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
-+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
-+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
-+AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
-+dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
-+xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
-+2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
-+8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
-+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
-+CA==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/pc1-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5zZXJ2
-+ZXIuZXhhbXBsZTAgFw0xNjA2MTgxOTU0MzZaGA8yMTE2MDYxOTE5NTQzNlowKzEX
-+MBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNVBAMMB3Byb3h5IDEwggEiMA0G
-+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeF5hc7UW6KtJ/26YrZTeG5Pu7FrPd
-+9W58Wq/xpll8sg2priHgomhwFG+EtBqxP/qfGQADwCBpynm+bxngsRX94+puCbdp
-+DCRV19vZNfrrdH57PbUmujQfCAPuWnGye7TWbtilqkgJf88yfI+0Y2qmGWpvl3Pc
-+ijZVbNxEan1FKkB5v1E25+UCDU4Y4nfyJ1jtqSA6RJeixCUE363iLanJL4Ph781u
-+/GUhICeqj6oKdPzEmnzT9Udt8APpS2pfIjhfcw4w8A+pFXf0HsezGdcodiZqzs39
-+mdmS8cmMk77xJ8BIOlT484Jg/bB9PfBfEB2LXO3jz/HyrRWQVHgyF2ONAgMBAAGj
-+gYowgYcwHQYDVR0OBBYEFNOib4aG0AVcbb7pbh224iVD3Jx8MDUGA1UdIwQuMCyA
-+FOeb4iqtimw6y3ZR5Y4HmCKX4XOioRGkDzANMQswCQYDVQQDDAJDQYIBAjAJBgNV
-+HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBATAOBggrBgEFBQcVAAQCQUIwDQYJ
-+KoZIhvcNAQELBQADggEBAGCPfyKX74TwnX7sakAKq+IY5qbFnUAupiACsoqNyf2C
-+J6/wsAHz51SA69UcOmQsLCtBzvr11Mh9tFG6uqAquMifP6Cx3274sHCglb5BYFQX
-+eOwSc30FyaqUZzCWKHRjuzdBUUplS2NVl778xLEbWySLkpHehp7Hpj6mBT9lLNyw
-+6L2ZXJcBmxCSB6+aKJ0v4h3wrTNkbYh1Pz9sQqKMgnK+dC5xNmQWWzaVnAPERmbT
-+/11HRF2cGE6OKVmPrksI2NVOe0S0BmL2UwIeO1mIoQikJlOlCsa6QHS7KNQKGtrV
-+0Z/z5ahapEq7+wlyrw+lsZf+rBKFzwbowl1K2YJva9Q=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/pc1-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCeF5hc7UW6KtJ/
-+26YrZTeG5Pu7FrPd9W58Wq/xpll8sg2priHgomhwFG+EtBqxP/qfGQADwCBpynm+
-+bxngsRX94+puCbdpDCRV19vZNfrrdH57PbUmujQfCAPuWnGye7TWbtilqkgJf88y
-+fI+0Y2qmGWpvl3PcijZVbNxEan1FKkB5v1E25+UCDU4Y4nfyJ1jtqSA6RJeixCUE
-+363iLanJL4Ph781u/GUhICeqj6oKdPzEmnzT9Udt8APpS2pfIjhfcw4w8A+pFXf0
-+HsezGdcodiZqzs39mdmS8cmMk77xJ8BIOlT484Jg/bB9PfBfEB2LXO3jz/HyrRWQ
-+VHgyF2ONAgMBAAECggEBAJtfoTUjVPYlBAD5RRU9QxdmkSlMpLYucsnw7x7WWPi+
-+ncL4Cv+VXoNY8klAIUO3F3+puGP3PWP7xS8uTgaQxIZkq5A+KG4rqsJbhgyyistC
-+ENTazuEi+/rLi+GELl42SoK9KluXQXlkjaSW2z10v+pC7GKEPTCw/blzZgAvkLKZ
-+ykQgEEyKf/kNR4+exiJqdBi8gp0cB1+WwBYqYitNKahhf9sFjcLWhj8umYN/+Hb4
-+6hH+8JMaHm0G3DvBUIGTkuUQVZB+BkOG7DRivgwNCFlUqvA100JGhoVnBoqj2pan
-+eD7TtJfIW7UMoXFr0qCMMGvUXnhJb2v01oxpQTfBLEECgYEA0Ys2RjxUAQmh8j90
-+jRV2dI/zL5t1NXxfSTn7JmLp2r2SEWfxiXwCs2bly6J8Xr07bY8DeM6+NfmQ7en1
-+pdwxorIROhXRI2X6ZIdIfLwRw+l2TrQVzqgSnUI8GnU3gy57m1QLrcRW9Gxv7r1j
-+DjlRMtf828C7oUd+2h0rXY6DeMUCgYEAwSQ20OJy9qDvT569cOMADgvZRKjU0ZLd
-+2ER40WakK+6gyvSkUYpdSK5722xMo5CAFmE35xn5r/JX4QnIK3DGnJcm0e68GtyE
-+qh5YGXqTlnvgl/+YxBjgrvL97OWKtvof/ZjGqF48sNB4trMz9+80M5oBsr7ZjoPQ
-+1B1mFTi9nCkCgYBojLgQxSr4tZCq6MRDXHEU6XnhyAPsItj8FUTdOz8JF8rYim82
-+NLy4PF/tgW3iazJKkK+fyC+ZiKKqQjCBh+LwFT6JJ7eInOoY3HLrYX7PrB2OWUYE
-+LVHUSuboIJIJDtk3f/Cvy6XDIJOcn7vbrfd4kdGk5332k1CUjTdE38VzLQKBgQCl
-+TbRoxVd1xDnuIEOtSWuzmeqDvCghkpyyy6/IMRwTybHu4sF8VHsQiN3S5/cUCsnF
-+3cE112J/d2BFZ9TdcTFbtnZwOO7f4prc6wmmDOYiZrXMAeOi+lPbCHfR+IfnoV4d
-+81MbqUQyZMrcO7Yf3qgD/iyz6mpTcngaA2tqgFywOQKBgFigb4O1tKsK16HwflMm
-+6EQB/3TmdhIsoNEq6M6tOuV3uypze+97olwJMjsgIMxpIqnff55WLBmDjmoMZSoS
-+6juHCqmKWKwTZPHPdWNVUgMOGVHFjcCgQjuqWYWupl6un/CefXPleImZ/wrXee5w
-+f2DAK68puLIhIySfEIjrYh4P
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/pc2-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
-+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NDFaGA8y
-+MTE2MDYxOTE5NTQ0MVowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
-+BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDIwggEiMA0GCSqGSIb3DQEBAQUA
-+A4IBDwAwggEKAoIBAQDgpvzv40QOQxRy6qhowyMfSRwn8TSUX/tt9U92ij/HDurM
-+aT+89lLd6oOCohmXomg4t18Fik3yUyoKOi2Jo/ATV5ZYvhKOQzf4d7zTno3SsTSB
-+s1i9aNVnwVd9QZA/Y1lHtEUETIr94neET6bvaV9DHrtmVaEC6rXxbLmm6dLEcqEh
-++XnjoAi6PL/+U+RSQm6ekLEWwhwePUCr2QvGotjpUzDJngHCtxrVj6ZK8DPlgXpo
-+2CWC2l6uwlakxkMQkCQQICywMKsmyMVPWFbalUezRDl7S/J9ybZYK61aq8mrBYzn
-+tCaD3HwtjKmkAZ3tKcDfPidqwVtUAioBSzB6ztc/AgMBAAGjgZYwgZMwHQYDVR0O
-+BBYEFPg3PONgEnnZVF3tRrg4aY4hBGVhMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p
-+bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV
-+HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBADAOBggrBgEFBQcVAAQCQUIwDQYJ
-+KoZIhvcNAQELBQADggEBAJvmPj0eIOQEZSFrvbMEz5dp0udK+TIMKBmgPfCVrSPu
-+g5wArKY5CqFzrrvXb8FWHuAuP9KsXaqU+oqaTrRlGDs0sl6LWkvamz9FLDbYS2+d
-+9cGMdlEmWxPJg9Nkc557ng4b54xncyw+YQ/1vqkTtBX7w5Y4lFTOaZW3uq3iL1NU
-+v1TO5fCNksndgw7tdilbps2BLeNcEJ7DZyS7ESPPe7NX78RCKsDLSj7C9bMlKvUc
-+swUADTDhNTValfr2RQswlEPIt5qURe2vsvacQ701cPPwT+fgQj1N/XLFsBGTmnOP
-+KpT6Adh+uk8xTHv2BUg+XDRAFOhoLMu1hnloiH14FgY=
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/pc2-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDgpvzv40QOQxRy
-+6qhowyMfSRwn8TSUX/tt9U92ij/HDurMaT+89lLd6oOCohmXomg4t18Fik3yUyoK
-+Oi2Jo/ATV5ZYvhKOQzf4d7zTno3SsTSBs1i9aNVnwVd9QZA/Y1lHtEUETIr94neE
-+T6bvaV9DHrtmVaEC6rXxbLmm6dLEcqEh+XnjoAi6PL/+U+RSQm6ekLEWwhwePUCr
-+2QvGotjpUzDJngHCtxrVj6ZK8DPlgXpo2CWC2l6uwlakxkMQkCQQICywMKsmyMVP
-+WFbalUezRDl7S/J9ybZYK61aq8mrBYzntCaD3HwtjKmkAZ3tKcDfPidqwVtUAioB
-+SzB6ztc/AgMBAAECggEBAKMvCWpjZksJ1O/Inn5CyN9v5uDop+3jbqqn14ne0IcS
-+weGrzh2/u9/w+ohIoVhxI02XfZFzrj0Ixe/Z5LwndjtGkzJxFt952k1FBMefU5up
-+Ft/j2+DyJpoQajHVDyfMTcz1GHEP/KKA/5n/ld4wZ39E8pFaP/PzdCgjdxPUo0II
-+OWvNehyLqiOQseYsnWTYFGgBFX5Dr8/cZH8duaNTkGzr+/4O3KmF04lTYS2SPkQ8
-+8ospMX9a9N4+gDXF6KWlIJUEk4Xelv/BT7jygEz0K0bIcRGdmgFe57Rh9qTHxZrl
-+YkHh3lHC5XD5sWuOjoEu54jJdL/u1zfaK/jpQXKMjtECgYEA+eCIg1vBPKl53s38
-+Ch/nRuwmtu8qJlcN6aYBAdUn/Z95Qy5gKmL0hW7qJ5+kgwLJZEdLQ+xIHBdnWjdP
-+7VJ7k6NEsy/EQ2NOYBzxysvnyYSAwY1Wb4StPO9ejqb02LrY6gBNfePE/wpR1EqK
-+Suyzocf0x02blO8dQ3JaGn/IKlkCgYEA5ig4jtcKUzP2vRQ8tWaaJvLxP2fEzEgb
-+J+r1zLrdMqZvWwjhbdIbQRnhwjpelVKpxGFiOP91bf9+6qiX8q3TOar3tDu2o2Nu
-+yFNvExoqxfaD+IHfDo3KjTwohysbBXdZzqeOwL2N7HcQz5E11e0JDgTPLXtWk2UN
-+qeYUNHeXq1cCgYAmKXWP4j6D3jo/nePlQ/QVb9GF1MbyLg9w5Kp4ti4yXN2vNfD3
-+6D8B9euK+6WrYIyTZRQInphwud5N9+6cByHabW/7kcr+o7b/lMwUtcmDjFoBtW1D
-+ANdYXBJr5PG1++tO6ZbsKBIZBWFz86JlSPsyNRCcM60UNOSaPWenbmaKmQKBgQC8
-+qEt0CqDUAsxFwMjiiO/i7VEDADQ4nwJjfh1ta97VHcg5ftYKByd//Y8ofl/5VoEC
-+EDFLN1syhzOpdfjXW9TAeHwCqM/UrjSo0HtD1Tcqfh8/HHWSoHdfvegapCLKIELl
-+OkOxia9EHXUSL51JdbruWtLYHTmiKDtDAO2e9EjGkQKBgHOEZ0u07bCyz+EZHTQb
-+sWt1U2LztJ/cNSNqgVc4NTTna0KisjXBTbtIQeArI42GHXNBazE+KbApnHQy8f7M
-+DJIl2/70CRTfosDdSE6DnQk672BhJ4fr6Ln/VyvcATlcv34UYiGsDY3LCf0UTdjd
-+GsR6pGtD+3qErri9pbdxDvRC
-+-----END PRIVATE KEY-----
---- /dev/null
-+++ b/test/certs/pc5-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2
-+ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NTVaGA8y
-+MTE2MDYxOTE5NTQ1NVowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV
-+BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDUwggEiMA0GCSqGSIb3DQEBAQUA
-+A4IBDwAwggEKAoIBAQCvDPn1fctKUE8+aHf036mHkIEsWn0iNFl2K/qAOMqjqOvs
-+lj+zxhRqwj29v1Prb4ZYvjRrJ2GQdh7GXju4cP6wQKKHGOurJhYczcfqwAfi+21K
-+Bn4gmM3i4GESuIC6GuXWqw24oMZYBi5H3zsBMr2mobSQJV3gN/5jfGIEtZW3GqVW
-+iKAutNCbmV76NoRJm0sRzrFwyX1pomHCm9odwJQ0nNvyetMulY9tX9xYn01FLfiz
-+JS2UmyOYxkSyKOSsmGJDVK/mZ86xYnQygUy6yIiz2hR2yq5M1oeRYOEONwt9mY/e
-+ZVoIbquW28PEDQE6KtK/EYUdWn8482XQdRcdKmSlAgMBAAGjgZIwgY8wHQYDVR0O
-+BBYEFEfQwyLv6WIDOf9VQ/ElxxcFKkX5MEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p
-+bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV
-+HRMEAjAAMCAGCCsGAQUFBwEOAQH/BBEwDwIBADAKBggrBgEFBQcVADANBgkqhkiG
-+9w0BAQsFAAOCAQEAl93p1Pcw3hBbTTnm9oa9cOUvPBkUwLJmSJ1Il3HQQuLz5H+H
-+OiF3ePaa7wmGmMTwHEYtOvIhGO5c6zilVRint03BaXRizZcqdjDiHUgVcr11pzX5
-+F4ihFOF91c6DmUorRrtkjglLb/gAMdUE0eT/wukiMjJWgcw+O2EVxGjpAgRVNw/v
-+byYx4TPmvnnigqfMY9lVFKJy0g5Ovw6Nb2ff8ndSEZsCDB8XdNg2u07zYu1dM/vF
-+wpjsA/omrfXP3opH1ustvMQm9BPkySLRzNbIYHHRJX3Hkhn+EYzMmxv3cH0EEtn6
-+taj7Gfsp7TfLpfSgP/Y88EsKhQAWsdFt2tT3FQ==
-+-----END CERTIFICATE-----
---- /dev/null
-+++ b/test/certs/pc5-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvDPn1fctKUE8+
-+aHf036mHkIEsWn0iNFl2K/qAOMqjqOvslj+zxhRqwj29v1Prb4ZYvjRrJ2GQdh7G
-+Xju4cP6wQKKHGOurJhYczcfqwAfi+21KBn4gmM3i4GESuIC6GuXWqw24oMZYBi5H
-+3zsBMr2mobSQJV3gN/5jfGIEtZW3GqVWiKAutNCbmV76NoRJm0sRzrFwyX1pomHC
-+m9odwJQ0nNvyetMulY9tX9xYn01FLfizJS2UmyOYxkSyKOSsmGJDVK/mZ86xYnQy
-+gUy6yIiz2hR2yq5M1oeRYOEONwt9mY/eZVoIbquW28PEDQE6KtK/EYUdWn8482XQ
-+dRcdKmSlAgMBAAECggEBAKqEmXjp8P2S/Z5tZWzD8wB7Y1kxTHPlSsAyVvJQYBTM
-+mAT+107nxTu5uyr7FWRiXxxTK/y1f/SZG6FgagxhBbfrPmcbf3ZYw3GLgxLJvOT+
-+xpc1e+eE8gnvSKBT2hFv4jQarGMNOijE3JBmg7PHGbcYDivcOnYQFV4T6+dqe0zA
-+q2bLi/lko81Plunp7ev3i2ATjNxcYoannaTCq0HFxMLoOgrAoLqJqt8nkqXIY91z
-+phx1x13HrHyikhuDBDb15TdJo68rbHngDolHFC7rHW65+vp0emJDtdEkBnQLDa5W
-+a3ZeVe/xY0aaMPlcw//ZB8KMUD69VdCuiGXjrrHISAECgYEA2uIh82TIp+xG2Tk/
-+2uZS1dOCCEEkkBqqgKwH2m2fctTHGMnKJaxSTCNKPEIpxaTt6EMp3jlviOmdrPtd
-+pUS1OqkA99bzT8ZBEd8fg33XGCN5W7wvfo5077onwwJ+ocd//KJqQ2M6MioEp5im
-+6Z8cDDdGA6NI3kJ+G3+CwczRTXECgYEAzLwKVkfd7TNJZQ7Z0n2x+O8hPJAaut2/
-+qFIeItSBFo+ErQL8NnJPLMxBkWfVmnc4vFKc2bxgjz8S+cJCEucTrOAS7+ikP6KU
-+Mo2NjbzA4omceuy3t+3eGJdYE44nBL/V+ZVAt6F0TQ7rayMAurcLJurHMiFYQEfs
-+qAlsaYCiAHUCgYAmv7Wm8waaw7dfKUVmqTOs6v6wG2gvoqjgkpPpVVLO72A3wTFq
-+LfF7zRuNQ2FFvgboAUveLWjTYhgp0W4onds/gT/MoF7+lmhak5dunc6AVXdciBoY
-+W3vUHK6BVWW5minMPax2NZDN5KZiTSHvZd1/RCG+7x8tSbQthgtN58Z94QKBgHbH
-+aZ/hFgo1xRESaqFKN2TbJ4dBe6CKYlU/Pyip7TKvlSPjJXxZGUI+RpQbj7uMC6iG
-+rWVNex/gUhwA7eCVm76iSZpSeGhK5Hvn0AY5ShakC9rtVzEomb/enkTKJi0FNxkT
-+1HY0/4pta3u+1P9+jsPHVkXpPpAcqlpbDUCwVky5AoGAJgwr1pxM7RDQon8Mpjxm
-+XTJ36Vl+6dq/5yPBcKylQ49e5XrugS2trV1aSZKsiVuLGK9N8ND2N8OazxfpXbee
-+q6b8GAqWWz4ewe30FKo0ipL1SfsJUTv8lPKIGo8oNk4vsUvv/bLJHpr6+g2d8lCw
-+A0i6wzzrXUiXlynYm+VCKhs=
-+-----END PRIVATE KEY-----
---- a/test/certs/setup.sh
-+++ b/test/certs/setup.sh
-@@ -86,7 +86,7 @@ openssl x509 -in sroot-cert.pem -trustou
- ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
- ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
- ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
--./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert -days -1
-+DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert
- #
- openssl x509 -in ca-cert.pem -trustout \
- -addtrust serverAuth -out ca+serverAuth.pem
-@@ -182,3 +182,165 @@ OPENSSL_SIGALG=md5 \
- # 768-bit leaf key
- OPENSSL_KEYBITS=768 \
- ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert
-+
-+# Proxy certificates, off of ee-client
-+# Start with some good ones
-+./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \
-+ ./mkcert.sh genpc pc1-key pc1-cert ee-key ee-client \
-+ "language = id-ppl-anyLanguage" "pathlen = 1" "policy = text:AB"
-+./mkcert.sh req pc2-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 2" | \
-+ ./mkcert.sh genpc pc2-key pc2-cert pc1-key pc1-cert \
-+ "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
-+# And now a couple of bad ones
-+# pc3: incorrect CN
-+./mkcert.sh req bad-pc3-key "0.CN = server.example" "1.CN = proxy 3" | \
-+ ./mkcert.sh genpc bad-pc3-key bad-pc3-cert pc1-key pc1-cert \
-+ "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
-+# pc4: incorrect pathlen
-+./mkcert.sh req bad-pc4-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 4" | \
-+ ./mkcert.sh genpc bad-pc4-key bad-pc4-cert pc1-key pc1-cert \
-+ "language = id-ppl-anyLanguage" "pathlen = 1" "policy = text:AB"
-+# pc5: no policy
-+./mkcert.sh req pc5-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 5" | \
-+ ./mkcert.sh genpc pc5-key pc5-cert pc1-key pc1-cert \
-+ "language = id-ppl-anyLanguage" "pathlen = 0"
-+# pc6: incorrect CN (made into a component of a multivalue RDN)
-+./mkcert.sh req bad-pc6-key "0.CN = server.example" "1.CN = proxy 1" "2.+CN = proxy 6" | \
-+ ./mkcert.sh genpc bad-pc6-key bad-pc6-cert pc1-key pc1-cert \
-+ "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB"
-+
-+# Name constraints test certificates.
-+
-+# NC CA1 only permits the host www.good.org and *.good.com email address
-+# good at good.org and *@good.com and IP addresses 127.0.0.1 and
-+# 192.168.0.0/16
-+
-+NC="permitted;DNS:www.good.org, permitted;DNS:good.com,"
-+NC="$NC permitted;email:good at good.org, permitted;email:good.com,"
-+NC="$NC permitted;IP:127.0.0.1/255.255.255.255, permitted;IP:192.168.0.0/255.255.0.0"
-+
-+NC=$NC ./mkcert.sh genca "Test NC CA 1" ncca1-key ncca1-cert root-key root-cert
-+
-+# NC CA2 allows anything apart from hosts www.bad.org and *.bad.com
-+# and email addresses bad at bad.org and *@bad.com
-+
-+NC="excluded;DNS:www.bad.org, excluded;DNS:bad.com,"
-+NC="$NC excluded;email:bad at bad.org, excluded;email:bad.com, "
-+NC="$NC excluded;IP:10.0.0.0/255.0.0.0"
-+
-+NC=$NC ./mkcert.sh genca "Test NC CA 2" ncca2-key ncca2-cert root-key root-cert
-+
-+# Name constraints subordinate CA. Adds www.good.net (which should be
-+# disallowed because parent CA doesn't permit it) adds ok.good.com
-+# (which should be allowed because parent allows *.good.com
-+# and now excludes bad.ok.good.com (allowed in permitted subtrees
-+# but explicitly excluded).
-+
-+NC="permitted;DNS:www.good.net, permitted;DNS:ok.good.com, "
-+NC="$NC excluded;DNS:bad.ok.good.com"
-+NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
-+ ncca1-key ncca1-cert
-+
-+# all subjectAltNames allowed by CA1.
-+
-+./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \
-+ "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
-+ ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# no subjectAltNames excluded by CA2.
-+
-+./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \
-+ ./mkcert.sh geneealt alt2-key alt2-cert ncca2-key ncca2-cert \
-+ "DNS.1 = www.anything.org" "DNS.2 = any.other.com" \
-+ "email.1 = other at bad.org" "email.2 = any at something.com"
-+
-+# hostname other.good.org which is not allowed by CA1.
-+
-+./mkcert.sh req badalt1-key "O = Bad NC Test Certificate 1" | \
-+ ./mkcert.sh geneealt badalt1-key badalt1-cert ncca1-key ncca1-cert \
-+ "DNS.1 = other.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com"
-+
-+# any.bad.com is excluded by CA2.
-+
-+./mkcert.sh req badalt2-key 'O = Bad NC Test Certificate 2' | \
-+ ./mkcert.sh geneealt badalt2-key badalt2-cert ncca2-key ncca2-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.bad.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com"
-+
-+# other at good.org not permitted by CA1
-+
-+./mkcert.sh req badalt3-key "O = Bad NC Test Certificate 3" | \
-+ ./mkcert.sh geneealt badalt3-key badalt1-cert ncca1-key ncca1-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = other at good.org" "email.2 = any at good.com"
-+
-+# all subject alt names OK but subject email address not allowed by CA1.
-+
-+./mkcert.sh req badalt4-key 'O = Bad NC Test Certificate 4' \
-+ "emailAddress = any at other.com" | \
-+ ./mkcert.sh geneealt badalt4-key badalt4-cert ncca1-key ncca1-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com"
-+
-+# IP address not allowed by CA1
-+./mkcert.sh req badalt5-key "O = Bad NC Test Certificate 5" | \
-+ ./mkcert.sh geneealt badalt5-key badalt5-cert ncca1-key ncca1-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.2"
-+
-+# all subject alt names OK but subject CN not allowed by CA1.
-+./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \
-+ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
-+ ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING
-+REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
-+ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
-+ ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \
-+ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# all subjectAltNames allowed by chain
-+
-+./mkcert.sh req alt3-key "O = Good NC Test Certificate 3" \
-+ "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \
-+ ./mkcert.sh geneealt alt3-key alt3-cert ncca3-key ncca3-cert \
-+ "DNS.1 = www.ok.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# www.good.net allowed by parent CA but not parent of parent
-+
-+./mkcert.sh req badalt8-key "O = Bad NC Test Certificate 8" \
-+ "1.CN=www.good.com" "2.CN=Joe Bloggs" | \
-+ ./mkcert.sh geneealt badalt8-key badalt8-cert ncca3-key ncca3-cert \
-+ "DNS.1 = www.ok.good.com" "DNS.2 = www.good.net" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# other.good.com not allowed by parent CA but allowed by parent of parent
-+
-+./mkcert.sh req badalt9-key "O = Bad NC Test Certificate 9" \
-+ "1.CN=www.good.com" "2.CN=Joe Bloggs" | \
-+ ./mkcert.sh geneealt badalt9-key badalt9-cert ncca3-key ncca3-cert \
-+ "DNS.1 = www.good.com" "DNS.2 = other.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# www.bad.net excluded by parent CA.
-+
-+./mkcert.sh req badalt10-key "O = Bad NC Test Certificate 10" \
-+ "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \
-+ ./mkcert.sh geneealt badalt10-key badalt10-cert ncca3-key ncca3-cert \
-+ "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \
-+ "email.1 = good at good.org" "email.2 = any at good.com" \
-+ "IP = 127.0.0.1" "IP = 192.168.0.1"
---- /dev/null
-+++ b/test/cipherlist_test.c
-@@ -0,0 +1,212 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+#include <stdio.h>
-+
-+#include <openssl/opensslconf.h>
-+#include <openssl/err.h>
-+#include <openssl/e_os2.h>
-+#include <openssl/ssl.h>
-+#include <openssl/ssl3.h>
-+#include <openssl/tls1.h>
-+
-+#include "e_os.h"
-+#include "testutil.h"
-+
-+typedef struct cipherlist_test_fixture {
-+ const char *test_case_name;
-+ SSL_CTX *server;
-+ SSL_CTX *client;
-+} CIPHERLIST_TEST_FIXTURE;
-+
-+
-+static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name)
-+{
-+ CIPHERLIST_TEST_FIXTURE fixture;
-+ fixture.test_case_name = test_case_name;
-+ fixture.server = SSL_CTX_new(TLS_server_method());
-+ fixture.client = SSL_CTX_new(TLS_client_method());
-+ OPENSSL_assert(fixture.client != NULL && fixture.server != NULL);
-+ return fixture;
-+}
-+
-+/*
-+ * All ciphers in the DEFAULT cipherlist meet the default security level.
-+ * However, default supported ciphers exclude SRP and PSK ciphersuites
-+ * for which no callbacks have been set up.
-+ *
-+ * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled,
-+ * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA
-+ * are currently broken and should be considered mission impossible in libssl.
-+ */
-+static const uint32_t default_ciphers_in_order[] = {
-+#ifndef OPENSSL_NO_TLS1_2
-+# ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-+ TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-+# endif
-+# ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-+# endif
-+
-+# if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305
-+# ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-+ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-+# endif
-+# ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
-+# endif
-+# endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
-+
-+# ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-+ TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-+# endif
-+# ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
-+# endif
-+# ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
-+ TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-+# endif
-+# ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
-+# endif
-+# ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
-+ TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-+# endif
-+# ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-+# endif
-+#endif /* !OPENSSL_NO_TLS1_2 */
-+
-+#ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-+ TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-+#endif
-+#ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-+ TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-+#endif
-+#ifndef OPENSSL_NO_DH
-+ TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-+#endif
-+
-+#ifndef OPENSSL_NO_DES
-+# ifndef OPENSSL_NO_EC
-+ TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-+ TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-+# endif
-+# ifndef OPENSSL_NO_DH
-+ SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
-+# endif
-+#endif /* !OPENSSL_NO_DES */
-+
-+#ifndef OPENSSL_NO_TLS1_2
-+ TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
-+ TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
-+ TLS1_CK_RSA_WITH_AES_256_SHA256,
-+ TLS1_CK_RSA_WITH_AES_128_SHA256,
-+#endif
-+
-+ TLS1_CK_RSA_WITH_AES_256_SHA,
-+ TLS1_CK_RSA_WITH_AES_128_SHA,
-+#ifndef OPENSSL_NO_DES
-+ SSL3_CK_RSA_DES_192_CBC3_SHA,
-+#endif
-+};
-+
-+static int test_default_cipherlist(SSL_CTX *ctx)
-+{
-+ STACK_OF(SSL_CIPHER) *ciphers;
-+ SSL *ssl;
-+ int i, ret = 0, num_expected_ciphers, num_ciphers;
-+ uint32_t expected_cipher_id, cipher_id;
-+
-+ ssl = SSL_new(ctx);
-+ OPENSSL_assert(ssl != NULL);
-+
-+ ciphers = SSL_get1_supported_ciphers(ssl);
-+ OPENSSL_assert(ciphers != NULL);
-+ num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
-+ num_ciphers = sk_SSL_CIPHER_num(ciphers);
-+ if (num_ciphers != num_expected_ciphers) {
-+ fprintf(stderr, "Expected %d supported ciphers, got %d.\n",
-+ num_expected_ciphers, num_ciphers);
-+ goto err;
-+ }
-+
-+ for (i = 0; i < num_ciphers; i++) {
-+ expected_cipher_id = default_ciphers_in_order[i];
-+ cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
-+ if (cipher_id != expected_cipher_id) {
-+ fprintf(stderr, "Wrong cipher at position %d: expected %x, "
-+ "got %x\n", i, expected_cipher_id, cipher_id);
-+ goto err;
-+ }
-+ }
-+
-+ ret = 1;
-+
-+ err:
-+ sk_SSL_CIPHER_free(ciphers);
-+ SSL_free(ssl);
-+ return ret;
-+}
-+
-+static int execute_test(CIPHERLIST_TEST_FIXTURE fixture)
-+{
-+ return test_default_cipherlist(fixture.server)
-+ && test_default_cipherlist(fixture.client);
-+}
-+
-+static void tear_down(CIPHERLIST_TEST_FIXTURE fixture)
-+{
-+ SSL_CTX_free(fixture.server);
-+ SSL_CTX_free(fixture.client);
-+ ERR_print_errors_fp(stderr);
-+}
-+
-+#define SETUP_CIPHERLIST_TEST_FIXTURE() \
-+ SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up)
-+
-+#define EXECUTE_CIPHERLIST_TEST() \
-+ EXECUTE_TEST(execute_test, tear_down)
-+
-+static int test_default_cipherlist_implicit()
-+{
-+ SETUP_CIPHERLIST_TEST_FIXTURE();
-+ EXECUTE_CIPHERLIST_TEST();
-+}
-+
-+static int test_default_cipherlist_explicit()
-+{
-+ SETUP_CIPHERLIST_TEST_FIXTURE();
-+ OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.server, "DEFAULT"));
-+ OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.client, "DEFAULT"));
-+ EXECUTE_CIPHERLIST_TEST();
-+}
-+
-+int main(int argc, char **argv)
-+{
-+ int result = 0;
-+
-+ ADD_TEST(test_default_cipherlist_implicit);
-+ ADD_TEST(test_default_cipherlist_explicit);
-+
-+ result = run_tests(argv[0]);
-+
-+ return result;
-+}
---- a/test/clienthellotest.c
-+++ b/test/clienthellotest.c
-@@ -1,56 +1,10 @@
--/* Written by Matt Caswell for the OpenSSL Project */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
---- a/test/cms-examples.pl
-+++ b/test/cms-examples.pl
-@@ -1,54 +1,10 @@
--# test/cms-examples.pl
--# Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
--# project.
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# ====================================================================
--# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
--#
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# licensing at OpenSSL.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- # Perl script to run tests against S/MIME examples in RFC4134
- # Assumes RFC is in current directory and called "rfc4134.txt"
---- a/test/constant_time_test.c
-+++ b/test/constant_time_test.c
-@@ -1,46 +1,10 @@
--/*-
-- * Utilities for constant-time cryptography.
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Author: Emilia Kasper (emilia at openssl.org)
-- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
-- * (Google).
-- * ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "internal/constant_time_locl.h"
---- a/test/ct_test.c
-+++ b/test/ct_test.c
-@@ -1,55 +1,10 @@
- /*
-- * Tests the Certificate Transparency public API.
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Author: Rob Percival (robpercival at google.com)
-- *
-- * ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <ctype.h>
-@@ -82,9 +37,9 @@ typedef struct ct_test_fixture {
- char *issuer_file;
- int expected_sct_count;
- /* Set the following to test handling of SCTs in TLS format */
-- const unsigned char *tls_sct;
-- size_t tls_sct_len;
-- SCT *sct;
-+ const unsigned char *tls_sct_list;
-+ size_t tls_sct_list_len;
-+ STACK_OF(SCT) *sct_list;
- /*
- * A file to load the expected SCT text from.
- * This text will be compared to the actual text output during the test.
-@@ -132,7 +87,7 @@ static CT_TEST_FIXTURE set_up(const char
- static void tear_down(CT_TEST_FIXTURE fixture)
- {
- CTLOG_STORE_free(fixture.ctlog_store);
-- SCT_free(fixture.sct);
-+ SCT_LIST_free(fixture.sct_list);
- ERR_print_errors_fp(stderr);
- }
-
-@@ -192,7 +147,7 @@ static int read_text_file(const char *di
- return result;
- }
-
--static int compare_sct_printout(SCT *sct,
-+static int compare_sct_list_printout(STACK_OF(SCT) *sct,
- const char *expected_output)
- {
- BIO *text_buffer = NULL;
-@@ -205,7 +160,7 @@ static int compare_sct_printout(SCT *sct
- goto end;
- }
-
-- SCT_print(sct, text_buffer, 0, NULL);
-+ SCT_LIST_print(sct, text_buffer, 0, "\n", NULL);
-
- /* Append null terminator because we're about to use the buffer contents
- * as a string. */
-@@ -249,7 +204,8 @@ static int compare_extension_printout(X5
- /* Append null terminator because we're about to use the buffer contents
- * as a string. */
- if (BIO_write(text_buffer, "\0", 1) != 1) {
-- fprintf(stderr, "Failed to append null terminator to extension text\n");
-+ fprintf(stderr,
-+ "Failed to append null terminator to extension text\n");
- goto end;
- }
-
-@@ -267,6 +223,51 @@ static int compare_extension_printout(X5
- return result;
- }
-
-+static int assert_validity(CT_TEST_FIXTURE fixture,
-+ STACK_OF(SCT) *scts,
-+ CT_POLICY_EVAL_CTX *policy_ctx) {
-+ int invalid_sct_count = 0;
-+ int valid_sct_count = 0;
-+ int i;
-+
-+ if (SCT_LIST_validate(scts, policy_ctx) < 0) {
-+ fprintf(stderr, "Error verifying SCTs\n");
-+ return 0;
-+ }
-+
-+ for (i = 0; i < sk_SCT_num(scts); ++i) {
-+ SCT *sct_i = sk_SCT_value(scts, i);
-+ switch (SCT_get_validation_status(sct_i)) {
-+ case SCT_VALIDATION_STATUS_VALID:
-+ ++valid_sct_count;
-+ break;
-+ case SCT_VALIDATION_STATUS_INVALID:
-+ ++invalid_sct_count;
-+ break;
-+ default:
-+ /* Ignore other validation statuses. */
-+ break;
-+ }
-+ }
-+
-+ if (valid_sct_count != fixture.expected_sct_count) {
-+ int unverified_sct_count = sk_SCT_num(scts) -
-+ invalid_sct_count - valid_sct_count;
-+
-+ fprintf(stderr,
-+ "%d SCTs failed verification\n"
-+ "%d SCTs passed verification (%d expected)\n"
-+ "%d SCTs were unverified\n",
-+ invalid_sct_count,
-+ valid_sct_count,
-+ fixture.expected_sct_count,
-+ unverified_sct_count);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
- static int execute_cert_test(CT_TEST_FIXTURE fixture)
- {
- int success = 0;
-@@ -275,8 +276,8 @@ static int execute_cert_test(CT_TEST_FIX
- SCT *sct = NULL;
- char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
- int sct_text_len = 0;
-- unsigned char *tls_sct = NULL;
-- size_t tls_sct_len = 0;
-+ unsigned char *tls_sct_list = NULL;
-+ size_t tls_sct_list_len = 0;
- CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
-
- if (fixture.sct_text_file != NULL) {
-@@ -337,7 +338,6 @@ static int execute_cert_test(CT_TEST_FIX
- }
-
- if (fixture.test_validity) {
-- int are_scts_validated = 0;
- int i;
-
- scts = X509V3_EXT_d2i(sct_extension);
-@@ -351,44 +351,8 @@ static int execute_cert_test(CT_TEST_FIX
- }
- }
-
-- are_scts_validated = SCT_LIST_validate(scts, ct_policy_ctx);
-- if (are_scts_validated < 0) {
-- fprintf(stderr, "Error verifying SCTs\n");
-+ if (!assert_validity(fixture, scts, ct_policy_ctx))
- goto end;
-- } else if (!are_scts_validated) {
-- int invalid_sct_count = 0;
-- int valid_sct_count = 0;
--
-- for (i = 0; i < sk_SCT_num(scts); ++i) {
-- SCT *sct_i = sk_SCT_value(scts, i);
-- switch (SCT_get_validation_status(sct_i)) {
-- case SCT_VALIDATION_STATUS_VALID:
-- ++valid_sct_count;
-- break;
-- case SCT_VALIDATION_STATUS_INVALID:
-- ++invalid_sct_count;
-- break;
-- default:
-- /* Ignore other validation statuses. */
-- break;
-- }
-- }
--
-- if (valid_sct_count != fixture.expected_sct_count) {
-- int unverified_sct_count = sk_SCT_num(scts) -
-- invalid_sct_count - valid_sct_count;
--
-- fprintf(stderr,
-- "%d SCTs failed verification\n"
-- "%d SCTs passed verification (%d expected)\n"
-- "%d SCTs were unverified\n",
-- invalid_sct_count,
-- valid_sct_count,
-- fixture.expected_sct_count,
-- unverified_sct_count);
-- }
-- goto end;
-- }
- }
- } else if (sct_extension != NULL) {
- fprintf(stderr,
-@@ -398,33 +362,28 @@ static int execute_cert_test(CT_TEST_FIX
- }
- }
-
-- if (fixture.tls_sct != NULL) {
-- const unsigned char *p = fixture.tls_sct;
-- if (o2i_SCT(&sct, &p, fixture.tls_sct_len) == NULL) {
-- fprintf(stderr, "Failed to decode SCT from TLS format\n");
-+ if (fixture.tls_sct_list != NULL) {
-+ const unsigned char *p = fixture.tls_sct_list;
-+ if (o2i_SCT_LIST(&scts, &p, fixture.tls_sct_list_len) == NULL) {
-+ fprintf(stderr, "Failed to decode SCTs from TLS format\n");
- goto end;
- }
-
- if (fixture.test_validity && cert != NULL) {
-- int is_sct_validated = SCT_validate(sct, ct_policy_ctx);
-- if (is_sct_validated < 0) {
-- fprintf(stderr, "Error validating SCT\n");
-- goto end;
-- } else if (!is_sct_validated) {
-- fprintf(stderr, "SCT failed verification\n");
-+ if (!assert_validity(fixture, scts, ct_policy_ctx))
- goto end;
-- }
- }
-
- if (fixture.sct_text_file
-- && compare_sct_printout(sct, expected_sct_text)) {
-+ && compare_sct_list_printout(scts, expected_sct_text)) {
- goto end;
- }
-
-- tls_sct_len = i2o_SCT(sct, &tls_sct);
-- if (tls_sct_len != fixture.tls_sct_len ||
-- memcmp(fixture.tls_sct, tls_sct, tls_sct_len) != 0) {
-- fprintf(stderr, "Failed to encode SCT into TLS format correctly\n");
-+ tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list);
-+ if (tls_sct_list_len != fixture.tls_sct_list_len ||
-+ memcmp(fixture.tls_sct_list, tls_sct_list, tls_sct_list_len) != 0) {
-+ fprintf(stderr,
-+ "Failed to encode SCTs into TLS format correctly\n");
- goto end;
- }
- }
-@@ -436,7 +395,7 @@ static int execute_cert_test(CT_TEST_FIX
- SCT_LIST_free(scts);
- SCT_free(sct);
- CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
-- OPENSSL_free(tls_sct);
-+ OPENSSL_free(tls_sct_list);
- return success;
- }
-
-@@ -501,7 +460,9 @@ static int test_verify_multiple_scts()
-
- static int test_decode_tls_sct()
- {
-- const unsigned char tls_sct[] = "\x00" /* version */
-+ const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */
-+ "\x00\x76"
-+ "\x00" /* version */
- /* log ID */
- "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79"
- "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64"
-@@ -518,8 +479,8 @@ static int test_decode_tls_sct()
- "\xED\xBF\x08";
-
- SETUP_CT_TEST_FIXTURE();
-- fixture.tls_sct = tls_sct;
-- fixture.tls_sct_len = 118;
-+ fixture.tls_sct_list = tls_sct_list;
-+ fixture.tls_sct_list_len = 0x7a;
- fixture.sct_dir = ct_dir;
- fixture.sct_text_file = "tls1.sct";
- EXECUTE_CT_TEST();
-@@ -539,6 +500,7 @@ static int test_encode_tls_sct()
-
- SETUP_CT_TEST_FIXTURE();
-
-+ STACK_OF(SCT) *sct_list = sk_SCT_new_null();
- SCT *sct = SCT_new();
- if (!SCT_set_version(sct, SCT_VERSION_V1)) {
- fprintf(stderr, "Failed to set SCT version\n");
-@@ -557,7 +519,9 @@ static int test_encode_tls_sct()
- fprintf(stderr, "Failed to set SCT signature\n");
- return 1;
- }
-- fixture.sct = sct;
-+ sk_SCT_push(sct_list, sct);
-+
-+ fixture.sct_list = sct_list;
- fixture.sct_dir = ct_dir;
- fixture.sct_text_file = "tls1.sct";
- EXECUTE_CT_TEST();
---- a/test/d2i_test.c
-+++ b/test/d2i_test.c
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /* Regression tests for ASN.1 parsing bugs. */
-@@ -16,19 +15,36 @@
- #include "testutil.h"
-
- #include <openssl/asn1.h>
-+#include <openssl/asn1t.h>
- #include <openssl/bio.h>
- #include <openssl/err.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
-+#include "e_os.h"
-
- static const ASN1_ITEM *item_type;
- static const char *test_file;
-
-+typedef enum {
-+ ASN1_UNKNOWN,
-+ ASN1_OK,
-+ ASN1_BIO,
-+ ASN1_DECODE,
-+ ASN1_ENCODE,
-+ ASN1_COMPARE
-+} expected_error_t;
-+
-+typedef struct {
-+ const char *str;
-+ expected_error_t code;
-+} error_enum;
-+
-+static expected_error_t expected_error = ASN1_UNKNOWN;
-+
- typedef struct d2i_test_fixture {
- const char *test_case_name;
- } D2I_TEST_FIXTURE;
-
--
- static D2I_TEST_FIXTURE set_up(const char *const test_case_name)
- {
- D2I_TEST_FIXTURE fixture;
-@@ -43,27 +59,59 @@ static int execute_test(D2I_TEST_FIXTURE
- int ret = 0;
- unsigned char buf[2048];
- const unsigned char *buf_ptr = buf;
-+ unsigned char *der = NULL;
-+ int derlen;
- int len;
-
- if ((bio = BIO_new_file(test_file, "r")) == NULL)
- return 0;
-
-+ if (expected_error == ASN1_BIO) {
-+ value = ASN1_item_d2i_bio(item_type, bio, NULL);
-+ if (value == NULL)
-+ ret = 1;
-+ goto err;
-+ }
-+
- /*
-- * We don't use ASN1_item_d2i_bio because it, apparently,
-- * errors too early for some inputs.
-+ * Unless we are testing it we don't use ASN1_item_d2i_bio because it
-+ * performs sanity checks on the input and can reject it before the
-+ * decoder is called.
- */
- len = BIO_read(bio, buf, sizeof buf);
- if (len < 0)
- goto err;
-
- value = ASN1_item_d2i(NULL, &buf_ptr, len, item_type);
-- if (value != NULL)
-+ if (value == NULL) {
-+ if (expected_error == ASN1_DECODE)
-+ ret = 1;
- goto err;
-+ }
-
-- ret = 1;
-+ derlen = ASN1_item_i2d(value, &der, item_type);
-+
-+ if (der == NULL || derlen < 0) {
-+ if (expected_error == ASN1_ENCODE)
-+ ret = 1;
-+ goto err;
-+ }
-+
-+ if (derlen != len || memcmp(der, buf, derlen) != 0) {
-+ if (expected_error == ASN1_COMPARE)
-+ ret = 1;
-+ goto err;
-+ }
-+
-+ if (expected_error == ASN1_OK)
-+ ret = 1;
-
- err:
-+ /* Don't indicate success for memory allocation errors */
-+ if (ret == 1 && ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
-+ ret = 0;
- BIO_free(bio);
-+ OPENSSL_free(der);
- ASN1_item_free(value, item_type);
- return ret;
- }
-@@ -93,19 +141,60 @@ int main(int argc, char **argv)
- {
- int result = 0;
- const char *test_type_name;
-+ const char *expected_error_string;
-
-- if (argc != 3)
-+ size_t i;
-+ static ASN1_ITEM_EXP *items[] = {
-+ ASN1_ITEM_ref(ASN1_ANY),
-+ ASN1_ITEM_ref(X509),
-+ ASN1_ITEM_ref(GENERAL_NAME),
-+ ASN1_ITEM_ref(ASN1_INTEGER)
-+ };
-+
-+ static error_enum expected_errors[] = {
-+ {"OK", ASN1_OK},
-+ {"BIO", ASN1_BIO},
-+ {"decode", ASN1_DECODE},
-+ {"encode", ASN1_ENCODE},
-+ {"compare", ASN1_COMPARE}
-+ };
-+
-+ if (argc != 4) {
-+ fprintf(stderr,
-+ "Usage: d2i_test item_name expected_error file.der\n");
- return 1;
-+ }
-
- test_type_name = argv[1];
-- test_file = argv[2];
-+ expected_error_string = argv[2];
-+ test_file = argv[3];
-+
-+ for (i = 0; i < OSSL_NELEM(items); i++) {
-+ const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
-+ if (strcmp(test_type_name, it->sname) == 0) {
-+ item_type = it;
-+ break;
-+ }
-+ }
-+ if (item_type == NULL) {
-+ fprintf(stderr, "Unknown type %s\n", test_type_name);
-+ fprintf(stderr, "Supported types:\n");
-+ for (i = 0; i < OSSL_NELEM(items); i++) {
-+ const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]);
-+ fprintf(stderr, "\t%s\n", it->sname);
-+ }
-+ return 1;
-+ }
-+
-+ for (i = 0; i < OSSL_NELEM(expected_errors); i++) {
-+ if (strcmp(expected_errors[i].str, expected_error_string) == 0) {
-+ expected_error = expected_errors[i].code;
-+ break;
-+ }
-+ }
-
-- if (strcmp(test_type_name, "generalname") == 0) {
-- item_type = ASN1_ITEM_rptr(GENERAL_NAME);
-- } else if (strcmp(test_type_name, "x509") == 0) {
-- item_type = ASN1_ITEM_rptr(X509);
-- } else {
-- fprintf(stderr, "Bad type %s\n", test_type_name);
-+ if (expected_error == ASN1_UNKNOWN) {
-+ fprintf(stderr, "Unknown expected error %s\n", expected_error_string);
- return 1;
- }
-
---- a/test/danetest.c
-+++ b/test/danetest.c
-@@ -1,50 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -114,7 +74,7 @@ static void print_errors(void)
-
- static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
- {
-- int ret;
-+ int ret = -1;
- X509_STORE_CTX *store_ctx;
- SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-@@ -125,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_
- return -1;
-
- if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))
-- return 0;
-- X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl);
-+ goto end;
-+ if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl))
-+ goto end;
-
- X509_STORE_CTX_set_default(store_ctx,
- SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
-@@ -135,12 +96,13 @@ static int verify_chain(SSL *ssl, STACK_
- store_ctx_dane_init(store_ctx, ssl);
-
- if (SSL_get_verify_callback(ssl))
-- X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
-+ X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
-
- ret = X509_verify_cert(store_ctx);
-
- SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
- X509_STORE_CTX_cleanup(store_ctx);
-+end:
- X509_STORE_CTX_free(store_ctx);
-
- return (ret);
-@@ -153,52 +115,52 @@ static STACK_OF(X509) *load_chain(BIO *f
- char *header = 0;
- unsigned char *data = 0;
- long len;
-- char *errtype = 0; /* if error: cert or pkey? */
-+ char *errtype = 0; /* if error: cert or pkey? */
- STACK_OF(X509) *chain;
- typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
-
- if ((chain = sk_X509_new_null()) == 0) {
-- perror("malloc");
-- exit(1);
-+ perror("malloc");
-+ exit(1);
- }
-
- for (count = 0;
-- count < nelem && errtype == 0
-+ count < nelem && errtype == 0
- && PEM_read_bio(fp, &name, &header, &data, &len);
-- ++count) {
-- const unsigned char *p = data;
-+ ++count) {
-+ const unsigned char *p = data;
-
-- if (strcmp(name, PEM_STRING_X509) == 0
-- || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
-- || strcmp(name, PEM_STRING_X509_OLD) == 0) {
-- d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ?
-- d2i_X509_AUX : d2i_X509;
-- X509 *cert = d(0, &p, len);
--
-- if (cert == 0 || (p - data) != len)
-- errtype = "certificate";
-- else if (sk_X509_push(chain, cert) == 0) {
-- perror("malloc");
-- goto err;
-- }
-- } else {
-- fprintf(stderr, "unexpected chain file object: %s\n", name);
-- goto err;
-- }
--
-- /*
-- * If any of these were null, PEM_read() would have failed.
-- */
-- OPENSSL_free(name);
-- OPENSSL_free(header);
-- OPENSSL_free(data);
-+ if (strcmp(name, PEM_STRING_X509) == 0
-+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
-+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
-+ d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ?
-+ d2i_X509_AUX : d2i_X509;
-+ X509 *cert = d(0, &p, len);
-+
-+ if (cert == 0 || (p - data) != len)
-+ errtype = "certificate";
-+ else if (sk_X509_push(chain, cert) == 0) {
-+ perror("malloc");
-+ goto err;
-+ }
-+ } else {
-+ fprintf(stderr, "unexpected chain file object: %s\n", name);
-+ goto err;
-+ }
-+
-+ /*
-+ * If any of these were null, PEM_read() would have failed.
-+ */
-+ OPENSSL_free(name);
-+ OPENSSL_free(header);
-+ OPENSSL_free(data);
- }
-
- if (errtype) {
-- fprintf(stderr, "error reading: malformed %s\n", errtype);
-+ fprintf(stderr, "error reading: malformed %s\n", errtype);
- goto err;
- }
--
-+
- if (count == nelem) {
- ERR_clear_error();
- return chain;
-@@ -252,19 +214,16 @@ static ossl_ssize_t hexdecode(const char
- return -1;
-
- for (byte = 0; *in; ++in) {
-- char c;
-+ int x;
-
- if (isspace(_UC(*in)))
- continue;
-- c = tolower(_UC(*in));
-- if ('0' <= c && c <= '9') {
-- byte |= c - '0';
-- } else if ('a' <= c && c <= 'f') {
-- byte |= c - 'a' + 10;
-- } else {
-+ x = OPENSSL_hexchar2int(*in);
-+ if (x < 0) {
- OPENSSL_free(ret);
- return 0;
- }
-+ byte |= (char)x;
- if ((nibble ^= 1) == 0) {
- *cp++ = byte;
- byte = 0;
-@@ -370,6 +329,7 @@ static int test_tlsafile(SSL_CTX *ctx, c
- STACK_OF(X509) *chain;
- int ntlsa;
- int ncert;
-+ int noncheck;
- int want;
- int want_depth;
- int off;
-@@ -382,7 +342,8 @@ static int test_tlsafile(SSL_CTX *ctx, c
- continue;
-
- ++testno;
-- if (sscanf(line, "%d %d %d %d%n", &ntlsa, &ncert, &want, &want_depth, &off) != 4
-+ if (sscanf(line, "%d %d %d %d %d%n",
-+ &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5
- || !allws(line + off)) {
- fprintf(stderr, "Expected tlsa count, cert count and result"
- " at test %d of %s\n", testno, path);
-@@ -396,6 +357,8 @@ static int test_tlsafile(SSL_CTX *ctx, c
- SSL_free(ssl);
- return -1;
- }
-+ if (noncheck)
-+ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
-
- for (i = 0; i < ntlsa; ++i) {
- if ((line = read_to_eol(f)) == NULL || !tlsa_import_rr(ssl, line)) {
-@@ -475,7 +438,7 @@ int main(int argc, char *argv[])
- progname = argv[0];
- if (argc != 4) {
- test_usage();
-- EXIT(1);
-+ EXIT(ret);
- }
- basedomain = argv[1];
- CAfile = argv[2];
-@@ -492,10 +455,9 @@ int main(int argc, char *argv[])
- if (f == NULL) {
- fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n",
- progname, tlsafile, strerror(errno));
-- return 0;
-+ EXIT(ret);
- }
-
--
- ctx = SSL_CTX_new(TLS_client_method());
- if (SSL_CTX_dane_enable(ctx) <= 0) {
- print_errors();
---- a/test/danetest.in
-+++ b/test/danetest.in
-@@ -1,7 +1,15 @@
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+#
- # Blank and comment lines ignored.
-+#
- # The first line in each block takes the form:
- #
--# <TLSA-count> <cert-count> <desired-verify-result> <desired-match-depth>
-+# <TLSA-count> <cert-count> <nonamechecks> <desired-verify-result> <desired-match-depth>
- #
- # It is followed by <TLSA-count> lines of the form:
- #
-@@ -41,7 +49,7 @@
- ## -- Anonymous and "never valid" leaf certificate DANE-EE(3) tests
-
- # 1
--1 1 0 0
-+1 1 1 0 0
- 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365
- subject=
- issuer=
-@@ -56,7 +64,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 2
--1 1 0 0
-+1 1 1 0 0
- 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E
- subject=
- issuer=
-@@ -71,7 +79,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 3
--1 1 0 0
-+1 1 1 0 0
- 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1
- subject=
- issuer=
-@@ -86,7 +94,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 4
--1 1 0 0
-+1 1 1 0 0
- 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3
- subject=
- issuer=
-@@ -101,7 +109,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 5
--1 1 65 -1
-+1 1 1 65 -1
- 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366
- subject=
- issuer=
-@@ -116,7 +124,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 6
--1 1 65 -1
-+1 1 1 65 -1
- 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F
- subject=
- issuer=
-@@ -131,7 +139,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 7
--1 1 65 -1
-+1 1 1 65 -1
- 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2
- subject=
- issuer=
-@@ -146,7 +154,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- -----END CERTIFICATE-----
-
- # 8
--1 1 65 -1
-+1 1 1 65 -1
- 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4
- subject=
- issuer=
-@@ -163,7 +171,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN
- ## -- DANE-?? chain tests --
-
- # 9
--1 3 0 0
-+1 3 0 0 0
- 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -210,7 +218,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 10
--1 3 0 0
-+1 3 0 0 0
- 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -257,7 +265,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 11
--1 3 0 0
-+1 3 0 0 0
- 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -304,7 +312,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 12
--1 3 0 0
-+1 3 0 0 0
- 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -351,7 +359,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 13
--1 3 0 1
-+1 3 0 0 1
- 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -398,7 +406,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 14
--1 3 0 1
-+1 3 0 0 1
- 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -445,7 +453,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 15
--1 3 0 1
-+1 3 0 0 1
- 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -492,7 +500,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 16
--1 3 0 1
-+1 3 0 0 1
- 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -539,7 +547,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 17
--1 3 0 2
-+1 3 0 0 2
- 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -586,7 +594,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 18
--1 3 0 2
-+1 3 0 0 2
- 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -633,7 +641,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 19
--1 3 0 2
-+1 3 0 0 2
- 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -680,7 +688,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 20
--1 3 0 2
-+1 3 0 0 2
- 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -729,7 +737,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- ## -- PKIX-?? chain tests --
-
- # 21
--1 2 0 0
-+1 2 0 0 0
- 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -762,7 +770,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- -----END CERTIFICATE-----
-
- # 22
--1 2 0 0
-+1 2 0 0 0
- 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -795,7 +803,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- -----END CERTIFICATE-----
-
- # 23
--1 3 0 0
-+1 3 0 0 0
- 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -842,7 +850,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 24
--1 3 0 0
-+1 3 0 0 0
- 1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -889,7 +897,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 25
--1 2 0 1
-+1 2 0 0 1
- 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -922,7 +930,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- -----END CERTIFICATE-----
-
- # 26
--1 2 0 1
-+1 2 0 0 1
- 0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -955,7 +963,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- -----END CERTIFICATE-----
-
- # 27
--1 3 0 1
-+1 3 0 0 1
- 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1002,7 +1010,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 28
--1 3 0 1
-+1 3 0 0 1
- 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1049,7 +1057,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 29
--1 2 0 2
-+1 2 0 0 2
- 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1082,7 +1090,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- -----END CERTIFICATE-----
-
- # 30
--1 2 0 2
-+1 2 0 0 2
- 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1115,7 +1123,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- -----END CERTIFICATE-----
-
- # 31
--1 3 0 2
-+1 3 0 0 2
- 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1162,7 +1170,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
- -----END CERTIFICATE-----
-
- # 32
--1 3 0 2
-+1 3 0 0 2
- 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1212,7 +1220,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
-
- # 33
- # Missing intermediate CA
--1 1 20 0
-+1 1 0 20 0
- 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1232,7 +1240,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
-
- # 34
- # Missing PKIX intermediate, provided via DNS
--2 1 0 0
-+2 1 0 0 0
- 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
- 0 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
- subject= /CN=example.com
-@@ -1253,7 +1261,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
-
- # 35
- # Wrong leaf digest
--1 3 65 -1
-+1 3 0 65 -1
- 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1301,7 +1309,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
-
- # 36
- # Wrong intermediate digest
--1 2 65 -1
-+1 2 0 65 -1
- 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1335,7 +1343,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
-
- # 37
- # Wrong root digest
--1 2 65 -1
-+1 2 0 65 -1
- 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1371,7 +1379,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
-
- # 38
- # DANE-EE(3) beats DANE-TA(2)
--1 3 0 0
-+1 3 0 0 0
- 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
- 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
- subject= /CN=example.com
-@@ -1420,7 +1428,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
-
- # 39
- # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
--1 3 0 1
-+1 3 0 0 1
- 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
- 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
- subject= /CN=example.com
-@@ -1469,7 +1477,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
-
- # 40
- # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
--1 3 0 2
-+1 3 0 0 2
- 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
- 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
- subject= /CN=example.com
-@@ -1518,7 +1526,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
-
- # 41
- # DANE-TA(2) depth 2 beats PKIX-EE depth 0
--1 3 0 2
-+1 3 0 0 2
- 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
- 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
- subject= /CN=example.com
-@@ -1567,7 +1575,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
-
- # 42
- # DANE-TA(2) Full(0) root "from DNS":
--1 2 0 2
-+1 2 0 0 2
- 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1601,7 +1609,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
-
- # 43
- # DANE-TA(2) Full(0) intermediate "from DNS":
--1 1 0 1
-+1 1 0 0 1
- 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1621,7 +1629,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
-
- # 44
- # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
--1 1 0 0
-+1 1 0 0 0
- 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1641,7 +1649,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
-
- # 45
- # DANE-TA(2) SPKI(1) Full(0) root "from DNS":
--1 2 0 1
-+1 2 0 0 1
- 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C
- subject= /CN=example.com
- issuer= /CN=Issuer CA
-@@ -1676,7 +1684,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
- # 46
- # Mismatched name "example.org", should still succeed given a
- # DANE-EE(3) match.
--1 3 0 0
-+1 3 1 0 0
- 3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270
- subject= CN = example.org
- issuer= CN = CA2
-@@ -1725,7 +1733,7 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
- # 47
- # Mismatched name "example.org", should fail despite a DANE-TA(2)
- # match for the intermediate CA.
--1 3 62 1
-+1 3 0 62 1
- 2 1 1 946af0956378efaba7ee1bbedc17af110ea8de19c079a98e77398724a3708a1f
- subject= CN = example.org
- issuer= CN = CA2
-@@ -1774,11 +1782,60 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
- # 48
- # Mismatched name "example.org", should fail despite a DANE-TA(2)
- # match for the root CA.
--1 3 62 2
-+1 3 0 62 2
- 2 1 1 34474f2fbc39da44dfbd11215bdafadf9507406c04de1f65dbd2a1bc4f2165cc
- subject= CN = example.org
- issuer= CN = CA2
- notBefore=Feb 6 22:39:47 2016 GMT
-+notAfter=Feb 7 22:39:47 2116 GMT
-+-----BEGIN CERTIFICATE-----
-+MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
-+MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w
-+bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4
-+ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID
-+z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA
-+FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB
-+BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh
-+AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct
-+PyDiaL1QKbJ7lnqPQCS1o8xn+RI=
-+-----END CERTIFICATE-----
-+subject= CN = CA2
-+issuer= CN = Root CA2
-+notBefore=Feb 6 22:39:13 2016 GMT
-+notAfter=Feb 7 22:39:13 2116 GMT
-+-----BEGIN CERTIFICATE-----
-+MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
-+MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD
-+Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC
-+CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ
-+ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb
-++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw
-+RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo
-+7sfr/jV+rRlZY2iaRv160BWYd82L7g==
-+-----END CERTIFICATE-----
-+subject= CN = Root CA2
-+issuer= CN = Root CA2
-+notBefore=Feb 6 22:38:48 2016 GMT
-+notAfter=Feb 7 22:38:48 2116 GMT
-+-----BEGIN CERTIFICATE-----
-+MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB
-+MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI
-+Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl
-+sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1
-+42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw
-+FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
-+AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
-+fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
-+-----END CERTIFICATE-----
-+
-+# 49
-+# Mismatched name "example.org", should fail when name checks
-+# are not disabled for DANE-EE(3).
-+1 3 0 62 0
-+3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270
-+subject= CN = example.org
-+issuer= CN = CA2
-+notBefore=Feb 6 22:39:47 2016 GMT
- notAfter=Feb 7 22:39:47 2116 GMT
- -----BEGIN CERTIFICATE-----
- MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN
---- a/test/destest.c
-+++ b/test/destest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -83,8 +35,6 @@ int main(int argc, char *argv[])
- #else
- # include <openssl/des.h>
-
--# define crypt(c,s) (DES_crypt((c),(s)))
--
- /* tisk tisk - the test keys don't all have odd parity :-( */
- /* test data */
- # define NUM_TESTS 34
-@@ -708,16 +658,31 @@ int main(int argc, char *argv[])
- }
- printf("\n");
- printf("fast crypt test ");
-- str = crypt("testing", "ef");
-+ str = DES_crypt("testing", "ef");
- if (strcmp("efGnQx2725bI2", str) != 0) {
- printf("fast crypt error, %s should be efGnQx2725bI2\n", str);
- err = 1;
- }
-- str = crypt("bca76;23", "yA");
-+ str = DES_crypt("bca76;23", "yA");
- if (strcmp("yA1Rp/1hZXIJk", str) != 0) {
- printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str);
- err = 1;
- }
-+ str = DES_crypt("testing", "y\202");
-+ if (str != NULL) {
-+ printf("salt error only usascii are accepted\n");
-+ err = 1;
-+ }
-+ str = DES_crypt("testing", "\0A");
-+ if (str != NULL) {
-+ printf("salt error cannot contain null terminator\n");
-+ err = 1;
-+ }
-+ str = DES_crypt("testing", "A");
-+ if (str != NULL) {
-+ printf("salt error must be at least 2\n");
-+ err = 1;
-+ }
- printf("\n");
- return (err);
- }
---- a/test/dhtest.c
-+++ b/test/dhtest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -88,8 +40,9 @@ int main(int argc, char *argv[])
- BN_GENCB *_cb = NULL;
- DH *a = NULL;
- DH *b = NULL;
-- BIGNUM *ap = NULL, *ag = NULL, *bp = NULL, *bg = NULL, *apub_key = NULL;
-- BIGNUM *bpub_key = NULL, *priv_key = NULL;
-+ const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL, *priv_key = NULL;
-+ const BIGNUM *bpub_key = NULL;
-+ BIGNUM *bp = NULL, *bg = NULL;
- char buf[12] = {0};
- unsigned char *abuf = NULL;
- unsigned char *bbuf = NULL;
-@@ -143,10 +96,6 @@ int main(int argc, char *argv[])
- goto err;
- bp = bg = NULL;
-
-- /* Set a to run with normal modexp and b to use constant time */
-- DH_clear_flags(a, DH_FLAG_NO_EXP_CONSTTIME);
-- DH_set_flags(b, DH_FLAG_NO_EXP_CONSTTIME);
--
- if (!DH_generate_key(a))
- goto err;
- DH_get0_key(a, &apub_key, &priv_key);
-@@ -528,6 +477,7 @@ static int run_rfc5114_tests(void)
- unsigned char *Z2 = NULL;
- const rfc5114_td *td = NULL;
- BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
-+ const BIGNUM *pub_key_tmp;
-
- for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
- td = rfctd + i;
-@@ -563,17 +513,13 @@ static int run_rfc5114_tests(void)
- * Work out shared secrets using both sides and compare with expected
- * values.
- */
-- DH_get0_key(dhB, &pub_key, NULL);
-- if (DH_compute_key(Z1, pub_key, dhA) == -1) {
-- pub_key = NULL;
-+ DH_get0_key(dhB, &pub_key_tmp, NULL);
-+ if (DH_compute_key(Z1, pub_key_tmp, dhA) == -1)
- goto bad_err;
-- }
-- DH_get0_key(dhA, &pub_key, NULL);
-- if (DH_compute_key(Z2, pub_key, dhB) == -1) {
-- pub_key = NULL;
-+
-+ DH_get0_key(dhA, &pub_key_tmp, NULL);
-+ if (DH_compute_key(Z2, pub_key_tmp, dhB) == -1)
- goto bad_err;
-- }
-- pub_key = NULL;
-
- if (memcmp(Z1, td->Z, td->Z_len))
- goto err;
-@@ -635,7 +581,7 @@ static int run_rfc5114_tests(void)
- OPENSSL_free(Z1);
- OPENSSL_free(Z2);
-
-- fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
-+ fprintf(stderr, "Initialisation error RFC5114 set %d\n", i + 1);
- ERR_print_errors_fp(stderr);
- return 0;
- err:
---- a/test/dsatest.c
-+++ b/test/dsatest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -133,7 +85,7 @@ int main(int argc, char **argv)
- unsigned long h;
- unsigned char sig[256];
- unsigned int siglen;
-- BIGNUM *p = NULL, *q = NULL, *g = NULL;
-+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
-
- if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-@@ -195,13 +147,6 @@ int main(int argc, char **argv)
- goto end;
- }
-
-- DSA_set_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
-- DSA_generate_key(dsa);
-- DSA_sign(0, str1, 20, sig, &siglen, dsa);
-- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-- ret = 1;
--
-- DSA_clear_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
- DSA_generate_key(dsa);
- DSA_sign(0, str1, 20, sig, &siglen, dsa);
- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
---- a/test/dtlsv1listentest.c
-+++ b/test/dtlsv1listentest.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <string.h>
-@@ -400,7 +352,7 @@ int main(void)
- outbio = BIO_new(BIO_s_mem());
- if (outbio == NULL)
- goto err;
-- SSL_set_wbio(ssl, outbio);
-+ SSL_set0_wbio(ssl, outbio);
-
- success = 1;
- for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) {
-@@ -413,7 +365,7 @@ int main(void)
- /* Set Non-blocking IO behaviour */
- BIO_set_mem_eof_return(inbio, -1);
-
-- SSL_set_rbio(ssl, inbio);
-+ SSL_set0_rbio(ssl, inbio);
-
- /* Process the incoming packet */
- ret = DTLSv1_listen(ssl, peer);
-@@ -452,7 +404,7 @@ int main(void)
- (void)BIO_reset(outbio);
- inbio = NULL;
- /* Frees up inbio */
-- SSL_set_rbio(ssl, NULL);
-+ SSL_set0_rbio(ssl, NULL);
- }
-
- err:
---- a/test/dummytest.c
-+++ /dev/null
-@@ -1,57 +0,0 @@
--#include <stdio.h>
--#include <stdlib.h>
--#include <string.h>
--#include <ctype.h>
--#include <openssl/crypto.h>
--#include <openssl/e_os2.h>
--#include <openssl/buffer.h>
--
--int main(int argc, char *argv[])
--{
-- char *p, *q = 0, *program;
--
-- p = strrchr(argv[0], '/');
-- if (!p)
-- p = strrchr(argv[0], '\\');
--#ifdef OPENSSL_SYS_VMS
-- if (!p)
-- p = strrchr(argv[0], ']');
-- if (p)
-- q = strrchr(p, '>');
-- if (q)
-- p = q;
-- if (!p)
-- p = strrchr(argv[0], ':');
-- q = 0;
--#endif
-- if (p)
-- p++;
-- if (!p)
-- p = argv[0];
-- if (p)
-- q = strchr(p, '.');
-- if (p && !q)
-- q = p + strlen(p);
--
-- if (!p)
-- program = OPENSSL_strdup("(unknown)");
-- else {
-- program = OPENSSL_malloc((q - p) + 1);
-- strncpy(program, p, q - p);
-- program[q - p] = '\0';
-- }
--
-- for (p = program; *p; p++)
-- if (islower((unsigned char)(*p)))
-- *p = toupper((unsigned char)(*p));
--
-- q = strstr(program, "TEST");
-- if (q > p && q[-1] == '_')
-- q--;
-- *q = '\0';
--
-- printf("No %s support\n", program);
--
-- OPENSSL_free(program);
-- return (0);
--}
---- a/test/ecdhtest.c
-+++ b/test/ecdhtest.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -12,59 +21,6 @@
- * Sun Microsystems Laboratories.
- *
- */
--/* ====================================================================
-- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
-
- #include <stdio.h>
- #include <stdlib.h>
---- a/test/ecdhtest_cavs.h
-+++ b/test/ecdhtest_cavs.h
-@@ -1,10 +1,19 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #ifndef ECDHTEST_CAVS_H
- #define ECDHTEST_CAVS_H
-
--/*
-+/*
- * co-factor ECDH KATs for NIST SP800-56A
- * http://csrc.nist.gov/groups/STM/cavp/component-testing.html#ECCCDH
-- * $ sha256sum KAS_ECC_CDH_PrimitiveTest.txt
-+ * $ sha256sum KAS_ECC_CDH_PrimitiveTest.txt
- * 456068d3f8aad8ac62a03d19ed3173f00ad51f42b51aeab4753c20f30c01cf23 KAS_ECC_CDH_PrimitiveTest.txt
- */
-
---- a/test/ecdsatest.c
-+++ b/test/ecdsatest.c
-@@ -1,59 +1,12 @@
- /*
-- * Written by Nils Larsch for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -192,7 +145,7 @@ int x9_62_test_internal(BIO *out, int ni
- ECDSA_SIG *signature = NULL;
- BIGNUM *r = NULL, *s = NULL;
- BIGNUM *kinv = NULL, *rp = NULL;
-- BIGNUM *sig_r, *sig_s;
-+ const BIGNUM *sig_r, *sig_s;
-
- if (md_ctx == NULL)
- goto x962_int_err;
-@@ -227,7 +180,7 @@ int x9_62_test_internal(BIO *out, int ni
- goto x962_int_err;
- if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))
- goto x962_int_err;
-- ECDSA_SIG_get0(&sig_r, &sig_s, signature);
-+ ECDSA_SIG_get0(signature, &sig_r, &sig_s);
- if (BN_cmp(sig_r, r) || BN_cmp(sig_s, s))
- goto x962_int_err;
- BIO_printf(out, ".");
-@@ -298,13 +251,15 @@ int test_builtin(BIO *out)
- size_t crv_len = 0, n = 0;
- EC_KEY *eckey = NULL, *wrong_eckey = NULL;
- EC_GROUP *group;
-- ECDSA_SIG *ecdsa_sig = NULL;
-+ ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
- unsigned char digest[20], wrong_digest[20];
- unsigned char *signature = NULL;
- const unsigned char *sig_ptr;
- unsigned char *sig_ptr2;
- unsigned char *raw_buf = NULL;
-- BIGNUM *sig_r, *sig_s;
-+ const BIGNUM *sig_r, *sig_s;
-+ BIGNUM *modified_r = NULL, *modified_s = NULL;
-+ BIGNUM *unmodified_r = NULL, *unmodified_s = NULL;
- unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
- int nid, ret = 0;
-
-@@ -435,7 +390,7 @@ int test_builtin(BIO *out)
- goto builtin_err;
- }
-
-- ECDSA_SIG_get0(&sig_r, &sig_s, ecdsa_sig);
-+ ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s);
-
- /* Store the two BIGNUMs in raw_buf. */
- r_len = BN_num_bytes(sig_r);
-@@ -456,12 +411,18 @@ int test_builtin(BIO *out)
- dirt = raw_buf[11] ? raw_buf[11] : 1;
- raw_buf[offset] ^= dirt;
- /* Now read the BIGNUMs back in from raw_buf. */
-- if ((BN_bin2bn(raw_buf, bn_len, sig_r) == NULL) ||
-- (BN_bin2bn(raw_buf + bn_len, bn_len, sig_s) == NULL))
-+ modified_sig = ECDSA_SIG_new();
-+ if (modified_sig == NULL)
- goto builtin_err;
--
-+ if (((modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL)
-+ || ((modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL)
-+ || !ECDSA_SIG_set0(modified_sig, modified_r, modified_s)) {
-+ BN_free(modified_r);
-+ BN_free(modified_s);
-+ goto builtin_err;
-+ }
- sig_ptr2 = signature;
-- sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
-+ sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
- if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {
- BIO_printf(out, " failed\n");
- goto builtin_err;
-@@ -470,12 +431,16 @@ int test_builtin(BIO *out)
- * Sanity check: undo the modification and verify signature.
- */
- raw_buf[offset] ^= dirt;
-- if ((BN_bin2bn(raw_buf, bn_len, sig_r) == NULL) ||
-- (BN_bin2bn(raw_buf + bn_len, bn_len, sig_s) == NULL))
-+ if (((unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL)
-+ || ((unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL)
-+ || !ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s)) {
-+ BN_free(unmodified_r);
-+ BN_free(unmodified_s);
- goto builtin_err;
-+ }
-
- sig_ptr2 = signature;
-- sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
-+ sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
- if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
- BIO_printf(out, " failed\n");
- goto builtin_err;
-@@ -495,6 +460,8 @@ int test_builtin(BIO *out)
- wrong_eckey = NULL;
- ECDSA_SIG_free(ecdsa_sig);
- ecdsa_sig = NULL;
-+ ECDSA_SIG_free(modified_sig);
-+ modified_sig = NULL;
- OPENSSL_free(raw_buf);
- raw_buf = NULL;
- }
-@@ -504,6 +471,7 @@ int test_builtin(BIO *out)
- EC_KEY_free(eckey);
- EC_KEY_free(wrong_eckey);
- ECDSA_SIG_free(ecdsa_sig);
-+ ECDSA_SIG_free(modified_sig);
- OPENSSL_free(signature);
- OPENSSL_free(raw_buf);
- OPENSSL_free(curves);
---- a/test/ectest.c
-+++ b/test/ectest.c
-@@ -1,59 +1,12 @@
- /*
-- * Originally written by Bodo Moeller for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
-@@ -248,7 +201,7 @@ static void prime_field_tests(void)
- EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
- NULL, *P_384 = NULL, *P_521 = NULL;
- EC_POINT *P, *Q, *R;
-- BIGNUM *x, *y, *z;
-+ BIGNUM *x, *y, *z, *yplusone;
- unsigned char buf[100];
- size_t i, len;
- int k;
-@@ -326,7 +279,8 @@ static void prime_field_tests(void)
- x = BN_new();
- y = BN_new();
- z = BN_new();
-- if (!x || !y || !z)
-+ yplusone = BN_new();
-+ if (x == NULL || y == NULL || z == NULL || yplusone == NULL)
- ABORT;
-
- if (!BN_hex2bn(&x, "D"))
-@@ -451,6 +405,14 @@ static void prime_field_tests(void)
- ABORT;
- if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
- ABORT;
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
-+ ABORT;
- if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
- ABORT;
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-@@ -522,6 +484,15 @@ static void prime_field_tests(void)
- if (0 != BN_cmp(y, z))
- ABORT;
-
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
-+ ABORT;
-+
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 192)
- ABORT;
-@@ -577,6 +548,15 @@ static void prime_field_tests(void)
- if (0 != BN_cmp(y, z))
- ABORT;
-
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
-+ ABORT;
-+
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 224)
- ABORT;
-@@ -637,6 +617,15 @@ static void prime_field_tests(void)
- if (0 != BN_cmp(y, z))
- ABORT;
-
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
-+ ABORT;
-+
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 256)
- ABORT;
-@@ -692,6 +681,15 @@ static void prime_field_tests(void)
- if (0 != BN_cmp(y, z))
- ABORT;
-
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
-+ ABORT;
-+
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 384)
- ABORT;
-@@ -753,6 +751,15 @@ static void prime_field_tests(void)
- if (0 != BN_cmp(y, z))
- ABORT;
-
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
-+ ABORT;
-+
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 521)
- ABORT;
-@@ -767,6 +774,10 @@ static void prime_field_tests(void)
-
- /* more tests using the last curve */
-
-+ /* Restore the point that got mangled in the (x, y + 1) test. */
-+ if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
-+ ABORT;
-+
- if (!EC_POINT_copy(Q, P))
- ABORT;
- if (EC_POINT_is_at_infinity(group, Q))
-@@ -876,6 +887,7 @@ static void prime_field_tests(void)
- BN_free(x);
- BN_free(y);
- BN_free(z);
-+ BN_free(yplusone);
-
- EC_GROUP_free(P_160);
- EC_GROUP_free(P_192);
-@@ -890,6 +902,13 @@ static void prime_field_tests(void)
- # ifdef OPENSSL_EC_BIN_PT_COMP
- # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
- if (!BN_hex2bn(&x, _x)) ABORT; \
-+ if (!BN_hex2bn(&y, _y)) ABORT; \
-+ if (!BN_add(yplusone, y, BN_value_one())) ABORT; \
-+ /* \
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
-+ * and therefore setting the coordinates should fail. \
-+ */ \
-+ if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
- if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
- if (!BN_hex2bn(&z, _order)) ABORT; \
-@@ -908,6 +927,12 @@ static void prime_field_tests(void)
- # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
- if (!BN_hex2bn(&x, _x)) ABORT; \
- if (!BN_hex2bn(&y, _y)) ABORT; \
-+ if (!BN_add(yplusone, y, BN_value_one())) ABORT; \
-+ /* \
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
-+ * and therefore setting the coordinates should fail. \
-+ */ \
-+ if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
- if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
- if (!BN_hex2bn(&z, _order)) ABORT; \
-@@ -945,7 +970,7 @@ static void char2_field_tests(void)
- EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
- NULL, *C2_B571 = NULL;
- EC_POINT *P, *Q, *R;
-- BIGNUM *x, *y, *z, *cof;
-+ BIGNUM *x, *y, *z, *cof, *yplusone;
- unsigned char buf[100];
- size_t i, len;
- int k;
-@@ -957,7 +982,7 @@ static void char2_field_tests(void)
- p = BN_new();
- a = BN_new();
- b = BN_new();
-- if (!p || !a || !b)
-+ if (p == NULL || a == NULL || b == NULL)
- ABORT;
-
- if (!BN_hex2bn(&p, "13"))
-@@ -1023,7 +1048,8 @@ static void char2_field_tests(void)
- y = BN_new();
- z = BN_new();
- cof = BN_new();
-- if (!x || !y || !z || !cof)
-+ yplusone = BN_new();
-+ if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL)
- ABORT;
-
- if (!BN_hex2bn(&x, "6"))
-@@ -1351,6 +1377,7 @@ static void char2_field_tests(void)
- BN_free(y);
- BN_free(z);
- BN_free(cof);
-+ BN_free(yplusone);
-
- EC_GROUP_free(C2_K163);
- EC_GROUP_free(C2_B163);
-@@ -1527,7 +1554,7 @@ static const struct nistp_test_params ni
- static void nistp_single_test(const struct nistp_test_params *test)
- {
- BN_CTX *ctx;
-- BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
-+ BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone;
- EC_GROUP *NISTP;
- EC_POINT *G, *P, *Q, *Q_CHECK;
-
-@@ -1542,6 +1569,7 @@ static void nistp_single_test(const stru
- m = BN_new();
- n = BN_new();
- order = BN_new();
-+ yplusone = BN_new();
-
- NISTP = EC_GROUP_new(test->meth());
- if (!NISTP)
-@@ -1564,6 +1592,14 @@ static void nistp_single_test(const stru
- ABORT;
- if (!BN_hex2bn(&y, test->Qy))
- ABORT;
-+ if (!BN_add(yplusone, y, BN_value_one()))
-+ ABORT;
-+ /*
-+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-+ * and therefore setting the coordinates should fail.
-+ */
-+ if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx))
-+ ABORT;
- if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
- ABORT;
- if (!BN_hex2bn(&x, test->Gx))
-@@ -1662,6 +1698,7 @@ static void nistp_single_test(const stru
- BN_free(x);
- BN_free(y);
- BN_free(order);
-+ BN_free(yplusone);
- BN_CTX_free(ctx);
- }
-
---- a/test/enginetest.c
-+++ b/test/enginetest.c
-@@ -1,59 +1,10 @@
- /*
-- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
-- * 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/evp_extra_test.c
-+++ b/test/evp_extra_test.c
-@@ -1,69 +1,10 @@
--/* Copyright (c) 2014, Google Inc.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
-- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/evp_test.c
-+++ b/test/evp_test.c
-@@ -1,54 +1,10 @@
- /*
-- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
-- * project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -251,7 +207,7 @@ struct evp_test {
- /* start line of current test */
- unsigned int start_line;
- /* Error string for test */
-- const char *err;
-+ const char *err, *aux_err;
- /* Expected error value of test */
- char *expected_err;
- /* Number of tests */
-@@ -364,8 +320,13 @@ static int check_test_error(struct evp_t
- if (!t->err && !t->expected_err)
- return 1;
- if (t->err && !t->expected_err) {
-- fprintf(stderr, "Test line %d: unexpected error %s\n",
-- t->start_line, t->err);
-+ if (t->aux_err != NULL) {
-+ fprintf(stderr, "Test line %d(%s): unexpected error %s\n",
-+ t->start_line, t->aux_err, t->err);
-+ } else {
-+ fprintf(stderr, "Test line %d: unexpected error %s\n",
-+ t->start_line, t->err);
-+ }
- print_expected(t);
- return 0;
- }
-@@ -830,7 +791,8 @@ static int cipher_test_parse(struct evp_
- return 0;
- }
-
--static int cipher_test_enc(struct evp_test *t, int enc)
-+static int cipher_test_enc(struct evp_test *t, int enc,
-+ size_t out_misalign, size_t inp_misalign)
- {
- struct cipher_data *cdat = t->data;
- unsigned char *in, *out, *tmp = NULL;
-@@ -854,9 +816,31 @@ static int cipher_test_enc(struct evp_te
- out = cdat->plaintext;
- out_len = cdat->plaintext_len;
- }
-- tmp = OPENSSL_malloc(in_len + 2 * EVP_MAX_BLOCK_LENGTH);
-- if (!tmp)
-- goto err;
-+ if (inp_misalign == (size_t)-1) {
-+ /*
-+ * Exercise in-place encryption
-+ */
-+ tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH);
-+ if (!tmp)
-+ goto err;
-+ in = memcpy(tmp + out_misalign, in, in_len);
-+ } else {
-+ inp_misalign += 16 - ((out_misalign + in_len) & 15);
-+ /*
-+ * 'tmp' will store both output and copy of input. We make the copy
-+ * of input to specifically aligned part of 'tmp'. So we just
-+ * figured out how much padding would ensure the required alignment,
-+ * now we allocate extended buffer and finally copy the input just
-+ * past inp_misalign in expression below. Output will be written
-+ * past out_misalign...
-+ */
-+ tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
-+ inp_misalign + in_len);
-+ if (!tmp)
-+ goto err;
-+ in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH +
-+ inp_misalign, in, in_len);
-+ }
- err = "CIPHERINIT_ERROR";
- if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc))
- goto err;
-@@ -918,20 +902,20 @@ static int cipher_test_enc(struct evp_te
- }
- EVP_CIPHER_CTX_set_padding(ctx, 0);
- err = "CIPHERUPDATE_ERROR";
-- if (!EVP_CipherUpdate(ctx, tmp, &tmplen, in, in_len))
-+ if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len))
- goto err;
- if (cdat->aead == EVP_CIPH_CCM_MODE)
- tmpflen = 0;
- else {
- err = "CIPHERFINAL_ERROR";
-- if (!EVP_CipherFinal_ex(ctx, tmp + tmplen, &tmpflen))
-+ if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen))
- goto err;
- }
- err = "LENGTH_MISMATCH";
- if (out_len != (size_t)(tmplen + tmpflen))
- goto err;
- err = "VALUE_MISMATCH";
-- if (check_output(t, out, tmp, out_len))
-+ if (check_output(t, out, tmp + out_misalign, out_len))
- goto err;
- if (enc && cdat->aead) {
- unsigned char rtag[16];
-@@ -961,6 +945,8 @@ static int cipher_test_run(struct evp_te
- {
- struct cipher_data *cdat = t->data;
- int rv;
-+ size_t out_misalign, inp_misalign;
-+
- if (!cdat->key) {
- t->err = "NO_KEY";
- return 0;
-@@ -976,24 +962,41 @@ static int cipher_test_run(struct evp_te
- t->err = "NO_TAG";
- return 0;
- }
-- if (cdat->enc) {
-- rv = cipher_test_enc(t, 1);
-- /* Not fatal errors: return */
-- if (rv != 1) {
-- if (rv < 0)
-- return 0;
-- return 1;
-- }
-- }
-- if (cdat->enc != 1) {
-- rv = cipher_test_enc(t, 0);
-- /* Not fatal errors: return */
-- if (rv != 1) {
-- if (rv < 0)
-- return 0;
-- return 1;
-+ for (out_misalign = 0; out_misalign <= 1; out_misalign++) {
-+ static char aux_err[64];
-+ t->aux_err = aux_err;
-+ for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) {
-+ if (inp_misalign == (size_t)-1) {
-+ /* kludge: inp_misalign == -1 means "exercise in-place" */
-+ BIO_snprintf(aux_err, sizeof(aux_err), "%s in-place",
-+ out_misalign ? "misaligned" : "aligned");
-+ } else {
-+ BIO_snprintf(aux_err, sizeof(aux_err), "%s output and %s input",
-+ out_misalign ? "misaligned" : "aligned",
-+ inp_misalign ? "misaligned" : "aligned");
-+ }
-+ if (cdat->enc) {
-+ rv = cipher_test_enc(t, 1, out_misalign, inp_misalign);
-+ /* Not fatal errors: return */
-+ if (rv != 1) {
-+ if (rv < 0)
-+ return 0;
-+ return 1;
-+ }
-+ }
-+ if (cdat->enc != 1) {
-+ rv = cipher_test_enc(t, 0, out_misalign, inp_misalign);
-+ /* Not fatal errors: return */
-+ if (rv != 1) {
-+ if (rv < 0)
-+ return 0;
-+ return 1;
-+ }
-+ }
- }
- }
-+ t->aux_err = NULL;
-+
- return 1;
- }
-
---- a/test/evptests.txt
-+++ b/test/evptests.txt
-@@ -1,3 +1,12 @@
-+#!/bin/sh
-+#
-+# Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
- #aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt)
- #digest:::input:output
-@@ -192,6 +201,25 @@ Input = "aaaaaaaaaa"
- Count = 100000
- Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01
-
-+# DES EDE3 CFB1
-+# echo -n "Hello World" |
-+# apps/openssl enc -des-ede3-cfb1 \
-+# -K 000102030405060708090A0B0C0D0E0F1011121314151617 -iv 0001020304050607 |
-+# xxd -ps -u
-+
-+Cipher = DES-EDE3-CFB1
-+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
-+IV = 0001020304050607
-+Plaintext = "Hello World"
-+Ciphertext = 3CF55D656E9C0664513358
-+
-+Cipher = DES-EDE3-CFB1
-+Key = 000102030405060708090A0B0C0D0E0F1011121314151617
-+IV = 0001020304050607
-+Operation = DECRYPT
-+Plaintext = "Hello World"
-+Ciphertext = 3CF55D656E9C0664513358
-+
- # AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
-
- Cipher = AES-128-ECB
-@@ -1766,6 +1794,15 @@ Tag = 566f8ef683078bfdeeffa869d751a017
- Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606
-
-+# 240 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
-+Cipher = aes-128-gcm
-+Key = 00000000000000000000000000000000
-+IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-+AAD =
-+Tag = fd0c7011ff07f0071324bdfb2d0f3a29
-+Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-+Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b6
-+
- # 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
- Cipher = aes-128-gcm
- Key = 00000000000000000000000000000000
-@@ -2087,6 +2124,91 @@ IV = 21436587a90000000000000000000000
- Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
- Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3
-
-+# Exercise different lengths covering even ciphertext stealing cases
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5B079C6307EA0914559C6D2FB6384F8AADF94
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce84
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CEF4F253466EF4953ADC8FE2F5BC1FF57593FD
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad0265
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE842973C68248EDDFE26FB9B096659C8A5D6BB7
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD0265C4DD16E65A24575A709F174593F19FF85EA9
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE519215FA160C664D4B07D757A034AB3B35A10C
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f91
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D82C6CBC24F9357BD1FB882AA4B2CC2E7FA750
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf
-+Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f434
-+
-+Cipher = aes-128-xts
-+Key = 2718281828459045235360287471352631415926535897932384626433832795
-+IV = 00000000000000000000000000000000
-+Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1
-+Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D8A750E8768DEFFFED9122810AAEB99F910409B03D164E727C31290FD4E039500872AF
-+
- # AES wrap tests from RFC3394
- Cipher = id-aes128-wrap
- Key = 000102030405060708090A0B0C0D0E0F
---- a/test/exdatatest.c
-+++ b/test/exdatatest.c
-@@ -1,56 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <assert.h>
- #include <string.h>
---- a/test/exptest.c
-+++ b/test/exptest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- /dev/null
-+++ b/test/generate_buildtest.pl
-@@ -0,0 +1,27 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use warnings;
-+
-+# First argument is name;
-+my $name = shift @ARGV;
-+# All other arguments are ignored for now
-+
-+print <<"_____";
-+/*
-+ * Generated with test/generate_buildtest.pl, to check that such a simple
-+ * program builds.
-+ */
-+#include <openssl/$name.h>
-+
-+int main()
-+{
-+ return 0;
-+}
-+_____
---- a/test/generate_ssl_tests.pl
-+++ b/test/generate_ssl_tests.pl
-@@ -1,5 +1,10 @@
--#! /usr/bin/perl
--# -*- mode: perl; -*-
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- ## SSL testcase generator
-
-@@ -38,7 +43,39 @@ sub print_templates {
- # Add the implicit base configuration.
- foreach my $test (@ssltests::tests) {
- $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
-+ if (defined $test->{"server2"}) {
-+ $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
-+ } else {
-+ if (defined $test->{"test"}->{"ServerNameCallback"}) {
-+ # Default is the same as server.
-+ $test->{"reuse_server2"} = 1;
-+ }
-+ # Do not emit an empty/duplicate "server2" section.
-+ $test->{"server2"} = { };
-+ }
-+ if (defined $test->{"resume_server"}) {
-+ $test->{"resume_server"} = { (%ssltests::base_server, %{$test->{"resume_server"}}) };
-+ } else {
-+ if (defined $test->{"test"}->{"HandshakeMode"} &&
-+ $test->{"test"}->{"HandshakeMode"} eq "Resume") {
-+ # Default is the same as server.
-+ $test->{"reuse_resume_server"} = 1;
-+ }
-+ # Do not emit an empty/duplicate "resume-server" section.
-+ $test->{"resume_server"} = { };
-+ }
- $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
-+ if (defined $test->{"resume_client"}) {
-+ $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) };
-+ } else {
-+ if (defined $test->{"test"}->{"HandshakeMode"} &&
-+ $test->{"test"}->{"HandshakeMode"} eq "Resume") {
-+ # Default is the same as client.
-+ $test->{"reuse_resume_client"} = 1;
-+ }
-+ # Do not emit an empty/duplicate "resume-client" section.
-+ $test->{"resume_client"} = { };
-+ }
- }
-
- # ssl_test expects to find a
-@@ -87,8 +124,7 @@ sub print_templates {
- # Shamelessly copied from Configure.
- sub read_config {
- my $fname = shift;
-- open(INPUT, "< $fname")
-- or die "Can't open input file '$fname'!\n";
-+ open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n";
- local $/ = undef;
- my $content = <INPUT>;
- close(INPUT);
---- a/test/gmdifftest.c
-+++ b/test/gmdifftest.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2001-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/test/handshake_helper.c
-+++ b/test/handshake_helper.c
-@@ -1,20 +1,37 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <string.h>
-
- #include <openssl/bio.h>
-+#include <openssl/x509_vfy.h>
- #include <openssl/ssl.h>
-
- #include "handshake_helper.h"
-
-+HANDSHAKE_RESULT *HANDSHAKE_RESULT_new()
-+{
-+ HANDSHAKE_RESULT *ret;
-+ ret = OPENSSL_zalloc(sizeof(*ret));
-+ OPENSSL_assert(ret != NULL);
-+ return ret;
-+}
-+
-+void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
-+{
-+ OPENSSL_free(result->client_npn_negotiated);
-+ OPENSSL_free(result->server_npn_negotiated);
-+ OPENSSL_free(result->client_alpn_negotiated);
-+ OPENSSL_free(result->server_alpn_negotiated);
-+ OPENSSL_free(result);
-+}
-+
- /*
- * Since there appears to be no way to extract the sent/received alert
- * from the SSL object directly, we use the info callback and stash
-@@ -23,11 +40,29 @@
- typedef struct handshake_ex_data {
- int alert_sent;
- int alert_received;
-+ int session_ticket_do_not_call;
-+ ssl_servername_t servername;
- } HANDSHAKE_EX_DATA;
-
-+typedef struct ctx_data {
-+ unsigned char *npn_protocols;
-+ size_t npn_protocols_len;
-+ unsigned char *alpn_protocols;
-+ size_t alpn_protocols_len;
-+} CTX_DATA;
-+
-+/* |ctx_data| itself is stack-allocated. */
-+static void ctx_data_free_data(CTX_DATA *ctx_data)
-+{
-+ OPENSSL_free(ctx_data->npn_protocols);
-+ ctx_data->npn_protocols = NULL;
-+ OPENSSL_free(ctx_data->alpn_protocols);
-+ ctx_data->alpn_protocols = NULL;
-+}
-+
- static int ex_data_idx;
-
--static void info_callback(const SSL *s, int where, int ret)
-+static void info_cb(const SSL *s, int where, int ret)
- {
- if (where & SSL_CB_ALERT) {
- HANDSHAKE_EX_DATA *ex_data =
-@@ -40,22 +75,347 @@ static void info_callback(const SSL *s,
- }
- }
-
-+/* Select the appropriate server CTX.
-+ * Returns SSL_TLSEXT_ERR_OK if a match was found.
-+ * If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
-+ * Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
-+ * An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK.
-+ */
-+static int select_server_ctx(SSL *s, void *arg, int ignore)
-+{
-+ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-+ HANDSHAKE_EX_DATA *ex_data =
-+ (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
-+
-+ if (servername == NULL) {
-+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
-+ return SSL_TLSEXT_ERR_NOACK;
-+ }
-+
-+ if (strcmp(servername, "server2") == 0) {
-+ SSL_CTX *new_ctx = (SSL_CTX*)arg;
-+ SSL_set_SSL_CTX(s, new_ctx);
-+ /*
-+ * Copy over all the SSL_CTX options - reasonable behavior
-+ * allows testing of cases where the options between two
-+ * contexts differ/conflict
-+ */
-+ SSL_clear_options(s, 0xFFFFFFFFL);
-+ SSL_set_options(s, SSL_CTX_get_options(new_ctx));
-+
-+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
-+ return SSL_TLSEXT_ERR_OK;
-+ } else if (strcmp(servername, "server1") == 0) {
-+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
-+ return SSL_TLSEXT_ERR_OK;
-+ } else if (ignore) {
-+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
-+ return SSL_TLSEXT_ERR_NOACK;
-+ } else {
-+ /* Don't set an explicit alert, to test library defaults. */
-+ return SSL_TLSEXT_ERR_ALERT_FATAL;
-+ }
-+}
-+
-+/*
-+ * (RFC 6066):
-+ * If the server understood the ClientHello extension but
-+ * does not recognize the server name, the server SHOULD take one of two
-+ * actions: either abort the handshake by sending a fatal-level
-+ * unrecognized_name(112) alert or continue the handshake.
-+ *
-+ * This behaviour is up to the application to configure; we test both
-+ * configurations to ensure the state machine propagates the result
-+ * correctly.
-+ */
-+static int servername_ignore_cb(SSL *s, int *ad, void *arg)
-+{
-+ return select_server_ctx(s, arg, 1);
-+}
-+
-+static int servername_reject_cb(SSL *s, int *ad, void *arg)
-+{
-+ return select_server_ctx(s, arg, 0);
-+}
-+
-+static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) {
-+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
-+ return 0;
-+}
-+
-+static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) {
-+ return 1;
-+}
-+
-+static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, unsigned char *iv,
-+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
-+{
-+ return 0;
-+}
-+
-+static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
-+ unsigned char *iv,
-+ EVP_CIPHER_CTX *ctx,
-+ HMAC_CTX *hctx, int enc)
-+{
-+ HANDSHAKE_EX_DATA *ex_data =
-+ (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
-+ ex_data->session_ticket_do_not_call = 1;
-+ return 0;
-+}
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+/* Parse the comma-separated list into TLS format. */
-+static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
-+{
-+ size_t len, i, prefix;
-+
-+ len = strlen(protos);
-+
-+ /* Should never have reuse. */
-+ OPENSSL_assert(*out == NULL);
-+
-+ /* Test values are small, so we omit length limit checks. */
-+ *out = OPENSSL_malloc(len + 1);
-+ OPENSSL_assert(*out != NULL);
-+ *outlen = len + 1;
-+
-+ /*
-+ * foo => '3', 'f', 'o', 'o'
-+ * foo,bar => '3', 'f', 'o', 'o', '3', 'b', 'a', 'r'
-+ */
-+ memcpy(*out + 1, protos, len);
-+
-+ prefix = 0;
-+ i = prefix + 1;
-+ while (i <= len) {
-+ if ((*out)[i] == ',') {
-+ OPENSSL_assert(i - 1 - prefix > 0);
-+ (*out)[prefix] = i - 1 - prefix;
-+ prefix = i;
-+ }
-+ i++;
-+ }
-+ OPENSSL_assert(len - prefix > 0);
-+ (*out)[prefix] = len - prefix;
-+}
-+
-+/*
-+ * The client SHOULD select the first protocol advertised by the server that it
-+ * also supports. In the event that the client doesn't support any of server's
-+ * protocols, or the server doesn't advertise any, it SHOULD select the first
-+ * protocol that it supports.
-+ */
-+static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen,
-+ const unsigned char *in, unsigned int inlen,
-+ void *arg)
-+{
-+ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
-+ int ret;
-+
-+ ret = SSL_select_next_proto(out, outlen, in, inlen,
-+ ctx_data->npn_protocols,
-+ ctx_data->npn_protocols_len);
-+ /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */
-+ OPENSSL_assert(ret == OPENSSL_NPN_NEGOTIATED
-+ || ret == OPENSSL_NPN_NO_OVERLAP);
-+ return SSL_TLSEXT_ERR_OK;
-+}
-+
-+static int server_npn_cb(SSL *s, const unsigned char **data,
-+ unsigned int *len, void *arg)
-+{
-+ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
-+ *data = ctx_data->npn_protocols;
-+ *len = ctx_data->npn_protocols_len;
-+ return SSL_TLSEXT_ERR_OK;
-+}
-+
-+/*
-+ * The server SHOULD select the most highly preferred protocol that it supports
-+ * and that is also advertised by the client. In the event that the server
-+ * supports no protocols that the client advertises, then the server SHALL
-+ * respond with a fatal "no_application_protocol" alert.
-+ */
-+static int server_alpn_cb(SSL *s, const unsigned char **out,
-+ unsigned char *outlen, const unsigned char *in,
-+ unsigned int inlen, void *arg)
-+{
-+ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
-+ int ret;
-+
-+ /* SSL_select_next_proto isn't const-correct... */
-+ unsigned char *tmp_out;
-+
-+ /*
-+ * The result points either to |in| or to |ctx_data->alpn_protocols|.
-+ * The callback is allowed to point to |in| or to a long-lived buffer,
-+ * so we can return directly without storing a copy.
-+ */
-+ ret = SSL_select_next_proto(&tmp_out, outlen,
-+ ctx_data->alpn_protocols,
-+ ctx_data->alpn_protocols_len, in, inlen);
-+
-+ *out = tmp_out;
-+ /* Unlike NPN, we don't tolerate a mismatch. */
-+ return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
-+ : SSL_TLSEXT_ERR_NOACK;
-+}
-+#endif
-+
-+/*
-+ * Configure callbacks and other properties that can't be set directly
-+ * in the server/client CONF.
-+ */
-+static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
-+ SSL_CTX *client_ctx,
-+ const SSL_TEST_CTX *test_ctx,
-+ CTX_DATA *server_ctx_data,
-+ CTX_DATA *server2_ctx_data,
-+ CTX_DATA *client_ctx_data)
-+{
-+ unsigned char *ticket_keys;
-+ size_t ticket_key_len;
-+
-+ switch (test_ctx->client_verify_callback) {
-+ case SSL_TEST_VERIFY_ACCEPT_ALL:
-+ SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb,
-+ NULL);
-+ break;
-+ case SSL_TEST_VERIFY_REJECT_ALL:
-+ SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb,
-+ NULL);
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /* link the two contexts for SNI purposes */
-+ switch (test_ctx->servername_callback) {
-+ case SSL_TEST_SERVERNAME_IGNORE_MISMATCH:
-+ SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb);
-+ SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
-+ break;
-+ case SSL_TEST_SERVERNAME_REJECT_MISMATCH:
-+ SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb);
-+ SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
-+ break;
-+ default:
-+ break;
-+ }
-+
-+ /*
-+ * The initial_ctx/session_ctx always handles the encrypt/decrypt of the
-+ * session ticket. This ticket_key callback is assigned to the second
-+ * session (assigned via SNI), and should never be invoked
-+ */
-+ if (server2_ctx != NULL)
-+ SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx,
-+ do_not_call_session_ticket_cb);
-+
-+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
-+ SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
-+ }
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ if (test_ctx->server_npn_protocols != NULL) {
-+ parse_protos(test_ctx->server_npn_protocols,
-+ &server_ctx_data->npn_protocols,
-+ &server_ctx_data->npn_protocols_len);
-+ SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb,
-+ server_ctx_data);
-+ }
-+ if (test_ctx->server2_npn_protocols != NULL) {
-+ parse_protos(test_ctx->server2_npn_protocols,
-+ &server2_ctx_data->npn_protocols,
-+ &server2_ctx_data->npn_protocols_len);
-+ OPENSSL_assert(server2_ctx != NULL);
-+ SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
-+ server2_ctx_data);
-+ }
-+ if (test_ctx->client_npn_protocols != NULL) {
-+ parse_protos(test_ctx->client_npn_protocols,
-+ &client_ctx_data->npn_protocols,
-+ &client_ctx_data->npn_protocols_len);
-+ SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
-+ client_ctx_data);
-+ }
-+ if (test_ctx->server_alpn_protocols != NULL) {
-+ parse_protos(test_ctx->server_alpn_protocols,
-+ &server_ctx_data->alpn_protocols,
-+ &server_ctx_data->alpn_protocols_len);
-+ SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
-+ }
-+ if (test_ctx->server2_alpn_protocols != NULL) {
-+ OPENSSL_assert(server2_ctx != NULL);
-+ parse_protos(test_ctx->server2_alpn_protocols,
-+ &server2_ctx_data->alpn_protocols,
-+ &server2_ctx_data->alpn_protocols_len);
-+ SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data);
-+ }
-+ if (test_ctx->client_alpn_protocols != NULL) {
-+ unsigned char *alpn_protos = NULL;
-+ size_t alpn_protos_len;
-+ parse_protos(test_ctx->client_alpn_protocols,
-+ &alpn_protos, &alpn_protos_len);
-+ /* Reversed return value convention... */
-+ OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
-+ alpn_protos_len) == 0);
-+ OPENSSL_free(alpn_protos);
-+ }
-+#endif
-+ /*
-+ * Use fixed session ticket keys so that we can decrypt a ticket created with
-+ * one CTX in another CTX. Don't address server2 for the moment.
-+ */
-+ ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0);
-+ ticket_keys = OPENSSL_zalloc(ticket_key_len);
-+ OPENSSL_assert(ticket_keys != NULL);
-+ OPENSSL_assert(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys,
-+ ticket_key_len) == 1);
-+ OPENSSL_free(ticket_keys);
-+}
-+
-+/* Configure per-SSL callbacks and other properties. */
-+static void configure_handshake_ssl(SSL *server, SSL *client,
-+ const SSL_TEST_CTX *test_ctx)
-+{
-+ if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE)
-+ SSL_set_tlsext_host_name(client,
-+ ssl_servername_name(test_ctx->servername));
-+}
-+
-+
- typedef enum {
- PEER_SUCCESS,
- PEER_RETRY,
- PEER_ERROR
- } peer_status_t;
-
--static peer_status_t do_handshake_step(SSL *ssl)
-+/*
-+ * RFC 5246 says:
-+ *
-+ * Note that as of TLS 1.1,
-+ * failure to properly close a connection no longer requires that a
-+ * session not be resumed. This is a change from TLS 1.0 to conform
-+ * with widespread implementation practice.
-+ *
-+ * However,
-+ * (a) OpenSSL requires that a connection be shutdown for all protocol versions.
-+ * (b) We test lower versions, too.
-+ * So we just implement shutdown. We do a full bidirectional shutdown so that we
-+ * can compare sent and received close_notify alerts and get some test coverage
-+ * for SSL_shutdown as a bonus.
-+ */
-+static peer_status_t do_handshake_step(SSL *ssl, int shutdown)
- {
- int ret;
-
-- ret = SSL_do_handshake(ssl);
-+ ret = shutdown ? SSL_shutdown(ssl) : SSL_do_handshake(ssl);
-
- if (ret == 1) {
- return PEER_SUCCESS;
- } else if (ret == 0) {
-- return PEER_ERROR;
-+ return shutdown ? PEER_RETRY : PEER_ERROR;
- } else {
- int error = SSL_get_error(ssl, ret);
- /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
-@@ -139,24 +499,67 @@ static handshake_status_t handshake_stat
- return INTERNAL_ERROR;
- }
-
--HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx)
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
-+static char *dup_str(const unsigned char *in, size_t len)
-+{
-+ char *ret;
-+
-+ if(len == 0)
-+ return NULL;
-+
-+ /* Assert that the string does not contain NUL-bytes. */
-+ OPENSSL_assert(OPENSSL_strnlen((const char*)(in), len) == len);
-+ ret = OPENSSL_strndup((const char*)(in), len);
-+ OPENSSL_assert(ret != NULL);
-+ return ret;
-+}
-+#endif
-+
-+static HANDSHAKE_RESULT *do_handshake_internal(
-+ SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
-+ const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in,
-+ SSL_SESSION **session_out)
- {
- SSL *server, *client;
- BIO *client_to_server, *server_to_client;
- HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
-- HANDSHAKE_RESULT ret;
-- int client_turn = 1;
-+ CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
-+ HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
-+ int client_turn = 1, shutdown = 0;
- peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY;
- handshake_status_t status = HANDSHAKE_RETRY;
-+ unsigned char* tick = NULL;
-+ size_t tick_len = 0;
-+ SSL_SESSION* sess = NULL;
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ const unsigned char *proto = NULL;
-+ /* API dictates unsigned int rather than size_t. */
-+ unsigned int proto_len = 0;
-+#endif
-+
-+ memset(&server_ctx_data, 0, sizeof(server_ctx_data));
-+ memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
-+ memset(&client_ctx_data, 0, sizeof(client_ctx_data));
-+
-+ configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx,
-+ &server_ctx_data, &server2_ctx_data, &client_ctx_data);
-
- server = SSL_new(server_ctx);
- client = SSL_new(client_ctx);
- OPENSSL_assert(server != NULL && client != NULL);
-
-+ configure_handshake_ssl(server, client, test_ctx);
-+ if (session_in != NULL) {
-+ /* In case we're testing resumption without tickets. */
-+ OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in));
-+ OPENSSL_assert(SSL_set_session(client, session_in));
-+ }
-+
- memset(&server_ex_data, 0, sizeof(server_ex_data));
- memset(&client_ex_data, 0, sizeof(client_ex_data));
-- memset(&ret, 0, sizeof(ret));
-- ret.result = SSL_TEST_INTERNAL_ERROR;
-+
-+ ret->result = SSL_TEST_INTERNAL_ERROR;
-
- client_to_server = BIO_new(BIO_s_mem());
- server_to_client = BIO_new(BIO_s_mem());
-@@ -184,8 +587,8 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
- OPENSSL_assert(SSL_set_ex_data(client, ex_data_idx,
- &client_ex_data) == 1);
-
-- SSL_set_info_callback(server, &info_callback);
-- SSL_set_info_callback(client, &info_callback);
-+ SSL_set_info_callback(server, &info_cb);
-+ SSL_set_info_callback(client, &info_cb);
-
- /*
- * Half-duplex handshake loop.
-@@ -197,27 +600,34 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
- */
- for(;;) {
- if (client_turn) {
-- client_status = do_handshake_step(client);
-+ client_status = do_handshake_step(client, shutdown);
- status = handshake_status(client_status, server_status,
- 1 /* client went last */);
- } else {
-- server_status = do_handshake_step(server);
-+ server_status = do_handshake_step(server, shutdown);
- status = handshake_status(server_status, client_status,
- 0 /* server went last */);
- }
-
- switch (status) {
- case HANDSHAKE_SUCCESS:
-- ret.result = SSL_TEST_SUCCESS;
-- goto err;
-+ if (shutdown) {
-+ ret->result = SSL_TEST_SUCCESS;
-+ goto err;
-+ } else {
-+ client_status = server_status = PEER_RETRY;
-+ shutdown = 1;
-+ client_turn = 1;
-+ break;
-+ }
- case CLIENT_ERROR:
-- ret.result = SSL_TEST_CLIENT_FAIL;
-+ ret->result = SSL_TEST_CLIENT_FAIL;
- goto err;
- case SERVER_ERROR:
-- ret.result = SSL_TEST_SERVER_FAIL;
-+ ret->result = SSL_TEST_SERVER_FAIL;
- goto err;
- case INTERNAL_ERROR:
-- ret.result = SSL_TEST_INTERNAL_ERROR;
-+ ret->result = SSL_TEST_INTERNAL_ERROR;
- goto err;
- case HANDSHAKE_RETRY:
- /* Continue. */
-@@ -226,14 +636,75 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *s
- }
- }
- err:
-- ret.server_alert_sent = server_ex_data.alert_sent;
-- ret.server_alert_received = client_ex_data.alert_received;
-- ret.client_alert_sent = client_ex_data.alert_sent;
-- ret.client_alert_received = server_ex_data.alert_received;
-- ret.server_protocol = SSL_version(server);
-- ret.client_protocol = SSL_version(client);
-+ ret->server_alert_sent = server_ex_data.alert_sent;
-+ ret->server_alert_received = client_ex_data.alert_received;
-+ ret->client_alert_sent = client_ex_data.alert_sent;
-+ ret->client_alert_received = server_ex_data.alert_received;
-+ ret->server_protocol = SSL_version(server);
-+ ret->client_protocol = SSL_version(client);
-+ ret->servername = server_ex_data.servername;
-+ if ((sess = SSL_get0_session(client)) != NULL)
-+ SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
-+ if (tick == NULL || tick_len == 0)
-+ ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
-+ else
-+ ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
-+ ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
-+ ret->client_npn_negotiated = dup_str(proto, proto_len);
-+
-+ SSL_get0_next_proto_negotiated(server, &proto, &proto_len);
-+ ret->server_npn_negotiated = dup_str(proto, proto_len);
-+
-+ SSL_get0_alpn_selected(client, &proto, &proto_len);
-+ ret->client_alpn_negotiated = dup_str(proto, proto_len);
-+
-+ SSL_get0_alpn_selected(server, &proto, &proto_len);
-+ ret->server_alpn_negotiated = dup_str(proto, proto_len);
-+#endif
-+
-+ ret->client_resumed = SSL_session_reused(client);
-+ ret->server_resumed = SSL_session_reused(server);
-+
-+ if (session_out != NULL)
-+ *session_out = SSL_get1_session(client);
-+
-+ ctx_data_free_data(&server_ctx_data);
-+ ctx_data_free_data(&server2_ctx_data);
-+ ctx_data_free_data(&client_ctx_data);
-
- SSL_free(server);
- SSL_free(client);
- return ret;
- }
-+
-+HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
-+ SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
-+ SSL_CTX *resume_client_ctx,
-+ const SSL_TEST_CTX *test_ctx)
-+{
-+ HANDSHAKE_RESULT *result;
-+ SSL_SESSION *session = NULL;
-+
-+ result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,
-+ test_ctx, NULL, &session);
-+ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE)
-+ goto end;
-+
-+ OPENSSL_assert(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME);
-+
-+ if (result->result != SSL_TEST_SUCCESS) {
-+ result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED;
-+ return result;
-+ }
-+
-+ HANDSHAKE_RESULT_free(result);
-+ /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
-+ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
-+ test_ctx, session, NULL);
-+ end:
-+ SSL_SESSION_free(session);
-+ return result;
-+}
---- a/test/handshake_helper.h
-+++ b/test/handshake_helper.h
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #ifndef HEADER_HANDSHAKE_HELPER_H
-@@ -27,9 +26,28 @@ typedef struct handshake_result {
- /* Negotiated protocol. On success, these should always match. */
- int server_protocol;
- int client_protocol;
-+ /* Server connection */
-+ ssl_servername_t servername;
-+ /* Session ticket status */
-+ ssl_session_ticket_t session_ticket;
-+ /* Was this called on the second context? */
-+ int session_ticket_do_not_call;
-+ char *client_npn_negotiated;
-+ char *server_npn_negotiated;
-+ char *client_alpn_negotiated;
-+ char *server_alpn_negotiated;
-+ /* Was the handshake resumed? */
-+ int client_resumed;
-+ int server_resumed;
- } HANDSHAKE_RESULT;
-
-+HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
-+void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result);
-+
- /* Do a handshake and report some information about the result. */
--HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx);
-+HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
-+ SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
-+ SSL_CTX *resume_client_ctx,
-+ const SSL_TEST_CTX *test_ctx);
-
- #endif /* HEADER_HANDSHAKE_HELPER_H */
---- a/test/heartbeat_test.c
-+++ b/test/heartbeat_test.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /*-
- * Unit test for TLS heartbeats.
- *
-@@ -92,7 +101,7 @@ static HEARTBEAT_TEST_FIXTURE set_up(con
- goto fail;
- }
-
-- if (!ssl_init_wbio_buffer(fixture.s, 1)) {
-+ if (!ssl_init_wbio_buffer(fixture.s)) {
- fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
- test_case_name);
- setup_ok = 0;
---- a/test/hmactest.c
-+++ b/test/hmactest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -119,8 +71,8 @@ static struct test_st {
- (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
- },
- {
-- "12345", 5, "My test data again", 12,
-- (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
-+ "12345", 5, "My test data again", 18,
-+ (unsigned char *)"a12396ceddd2a85f4c656bc1e0aa50c78cffde3e"
- }
- };
- # endif
-@@ -171,6 +123,11 @@ int main(int argc, char *argv[])
- err++;
- goto end;
- }
-+ if (HMAC_CTX_get_md(ctx) != NULL) {
-+ printf("Message digest not NULL for HMAC (test 4)\n");
-+ err++;
-+ goto test5;
-+ }
- if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
- printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
- err++;
-@@ -203,6 +160,11 @@ int main(int argc, char *argv[])
- }
-
- HMAC_CTX_reset(ctx);
-+ if (HMAC_CTX_get_md(ctx) != NULL) {
-+ printf("Message digest not NULL for HMAC (test 5)\n");
-+ err++;
-+ goto test6;
-+ }
- if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
- printf("Should fail to initialise HMAC with empty MD (test 5)\n");
- err++;
-@@ -250,6 +212,11 @@ int main(int argc, char *argv[])
- err++;
- goto test6;
- }
-+ if (HMAC_CTX_get_md(ctx) != EVP_sha256()) {
-+ printf("Unexpected message digest for HMAC (test 5)\n");
-+ err++;
-+ goto test6;
-+ }
- if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
- printf("Error updating HMAC with data (sha256) (test 5)\n");
- err++;
---- a/test/ideatest.c
-+++ b/test/ideatest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/igetest.c
-+++ b/test/igetest.c
-@@ -1,51 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+/*
-+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/crypto.h>
---- a/test/md2test.c
-+++ b/test/md2test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -108,8 +60,11 @@ int main(int argc, char *argv[])
- R = ret;
- i = 1;
- while (*P != NULL) {
-- EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
-- NULL);
-+ if (!EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
-+ NULL)) {
-+ printf("EVP Digest error.\n");
-+ EXIT(1);
-+ }
- p = pt(md);
- if (strcmp(p, *R) != 0) {
- printf("error calculating MD2 on '%s'\n", *P);
---- a/test/md4test.c
-+++ b/test/md4test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -104,7 +56,11 @@ int main(int argc, char *argv[])
- R = ret;
- i = 1;
- while (*P != NULL) {
-- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL);
-+ if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(),
-+ NULL)) {
-+ printf("EVP Digest error.\n");
-+ EXIT(1);
-+ }
- p = pt(md);
- if (strcmp(p, (char *)*R) != 0) {
- printf("error calculating MD4 on '%s'\n", *P);
---- a/test/md5test.c
-+++ b/test/md5test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -104,7 +56,11 @@ int main(int argc, char *argv[])
- R = ret;
- i = 1;
- while (*P != NULL) {
-- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), NULL);
-+ if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(),
-+ NULL)) {
-+ printf("EVP Digest error.\n");
-+ EXIT(1);
-+ }
- p = pt(md);
- if (strcmp(p, (char *)*R) != 0) {
- printf("error calculating MD5 on '%s'\n", *P);
---- a/test/mdc2test.c
-+++ b/test/mdc2test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -91,20 +43,22 @@ static unsigned char pad2[16] = {
-
- int main(int argc, char *argv[])
- {
-- int ret = 0;
-+ int ret = 1;
- unsigned char md[MDC2_DIGEST_LENGTH];
- int i;
- EVP_MD_CTX *c;
-- static char *text = "Now is the time for all ";
-+ static char text[] = "Now is the time for all ";
-
- # ifdef CHARSET_EBCDIC
- ebcdic2ascii(text, text, strlen(text));
- # endif
-
- c = EVP_MD_CTX_new();
-- EVP_DigestInit_ex(c, EVP_mdc2(), NULL);
-- EVP_DigestUpdate(c, (unsigned char *)text, strlen(text));
-- EVP_DigestFinal_ex(c, &(md[0]), NULL);
-+ if (c == NULL
-+ || !EVP_DigestInit_ex(c, EVP_mdc2(), NULL)
-+ || !EVP_DigestUpdate(c, (unsigned char *)text, strlen(text))
-+ || !EVP_DigestFinal_ex(c, &(md[0]), NULL))
-+ goto err;
-
- if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
- for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-@@ -113,15 +67,18 @@ int main(int argc, char *argv[])
- for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
- printf("%02X", pad1[i]);
- printf(" <- correct\n");
-- ret = 1;
-- } else
-+ goto err;
-+ } else {
- printf("pad1 - ok\n");
-+ }
-
-- EVP_DigestInit_ex(c, EVP_mdc2(), NULL);
-+ if (!EVP_DigestInit_ex(c, EVP_mdc2(), NULL))
-+ goto err;
- /* FIXME: use a ctl function? */
- ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
-- EVP_DigestUpdate(c, (unsigned char *)text, strlen(text));
-- EVP_DigestFinal_ex(c, &(md[0]), NULL);
-+ if (!EVP_DigestUpdate(c, (unsigned char *)text, strlen(text))
-+ || !EVP_DigestFinal_ex(c, &(md[0]), NULL))
-+ goto err;
-
- if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
- for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-@@ -130,10 +87,12 @@ int main(int argc, char *argv[])
- for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
- printf("%02X", pad2[i]);
- printf(" <- correct\n");
-- ret = 1;
-- } else
-+ } else {
- printf("pad2 - ok\n");
-+ ret = 0;
-+ }
-
-+ err:
- EVP_MD_CTX_free(c);
- EXIT(ret);
- }
---- a/test/memleaktest.c
-+++ b/test/memleaktest.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/methtest.c
-+++ b/test/methtest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/nptest.c
-+++ /dev/null
-@@ -1,66 +0,0 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-- *
-- */
--
--
--#include <stdio.h>
--#include <string.h>
--
--int main()
--{
-- char *p = NULL;
-- char bytes[sizeof(p)];
--
-- memset(bytes, 0, sizeof bytes);
-- return memcmp(&p, bytes, sizeof(bytes)) == 0 ? 0 : 1;
--}
---- a/test/p5_crpt2_test.c
-+++ b/test/p5_crpt2_test.c
-@@ -1,50 +1,10 @@
--/* Written by Christian Heimes, 2013 */
- /*
-- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -54,9 +14,6 @@
-
- #include <openssl/opensslconf.h>
- #include <openssl/evp.h>
--#ifndef OPENSSL_NO_ENGINE
--# include <openssl/engine.h>
--#endif
- #include <openssl/err.h>
- #include <openssl/conf.h>
-
---- a/test/packettest.c
-+++ b/test/packettest.c
-@@ -1,61 +1,12 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
--
- #include "../ssl/packet_locl.h"
-
- #define BUF_LEN 255
---- a/test/pbelutest.c
-+++ b/test/pbelutest.c
-@@ -1,55 +1,10 @@
--/* ====================================================================
-- * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <openssl/evp.h>
---- a/test/pkits-test.pl
-+++ b/test/pkits-test.pl
-@@ -1,54 +1,10 @@
--# test/pkits-test.pl
--# Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
--# project.
-+#! /usr/bin/env perl
-+# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# ====================================================================
--# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
--#
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# licensing at OpenSSL.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- # Perl utility to run PKITS tests for RFC3280 compliance.
-
---- a/test/r160test.c
-+++ b/test/r160test.c
-@@ -1,56 +1,9 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
---- a/test/randtest.c
-+++ b/test/randtest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/rc2test.c
-+++ b/test/rc2test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/test/rc4test.c
-+++ b/test/rc4test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
---- a/test/rc5test.c
-+++ b/test/rc5test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- /*
---- a/test/recipes/01-test_abort.t
-+++ b/test/recipes/01-test_abort.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test;
-
---- a/test/recipes/01-test_ordinals.t
-+++ /dev/null
-@@ -1,104 +0,0 @@
--#!/usr/bin/perl
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
--#
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
--
--use strict;
--use OpenSSL::Test qw/:DEFAULT srctop_file/;
--
--setup("test_ordinals");
--
--plan tests => 2;
--
--ok(testordinals(srctop_file("util", "libcrypto.num")), "Test libcrypto.num");
--ok(testordinals(srctop_file("util", "libssl.num")), "Test libssl.num");
--
--sub testordinals
--{
-- my $filename = shift;
-- my $cnt = 0;
-- my $ret = 1;
-- my $qualifier = "";
-- my $newqual;
-- my $lastfunc = "";
--
-- open(my $fh, '<', $filename);
-- while (my $line = <$fh>) {
-- my @tokens = split(/(?:\s+|\s*:\s*)/, $line);
-- #Check the line looks sane
-- if ($#tokens < 5 || $#tokens > 6) {
-- print STDERR "Invalid line:\n$line\n";
-- $ret = 0;
-- last;
-- }
-- if ($tokens[3] eq "NOEXIST") {
-- #Ignore this line
-- next;
-- }
-- #Some ordinals can be repeated, e.g. if one is VMS and another is !VMS
-- $newqual = $tokens[4];
-- $newqual =~ s/!//g;
-- if ($cnt > $tokens[1]
-- || ($cnt == $tokens[1] && ($qualifier ne $newqual
-- || $qualifier eq ""))) {
-- print STDERR "Invalid ordinal detected: ".$tokens[1]."\n";
-- $ret = 0;
-- last;
-- }
-- $cnt = $tokens[1];
-- $qualifier = $newqual;
-- $lastfunc = $tokens[0];
-- }
-- close($fh);
--
-- return $ret;
--}
---- /dev/null
-+++ b/test/recipes/01-test_sanity.t
-@@ -0,0 +1,12 @@
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use OpenSSL::Test::Simple;
-+
-+simple_test("test_sanity", "sanitytest");
---- /dev/null
-+++ b/test/recipes/01-test_symbol_presence.t
-@@ -0,0 +1,115 @@
-+#! /usr/bin/env perl
-+# -*- mode: Perl -*-
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use File::Spec::Functions qw(devnull);
-+use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_dir bldtop_file);
-+use OpenSSL::Test::Utils;
-+
-+setup("test_symbol_presence");
-+
-+plan skip_all => "Only useful when building shared libraries"
-+ if disabled("shared");
-+
-+my @libnames = ("crypto", "ssl");
-+my $testcount = scalar @libnames;
-+
-+plan tests => $testcount * 2;
-+
-+note
-+ "NOTE: developper test! It's possible that it won't run on your\n",
-+ "platform, and that's perfectly fine. This is mainly for developers\n",
-+ "on Unix to check that our shared libraries are consistent with the\n",
-+ "ordinals (util/*.num in the source tree), something that should be\n",
-+ "good enough a check for the other platforms as well.\n";
-+
-+foreach my $libname (@libnames) {
-+ SKIP:
-+ {
-+ my $shlibpath = bldtop_file("lib" . $libname . ".so");
-+ *OSTDERR = *STDERR;
-+ *OSTDOUT = *STDOUT;
-+ open STDERR, ">", devnull();
-+ open STDOUT, ">", devnull();
-+ my @nm_lines = map { s|\R$||; $_ } `nm -Pg $shlibpath 2> /dev/null`;
-+ close STDERR;
-+ close STDOUT;
-+ *STDERR = *OSTDERR;
-+ *STDOUT = *OSTDOUT;
-+ skip "Can't run 'nm -Pg $shlibpath' => $?... ignoring", 2
-+ unless $? == 0;
-+
-+ my $bldtop = bldtop_dir();
-+ my @def_lines;
-+ indir $bldtop => sub {
-+ my $mkdefpath = srctop_file("util", "mkdef.pl");
-+ @def_lines = map { s|\R$||; $_ } `$^X $mkdefpath $libname linux 2> /dev/null`;
-+ ok($? == 0, "running 'cd $bldtop; $^X $mkdefpath $libname linux' => $?");
-+ }, create => 0, cleanup => 0;
-+
-+ note "Number of lines in \@nm_lines before massaging: ", scalar @nm_lines;
-+ note "Number of lines in \@def_lines before massaging: ", scalar @def_lines;
-+
-+ # Massage the nm output to only contain defined symbols
-+ @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines);
-+
-+ # Massage the mkdef.pl output to only contain global symbols
-+ # The output we got is in Unix .map format, which has a global
-+ # and a local section. We're only interested in the global
-+ # section.
-+ my $in_global = 0;
-+ @def_lines =
-+ sort
-+ map { s|;||; s|\s+||g; $_ }
-+ grep { $in_global = 1 if m|global:|;
-+ $in_global = 0 if m|local:|;
-+ $in_global && m|;|; } @def_lines;
-+
-+ note "Number of lines in \@nm_lines after massaging: ", scalar @nm_lines;
-+ note "Number of lines in \@def_lines after massaging: ", scalar @def_lines;
-+
-+ # Maintain lists of symbols that are missing in the shared library,
-+ # or that are extra.
-+ my @missing = ();
-+ my @extra = ();
-+
-+ while (scalar @nm_lines || scalar @def_lines) {
-+ my $nm_first = $nm_lines[0];
-+ my $def_first = $def_lines[0];
-+
-+ if (!defined($nm_first)) {
-+ push @missing, shift @def_lines;
-+ } elsif (!defined($def_first)) {
-+ push @extra, shift @nm_lines;
-+ } elsif ($nm_first gt $def_first) {
-+ push @missing, shift @def_lines;
-+ } elsif ($nm_first lt $def_first) {
-+ push @extra, shift @nm_lines;
-+ } else {
-+ shift @def_lines;
-+ shift @nm_lines;
-+ }
-+ }
-+
-+ if (scalar @missing) {
-+ note "The following symbols are missing in lib$libname.so:";
-+ foreach (@missing) {
-+ note " $_";
-+ }
-+ }
-+ if (scalar @extra) {
-+ note "The following symbols are extra in lib$libname.so:";
-+ foreach (@extra) {
-+ note " $_";
-+ }
-+ }
-+ ok(scalar @missing == 0,
-+ "check that there are no missing symbols in lib$libname.so");
-+ }
-+}
---- /dev/null
-+++ b/test/recipes/02-test_ordinals.t
-@@ -0,0 +1,58 @@
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-+
-+setup("test_ordinals");
-+
-+plan tests => 2;
-+
-+ok(testordinals(srctop_file("util", "libcrypto.num")), "Test libcrypto.num");
-+ok(testordinals(srctop_file("util", "libssl.num")), "Test libssl.num");
-+
-+sub testordinals
-+{
-+ my $filename = shift;
-+ my $cnt = 0;
-+ my $ret = 1;
-+ my $qualifier = "";
-+ my $newqual;
-+ my $lastfunc = "";
-+
-+ open(my $fh, '<', $filename);
-+ while (my $line = <$fh>) {
-+ my @tokens = split(/(?:\s+|\s*:\s*)/, $line);
-+ #Check the line looks sane
-+ if ($#tokens < 5 || $#tokens > 6) {
-+ print STDERR "Invalid line:\n$line\n";
-+ $ret = 0;
-+ last;
-+ }
-+ if ($tokens[3] eq "NOEXIST") {
-+ #Ignore this line
-+ next;
-+ }
-+ #Some ordinals can be repeated, e.g. if one is VMS and another is !VMS
-+ $newqual = $tokens[4];
-+ $newqual =~ s/!//g;
-+ if ($cnt > $tokens[1]
-+ || ($cnt == $tokens[1] && ($qualifier ne $newqual
-+ || $qualifier eq ""))) {
-+ print STDERR "Invalid ordinal detected: ".$tokens[1]."\n";
-+ $ret = 0;
-+ last;
-+ }
-+ $cnt = $tokens[1];
-+ $qualifier = $newqual;
-+ $lastfunc = $tokens[0];
-+ }
-+ close($fh);
-+
-+ return $ret;
-+}
---- a/test/recipes/05-test_bf.t
-+++ b/test/recipes/05-test_bf.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_cast.t
-+++ b/test/recipes/05-test_cast.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_des.t
-+++ b/test/recipes/05-test_des.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- /dev/null
-+++ b/test/recipes/05-test_fuzz.t
-@@ -0,0 +1,40 @@
-+#!/usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use warnings;
-+
-+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
-+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-+use OpenSSL::Test::Utils;
-+
-+setup("test_fuzz");
-+
-+my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'conf', 'crl', 'server', 'x509');
-+if (!disabled("cms")) {
-+ push @fuzzers, 'cms';
-+}
-+if (!disabled("ct")) {
-+ push @fuzzers, 'ct';
-+}
-+plan tests => scalar @fuzzers;
-+
-+foreach my $f (@fuzzers) {
-+ subtest "Fuzzing $f" => sub {
-+ my @files = glob(srctop_file('fuzz', 'corpora', $f, '*'));
-+ push @files, glob(srctop_file('fuzz', 'corpora', "$f-*", '*'));
-+
-+ plan skip_all => "No corpora for $f-test" unless @files;
-+
-+ plan tests => scalar @files;
-+
-+ foreach (@files) {
-+ ok(run(fuzz(["$f-test", $_])));
-+ }
-+ }
-+}
---- a/test/recipes/05-test_hmac.t
-+++ b/test/recipes/05-test_hmac.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_idea.t
-+++ b/test/recipes/05-test_idea.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_md2.t
-+++ b/test/recipes/05-test_md2.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_md4.t
-+++ b/test/recipes/05-test_md4.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_md5.t
-+++ b/test/recipes/05-test_md5.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_mdc2.t
-+++ b/test/recipes/05-test_mdc2.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_rand.t
-+++ b/test/recipes/05-test_rand.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_rc2.t
-+++ b/test/recipes/05-test_rc2.t
-@@ -1,4 +1,10 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_rc4.t
-+++ b/test/recipes/05-test_rc4.t
-@@ -1,4 +1,10 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_rc5.t
-+++ b/test/recipes/05-test_rc5.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_rmd.t
-+++ b/test/recipes/05-test_rmd.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_sha1.t
-+++ b/test/recipes/05-test_sha1.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_sha256.t
-+++ b/test/recipes/05-test_sha256.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_sha512.t
-+++ b/test/recipes/05-test_sha512.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/05-test_wp.t
-+++ b/test/recipes/05-test_wp.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/10-test_bn.t
-+++ b/test/recipes/10-test_bn.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-@@ -57,7 +64,9 @@ my $init = ok(run(test(["bntest"], stdou
- last unless $l;
- }
- };
--}
-+ }
-+
-+unlink $testresults;
-
- sub check_operations {
- my $failcount = 0;
---- a/test/recipes/10-test_exp.t
-+++ b/test/recipes/10-test_exp.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/15-test_dh.t
-+++ b/test/recipes/15-test_dh.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/15-test_dsa.t
-+++ b/test/recipes/15-test_dsa.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/15-test_ec.t
-+++ b/test/recipes/15-test_ec.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/15-test_ecdh.t
-+++ b/test/recipes/15-test_ecdh.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/15-test_ecdsa.t
-+++ b/test/recipes/15-test_ecdsa.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/15-test_rsa.t
-+++ b/test/recipes/15-test_rsa.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/20-test_enc.t
-+++ b/test/recipes/20-test_enc.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/25-test_crl.t
-+++ b/test/recipes/25-test_crl.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/25-test_d2i.t
-+++ b/test/recipes/25-test_d2i.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-@@ -8,12 +15,67 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
-
- setup("test_d2i");
-
--plan tests => 2;
-+plan tests => 13;
-
--ok(run(test(["d2i_test", "x509",
-+ok(run(test(["d2i_test", "X509", "decode",
- srctop_file('test','d2i-tests','bad_cert.der')])),
- "Running d2i_test bad_cert.der");
-
--ok(run(test(["d2i_test", "generalname",
-+ok(run(test(["d2i_test", "GENERAL_NAME", "decode",
- srctop_file('test','d2i-tests','bad_generalname.der')])),
- "Running d2i_test bad_generalname.der");
-+
-+ok(run(test(["d2i_test", "ASN1_ANY", "BIO",
-+ srctop_file('test','d2i-tests','bad_bio.der')])),
-+ "Running d2i_test bad_bio.der");
-+# This test checks CVE-2016-2108. The data consists of an tag 258 and
-+# two zero content octets. This is parsed as an ASN1_ANY type. If the
-+# type is incorrectly interpreted as an ASN.1 INTEGER the two zero content
-+# octets will be reject as invalid padding and this test will fail.
-+# If the type is correctly interpreted it will by treated as an ASN1_STRING
-+# type and the content octets copied verbatim.
-+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
-+ srctop_file('test','d2i-tests','high_tag.der')])),
-+ "Running d2i_test high_tag.der");
-+
-+# Above test data but interpeted as ASN.1 INTEGER: this will be rejected
-+# because the tag is invalid.
-+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
-+ srctop_file('test','d2i-tests','high_tag.der')])),
-+ "Running d2i_test high_tag.der INTEGER");
-+
-+# Parse valid 0, 1 and -1 ASN.1 INTEGER as INTEGER or ANY.
-+
-+ok(run(test(["d2i_test", "ASN1_INTEGER", "OK",
-+ srctop_file('test','d2i-tests','int0.der')])),
-+ "Running d2i_test int0.der INTEGER");
-+
-+ok(run(test(["d2i_test", "ASN1_INTEGER", "OK",
-+ srctop_file('test','d2i-tests','int1.der')])),
-+ "Running d2i_test int1.der INTEGER");
-+
-+ok(run(test(["d2i_test", "ASN1_INTEGER", "OK",
-+ srctop_file('test','d2i-tests','intminus1.der')])),
-+ "Running d2i_test intminus1.der INTEGER");
-+
-+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
-+ srctop_file('test','d2i-tests','int0.der')])),
-+ "Running d2i_test int0.der ANY");
-+
-+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
-+ srctop_file('test','d2i-tests','int1.der')])),
-+ "Running d2i_test int1.der ANY");
-+
-+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
-+ srctop_file('test','d2i-tests','intminus1.der')])),
-+ "Running d2i_test intminus1.der ANY");
-+
-+# Integers with illegal additional padding.
-+
-+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
-+ srctop_file('test','d2i-tests','bad-int-pad0.der')])),
-+ "Running d2i_test bad-int-pad0.der INTEGER");
-+
-+ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
-+ srctop_file('test','d2i-tests','bad-int-padminus1.der')])),
-+ "Running d2i_test bad-int-padminus1.der INTEGER");
---- a/test/recipes/25-test_gen.t
-+++ /dev/null
-@@ -1,44 +0,0 @@
--#! /usr/bin/perl
--
--use strict;
--use warnings;
--
--use File::Spec;
--use OpenSSL::Test qw/:DEFAULT srctop_file/;
--use OpenSSL::Test::Utils;
--
--setup("test_gen");
--
--plan tests => 1;
--
--my $T = "testcert";
--my $KEY = 512;
--my $CA = srctop_file("certs", "testca.pem");
--
--unlink "$T.1", "$T.2", "$T.key";
--open RND, ">>", ".rnd";
--print RND "string to make the random number generator think it has entropy";
--close RND;
--
--subtest "generating certificate requests" => sub {
-- my @req_new;
-- if (disabled("rsa")) {
-- @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
-- } else {
-- @req_new = ("-new");
-- note("There should be a 2 sequences of .'s and some +'s.");
-- note("There should not be more that at most 80 per line");
-- }
--
-- unlink "testkey.pem", "testreq.pem";
--
-- plan tests => 2;
--
-- ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-- @req_new, "-out", "testreq.pem"])),
-- "Generating request");
--
-- ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-- "-verify", "-in", "testreq.pem", "-noout"])),
-- "Verifying signature on request");
--};
---- a/test/recipes/25-test_pkcs7.t
-+++ b/test/recipes/25-test_pkcs7.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/25-test_req.t
-+++ b/test/recipes/25-test_req.t
-@@ -1,23 +1,56 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-
--use File::Spec;
-+use OpenSSL::Test::Utils;
- use OpenSSL::Test qw/:DEFAULT srctop_file/;
-
- setup("test_req");
-
--plan tests => 3;
-+plan tests => 4;
-
- require_ok(srctop_file('test','recipes','tconversion.pl'));
-
-+open RND, ">>", ".rnd";
-+print RND "string to make the random number generator think it has entropy";
-+close RND;
-+subtest "generating certificate requests" => sub {
-+ my @req_new;
-+ if (disabled("rsa")) {
-+ @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
-+ } else {
-+ @req_new = ("-new");
-+ note("There should be a 2 sequences of .'s and some +'s.");
-+ note("There should not be more that at most 80 per line");
-+ }
-+
-+ plan tests => 2;
-+
-+ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-+ @req_new, "-out", "testreq.pem"])),
-+ "Generating request");
-+
-+ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
-+ "-verify", "-in", "testreq.pem", "-noout"])),
-+ "Verifying signature on request");
-+};
-+
- my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
-
- run_conversion('req conversions',
- "testreq.pem");
- run_conversion('req conversions -- testreq2',
-- "testreq2.pem");
-+ srctop_file("test", "testreq2.pem"));
-+
-+unlink "testkey.pem", "testreq.pem";
-
- sub run_conversion {
- my $title = shift;
-@@ -33,7 +66,7 @@ sub run_conversion {
- plan skip_all => "skipping req conversion test for $reqfile"
- if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
-
-- tconversion("req", "testreq.pem", @openssl_args);
-+ tconversion("req", $reqfile, @openssl_args);
- }
- close DATA;
- unlink "req-check.err";
---- a/test/recipes/25-test_sid.t
-+++ b/test/recipes/25-test_sid.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-@@ -19,7 +26,7 @@ sub verify {
- run(app([@args]));
- }
-
--plan tests => 101;
-+plan tests => 121;
-
- # Canonical success
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -215,6 +222,28 @@ ok(verify("ee-client", "sslclient", [qw(
- ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
- "reject direct match with client mistrust");
-
-+# Proxy certificates
-+ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
-+ "fail to accept proxy cert without -allow_proxy_certs");
-+ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
-+ "-allow_proxy_certs"),
-+ "accept proxy cert 1");
-+ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
-+ "-allow_proxy_certs"),
-+ "accept proxy cert 2");
-+ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
-+ "-allow_proxy_certs"),
-+ "fail proxy cert with incorrect subject");
-+ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
-+ "-allow_proxy_certs"),
-+ "fail proxy cert with incorrect pathlen");
-+ok(verify("pc5-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
-+ "-allow_proxy_certs"),
-+ "accept proxy cert missing proxy policy");
-+ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
-+ "-allow_proxy_certs"),
-+ "failed proxy cert where last CN was added as a multivalue RDN component");
-+
- # Security level tests
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
- "accept RSA 2048 chain at auth level 2");
-@@ -258,3 +287,44 @@ ok(!verify("ee-cert", "sslserver", ["roo
- "accept chain with verify_depth 0");
- ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-verify_depth", "0"),
- "accept md5 intermediate TA with verify_depth 0");
-+
-+# Name Constraints tests.
-+
-+ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints everything permitted");
-+
-+ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
-+ "Name Constraints nothing excluded");
-+
-+ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
-+ "Name Constraints nested test all permitted");
-+
-+ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints hostname not permitted");
-+
-+ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
-+ "Name Constraints hostname excluded");
-+
-+ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints email address not permitted");
-+
-+ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints subject email address not permitted");
-+
-+ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints IP address not permitted");
-+
-+ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints CN hostname not permitted");
-+
-+ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+ "Name Constraints CN BMPSTRING hostname not permitted");
-+
-+ok(!verify("badalt8-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
-+ "Name constaints nested DNS name not permitted 1");
-+
-+ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
-+ "Name constaints nested DNS name not permitted 2");
-+
-+ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
-+ "Name constaints nested DNS name excluded");
---- a/test/recipes/25-test_x509.t
-+++ b/test/recipes/25-test_x509.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-@@ -8,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
-
- setup("test_x509");
-
--plan tests => 4;
-+plan tests => 5;
-
- require_ok(srctop_file('test','recipes','tconversion.pl'));
-
-@@ -21,3 +28,7 @@ subtest 'x509 -- first x.509 v3 certific
- subtest 'x509 -- second x.509 v3 certificate' => sub {
- tconversion("x509", srctop_file("test","v3-cert2.pem"));
- };
-+
-+subtest 'x509 -- pathlen' => sub {
-+ ok(run(test(["v3ext", srctop_file("test/certs", "pathlen.pem")])));
-+}
---- a/test/recipes/30-test_afalg.t
-+++ b/test/recipes/30-test_afalg.t
-@@ -1,55 +1,10 @@
--#!/usr/bin/perl
--# ====================================================================
--# Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
---- a/test/recipes/30-test_engine.t
-+++ b/test/recipes/30-test_engine.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/30-test_evp.t
-+++ b/test/recipes/30-test_evp.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/30-test_evp_extra.t
-+++ b/test/recipes/30-test_evp_extra.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/30-test_pbelu.t
-+++ b/test/recipes/30-test_pbelu.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/40-test_rehash.t
-+++ b/test/recipes/40-test_rehash.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-@@ -6,6 +13,7 @@ use warnings;
- use File::Spec::Functions;
- use File::Copy;
- use File::Basename;
-+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
- use OpenSSL::Test qw/:DEFAULT bldtop_file/;
-
- setup("test_rehash");
-@@ -52,9 +60,9 @@ indir "rehash.$$" => sub {
- sub prepare {
- my @sourcefiles =
- sort map { glob(bldtop_file('certs', 'demo', "*.$_")) } ('pem',
-- 'crt',
-- 'cer',
-- 'crl');
-+ 'crt',
-+ 'cer',
-+ 'crl');
- my @destfiles = ();
- foreach (@sourcefiles) {
- copy($_, curdir());
---- /dev/null
-+++ b/test/recipes/70-test_asyncio.t
-@@ -0,0 +1,22 @@
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use OpenSSL::Test;
-+use OpenSSL::Test::Utils;
-+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-+
-+setup("test_asyncio");
-+
-+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
-+ if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
-+
-+plan tests => 1;
-+
-+ok(run(test(["asynciotest", srctop_file("apps", "server.pem"),
-+ srctop_file("apps", "server.pem")])), "running asynciotest");
---- a/test/recipes/70-test_clienthello.t
-+++ b/test/recipes/70-test_clienthello.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test;
- use OpenSSL::Test::Utils;
---- a/test/recipes/70-test_packet.t
-+++ b/test/recipes/70-test_packet.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/70-test_sslcertstatus.t
-+++ b/test/recipes/70-test_sslcertstatus.t
-@@ -1,56 +1,10 @@
--#!/usr/bin/perl
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -72,6 +26,9 @@ plan skip_all => "$test_name needs the s
- plan skip_all => "$test_name needs the ocsp feature enabled"
- if disabled("ocsp");
-
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
-+
- $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
- my $proxy = TLSProxy::Proxy->new(
- \&certstatus_filter,
-@@ -80,12 +37,11 @@ my $proxy = TLSProxy::Proxy->new(
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
- );
-
--plan tests => 1;
--
--#Test 1: Sending a status_request extension in both ClientHello and ServerHello
--#but then omitting the CertificateStatus message is valid
-+#Test 1: Sending a status_request extension in both ClientHello and
-+#ServerHello but then omitting the CertificateStatus message is valid
- $proxy->clientflags("-status");
--$proxy->start();
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 1;
- ok(TLSProxy::Message->success, "Missing CertificateStatus message");
-
- sub certstatus_filter
---- a/test/recipes/70-test_sslextension.t
-+++ b/test/recipes/70-test_sslextension.t
-@@ -1,56 +1,10 @@
--#!/usr/bin/perl
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -69,6 +23,9 @@ plan skip_all => "$test_name needs the d
- plan skip_all => "$test_name needs the sock feature enabled"
- if disabled("sock");
-
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
-+
- $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
- my $proxy = TLSProxy::Proxy->new(
- \&extension_filter,
-@@ -77,10 +34,9 @@ my $proxy = TLSProxy::Proxy->new(
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
- );
-
--plan tests => 3;
--
- # Test 1: Sending a zero length extension block should pass
--$proxy->start();
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 3;
- ok(TLSProxy::Message->success, "Zero extension length test");
-
- sub extension_filter
-@@ -154,4 +110,3 @@ ok(TLSProxy::Message->fail(), "Duplicate
- $proxy->filter(\&inject_duplicate_extension_serverhello);
- $proxy->start();
- ok(TLSProxy::Message->fail(), "Duplicate ServerHello extension");
--
---- /dev/null
-+++ b/test/recipes/70-test_sslrecords.t
-@@ -0,0 +1,140 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-+use OpenSSL::Test::Utils;
-+use TLSProxy::Proxy;
-+
-+my $test_name = "test_sslrecords";
-+setup($test_name);
-+
-+plan skip_all => "TLSProxy isn't usable on $^O"
-+ if $^O =~ /^(VMS|MSWin32)$/;
-+
-+plan skip_all => "$test_name needs the dynamic engine feature enabled"
-+ if disabled("engine") || disabled("dynamic-engine");
-+
-+plan skip_all => "$test_name needs the sock feature enabled"
-+ if disabled("sock");
-+
-+plan skip_all => "$test_name needs TLSv1.2 enabled"
-+ if disabled("tls1_2");
-+
-+$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-+my $proxy = TLSProxy::Proxy->new(
-+ \&add_empty_recs_filter,
-+ cmdstr(app(["openssl"]), display => 1),
-+ srctop_file("apps", "server.pem"),
-+ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
-+);
-+
-+#Test 1: Injecting out of context empty records should fail
-+my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
-+my $inject_recs_num = 1;
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 4;
-+ok(TLSProxy::Message->fail(), "Out of context empty records test");
-+
-+#Test 2: Injecting in context empty records should succeed
-+$proxy->clear();
-+$content_type = TLSProxy::Record::RT_HANDSHAKE;
-+$proxy->start();
-+ok(TLSProxy::Message->success(), "In context empty records test");
-+
-+#Test 3: Injecting too many in context empty records should fail
-+$proxy->clear();
-+#We allow 32 consecutive in context empty records
-+$inject_recs_num = 33;
-+$proxy->start();
-+ok(TLSProxy::Message->fail(), "Too many in context empty records test");
-+
-+#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no
-+# alerts to be sent from either side because *we* injected the fatal
-+# alert, i.e. this will look like a disorderly close
-+$proxy->clear();
-+$proxy->filter(\&add_frag_alert_filter);
-+$proxy->start();
-+ok(!TLSProxy::Message->end(), "Fragmented alert records test");
-+
-+sub add_empty_recs_filter
-+{
-+ my $proxy = shift;
-+
-+ # We're only interested in the initial ClientHello
-+ if ($proxy->flight != 0) {
-+ return;
-+ }
-+
-+ for (my $i = 0; $i < $inject_recs_num; $i++) {
-+ my $record = TLSProxy::Record->new(
-+ 0,
-+ $content_type,
-+ TLSProxy::Record::VERS_TLS_1_2,
-+ 0,
-+ 0,
-+ 0,
-+ "",
-+ ""
-+ );
-+
-+ push @{$proxy->record_list}, $record;
-+ }
-+}
-+
-+sub add_frag_alert_filter
-+{
-+ my $proxy = shift;
-+ my $byte;
-+
-+ # We're only interested in the initial ClientHello
-+ if ($proxy->flight != 0) {
-+ return;
-+ }
-+
-+ # Add a zero length fragment first
-+ #my $record = TLSProxy::Record->new(
-+ # 0,
-+ # TLSProxy::Record::RT_ALERT,
-+ # TLSProxy::Record::VERS_TLS_1_2,
-+ # 0,
-+ # 0,
-+ # 0,
-+ # "",
-+ # ""
-+ #);
-+ #push @{$proxy->record_list}, $record;
-+
-+ # Now add the alert level (Fatal) as a seperate record
-+ $byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
-+ my $record = TLSProxy::Record->new(
-+ 0,
-+ TLSProxy::Record::RT_ALERT,
-+ TLSProxy::Record::VERS_TLS_1_2,
-+ 1,
-+ 1,
-+ 1,
-+ $byte,
-+ $byte
-+ );
-+ push @{$proxy->record_list}, $record;
-+
-+ # And finally the description (Unexpected message) in a third record
-+ $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE);
-+ $record = TLSProxy::Record->new(
-+ 0,
-+ TLSProxy::Record::RT_ALERT,
-+ TLSProxy::Record::VERS_TLS_1_2,
-+ 1,
-+ 1,
-+ 1,
-+ $byte,
-+ $byte
-+ );
-+ push @{$proxy->record_list}, $record;
-+}
---- a/test/recipes/70-test_sslsessiontick.t
-+++ b/test/recipes/70-test_sslsessiontick.t
-@@ -1,56 +1,10 @@
--#!/usr/bin/perl
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -70,6 +24,9 @@ plan skip_all => "$test_name needs the d
- plan skip_all => "$test_name needs the sock feature enabled"
- if disabled("sock");
-
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
-+
- $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-
- sub checkmessages($$$$$$);
-@@ -88,12 +45,11 @@ my $proxy = TLSProxy::Proxy->new(
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
- );
-
--plan tests => 8;
--
- #Test 1: By default with no existing session we should get a session ticket
- #Expected result: ClientHello extension seen; ServerHello extension seen
- # NewSessionTicket message seen; Full handshake
--$proxy->start();
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 10;
- checkmessages(1, "Default session ticket test", 1, 1, 1, 1);
-
- #Test 2: If the server does not accept tickets we should get a normal handshake
-@@ -118,7 +74,7 @@ checkmessages(3, "No client support sess
- #Expected result: ClientHello extension seen; ServerHello extension not seen
- # NewSessionTicket message not seen; Abbreviated handshake
- clearall();
--(my $fh, my $session) = tempfile();
-+(undef, my $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session);
- $proxy->start();
-@@ -126,12 +82,13 @@ clearall();
- $proxy->clientflags("-sess_in ".$session);
- $proxy->clientstart();
- checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0);
-+unlink $session;
-
- #Test 5: Test session resumption with ticket capable client without a ticket
- #Expected result: ClientHello extension seen; ServerHello extension seen
- # NewSessionTicket message seen; Abbreviated handshake
- clearall();
--($fh, $session) = tempfile();
-+(undef, $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session." -no_ticket");
- $proxy->start();
-@@ -140,6 +97,7 @@ clearall();
- $proxy->clientstart();
- checkmessages(5, "Session resumption with ticket capable client without a "
- ."ticket", 1, 1, 1, 0);
-+unlink $session;
-
- #Test 6: Client accepts empty ticket.
- #Expected result: ClientHello extension seen; ServerHello extension seen;
-@@ -151,7 +109,7 @@ checkmessages(6, "Empty ticket test", 1
-
- #Test 7-8: Client keeps existing ticket on empty ticket.
- clearall();
--($fh, $session) = tempfile();
-+(undef, $session) = tempfile();
- $proxy->serverconnects(3);
- $proxy->filter(undef);
- $proxy->clientflags("-sess_out ".$session);
-@@ -170,7 +128,25 @@ clearclient();
- #Expected result: ClientHello extension seen; ServerHello extension not seen;
- # NewSessionTicket message not seen; Abbreviated handshake.
- checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0);
-+unlink $session;
-
-+#Test 9: Bad server sends the ServerHello extension but does not send a
-+#NewSessionTicket
-+#Expected result: Connection failure
-+clearall();
-+$proxy->serverflags("-no_ticket");
-+$proxy->filter(\&inject_ticket_extension_filter);
-+$proxy->start();
-+ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test");
-+
-+#Test10: Bad server does not send the ServerHello extension but does send a
-+#NewSessionTicket
-+#Expected result: Connection failure
-+clearall();
-+$proxy->serverflags("-no_ticket");
-+$proxy->filter(\&inject_empty_ticket_filter);
-+$proxy->start();
-+ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test");
-
- sub ticket_filter
- {
-@@ -214,6 +190,26 @@ sub inject_empty_ticket_filter {
- $proxy->message_list([@new_message_list]);
- }
-
-+sub inject_ticket_extension_filter
-+{
-+ my $proxy = shift;
-+
-+ # We're only interested in the initial ServerHello
-+ if ($proxy->flight != 1) {
-+ return;
-+ }
-+
-+ foreach my $message (@{$proxy->message_list}) {
-+ if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) {
-+ #Add the session ticket extension to the ServerHello even though
-+ #we are not going to send a NewSessionTicket message
-+ $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, "");
-+
-+ $message->repack();
-+ }
-+ }
-+}
-+
- sub checkmessages($$$$$$)
- {
- my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_;
---- a/test/recipes/70-test_sslskewith0p.t
-+++ b/test/recipes/70-test_sslskewith0p.t
-@@ -1,56 +1,10 @@
--#!/usr/bin/perl
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -72,6 +26,9 @@ plan skip_all => "dh is not supported by
- plan skip_all => "$test_name needs the sock feature enabled"
- if disabled("sock");
-
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
-+
- $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
- my $proxy = TLSProxy::Proxy->new(
- \&ske_0_p_filter,
-@@ -80,13 +37,12 @@ my $proxy = TLSProxy::Proxy->new(
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
- );
-
--plan tests => 1;
--
- #We must use an anon DHE cipher for this test
- $proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0');
- $proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0');
-
--$proxy->start();
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 1;
- ok(TLSProxy::Message->fail, "ServerKeyExchange with 0 p");
-
- sub ske_0_p_filter
---- a/test/recipes/70-test_sslvertol.t
-+++ b/test/recipes/70-test_sslvertol.t
-@@ -1,56 +1,10 @@
--#!/usr/bin/perl
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -69,6 +23,9 @@ plan skip_all => "$test_name needs the d
- plan skip_all => "$test_name needs the sock feature enabled"
- if disabled("sock");
-
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
-+
- $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
- my $proxy = TLSProxy::Proxy->new(
- \&vers_tolerance_filter,
-@@ -77,11 +34,10 @@ my $proxy = TLSProxy::Proxy->new(
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
- );
-
--plan tests => 2;
--
- #Test 1: Asking for TLS1.3 should pass
- my $client_version = TLSProxy::Record::VERS_TLS_1_3;
--$proxy->start();
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 2;
- ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3");
-
- #Test 2: Testing something below SSLv3 should fail
---- a/test/recipes/70-test_tlsextms.t
-+++ b/test/recipes/70-test_tlsextms.t
-@@ -1,56 +1,10 @@
--#!/usr/bin/perl
--# Written by Stephen Henson for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
-@@ -70,6 +24,9 @@ plan skip_all => "$test_name needs the d
- plan skip_all => "$test_name needs the sock feature enabled"
- if disabled("sock");
-
-+plan skip_all => "$test_name needs TLS enabled"
-+ if alldisabled(available_protocols("tls"));
-+
- $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-
- sub checkmessages($$$$$);
-@@ -89,15 +46,14 @@ my $proxy = TLSProxy::Proxy->new(
- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
- );
-
--plan tests => 9;
--
- #Test 1: By default server and client should send extended master secret
- # extension.
- #Expected result: ClientHello extension seen; ServerHello extension seen
- # Full handshake
-
- setrmextms(0, 0);
--$proxy->start();
-+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-+plan tests => 9;
- checkmessages(1, "Default extended master secret test", 1, 1, 1);
-
- #Test 2: If client omits extended master secret extension, server should too.
-@@ -134,7 +90,7 @@ checkmessages(2, "No ticket, no client e
-
- clearall();
- setrmextms(0, 0);
--(my $fh, my $session) = tempfile();
-+(undef, my $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session);
- $proxy->start();
-@@ -142,6 +98,7 @@ setrmextms(0, 0);
- $proxy->clientflags("-sess_in ".$session);
- $proxy->clientstart();
- checkmessages(5, "Session resumption extended master secret test", 1, 1, 0);
-+unlink $session;
-
- #Test 6: Session resumption extended master secret test original session
- # omits extension. Server must not resume session.
-@@ -150,7 +107,7 @@ checkmessages(5, "Session resumption ext
-
- clearall();
- setrmextms(1, 0);
--($fh, $session) = tempfile();
-+(undef, $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session);
- $proxy->start();
-@@ -159,6 +116,7 @@ setrmextms(1, 0);
- setrmextms(0, 0);
- $proxy->clientstart();
- checkmessages(6, "Session resumption extended master secret test", 1, 1, 1);
-+unlink $session;
-
- #Test 7: Session resumption extended master secret test resumed session
- # omits client extension. Server must abort connection.
-@@ -166,7 +124,7 @@ checkmessages(6, "Session resumption ext
-
- clearall();
- setrmextms(0, 0);
--($fh, $session) = tempfile();
-+(undef, $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session);
- $proxy->start();
-@@ -175,6 +133,7 @@ setrmextms(0, 0);
- setrmextms(1, 0);
- $proxy->clientstart();
- ok(TLSProxy::Message->fail(), "Client inconsistent session resumption");
-+unlink $session;
-
- #Test 8: Session resumption extended master secret test resumed session
- # omits server extension. Client must abort connection.
-@@ -182,7 +141,7 @@ ok(TLSProxy::Message->fail(), "Client in
-
- clearall();
- setrmextms(0, 0);
--($fh, $session) = tempfile();
-+(undef, $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session);
- $proxy->start();
-@@ -191,6 +150,7 @@ setrmextms(0, 0);
- setrmextms(0, 1);
- $proxy->clientstart();
- ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1");
-+unlink $session;
-
- #Test 9: Session resumption extended master secret test initial session
- # omits server extension. Client must abort connection.
-@@ -198,7 +158,7 @@ ok(TLSProxy::Message->fail(), "Server in
-
- clearall();
- setrmextms(0, 1);
--($fh, $session) = tempfile();
-+(undef, $session) = tempfile();
- $proxy->serverconnects(2);
- $proxy->clientflags("-sess_out ".$session);
- $proxy->start();
-@@ -207,6 +167,7 @@ setrmextms(0, 1);
- setrmextms(0, 0);
- $proxy->clientstart();
- ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2");
-+unlink $session;
-
- sub extms_filter
- {
---- a/test/recipes/70-test_verify_extra.t
-+++ b/test/recipes/70-test_verify_extra.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test qw/:DEFAULT srctop_file/;
-
---- a/test/recipes/80-test_ca.t
-+++ b/test/recipes/80-test_ca.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-@@ -17,17 +24,17 @@ rmtree("demoCA", { safe => 0 });
-
- plan tests => 4;
- SKIP: {
-- $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "CAss.cnf");
-+ $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
- skip "failed creating CA structure", 3
- if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
- 'creating CA structure');
-
-- $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf");
-+ $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
- skip "failed creating new certificate request", 2
- if !ok(run(perlapp(["CA.pl","-newreq"])),
- 'creating CA structure');
-
-- $ENV{OPENSSL_CONFIG} = "-config ".$std_openssl_cnf;
-+ $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"';
- skip "failed to sign certificate request", 1
- if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
- 'signing certificate request');
-@@ -38,7 +45,7 @@ plan tests => 4;
-
-
- rmtree("demoCA", { safe => 0 });
--unlink "newcert.pem", "newreq.pem";
-+unlink "newcert.pem", "newreq.pem", "newkey.pem";
-
-
- sub yes {
---- /dev/null
-+++ b/test/recipes/80-test_cipherlist.t
-@@ -0,0 +1,26 @@
-+#! /usr/bin/perl
-+#
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use strict;
-+use warnings;
-+
-+use OpenSSL::Test::Simple;
-+use OpenSSL::Test;
-+use OpenSSL::Test::Utils qw(alldisabled available_protocols);
-+
-+setup("test_cipherlist");
-+
-+my $no_anytls = alldisabled(available_protocols("tls"));
-+
-+# If we have no protocols, then we also have no supported ciphers.
-+plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build."
-+ if $no_anytls;
-+
-+simple_test("test_cipherlist", "cipherlist_test", "cipherlist");
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/80-test_ct.t
-+++ b/test/recipes/80-test_ct.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
- use OpenSSL::Test::Simple;
---- a/test/recipes/80-test_dane.t
-+++ b/test/recipes/80-test_dane.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/80-test_dtlsv1listen.t
-+++ b/test/recipes/80-test_dtlsv1listen.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/80-test_ocsp.t
-+++ b/test/recipes/80-test_ocsp.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/80-test_ssl_new.t
-+++ b/test/recipes/80-test_ssl_new.t
-@@ -1,10 +1,18 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-
- use File::Basename;
- use File::Compare qw/compare_text/;
-+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
-
- use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
- use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
-@@ -13,31 +21,55 @@ setup("test_ssl_new");
-
- $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-
--my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf"));
--my @conf_files = map {basename($_)} @conf_srcs;
-+my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in"));
-+map { s/;.*// } @conf_srcs if $^O eq "VMS";
-+my @conf_files = map { basename($_) } @conf_srcs;
-+map { s/\.in// } @conf_files;
-
--# 02-protocol-version.conf test results depend on the configuration of enabled
--# protocols. We only verify generated sources in the default configuration.
--my $is_default = (disabled("ssl3") && !disabled("tls1") &&
-- !disabled("tls1_1") && !disabled("tls1_2"));
-+# We hard-code the number of tests to double-check that the globbing above
-+# finds all files as expected.
-+plan tests => 11; # = scalar @conf_srcs
-
--my %conf_dependent_tests = ("02-protocol-version.conf" => 1);
-+# Some test results depend on the configuration of enabled protocols. We only
-+# verify generated sources in the default configuration.
-+my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
-+ !disabled("tls1_1") && !disabled("tls1_2"));
-+
-+my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
-+
-+my $no_tls = alldisabled(available_protocols("tls"));
-+my $no_dtls = alldisabled(available_protocols("dtls"));
-+my $no_npn = disabled("nextprotoneg");
-+
-+my %conf_dependent_tests = (
-+ "02-protocol-version.conf" => !$is_default_tls,
-+ "04-client_auth.conf" => !$is_default_tls,
-+ "07-dtls-protocol-version.conf" => !$is_default_dtls,
-+ "10-resumption.conf" => !$is_default_tls,
-+ "11-dtls_resumption.conf" => !$is_default_dtls,
-+);
-+
-+# Default is $no_tls but some tests have different skip conditions.
-+my %skip = (
-+ "07-dtls-protocol-version.conf" => $no_dtls,
-+ "08-npn.conf" => $no_tls || $no_npn,
-+ "09-alpn.conf" => $no_tls || $no_npn,
-+ "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
-+ "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
-+);
-
- foreach my $conf (@conf_files) {
- subtest "Test configuration $conf" => sub {
- test_conf($conf,
-- $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1);
-+ $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1,
-+ defined($skip{$conf}) ? $skip{$conf} : $no_tls);
- }
- }
-
--# We hard-code the number of tests to double-check that the globbing above
--# finds all files as expected.
--plan tests => 2; # = scalar @conf_files
--
- sub test_conf {
- plan tests => 3;
-
-- my ($conf, $check_source) = @_;
-+ my ($conf, $check_source, $skip) = @_;
-
- my $conf_file = srctop_file("test", "ssl-tests", $conf);
- my $tmp_file = "${conf}.$$.tmp";
-@@ -63,8 +95,7 @@ sub test_conf {
- }
-
- # Test 3. Run the test.
-- my $no_tls = alldisabled(available_protocols("tls"));
-- skip "No TLS tests available; skipping tests", 1 if $no_tls;
-+ skip "No tests available; skipping tests", 1 if $skip;
- skip "Stale sources; skipping tests", 1 if !$run_test;
-
- ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");
---- a/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
-@@ -1,10 +1,17 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
-
- use POSIX;
--use File::Spec;
-+use File::Basename;
- use File::Copy;
- use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
- use OpenSSL::Test::Utils;
-@@ -29,6 +36,7 @@ my $digest = "-sha1";
- my @reqcmd = ("openssl", "req");
- my @x509cmd = ("openssl", "x509", $digest);
- my @verifycmd = ("openssl", "verify");
-+my @gendsacmd = ("openssl", "gendsa");
- my $dummycnf = srctop_file("apps", "openssl.cnf");
-
- my $CAkey = "keyCA.ss";
-@@ -71,10 +79,7 @@ my $client_sess="client.ss";
- # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
- plan tests =>
- 1 # For testss
-- + 1 # For ssltest_old -test_cipherlist
-- + 14 # For the first testssl
-- + 16 # For the first testsslproxy
-- + 16 # For the second testsslproxy
-+ +9 # For the first testssl
- ;
-
- subtest 'test_ss' => sub {
-@@ -89,21 +94,8 @@ subtest 'test_ss' => sub {
- }
- };
-
--my $check = ok(run(test(["ssltest_old","-test_cipherlist"])), "running ssltest_old");
--
-- SKIP: {
-- skip "ssltest_old ended with error, skipping the rest", 3
-- if !$check;
--
-- note('test_ssl -- key U');
-- testssl("keyU.ss", $Ucert, $CAcert);
--
-- note('test_ssl -- key P1');
-- testsslproxy("keyP1.ss", "certP1.ss", "intP1.ss", "AB");
--
-- note('test_ssl -- key P2');
-- testsslproxy("keyP2.ss", "certP2.ss", "intP2.ss", "BC");
-- }
-+note('test_ssl -- key U');
-+testssl("keyU.ss", $Ucert, $CAcert);
-
- # -----------
- # subtest functions
-@@ -114,6 +106,7 @@ sub testss {
-
- my @req_dsa = ("-newkey",
- "dsa:".srctop_file("apps", "dsa1024.pem"));
-+ my $dsaparams = srctop_file("apps", "dsa1024.pem");
- my @req_new;
- if ($no_rsa) {
- @req_new = @req_dsa;
-@@ -184,14 +177,18 @@ sub testss {
- plan skip_all => "skipping DSA certificate creation"
- if $no_dsa;
-
-- plan tests => 4;
-+ plan tests => 5;
-
- SKIP: {
- $ENV{CN2} = "DSA Certificate";
-+ skip 'failure', 4 unless
-+ ok(run(app([@gendsacmd, "-out", $Dkey,
-+ $dsaparams],
-+ stdout => "err.ss")),
-+ "make a DSA key");
- skip 'failure', 3 unless
-- ok(run(app([@reqcmd, "-config", $Uconf,
-- "-out", $Dreq, "-keyout", $Dkey,
-- @req_dsa],
-+ ok(run(app([@reqcmd, "-new", "-config", $Uconf,
-+ "-out", $Dreq, "-key", $Dkey],
- stdout => "err.ss")),
- "make a DSA user cert request");
- skip 'failure', 2 unless
-@@ -314,11 +311,8 @@ sub testss {
- }
-
- sub testssl {
-- my $key = shift || bldtop_file("apps","server.pem");
-- my $cert = shift || bldtop_file("apps","server.pem");
-- my $CAtmp = shift;
-+ my ($key, $cert, $CAtmp) = @_;
- my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
-- my @extra = @_;
-
- my @ssltest = ("ssltest_old",
- "-s_key", $key, "-s_cert", $cert,
-@@ -337,47 +331,19 @@ sub testssl {
-
- subtest 'standard SSL tests' => sub {
- ######################################################################
-- plan tests => 29;
--
-- SKIP: {
-- skip "SSLv3 is not supported by this OpenSSL build", 4
-- if disabled("ssl3");
--
-- ok(run(test([@ssltest, "-ssl3", @extra])),
-- 'test sslv3');
-- ok(run(test([@ssltest, "-ssl3", "-server_auth", @CA, @extra])),
-- 'test sslv3 with server authentication');
-- ok(run(test([@ssltest, "-ssl3", "-client_auth", @CA, @extra])),
-- 'test sslv3 with client authentication');
-- ok(run(test([@ssltest, "-ssl3", "-server_auth", "-client_auth", @CA, @extra])),
-- 'test sslv3 with both server and client authentication');
-- }
--
-- SKIP: {
-- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 4
-- if $no_anytls;
--
-- ok(run(test([@ssltest, @extra])),
-- 'test sslv2/sslv3');
-- ok(run(test([@ssltest, "-server_auth", @CA, @extra])),
-- 'test sslv2/sslv3 with server authentication');
-- ok(run(test([@ssltest, "-client_auth", @CA, @extra])),
-- 'test sslv2/sslv3 with client authentication');
-- ok(run(test([@ssltest, "-server_auth", "-client_auth", @CA, @extra])),
-- 'test sslv2/sslv3 with both server and client authentication');
-- }
-+ plan tests => 21;
-
- SKIP: {
- skip "SSLv3 is not supported by this OpenSSL build", 4
- if disabled("ssl3");
-
-- ok(run(test([@ssltest, "-bio_pair", "-ssl3", @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
- 'test sslv3 via BIO pair');
-- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])),
- 'test sslv3 with server authentication via BIO pair');
-- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])),
- 'test sslv3 with client authentication via BIO pair');
-- ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])),
- 'test sslv3 with both server and client authentication via BIO pair');
- }
-
-@@ -385,7 +351,7 @@ sub testssl {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1
- if $no_anytls;
-
-- ok(run(test([@ssltest, "-bio_pair", @extra])),
-+ ok(run(test([@ssltest, "-bio_pair"])),
- 'test sslv2/sslv3 via BIO pair');
- }
-
-@@ -393,13 +359,13 @@ sub testssl {
- skip "DTLSv1 is not supported by this OpenSSL build", 4
- if disabled("dtls1");
-
-- ok(run(test([@ssltest, "-dtls1", @extra])),
-+ ok(run(test([@ssltest, "-dtls1"])),
- 'test dtlsv1');
-- ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA])),
- 'test dtlsv1 with server authentication');
-- ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA])),
- 'test dtlsv1 with client authentication');
-- ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA])),
- 'test dtlsv1 with both server and client authentication');
- }
-
-@@ -407,13 +373,13 @@ sub testssl {
- skip "DTLSv1.2 is not supported by this OpenSSL build", 4
- if disabled("dtls1_2");
-
-- ok(run(test([@ssltest, "-dtls12", @extra])),
-+ ok(run(test([@ssltest, "-dtls12"])),
- 'test dtlsv1.2');
-- ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA])),
- 'test dtlsv1.2 with server authentication');
-- ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA])),
- 'test dtlsv1.2 with client authentication');
-- ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA])),
- 'test dtlsv1.2 with both server and client authentication');
- }
-
-@@ -424,32 +390,32 @@ sub testssl {
- SKIP: {
- skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert;
-
-- ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe", @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])),
- 'test sslv2/sslv3 w/o (EC)DHE via BIO pair');
- }
-
-- ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v", @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
- 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
-- ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
- 'test sslv2/sslv3 with server authentication');
-- ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
- 'test sslv2/sslv3 with client authentication via BIO pair');
-- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])),
- 'test sslv2/sslv3 with both client and server authentication via BIO pair');
-- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA, @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
- 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
-
- SKIP: {
- skip "No IPv4 available on this machine", 1
- unless !disabled("sock") && have_IPv4();
-- ok(run(test([@ssltest, "-ipv4", @extra])),
-+ ok(run(test([@ssltest, "-ipv4"])),
- 'test TLS via IPv4');
- }
-
- SKIP: {
- skip "No IPv6 available on this machine", 1
- unless !disabled("sock") && have_IPv6();
-- ok(run(test([@ssltest, "-ipv6", @extra])),
-+ ok(run(test([@ssltest, "-ipv6"])),
- 'test TLS via IPv6');
- }
- }
-@@ -528,7 +494,7 @@ sub testssl {
- skip "skipping anonymous DH tests", 1
- if ($no_dh);
-
-- ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time", @extra])),
-+ ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])),
- 'test tlsv1 with 1024bit anonymous DH, multiple handshakes');
- }
-
-@@ -536,13 +502,13 @@ sub testssl {
- skip "skipping RSA tests", 2
- if $no_rsa;
-
-- ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time", @extra])),
-+ ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])),
- 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes');
-
- skip "skipping RSA+DHE tests", 1
- if $no_dh;
-
-- ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time", @extra])),
-+ ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])),
- 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes');
- }
-
-@@ -550,10 +516,10 @@ sub testssl {
- skip "skipping PSK tests", 2
- if ($no_psk);
-
-- ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123", @extra])),
-+ ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
- 'test tls1 with PSK');
-
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123", @extra])),
-+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
- 'test tls1 with PSK via BIO pair');
- }
- }
-@@ -563,19 +529,14 @@ sub testssl {
- subtest 'Next Protocol Negotiation Tests' => sub {
- ######################################################################
-
-- plan tests => 7;
-+ plan tests => 2;
-
- SKIP: {
-- skip "TLSv1.0 is not supported by this OpenSSL build", 7
-+ skip "TLSv1.0 is not supported by this OpenSSL build", 2
- if $no_tls1;
-- skip "Next Protocol Negotiation is not supported by this OpenSSL build", 7
-+ skip "Next Protocol Negotiation is not supported by this OpenSSL build", 2
- if disabled("nextprotoneg");
-
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_server"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_server_reject"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server_reject"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server"])));
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2"])));
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-npn_client", "-npn_server", "-num", "2", "-reuse"])));
- }
-@@ -613,66 +574,6 @@ sub testssl {
- }
- };
-
-- subtest 'SNI tests' => sub {
--
-- plan tests => 7;
--
-- SKIP: {
-- skip "TLSv1.x is not supported by this OpenSSL build", 7
-- if $no_tls1 && $no_tls1_1 && $no_tls1_2;
--
-- ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-sn_server1", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_expect1"])));
-- ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "bar", "-sn_expect1"])));
-- ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"])));
-- ok(run(test([@ssltest, "-bio_pair", "-sn_client", "bar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect2"])));
-- # Negative test - make sure it doesn't crash, and doesn't switch contexts
-- ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foobar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"])));
-- }
-- };
--
-- subtest 'ALPN tests' => sub {
-- ######################################################################
--
-- plan tests => 13;
--
-- SKIP: {
-- skip "TLSv1.0 is not supported by this OpenSSL build", 13
-- if $no_tls1;
--
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_server", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo", "-alpn_server", "foo", "-alpn_expected", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo,bar", "-alpn_server", "foo", "-alpn_expected", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "bar,foo", "-alpn_server", "foo", "-alpn_expected", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "bar,foo", "-alpn_server", "foo,bar", "-alpn_expected", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "bar,foo", "-alpn_server", "bar,foo", "-alpn_expected", "bar"])));
-- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo,bar", "-alpn_server", "bar,foo", "-alpn_expected", "bar"])));
--
-- is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "foo", "-alpn_server", "bar"])), 0,
-- "Testing ALPN with protocol mismatch, expecting failure");
-- is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "baz", "-alpn_server", "bar,foo"])), 0,
-- "Testing ALPN with protocol mismatch, expecting failure");
--
-- # ALPN + SNI
-- ok(run(test([@ssltest, "-bio_pair",
-- "-alpn_client", "foo,bar", "-sn_client", "alice",
-- "-alpn_server1", "foo,123", "-sn_server1", "alice",
-- "-alpn_server2", "bar,456", "-sn_server2", "bob",
-- "-alpn_expected", "foo"])));
-- ok(run(test([@ssltest, "-bio_pair",
-- "-alpn_client", "foo,bar", "-sn_client", "bob",
-- "-alpn_server1", "foo,123", "-sn_server1", "alice",
-- "-alpn_server2", "bar,456", "-sn_server2", "bob",
-- "-alpn_expected", "bar"])));
-- ok(run(test([@ssltest, "-bio_pair",
-- "-alpn_client", "foo,bar", "-sn_client", "bob",
-- "-alpn_server2", "bar,456", "-sn_server2", "bob",
-- "-alpn_expected", "bar"])));
-- }
-- };
--
- subtest 'SRP tests' => sub {
-
- plan tests => 4;
-@@ -705,7 +606,7 @@ sub testssl {
- if $no_anytls;
-
- skip "skipping multi-buffer tests", 2
-- if @extra || (POSIX::uname())[4] ne "x86_64";
-+ if (POSIX::uname())[4] ne "x86_64";
-
- ok(run(test([@ssltest, "-cipher", "AES128-SHA", "-bytes", "8m"])));
-
-@@ -717,99 +618,6 @@ sub testssl {
- }
- };
-
-- subtest 'DTLS Version min/max tests' => sub {
-- my @protos;
-- push(@protos, "dtls1") unless ($no_dtls1 || $no_dtls);
-- push(@protos, "dtls1.2") unless ($no_dtls1_2 || $no_dtls);
-- my @minprotos = (undef, @protos);
-- my @maxprotos = (@protos, undef);
-- my @shdprotos = (@protos, $protos[$#protos]);
-- my $n = ((@protos+2) * (@protos+3))/2 - 2;
-- my $ntests = $n * $n;
-- plan tests => $ntests;
-- SKIP: {
-- skip "DTLS disabled", 1 if $ntests == 1;
--
-- my $should;
-- for (my $smin = 0; $smin < @minprotos; ++$smin) {
-- for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) {
-- for (my $cmin = 0; $cmin < @minprotos; ++$cmin) {
-- for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) {
-- if ($cmax < $smin-1) {
-- $should = "fail-server";
-- } elsif ($smax < $cmin-1) {
-- $should = "fail-client";
-- } elsif ($cmax > $smax) {
-- $should = $shdprotos[$smax];
-- } else {
-- $should = $shdprotos[$cmax];
-- }
--
-- my @args = (@ssltest, "-dtls");
-- push(@args, "-should_negotiate", $should);
-- push(@args, "-server_min_proto", $minprotos[$smin])
-- if (defined($minprotos[$smin]));
-- push(@args, "-server_max_proto", $maxprotos[$smax])
-- if (defined($maxprotos[$smax]));
-- push(@args, "-client_min_proto", $minprotos[$cmin])
-- if (defined($minprotos[$cmin]));
-- push(@args, "-client_max_proto", $maxprotos[$cmax])
-- if (defined($maxprotos[$cmax]));
-- my $ok = run(test[@args]);
-- if (! $ok) {
-- print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n";
-- print STDERR "\nFailed: @args\n";
-- }
-- ok($ok);
-- }}}}}
-- };
--
-- subtest 'TLS session reuse' => sub {
-- plan tests => 12;
--
-- SKIP: {
-- skip "TLS1.1 or TLS1.2 disabled", 12 if $no_tls1_1 || $no_tls1_2;
-- ok(run(test([@ssltest, "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.2"])));
-- ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.1"])));
--
-- ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.1"])));
-- ok(run(test([@ssltest, "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.2"])));
--
-- ok(run(test([@ssltest, "-no_ticket", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.2"])));
-- ok(run(test([@ssltest, "-no_ticket", "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.1"])));
--
-- ok(run(test([@ssltest, "-no_ticket", "-server_max_proto", "tls1.1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-no_ticket", "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.1"])));
-- ok(run(test([@ssltest, "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.2"])));
-- }
-- };
--
-- subtest 'DTLS session reuse' => sub {
-- plan tests => 12;
-- SKIP: {
-- skip "DTLS disabled", 12 if $no_dtls;
--
-- ok(run(test([@ssltest, "-dtls", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-dtls", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1.2"])));
-- ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1"])));
--
-- ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1"])));
-- ok(run(test([@ssltest, "-dtls", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1.2"])));
--
-- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1.2"])));
-- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1"])));
--
-- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_max_proto", "dtls1", "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
-- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_max_proto", "dtls1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "dtls1"])));
-- ok(run(test([@ssltest, "-dtls", "-no_ticket", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "dtls1.2"])));
-- }
-- };
--
- subtest 'Certificate Transparency tests' => sub {
- ######################################################################
-
-@@ -833,76 +641,40 @@ sub testssl {
- };
- }
-
--sub testsslproxy {
-- my $key = shift || srctop_file("apps","server.pem");
-- my $cert = shift || srctop_file("apps","server.pem");
-- my $CAtmp = shift;
-- my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
-- my @extra = @_;
-+unlink $CAkey;
-+unlink $CAcert;
-+unlink $CAserial;
-+unlink $CAreq;
-+unlink $CAreq2;
-+
-+unlink $Ukey;
-+unlink $Ureq;
-+unlink $Ucert;
-+unlink basename($Ucert, '.ss').'.srl';
-+
-+unlink $Dkey;
-+unlink $Dreq;
-+unlink $Dcert;
-+
-+unlink $Ekey;
-+unlink $Ereq;
-+unlink $Ecert;
-+
-+unlink $P1key;
-+unlink $P1req;
-+unlink $P1cert;
-+unlink basename($P1cert, '.ss').'.srl';
-+unlink $P1intermediate;
-+unlink "intP1.ss";
-+
-+unlink $P2key;
-+unlink $P2req;
-+unlink $P2cert;
-+unlink $P2intermediate;
-+unlink "intP2.ss";
-
-- my @ssltest = ("ssltest_old",
-- "-s_key", $key, "-s_cert", $cert,
-- "-c_key", $key, "-c_cert", $cert);
-+unlink "ecp.ss";
-+unlink "err.ss";
-
-- # plan tests => 16;
--
-- note('Testing a lot of proxy conditions.');
--
-- # We happen to know that certP1.ss has policy letters "AB" and
-- # certP2.ss has policy letters "BC". However, because certP2.ss
-- # has certP1.ss as issuer, when it's used, both their policy
-- # letters get combined into just "B".
-- # The policy letter(s) then get filtered with the given auth letter
-- # in the table below, and the result gets tested with the given
-- # condition. For details, read ssltest_old.c
-- #
-- # certfilename => [ [ auth, cond, expected result ] ... ]
-- my %expected = ( "certP1.ss" => [ [ [ 'A', 'A' ], 1 ],
-- [ [ 'A', 'B' ], 0 ],
-- [ [ 'A', 'C' ], 0 ],
-- [ [ 'A', 'A|B&!C' ], 1 ],
-- [ [ 'B', 'A' ], 0 ],
-- [ [ 'B', 'B' ], 1 ],
-- [ [ 'B', 'C' ], 0 ],
-- [ [ 'B', 'A|B&!C' ], 1 ],
-- [ [ 'C', 'A' ], 0 ],
-- [ [ 'C', 'B' ], 0 ],
-- [ [ 'C', 'C' ], 0 ],
-- [ [ 'C', 'A|B&!C' ], 0 ],
-- [ [ 'BC', 'A' ], 0 ],
-- [ [ 'BC', 'B' ], 1 ],
-- [ [ 'BC', 'C' ], 0 ],
-- [ [ 'BC', 'A|B&!C' ], 1 ] ],
-- "certP2.ss" => [ [ [ 'A', 'A' ], 0 ],
-- [ [ 'A', 'B' ], 0 ],
-- [ [ 'A', 'C' ], 0 ],
-- [ [ 'A', 'A|B&!C' ], 0 ],
-- [ [ 'B', 'A' ], 0 ],
-- [ [ 'B', 'B' ], 1 ],
-- [ [ 'B', 'C' ], 0 ],
-- [ [ 'B', 'A|B&!C' ], 1 ],
-- [ [ 'C', 'A' ], 0 ],
-- [ [ 'C', 'B' ], 0 ],
-- [ [ 'C', 'C' ], 0 ],
-- [ [ 'C', 'A|B&!C' ], 0 ],
-- [ [ 'BC', 'A' ], 0 ],
-- [ [ 'BC', 'B' ], 1 ],
-- [ [ 'BC', 'C' ], 0 ],
-- [ [ 'BC', 'A|B&!C' ], 1 ] ] );
--
-- SKIP: {
-- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", scalar(@{$expected{$cert}})
-- if $no_anytls;
--
-- foreach (@{$expected{$cert}}) {
-- my $auth = $_->[0]->[0];
-- my $cond = $_->[0]->[1];
-- my $res = $_->[1];
-- is(run(test([@ssltest, "-server_auth", @CA,
-- "-proxy", "-proxy_auth", $auth,
-- "-proxy_cond", $cond])), $res,
-- "test tlsv1, server auth, proxy auth $auth and cond $cond (expect "
-- .($res ? "success" : "failure").")");
-- }
-- }
--}
-+unlink $server_sess;
-+unlink $client_sess;
---- a/test/recipes/80-test_ssl_test_ctx.t
-+++ b/test/recipes/80-test_ssl_test_ctx.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/80-test_tsa.t
-+++ b/test/recipes/80-test_tsa.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- /dev/null
-+++ b/test/recipes/80-test_x509aux.t
-@@ -0,0 +1,27 @@
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use strict;
-+use warnings;
-+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-+use OpenSSL::Test::Utils;
-+
-+setup("test_x509aux");
-+
-+plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build"
-+ if disabled("ec");
-+
-+plan tests => 1; # The number of tests being performed
-+
-+ok(run(test(["x509aux",
-+ srctop_file("test", "certs", "roots.pem"),
-+ srctop_file("test", "certs", "root+anyEKU.pem"),
-+ srctop_file("test", "certs", "root-anyEKU.pem"),
-+ srctop_file("test", "certs", "root-cert.pem")]
-+ )), "x509aux tests");
---- a/test/recipes/90-test_async.t
-+++ b/test/recipes/90-test_async.t
-@@ -1,4 +1,11 @@
--#!/usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- /dev/null
-+++ b/test/recipes/90-test_bioprint.t
-@@ -0,0 +1,12 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use OpenSSL::Test::Simple;
-+
-+simple_test("test_bioprint", "bioprinttest");
---- a/test/recipes/90-test_constant_time.t
-+++ b/test/recipes/90-test_constant_time.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_gmdiff.t
-+++ b/test/recipes/90-test_gmdiff.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_heartbeat.t
-+++ b/test/recipes/90-test_heartbeat.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_ige.t
-+++ b/test/recipes/90-test_ige.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_memleak.t
-+++ b/test/recipes/90-test_memleak.t
-@@ -1,4 +1,11 @@
--#! /usr/bi/nperl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test;
-
---- a/test/recipes/90-test_networking.t
-+++ /dev/null
-@@ -1,113 +0,0 @@
--#!/usr/bin/perl
--# Written by Richard Levitte for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 2015-2016 The OpenSSL Project. All rights reserved.
--#
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
--
--use strict;
--use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_file bldtop_dir/;
--use OpenSSL::Test::Utils;
--use TLSProxy::Proxy;
--
--my $test_name = "test_networking";
--setup($test_name);
--
--plan skip_all => "TLSProxy isn't usable on $^O"
-- if $^O =~ /^(VMS|MSWin32)$/;
--
--plan skip_all => "$test_name needs the dynamic engine feature enabled"
-- if disabled("engine") || disabled("dynamic-engine");
--
--plan skip_all => "$test_name needs the sock feature enabled"
-- if disabled("sock");
--
--$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
--
--my $proxy = TLSProxy::Proxy->new(
-- undef,
-- cmdstr(app(["openssl"]), display => 1),
-- srctop_file("apps", "server.pem"),
-- (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
--);
--
--plan tests => 2;
--
--#Test 1: Try IPv4
--$proxy->clear();
--$proxy->serverflags("-4");
--$proxy->clientflags("-4");
--$proxy->server_addr("127.0.0.1");
--$proxy->proxy_addr("127.0.0.1");
--ok(check_connection(), "Trying IPv4");
--
-- SKIP: {
-- skip "No IPv6 support", 1 unless $proxy->supports_IPv6();
--
-- #Test 2: Try IPv6
-- $proxy->clear();
-- $proxy->serverflags("-6");
-- $proxy->clientflags("-6");
-- $proxy->server_addr("[::1]");
-- $proxy->proxy_addr("[::1]");
-- ok(check_connection(), "Trying IPv6");
--}
--
--sub check_connection
--{
-- eval { $proxy->start(); };
--
-- if ($@ ne "") {
-- print STDERR "Proxy connection failed: $@\n";
-- return 0;
-- }
--
-- 1;
--}
---- a/test/recipes/90-test_np.t
-+++ /dev/null
-@@ -1,5 +0,0 @@
--#! /usr/bin/perl
--
--use OpenSSL::Test::Simple;
--
--simple_test("test_np", "nptest");
---- a/test/recipes/90-test_p5_crpt2.t
-+++ b/test/recipes/90-test_p5_crpt2.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_secmem.t
-+++ b/test/recipes/90-test_secmem.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_srp.t
-+++ b/test/recipes/90-test_srp.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- /dev/null
-+++ b/test/recipes/90-test_sslapi.t
-@@ -0,0 +1,22 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use OpenSSL::Test;
-+use OpenSSL::Test::Utils;
-+use OpenSSL::Test qw/:DEFAULT srctop_file/;
-+
-+setup("test_sslapi");
-+
-+plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
-+ if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
-+
-+plan tests => 1;
-+
-+ok(run(test(["sslapitest", srctop_file("apps", "server.pem"),
-+ srctop_file("apps", "server.pem")])), "running sslapitest");
---- a/test/recipes/90-test_threads.t
-+++ b/test/recipes/90-test_threads.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/90-test_v3name.t
-+++ b/test/recipes/90-test_v3name.t
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use OpenSSL::Test::Simple;
-
---- a/test/recipes/bc.pl
-+++ b/test/recipes/bc.pl
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/recipes/tconversion.pl
-+++ b/test/recipes/tconversion.pl
-@@ -1,4 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use strict;
- use warnings;
---- a/test/rmdtest.c
-+++ b/test/rmdtest.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -75,16 +27,15 @@ int main(int argc, char *argv[])
- # include <openssl/ebcdic.h>
- # endif
-
--static char *test[] = {
-- "",
-- "a",
-- "abc",
-- "message digest",
-- "abcdefghijklmnopqrstuvwxyz",
-- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-- "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-- NULL,
-+static char test[][100] = {
-+ { "" },
-+ { "a" },
-+ { "abc" },
-+ { "message digest" },
-+ { "abcdefghijklmnopqrstuvwxyz" },
-+ { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-+ { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-+ { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
- };
-
- static char *ret[] = {
-@@ -101,30 +52,30 @@ static char *ret[] = {
- static char *pt(unsigned char *md);
- int main(int argc, char *argv[])
- {
-- int i, err = 0;
-- char **P, **R;
-+ unsigned int i;
-+ int err = 0;
-+ char **R;
- char *p;
- unsigned char md[RIPEMD160_DIGEST_LENGTH];
-
-- P = test;
- R = ret;
-- i = 1;
-- while (*P != NULL) {
-+ for (i = 0; i < OSSL_NELEM(test); i++) {
- # ifdef CHARSET_EBCDIC
-- ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
-+ ebcdic2ascii(test[i], test[i], strlen(test[i]));
- # endif
-- EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_ripemd160(),
-- NULL);
-+ if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_ripemd160(),
-+ NULL)) {
-+ printf("EVP Digest error.\n");
-+ EXIT(1);
-+ }
- p = pt(md);
- if (strcmp(p, (char *)*R) != 0) {
-- printf("error calculating RIPEMD160 on '%s'\n", *P);
-+ printf("error calculating RIPEMD160 on '%s'\n", test[i]);
- printf("got %s instead of %s\n", p, *R);
- err++;
- } else
-- printf("test %d ok\n", i);
-- i++;
-+ printf("test %d ok\n", i + 1);
- R++;
-- P++;
- }
- EXIT(err);
- }
---- a/test/rsa_test.c
-+++ b/test/rsa_test.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- /* test vectors from p1ovect1.txt */
-
- #include <stdio.h>
-@@ -232,9 +241,9 @@ int main(int argc, char *argv[])
-
- plen = sizeof(ptext_ex) - 1;
-
-- for (v = 0; v < 6; v++) {
-+ for (v = 0; v < 3; v++) {
- key = RSA_new();
-- switch (v % 3) {
-+ switch (v) {
- case 0:
- clen = key1(key, ctext_ex);
- break;
-@@ -245,8 +254,6 @@ int main(int argc, char *argv[])
- clen = key3(key, ctext_ex);
- break;
- }
-- if (v / 3 >= 1)
-- RSA_set_flags(key, RSA_FLAG_NO_CONSTTIME);
-
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_PADDING);
---- a/test/run_tests.pl
-+++ b/test/run_tests.pl
-@@ -1,10 +1,22 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use warnings;
-
-+# Recognise VERBOSE and V which is common on other projects.
-+BEGIN {
-+ $ENV{HARNESS_VERBOSE} = "yes" if $ENV{VERBOSE} || $ENV{V};
-+}
-+
- use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/;
- use File::Basename;
-+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
- use Test::Harness qw/runtests $switches/;
-
- my $srctop = $ENV{SRCTOP} || $ENV{TOP};
-@@ -28,7 +40,7 @@ if (@ARGV) {
- @tests = @ARGV;
- }
- my $list_mode = scalar(grep /^list$/, @tests) != 0;
--if (grep /^alltests|list$/, @tests) {
-+if (grep /^(alltests|list)$/, @tests) {
- @tests = grep {
- basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/
- } glob(catfile($recipesdir,"*.t"));
---- /dev/null
-+++ b/test/sanitytest.c
-@@ -0,0 +1,67 @@
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <internal/numbers.h>
-+
-+
-+#define TEST(e) \
-+ do { \
-+ if (!(e)) { \
-+ fprintf(stderr, "Failed " #e "\n"); \
-+ failures++; \
-+ } \
-+ } while (0)
-+
-+
-+enum smallchoices { sa, sb, sc };
-+enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml };
-+enum largechoices {
-+ a01, b01, c01, d01, e01, f01, g01, h01, i01, j01,
-+ a02, b02, c02, d02, e02, f02, g02, h02, i02, j02,
-+ a03, b03, c03, d03, e03, f03, g03, h03, i03, j03,
-+ a04, b04, c04, d04, e04, f04, g04, h04, i04, j04,
-+ a05, b05, c05, d05, e05, f05, g05, h05, i05, j05,
-+ a06, b06, c06, d06, e06, f06, g06, h06, i06, j06,
-+ a07, b07, c07, d07, e07, f07, g07, h07, i07, j07,
-+ a08, b08, c08, d08, e08, f08, g08, h08, i08, j08,
-+ a09, b09, c09, d09, e09, f09, g09, h09, i09, j09,
-+ a10, b10, c10, d10, e10, f10, g10, h10, i10, j10,
-+ xxx };
-+
-+int main()
-+{
-+ char *p;
-+ char bytes[sizeof(p)];
-+ int failures = 0;
-+
-+ /* Is NULL equivalent to all-bytes-zero? */
-+ p = NULL;
-+ memset(bytes, 0, sizeof bytes);
-+ TEST(memcmp(&p, bytes, sizeof(bytes)) == 0);
-+
-+ /* Enum size */
-+ TEST(sizeof(enum smallchoices) == sizeof(int));
-+ TEST(sizeof(enum medchoices) == sizeof(int));
-+ TEST(sizeof(enum largechoices) == sizeof(int));
-+ /* Basic two's complement checks. */
-+ TEST(~(-1) == 0);
-+ TEST(~(-1L) == 0L);
-+
-+ /* Check that values with sign bit 1 and value bits 0 are valid */
-+ TEST(-(INT_MIN + 1) == INT_MAX);
-+ TEST(-(LONG_MIN + 1) == LONG_MAX);
-+
-+ /* Check that unsigned-to-signed conversions preserve bit patterns */
-+ TEST((int)((unsigned int)INT_MAX + 1) == INT_MIN);
-+ TEST((long)((unsigned long)LONG_MAX + 1) == LONG_MIN);
-+
-+ return failures;
-+}
---- a/test/secmemtest.c
-+++ b/test/secmemtest.c
-@@ -1,32 +1,101 @@
-+/*
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-
- #include <openssl/crypto.h>
-
-+#define perror_line() perror_line1(__LINE__)
-+#define perror_line1(l) perror_line2(l)
-+#define perror_line2(l) perror("failed " #l)
-+
- int main(int argc, char **argv)
- {
- #if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
-- char *p = NULL, *q = NULL;
-+ char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
-
-+ r = OPENSSL_secure_malloc(20);
-+ /* r = non-secure 20 */
-+ if (r == NULL) {
-+ perror_line();
-+ return 1;
-+ }
- if (!CRYPTO_secure_malloc_init(4096, 32)) {
-- perror("failed");
-+ perror_line();
-+ return 1;
-+ }
-+ if (CRYPTO_secure_allocated(r)) {
-+ perror_line();
- return 1;
- }
- p = OPENSSL_secure_malloc(20);
-+ /* r = non-secure 20, p = secure 20 */
- if (!CRYPTO_secure_allocated(p)) {
-- perror("failed 1");
-+ perror_line();
-+ return 1;
-+ }
-+ /* 20 secure -> 32-byte minimum allocaton unit */
-+ if (CRYPTO_secure_used() != 32) {
-+ perror_line();
- return 1;
- }
- q = OPENSSL_malloc(20);
-+ /* r = non-secure 20, p = secure 20, q = non-secure 20 */
- if (CRYPTO_secure_allocated(q)) {
-- perror("failed 1");
-+ perror_line();
-+ return 1;
-+ }
-+ s = OPENSSL_secure_malloc(20);
-+ /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */
-+ if (!CRYPTO_secure_allocated(s)) {
-+ perror_line();
-+ return 1;
-+ }
-+ /* 2 * 20 secure -> 64 bytes allocated */
-+ if (CRYPTO_secure_used() != 64) {
-+ perror_line();
- return 1;
- }
- OPENSSL_secure_free(p);
-+ /* 20 secure -> 32 bytes allocated */
-+ if (CRYPTO_secure_used() != 32) {
-+ perror_line();
-+ return 1;
-+ }
- OPENSSL_free(q);
-- CRYPTO_secure_malloc_done();
-+ /* should not complete, as secure memory is still allocated */
-+ if (CRYPTO_secure_malloc_done()) {
-+ perror_line();
-+ return 1;
-+ }
-+ if (!CRYPTO_secure_malloc_initialized()) {
-+ perror_line();
-+ return 1;
-+ }
-+ OPENSSL_secure_free(s);
-+ /* secure memory should now be 0, so done should complete */
-+ if (CRYPTO_secure_used() != 0) {
-+ perror_line();
-+ return 1;
-+ }
-+ if (!CRYPTO_secure_malloc_done()) {
-+ perror_line();
-+ return 1;
-+ }
-+ if (CRYPTO_secure_malloc_initialized()) {
-+ perror_line();
-+ return 1;
-+ }
-+ /* this can complete - it was not really secure */
-+ OPENSSL_secure_free(r);
- #else
- /* Should fail. */
- if (CRYPTO_secure_malloc_init(4096, 32)) {
-- perror("failed");
-+ perror_line();
- return 1;
- }
- #endif
---- a/test/sha1test.c
-+++ b/test/sha1test.c
-@@ -1,58 +1,10 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -67,10 +19,9 @@
- # include <openssl/ebcdic.h>
- #endif
-
--static char *test[] = {
-- "abc",
-- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-- NULL,
-+static char test[][80] = {
-+ { "abc" },
-+ { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }
- };
-
- static char *ret[] = {
-@@ -83,44 +34,57 @@ static char *bigret = "34aa973cd4c4daa4f
- static char *pt(unsigned char *md);
- int main(int argc, char *argv[])
- {
-- int i, err = 0;
-- char **P, **R;
-+ unsigned int i;
-+ int err = 0;
-+ char **R;
- static unsigned char buf[1000];
- char *p, *r;
- EVP_MD_CTX *c;
- unsigned char md[SHA_DIGEST_LENGTH];
-
--#ifdef CHARSET_EBCDIC
-- ebcdic2ascii(test[0], test[0], strlen(test[0]));
-- ebcdic2ascii(test[1], test[1], strlen(test[1]));
--#endif
--
- c = EVP_MD_CTX_new();
-- P = test;
- R = ret;
-- i = 1;
-- while (*P != NULL) {
-- EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
-+ for (i = 0; i < OSSL_NELEM(test); i++) {
-+# ifdef CHARSET_EBCDIC
-+ ebcdic2ascii(test[i], test[i], strlen(test[i]));
-+# endif
-+ if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(),
-+ NULL)) {
-+ printf("EVP_Digest() error\n");
-+ err++;
-+ goto err;
-+ }
- p = pt(md);
- if (strcmp(p, (char *)*R) != 0) {
-- printf("error calculating SHA1 on '%s'\n", *P);
-+ printf("error calculating SHA1 on '%s'\n", test[i]);
- printf("got %s instead of %s\n", p, *R);
- err++;
- } else
-- printf("test %d ok\n", i);
-- i++;
-+ printf("test %d ok\n", i + 1);
- R++;
-- P++;
- }
-
- memset(buf, 'a', 1000);
- #ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, 1000);
- #endif /* CHARSET_EBCDIC */
-- EVP_DigestInit_ex(c, EVP_sha1(), NULL);
-- for (i = 0; i < 1000; i++)
-- EVP_DigestUpdate(c, buf, 1000);
-- EVP_DigestFinal_ex(c, md, NULL);
-+ if (!EVP_DigestInit_ex(c, EVP_sha1(), NULL)) {
-+ printf("EVP_DigestInit_ex() error\n");
-+ err++;
-+ goto err;
-+ }
-+ for (i = 0; i < 1000; i++) {
-+ if (!EVP_DigestUpdate(c, buf, 1000)) {
-+ printf("EVP_DigestUpdate() error\n");
-+ err++;
-+ goto err;
-+ }
-+ }
-+ if (!EVP_DigestFinal_ex(c, md, NULL)) {
-+ printf("EVP_DigestFinal() error\n");
-+ err++;
-+ goto err;
-+ }
- p = pt(md);
-
- r = bigret;
-@@ -130,7 +94,7 @@ int main(int argc, char *argv[])
- err++;
- } else
- printf("test 3 ok\n");
--
-+ err:
- EVP_MD_CTX_free(c);
- EXIT(err);
- return (0);
---- a/test/sha256t.c
-+++ b/test/sha256t.c
-@@ -1,7 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- * ====================================================================
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -59,7 +64,8 @@ int main(int argc, char **argv)
-
- fprintf(stdout, "Testing SHA-256 ");
-
-- EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL);
-+ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL))
-+ goto err;
- if (memcmp(md, app_b1, sizeof(app_b1))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-@@ -68,9 +74,10 @@ int main(int argc, char **argv)
- fprintf(stdout, ".");
- fflush(stdout);
-
-- EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
-- "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha256(),
-- NULL);
-+ if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
-+ "ijkljklm" "klmnlmno" "mnopnopq", 56, md,
-+ NULL, EVP_sha256(), NULL))
-+ goto err;
- if (memcmp(md, app_b2, sizeof(app_b2))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-@@ -85,19 +92,23 @@ int main(int argc, char **argv)
- fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
- return 1;
- }
-- EVP_DigestInit_ex(evp, EVP_sha256(), NULL);
-- for (i = 0; i < 1000000; i += 288)
-- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-- (1000000 - i) < 288 ? 1000000 - i : 288);
-- EVP_DigestFinal_ex(evp, md, NULL);
-+ if (!EVP_DigestInit_ex(evp, EVP_sha256(), NULL))
-+ goto err;
-+ for (i = 0; i < 1000000; i += 288) {
-+ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-+ (1000000 - i) < 288 ? 1000000 - i : 288))
-+ goto err;
-+ }
-+ if (!EVP_DigestFinal_ex(evp, md, NULL))
-+ goto err;
-
- if (memcmp(md, app_b3, sizeof(app_b3))) {
- fflush(stdout);
-@@ -112,7 +123,8 @@ int main(int argc, char **argv)
-
- fprintf(stdout, "Testing SHA-224 ");
-
-- EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL);
-+ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL))
-+ goto err;
- if (memcmp(md, addenum_1, sizeof(addenum_1))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-@@ -121,9 +133,10 @@ int main(int argc, char **argv)
- fprintf(stdout, ".");
- fflush(stdout);
-
-- EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
-- "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha224(),
-- NULL);
-+ if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
-+ "ijkljklm" "klmnlmno" "mnopnopq", 56, md,
-+ NULL, EVP_sha224(), NULL))
-+ goto err;
- if (memcmp(md, addenum_2, sizeof(addenum_2))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-@@ -133,12 +146,16 @@ int main(int argc, char **argv)
- fflush(stdout);
-
- EVP_MD_CTX_reset(evp);
-- EVP_DigestInit_ex(evp, EVP_sha224(), NULL);
-- for (i = 0; i < 1000000; i += 64)
-- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-- (1000000 - i) < 64 ? 1000000 - i : 64);
-- EVP_DigestFinal_ex(evp, md, NULL);
-+ if (!EVP_DigestInit_ex(evp, EVP_sha224(), NULL))
-+ goto err;
-+ for (i = 0; i < 1000000; i += 64) {
-+ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-+ (1000000 - i) < 64 ? 1000000 - i : 64))
-+ goto err;
-+ }
-+ if (!EVP_DigestFinal_ex(evp, md, NULL))
-+ goto err;
- EVP_MD_CTX_free(evp);
-
- if (memcmp(md, addenum_3, sizeof(addenum_3))) {
-@@ -153,4 +170,8 @@ int main(int argc, char **argv)
- fflush(stdout);
-
- return 0;
-+
-+ err:
-+ fprintf(stderr, "Fatal EVP error!\n");
-+ return 1;
- }
---- a/test/sha512t.c
-+++ b/test/sha512t.c
-@@ -1,7 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
-- * ====================================================================
-+/*
-+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -76,22 +81,10 @@ int main(int argc, char **argv)
- int i;
- EVP_MD_CTX *evp;
-
--# ifdef OPENSSL_IA32_SSE2
-- /*
-- * Alternative to this is to call OpenSSL_add_all_algorithms... The below
-- * code is retained exclusively for debugging purposes.
-- */
-- {
-- char *env;
--
-- if ((env = getenv("OPENSSL_ia32cap")))
-- OPENSSL_ia32cap = strtoul(env, NULL, 0);
-- }
--# endif
--
- fprintf(stdout, "Testing SHA-512 ");
-
-- EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
-+ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL))
-+ goto err;
- if (memcmp(md, app_c1, sizeof(app_c1))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-@@ -100,10 +93,11 @@ int main(int argc, char **argv)
- fprintf(stdout, ".");
- fflush(stdout);
-
-- EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
-- "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
-- "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
-- "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL);
-+ if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
-+ "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
-+ "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
-+ "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL))
-+ goto err;
- if (memcmp(md, app_c2, sizeof(app_c2))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-@@ -118,19 +112,23 @@ int main(int argc, char **argv)
- fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
- return 1;
- }
-- EVP_DigestInit_ex(evp, EVP_sha512(), NULL);
-- for (i = 0; i < 1000000; i += 288)
-- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-- (1000000 - i) < 288 ? 1000000 - i : 288);
-- EVP_DigestFinal_ex(evp, md, NULL);
-+ if (!EVP_DigestInit_ex(evp, EVP_sha512(), NULL))
-+ goto err;
-+ for (i = 0; i < 1000000; i += 288) {
-+ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-+ (1000000 - i) < 288 ? 1000000 - i : 288))
-+ goto err;
-+ }
-+ if (!EVP_DigestFinal_ex(evp, md, NULL))
-+ goto err;
- EVP_MD_CTX_reset(evp);
-
- if (memcmp(md, app_c3, sizeof(app_c3))) {
-@@ -146,7 +144,8 @@ int main(int argc, char **argv)
-
- fprintf(stdout, "Testing SHA-384 ");
-
-- EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL);
-+ if (!EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL))
-+ goto err;
- if (memcmp(md, app_d1, sizeof(app_d1))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 1 of 3 failed.\n");
-@@ -155,10 +154,11 @@ int main(int argc, char **argv)
- fprintf(stdout, ".");
- fflush(stdout);
-
-- EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
-- "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
-- "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
-- "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL);
-+ if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
-+ "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
-+ "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
-+ "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL))
-+ goto err;
- if (memcmp(md, app_d2, sizeof(app_d2))) {
- fflush(stdout);
- fprintf(stderr, "\nTEST 2 of 3 failed.\n");
-@@ -167,12 +167,16 @@ int main(int argc, char **argv)
- fprintf(stdout, ".");
- fflush(stdout);
-
-- EVP_DigestInit_ex(evp, EVP_sha384(), NULL);
-- for (i = 0; i < 1000000; i += 64)
-- EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-- "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-- (1000000 - i) < 64 ? 1000000 - i : 64);
-- EVP_DigestFinal_ex(evp, md, NULL);
-+ if (!EVP_DigestInit_ex(evp, EVP_sha384(), NULL))
-+ goto err;
-+ for (i = 0; i < 1000000; i += 64) {
-+ if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
-+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
-+ (1000000 - i) < 64 ? 1000000 - i : 64))
-+ goto err;
-+ }
-+ if (!EVP_DigestFinal_ex(evp, md, NULL))
-+ goto err;
- EVP_MD_CTX_free(evp);
-
- if (memcmp(md, app_d3, sizeof(app_d3))) {
-@@ -187,4 +191,9 @@ int main(int argc, char **argv)
- fflush(stdout);
-
- return 0;
-+
-+ err:
-+ fflush(stdout);
-+ fprintf(stderr, "\nFatal EVP error!\n");
-+ return 1;
- }
---- a/test/smcont.txt
-+++ b/test/smcont.txt
-@@ -1 +1 @@
--Some test content for OpenSSL CMS
-\ No newline at end of file
-+Somewhat longer test content for OpenSSL CMS utility to handle, and a bit longer...
-\ No newline at end of file
---- a/test/smime-certs/mksmime-certs.sh
-+++ b/test/smime-certs/mksmime-certs.sh
-@@ -1,4 +1,11 @@
- #!/bin/sh
-+# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- # Utility to recreate S/MIME certificates
-
---- a/test/srptest.c
-+++ b/test/srptest.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <openssl/opensslconf.h>
- #ifdef OPENSSL_NO_SRP
-
---- a/test/ssl-tests/01-simple.conf
-+++ b/test/ssl-tests/01-simple.conf
-@@ -18,13 +18,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [0-default-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-0]
- ExpectedResult = Success
-
-@@ -43,12 +41,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [1-verify-cert-client]
- CipherString = DEFAULT
- VerifyMode = Peer
-
--
- [test-1]
- ClientAlert = UnknownCA
- ExpectedResult = ClientFail
---- a/test/ssl-tests/01-simple.conf.in
-+++ b/test/ssl-tests/01-simple.conf.in
-@@ -1,4 +1,11 @@
- # -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- ## SSL test configurations
-
---- a/test/ssl-tests/02-protocol-version.conf
-+++ b/test/ssl-tests/02-protocol-version.conf
-@@ -378,14 +378,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [0-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-0]
- ExpectedResult = InternalError
-
-@@ -405,14 +403,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [1-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-1]
- ExpectedResult = InternalError
-
-@@ -432,14 +428,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [2-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-2]
- ExpectedResult = InternalError
-
-@@ -459,14 +453,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [3-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-3]
- ExpectedResult = InternalError
-
-@@ -485,14 +477,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [4-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-4]
- ExpectedResult = InternalError
-
-@@ -513,14 +503,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [5-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-5]
- ExpectedResult = InternalError
-
-@@ -541,14 +529,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [6-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-6]
- ExpectedResult = InternalError
-
-@@ -569,14 +555,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [7-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-7]
- ExpectedResult = InternalError
-
-@@ -597,14 +581,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [8-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-8]
- ExpectedResult = InternalError
-
-@@ -624,14 +606,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [9-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-9]
- ExpectedResult = InternalError
-
-@@ -652,14 +632,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [10-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-10]
- ExpectedResult = InternalError
-
-@@ -680,14 +658,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [11-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-11]
- ExpectedResult = InternalError
-
-@@ -708,14 +684,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [12-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-12]
- ExpectedResult = InternalError
-
-@@ -735,14 +709,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [13-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-13]
- ExpectedResult = InternalError
-
-@@ -763,14 +735,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [14-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-14]
- ExpectedResult = InternalError
-
-@@ -791,14 +761,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [15-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-15]
- ExpectedResult = InternalError
-
-@@ -818,14 +786,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [16-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-16]
- ExpectedResult = InternalError
-
-@@ -846,14 +812,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [17-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-17]
- ExpectedResult = InternalError
-
-@@ -873,14 +837,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [18-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-18]
- ExpectedResult = InternalError
-
-@@ -900,14 +862,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [19-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-19]
- ExpectedResult = ServerFail
-
-@@ -927,14 +887,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [20-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-20]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -955,14 +913,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [21-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-21]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -983,14 +939,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [22-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-22]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1010,14 +964,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [23-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-23]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1039,14 +991,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [24-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-24]
- ExpectedResult = ServerFail
-
-@@ -1067,14 +1017,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [25-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-25]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1096,14 +1044,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [26-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-26]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1125,14 +1071,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [27-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-27]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1153,14 +1097,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [28-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-28]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1182,14 +1124,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [29-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-29]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1211,14 +1151,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [30-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-30]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1240,14 +1178,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [31-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-31]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1268,14 +1204,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [32-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-32]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1297,14 +1231,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [33-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-33]
- ExpectedResult = ServerFail
-
-@@ -1325,14 +1257,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [34-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-34]
- ExpectedResult = ServerFail
-
-@@ -1352,14 +1282,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [35-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-35]
- ExpectedResult = ServerFail
-
-@@ -1380,14 +1308,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [36-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-36]
- ExpectedResult = ServerFail
-
-@@ -1407,14 +1333,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [37-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-37]
- ExpectedResult = ServerFail
-
-@@ -1434,14 +1358,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [38-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-38]
- ExpectedResult = ServerFail
-
-@@ -1461,14 +1383,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [39-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-39]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1489,14 +1409,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [40-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-40]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1517,14 +1435,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [41-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-41]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1544,14 +1460,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [42-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-42]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1573,14 +1487,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [43-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-43]
- ExpectedResult = ServerFail
-
-@@ -1601,14 +1513,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [44-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-44]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1630,14 +1540,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [45-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-45]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1659,14 +1567,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [46-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-46]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1687,14 +1593,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [47-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-47]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1716,14 +1620,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [48-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-48]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -1745,14 +1647,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [49-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-49]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1774,14 +1674,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [50-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-50]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1802,14 +1700,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [51-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-51]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1831,14 +1727,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [52-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-52]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1860,14 +1754,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [53-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-53]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1888,14 +1780,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [54-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-54]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -1917,14 +1807,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [55-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-55]
- ExpectedResult = ServerFail
-
-@@ -1944,14 +1832,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [56-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-56]
- ExpectedResult = ServerFail
-
-@@ -1971,14 +1857,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [57-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-57]
- ExpectedResult = ServerFail
-
-@@ -1998,14 +1882,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [58-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-58]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -2026,14 +1908,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [59-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-59]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2054,14 +1934,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [60-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-60]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2081,14 +1959,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [61-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-61]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2110,14 +1986,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [62-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-62]
- ExpectedResult = ServerFail
-
-@@ -2138,14 +2012,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [63-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-63]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -2167,14 +2039,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [64-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-64]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2196,14 +2066,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [65-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-65]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2224,14 +2092,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [66-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-66]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2253,14 +2119,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [67-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-67]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -2282,14 +2146,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [68-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-68]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2311,14 +2173,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [69-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-69]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2339,14 +2199,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [70-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-70]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2368,14 +2226,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [71-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-71]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2397,14 +2253,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [72-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-72]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2425,14 +2279,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [73-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-73]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2454,14 +2306,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [74-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-74]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2482,14 +2332,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [75-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-75]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2510,13 +2358,11 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [76-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-76]
- ExpectedResult = ServerFail
-
-@@ -2536,13 +2382,11 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [77-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-77]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -2563,13 +2407,11 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [78-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-78]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2590,13 +2432,11 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [79-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-79]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2616,13 +2456,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [80-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-80]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2644,13 +2482,11 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [81-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-81]
- ExpectedResult = ServerFail
-
-@@ -2671,13 +2507,11 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [82-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-82]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -2699,13 +2533,11 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [83-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-83]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2727,13 +2559,11 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [84-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-84]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2754,13 +2584,11 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [85-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-85]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2782,13 +2610,11 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [86-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-86]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -2810,13 +2636,11 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [87-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-87]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2838,13 +2662,11 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [88-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-88]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2865,13 +2687,11 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [89-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-89]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2893,13 +2713,11 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [90-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-90]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -2921,13 +2739,11 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [91-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-91]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2948,13 +2764,11 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [92-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-92]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -2976,13 +2790,11 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [93-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-93]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -3003,13 +2815,11 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [94-version-negotiation-client]
- CipherString = DEFAULT
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-94]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -3030,7 +2840,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [95-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3038,7 +2847,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-95]
- ExpectedResult = InternalError
-
-@@ -3058,7 +2866,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [96-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3066,7 +2873,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-96]
- ExpectedResult = InternalError
-
-@@ -3086,7 +2892,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [97-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3094,7 +2899,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-97]
- ExpectedResult = InternalError
-
-@@ -3114,7 +2918,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [98-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3122,7 +2925,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-98]
- ExpectedResult = InternalError
-
-@@ -3141,7 +2943,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [99-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3149,7 +2950,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-99]
- ExpectedResult = InternalError
-
-@@ -3170,7 +2970,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [100-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3178,7 +2977,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-100]
- ExpectedResult = InternalError
-
-@@ -3199,7 +2997,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [101-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3207,7 +3004,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-101]
- ExpectedResult = InternalError
-
-@@ -3228,7 +3024,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [102-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3236,7 +3031,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-102]
- ExpectedResult = InternalError
-
-@@ -3257,7 +3051,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [103-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3265,7 +3058,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-103]
- ExpectedResult = InternalError
-
-@@ -3285,7 +3077,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [104-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3293,7 +3084,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-104]
- ExpectedResult = InternalError
-
-@@ -3314,7 +3104,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [105-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3322,7 +3111,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-105]
- ExpectedResult = InternalError
-
-@@ -3343,7 +3131,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [106-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3351,7 +3138,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-106]
- ExpectedResult = InternalError
-
-@@ -3372,7 +3158,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [107-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3380,7 +3165,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-107]
- ExpectedResult = InternalError
-
-@@ -3400,7 +3184,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [108-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3408,7 +3191,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-108]
- ExpectedResult = InternalError
-
-@@ -3429,7 +3211,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [109-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3437,7 +3218,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-109]
- ExpectedResult = InternalError
-
-@@ -3458,7 +3238,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [110-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3466,7 +3245,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-110]
- ExpectedResult = InternalError
-
-@@ -3486,7 +3264,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [111-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3494,7 +3271,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-111]
- ExpectedResult = InternalError
-
-@@ -3515,7 +3291,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [112-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3523,7 +3298,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-112]
- ExpectedResult = InternalError
-
-@@ -3543,7 +3317,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [113-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = SSLv3
-@@ -3551,7 +3324,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-113]
- ExpectedResult = InternalError
-
-@@ -3571,7 +3343,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [114-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3579,7 +3350,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-114]
- ExpectedResult = ServerFail
-
-@@ -3599,7 +3369,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [115-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3607,7 +3376,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-115]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3628,7 +3396,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [116-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3636,7 +3403,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-116]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3657,7 +3423,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [117-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3665,7 +3430,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-117]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3685,7 +3449,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [118-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3693,7 +3456,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-118]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3715,7 +3477,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [119-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3723,7 +3484,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-119]
- ExpectedResult = ServerFail
-
-@@ -3744,7 +3504,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [120-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3752,7 +3511,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-120]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3774,7 +3532,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [121-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3782,7 +3539,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-121]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3804,7 +3560,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [122-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3812,7 +3567,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-122]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3833,7 +3587,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [123-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3841,7 +3594,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-123]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3863,7 +3615,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [124-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3871,7 +3622,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-124]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3893,7 +3643,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [125-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3901,7 +3650,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-125]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3923,7 +3671,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [126-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3931,7 +3678,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-126]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3952,7 +3698,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [127-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3960,7 +3705,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-127]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -3982,7 +3726,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [128-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -3990,7 +3733,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-128]
- ExpectedResult = ServerFail
-
-@@ -4011,7 +3753,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [129-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -4019,7 +3760,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-129]
- ExpectedResult = ServerFail
-
-@@ -4039,7 +3779,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [130-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -4047,7 +3786,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-130]
- ExpectedResult = ServerFail
-
-@@ -4068,7 +3806,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [131-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -4076,7 +3813,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-131]
- ExpectedResult = ServerFail
-
-@@ -4096,7 +3832,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [132-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -4104,7 +3839,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-132]
- ExpectedResult = ServerFail
-
-@@ -4124,7 +3858,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [133-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4132,7 +3865,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-133]
- ExpectedResult = ServerFail
-
-@@ -4152,7 +3884,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [134-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4160,7 +3891,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-134]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -4181,7 +3911,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [135-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4189,7 +3918,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-135]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4210,7 +3938,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [136-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4218,7 +3945,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-136]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4238,7 +3964,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [137-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4246,7 +3971,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-137]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4268,7 +3992,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [138-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4276,7 +3999,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-138]
- ExpectedResult = ServerFail
-
-@@ -4297,7 +4019,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [139-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4305,7 +4026,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-139]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -4327,7 +4047,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [140-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4335,7 +4054,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-140]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4357,7 +4075,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [141-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4365,7 +4082,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-141]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4386,7 +4102,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [142-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4394,7 +4109,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-142]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4416,7 +4130,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [143-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4424,7 +4137,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-143]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -4446,7 +4158,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [144-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4454,7 +4165,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-144]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4476,7 +4186,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [145-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4484,7 +4193,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-145]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4505,7 +4213,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [146-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4513,7 +4220,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-146]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4535,7 +4241,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [147-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4543,7 +4248,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-147]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4565,7 +4269,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [148-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4573,7 +4276,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-148]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4594,7 +4296,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [149-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4602,7 +4303,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-149]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4624,7 +4324,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [150-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4632,7 +4331,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-150]
- ExpectedResult = ServerFail
-
-@@ -4652,7 +4350,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [151-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -4660,7 +4357,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-151]
- ExpectedResult = ServerFail
-
-@@ -4680,7 +4376,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [152-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4688,7 +4383,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-152]
- ExpectedResult = ServerFail
-
-@@ -4708,7 +4402,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [153-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4716,7 +4409,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-153]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -4737,7 +4429,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [154-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4745,7 +4436,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-154]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4766,7 +4456,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [155-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4774,7 +4463,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-155]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -4794,7 +4482,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [156-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4802,7 +4489,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-156]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -4824,7 +4510,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [157-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4832,7 +4517,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-157]
- ExpectedResult = ServerFail
-
-@@ -4853,7 +4537,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [158-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4861,7 +4544,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-158]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -4883,7 +4565,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [159-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4891,7 +4572,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-159]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -4913,7 +4593,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [160-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4921,7 +4600,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-160]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -4942,7 +4620,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [161-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4950,7 +4627,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-161]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -4972,7 +4648,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [162-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -4980,7 +4655,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-162]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5002,7 +4676,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [163-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5010,7 +4683,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-163]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -5032,7 +4704,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [164-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5040,7 +4711,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-164]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5061,7 +4731,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [165-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5069,7 +4738,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-165]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5091,7 +4759,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [166-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5099,7 +4766,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-166]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -5121,7 +4787,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [167-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5129,7 +4794,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-167]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5150,7 +4814,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [168-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5158,7 +4821,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-168]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5180,7 +4842,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [169-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5188,7 +4849,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-169]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5209,7 +4869,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [170-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -5217,7 +4876,6 @@ MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-170]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5238,14 +4896,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [171-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-171]
- ExpectedResult = ServerFail
-
-@@ -5265,14 +4921,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [172-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-172]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5293,14 +4947,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [173-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-173]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -5321,14 +4973,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [174-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-174]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5348,14 +4998,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [175-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-175]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5377,14 +5025,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [176-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-176]
- ExpectedResult = ServerFail
-
-@@ -5405,14 +5051,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [177-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-177]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5434,14 +5078,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [178-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-178]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -5463,14 +5105,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [179-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-179]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5491,14 +5131,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [180-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-180]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5520,14 +5158,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [181-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-181]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5549,14 +5185,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [182-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-182]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -5578,14 +5212,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [183-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-183]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5606,14 +5238,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [184-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-184]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5635,14 +5265,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [185-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-185]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -5664,14 +5292,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [186-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-186]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5692,14 +5318,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [187-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-187]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5721,14 +5345,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [188-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-188]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5749,14 +5371,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [189-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = SSLv3
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-189]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -5777,7 +5397,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [190-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5785,7 +5404,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-190]
- ExpectedResult = ServerFail
-
-@@ -5805,7 +5423,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [191-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5813,7 +5430,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-191]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5834,7 +5450,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [192-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5842,7 +5457,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-192]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5863,7 +5477,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [193-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5871,7 +5484,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-193]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5891,7 +5503,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [194-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5899,7 +5510,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-194]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5921,7 +5531,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [195-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5929,7 +5538,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-195]
- ExpectedResult = ServerFail
-
-@@ -5950,7 +5558,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [196-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5958,7 +5565,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-196]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -5980,7 +5586,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [197-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -5988,7 +5593,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-197]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6010,7 +5614,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [198-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6018,7 +5621,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-198]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6039,7 +5641,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [199-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6047,7 +5648,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-199]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6069,7 +5669,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [200-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6077,7 +5676,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-200]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6099,7 +5697,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [201-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6107,7 +5704,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-201]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6129,7 +5725,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [202-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6137,7 +5732,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-202]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6158,7 +5752,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [203-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6166,7 +5759,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-203]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6188,7 +5780,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [204-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6196,7 +5787,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-204]
- ExpectedResult = ServerFail
-
-@@ -6217,7 +5807,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [205-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6225,7 +5814,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-205]
- ExpectedResult = ServerFail
-
-@@ -6245,7 +5833,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [206-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6253,7 +5840,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-206]
- ExpectedResult = ServerFail
-
-@@ -6274,7 +5860,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [207-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6282,7 +5867,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-207]
- ExpectedResult = ServerFail
-
-@@ -6302,7 +5886,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [208-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1
-@@ -6310,7 +5893,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-208]
- ExpectedResult = ServerFail
-
-@@ -6330,7 +5912,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [209-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6338,7 +5919,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-209]
- ExpectedResult = ServerFail
-
-@@ -6358,7 +5938,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [210-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6366,7 +5945,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-210]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6387,7 +5965,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [211-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6395,7 +5972,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-211]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6416,7 +5992,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [212-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6424,7 +5999,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-212]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6444,7 +6018,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [213-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6452,7 +6025,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-213]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6474,7 +6046,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [214-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6482,7 +6053,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-214]
- ExpectedResult = ServerFail
-
-@@ -6503,7 +6073,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [215-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6511,7 +6080,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-215]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6533,7 +6101,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [216-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6541,7 +6108,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-216]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6563,7 +6129,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [217-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6571,7 +6136,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-217]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6592,7 +6156,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [218-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6600,7 +6163,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-218]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6622,7 +6184,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [219-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6630,7 +6191,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-219]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6652,7 +6212,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [220-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6660,7 +6219,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-220]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6682,7 +6240,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [221-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6690,7 +6247,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-221]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6711,7 +6267,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [222-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6719,7 +6274,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-222]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6741,7 +6295,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [223-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6749,7 +6302,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-223]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6771,7 +6323,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [224-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6779,7 +6330,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-224]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6800,7 +6350,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [225-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6808,7 +6357,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-225]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6830,7 +6378,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [226-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6838,7 +6385,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-226]
- ExpectedResult = ServerFail
-
-@@ -6858,7 +6404,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [227-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -6866,7 +6411,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-227]
- ExpectedResult = ServerFail
-
-@@ -6886,7 +6430,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [228-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -6894,7 +6437,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-228]
- ExpectedResult = ServerFail
-
-@@ -6914,7 +6456,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [229-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -6922,7 +6463,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-229]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -6943,7 +6483,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [230-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -6951,7 +6490,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-230]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -6972,7 +6510,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [231-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -6980,7 +6517,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-231]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7000,7 +6536,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [232-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7008,7 +6543,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-232]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7030,7 +6564,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [233-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7038,7 +6571,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-233]
- ExpectedResult = ServerFail
-
-@@ -7059,7 +6591,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [234-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7067,7 +6598,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-234]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -7089,7 +6619,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [235-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7097,7 +6626,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-235]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7119,7 +6647,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [236-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7127,7 +6654,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-236]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7148,7 +6674,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [237-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7156,7 +6681,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-237]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7178,7 +6702,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [238-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7186,7 +6709,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-238]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -7208,7 +6730,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [239-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7216,7 +6737,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-239]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7238,7 +6758,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [240-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7246,7 +6765,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-240]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7267,7 +6785,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [241-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7275,7 +6792,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-241]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7297,7 +6813,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [242-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7305,7 +6820,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-242]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7327,7 +6841,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [243-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7335,7 +6848,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-243]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7356,7 +6868,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [244-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7364,7 +6875,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-244]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7386,7 +6896,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [245-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7394,7 +6903,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-245]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7415,7 +6923,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [246-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -7423,7 +6930,6 @@ MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-246]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7444,14 +6950,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [247-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-247]
- ExpectedResult = ServerFail
-
-@@ -7471,14 +6975,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [248-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-248]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -7499,14 +7001,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [249-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-249]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7527,14 +7027,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [250-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-250]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7554,14 +7052,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [251-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-251]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7583,14 +7079,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [252-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-252]
- ExpectedResult = ServerFail
-
-@@ -7611,14 +7105,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [253-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-253]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -7640,14 +7132,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [254-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-254]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7669,14 +7159,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [255-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-255]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7697,14 +7185,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [256-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-256]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7726,14 +7212,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [257-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-257]
- ExpectedResult = Success
- Protocol = TLSv1
-@@ -7755,14 +7239,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [258-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-258]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7784,14 +7266,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [259-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-259]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7812,14 +7292,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [260-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-260]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7841,14 +7319,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [261-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-261]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -7870,14 +7346,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [262-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-262]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7898,14 +7372,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [263-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-263]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7927,14 +7399,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [264-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-264]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7955,14 +7425,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [265-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-265]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -7983,7 +7451,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [266-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -7991,7 +7458,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-266]
- ExpectedResult = ServerFail
-
-@@ -8011,7 +7477,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [267-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8019,7 +7484,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-267]
- ExpectedResult = ClientFail
-
-@@ -8039,7 +7503,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [268-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8047,7 +7510,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-268]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8068,7 +7530,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [269-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8076,7 +7537,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-269]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8096,7 +7556,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [270-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8104,7 +7563,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-270]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8126,7 +7584,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [271-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8134,7 +7591,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-271]
- ExpectedResult = ServerFail
-
-@@ -8155,7 +7611,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [272-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8163,7 +7618,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-272]
- ExpectedResult = ClientFail
-
-@@ -8184,7 +7638,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [273-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8192,7 +7645,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-273]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8214,7 +7666,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [274-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8222,7 +7673,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-274]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8243,7 +7693,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [275-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8251,7 +7700,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-275]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8273,7 +7721,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [276-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8281,7 +7728,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-276]
- ExpectedResult = ClientFail
-
-@@ -8302,7 +7748,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [277-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8310,7 +7755,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-277]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8332,7 +7776,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [278-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8340,7 +7783,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-278]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8361,7 +7803,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [279-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8369,7 +7810,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-279]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8391,7 +7831,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [280-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8399,7 +7838,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-280]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8421,7 +7859,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [281-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8429,7 +7866,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-281]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8450,7 +7886,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [282-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8458,7 +7893,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-282]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8480,7 +7914,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [283-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8488,7 +7921,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-283]
- ExpectedResult = ServerFail
-
-@@ -8508,7 +7940,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [284-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.1
-@@ -8516,7 +7947,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-284]
- ExpectedResult = ServerFail
-
-@@ -8536,7 +7966,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [285-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8544,7 +7973,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-285]
- ExpectedResult = ServerFail
-
-@@ -8564,7 +7992,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [286-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8572,7 +7999,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-286]
- ExpectedResult = ClientFail
-
-@@ -8592,7 +8018,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [287-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8600,7 +8025,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-287]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8621,7 +8045,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [288-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8629,7 +8052,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-288]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -8649,7 +8071,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [289-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8657,7 +8078,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-289]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -8679,7 +8099,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [290-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8687,7 +8106,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-290]
- ExpectedResult = ServerFail
-
-@@ -8708,7 +8126,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [291-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8716,7 +8133,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-291]
- ExpectedResult = ClientFail
-
-@@ -8737,7 +8153,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [292-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8745,7 +8160,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-292]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8767,7 +8181,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [293-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8775,7 +8188,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-293]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -8796,7 +8208,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [294-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8804,7 +8215,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-294]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -8826,7 +8236,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [295-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8834,7 +8243,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-295]
- ExpectedResult = ClientFail
-
-@@ -8855,7 +8263,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [296-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8863,7 +8270,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-296]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8885,7 +8291,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [297-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8893,7 +8298,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-297]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -8914,7 +8318,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [298-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8922,7 +8325,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-298]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -8944,7 +8346,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [299-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8952,7 +8353,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-299]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -8974,7 +8374,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [300-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -8982,7 +8381,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-300]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9003,7 +8401,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [301-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9011,7 +8408,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-301]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9033,7 +8429,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [302-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9041,7 +8436,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-302]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9062,7 +8456,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [303-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9070,7 +8463,6 @@ MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-303]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9091,14 +8483,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [304-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-304]
- ExpectedResult = ServerFail
-
-@@ -9118,14 +8508,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [305-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-305]
- ExpectedResult = ClientFail
-
-@@ -9145,14 +8533,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [306-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-306]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -9173,14 +8559,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [307-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-307]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9200,14 +8584,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [308-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-308]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9229,14 +8611,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [309-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-309]
- ExpectedResult = ServerFail
-
-@@ -9257,14 +8637,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [310-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-310]
- ExpectedResult = ClientFail
-
-@@ -9285,14 +8663,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [311-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-311]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -9314,14 +8690,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [312-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-312]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9342,14 +8716,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [313-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-313]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9371,14 +8743,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [314-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-314]
- ExpectedResult = ClientFail
-
-@@ -9399,14 +8769,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [315-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-315]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -9428,14 +8796,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [316-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-316]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9456,14 +8822,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [317-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-317]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9485,14 +8849,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [318-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-318]
- ExpectedResult = Success
- Protocol = TLSv1.1
-@@ -9514,14 +8876,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [319-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-319]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9542,14 +8902,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [320-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-320]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9571,14 +8929,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [321-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-321]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9599,14 +8955,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [322-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.1
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-322]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9627,7 +8981,6 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [323-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9635,7 +8988,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-323]
- ExpectedResult = ServerFail
-
-@@ -9655,7 +9007,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [324-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9663,7 +9014,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-324]
- ExpectedResult = ClientFail
-
-@@ -9683,7 +9033,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [325-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9691,7 +9040,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-325]
- ExpectedResult = ClientFail
-
-@@ -9711,7 +9059,6 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [326-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9719,7 +9066,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-326]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9739,7 +9085,6 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [327-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9747,7 +9092,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-327]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9769,7 +9113,6 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [328-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9777,7 +9120,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-328]
- ExpectedResult = ServerFail
-
-@@ -9798,7 +9140,6 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [329-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9806,7 +9147,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-329]
- ExpectedResult = ClientFail
-
-@@ -9827,7 +9167,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [330-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9835,7 +9174,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-330]
- ExpectedResult = ClientFail
-
-@@ -9856,7 +9194,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [331-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9864,7 +9201,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-331]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9885,7 +9221,6 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [332-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9893,7 +9228,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-332]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -9915,7 +9249,6 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [333-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9923,7 +9256,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-333]
- ExpectedResult = ClientFail
-
-@@ -9944,7 +9276,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [334-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9952,7 +9283,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-334]
- ExpectedResult = ClientFail
-
-@@ -9973,7 +9303,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [335-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -9981,7 +9310,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-335]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10002,7 +9330,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [336-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -10010,7 +9337,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-336]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10032,7 +9358,6 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [337-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -10040,7 +9365,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-337]
- ExpectedResult = ClientFail
-
-@@ -10061,7 +9385,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [338-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -10069,7 +9392,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-338]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10090,7 +9412,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [339-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -10098,7 +9419,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-339]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10120,7 +9440,6 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [340-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -10128,7 +9447,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-340]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10149,7 +9467,6 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [341-version-negotiation-client]
- CipherString = DEFAULT
- MaxProtocol = TLSv1.2
-@@ -10157,7 +9474,6 @@ MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-341]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10178,14 +9494,12 @@ CipherString = DEFAULT
- MaxProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [342-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-342]
- ExpectedResult = ServerFail
-
-@@ -10205,14 +9519,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [343-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-343]
- ExpectedResult = ClientFail
-
-@@ -10232,14 +9544,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [344-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-344]
- ExpectedResult = ClientFail
-
-@@ -10259,14 +9569,12 @@ CipherString = DEFAULT
- MaxProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [345-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-345]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10286,14 +9594,12 @@ Certificate = ${ENV::TEST_CERTS_DIR}/ser
- CipherString = DEFAULT
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [346-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-346]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10315,14 +9621,12 @@ MaxProtocol = SSLv3
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [347-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-347]
- ExpectedResult = ServerFail
-
-@@ -10343,14 +9647,12 @@ MaxProtocol = TLSv1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [348-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-348]
- ExpectedResult = ClientFail
-
-@@ -10371,14 +9673,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [349-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-349]
- ExpectedResult = ClientFail
-
-@@ -10399,14 +9699,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [350-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-350]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10427,14 +9725,12 @@ CipherString = DEFAULT
- MinProtocol = SSLv3
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [351-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-351]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10456,14 +9752,12 @@ MaxProtocol = TLSv1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [352-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-352]
- ExpectedResult = ClientFail
-
-@@ -10484,14 +9778,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [353-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-353]
- ExpectedResult = ClientFail
-
-@@ -10512,14 +9804,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [354-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-354]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10540,14 +9830,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [355-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-355]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10569,14 +9857,12 @@ MaxProtocol = TLSv1.1
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [356-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-356]
- ExpectedResult = ClientFail
-
-@@ -10597,14 +9883,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [357-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-357]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10625,14 +9909,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.1
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [358-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-358]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10654,14 +9936,12 @@ MaxProtocol = TLSv1.2
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [359-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-359]
- ExpectedResult = Success
- Protocol = TLSv1.2
-@@ -10682,14 +9962,12 @@ CipherString = DEFAULT
- MinProtocol = TLSv1.2
- PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
--
- [360-version-negotiation-client]
- CipherString = DEFAULT
- MinProtocol = TLSv1.2
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
--
- [test-360]
- ExpectedResult = Success
- Protocol = TLSv1.2
---- a/test/ssl-tests/02-protocol-version.conf.in
-+++ b/test/ssl-tests/02-protocol-version.conf.in
-@@ -1,115 +1,19 @@
- # -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
--## Test version negotiation
--
--package ssltests;
--
--use List::Util qw/max min/;
--
--use OpenSSL::Test;
--use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
--setup("no_test_here");
-
--my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
--# undef stands for "no limit".
--my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
--my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
-+## Test TLS version negotiation
-
--my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-+package ssltests;
-
--my $min_enabled; my $max_enabled;
-+use strict;
-+use warnings;
-
--# Protocol configuration works in cascades, i.e.,
--# $no_tls1_1 disables TLSv1.1 and below.
--#
--# $min_enabled and $max_enabled will be correct if there is at least one
--# protocol enabled.
--foreach my $i (0..$#protocols) {
-- if (!$is_disabled[$i]) {
-- $min_enabled = $i;
-- last;
-- }
--}
--
--foreach my $i (0..$#protocols) {
-- if (!$is_disabled[$i]) {
-- $max_enabled = $i;
-- }
--}
--
--our @tests = ();
--
--sub generate_tests() {
-- foreach my $c_min (0..$#min_protocols) {
-- my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
-- foreach my $c_max ($c_max_min..$#max_protocols) {
-- foreach my $s_min (0..$#min_protocols) {
-- my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
-- foreach my $s_max ($s_max_min..$#max_protocols) {
-- my ($result, $protocol) =
-- expected_result($c_min, $c_max, $s_min, $s_max);
-- push @tests, {
-- "name" => "version-negotiation",
-- "client" => {
-- "MinProtocol" => $min_protocols[$c_min],
-- "MaxProtocol" => $max_protocols[$c_max],
-- },
-- "server" => {
-- "MinProtocol" => $min_protocols[$s_min],
-- "MaxProtocol" => $max_protocols[$s_max],
-- },
-- "test" => {
-- "ExpectedResult" => $result,
-- "Protocol" => $protocol
-- }
-- };
-- }
-- }
-- }
-- }
--}
--
--sub expected_result {
-- my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-- if ($no_tls) {
-- return ("InternalError", undef);
-- }
--
-- my ($c_min, $c_max, $s_min, $s_max) = @_;
--
-- # Adjust for "undef" (no limit).
-- $c_min = $c_min == 0 ? 0 : $c_min - 1;
-- $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max;
-- $s_min = $s_min == 0 ? 0 : $s_min - 1;
-- $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max;
--
-- # We now have at least one protocol enabled, so $min_enabled and
-- # $max_enabled are well-defined.
-- $c_min = max $c_min, $min_enabled;
-- $s_min = max $s_min, $min_enabled;
-- $c_max = min $c_max, $max_enabled;
-- $s_max = min $s_max, $max_enabled;
--
-- if ($c_min > $c_max) {
-- # Client should fail to even send a hello.
-- # This results in an internal error since the server will be
-- # waiting for input that never arrives.
-- return ("InternalError", undef);
-- } elsif ($s_min > $s_max) {
-- # Server has no protocols, should always fail.
-- return ("ServerFail", undef);
-- } elsif ($s_min > $c_max) {
-- # Server doesn't support the client range.
-- return ("ServerFail", undef);
-- } elsif ($c_min > $s_max) {
-- # Server will try with a version that is lower than the lowest
-- # supported client version.
-- return ("ClientFail", undef);
-- } else {
-- # Server and client ranges overlap.
-- my $max_common = $s_max < $c_max ? $s_max : $c_max;
-- return ("Success", $protocols[$max_common]);
-- }
--}
-+use protocol_version;
-
--generate_tests();
-+our @tests = generate_version_tests("TLS");
---- /dev/null
-+++ b/test/ssl-tests/03-custom_verify.conf
-@@ -0,0 +1,220 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 9
-+
-+test-0 = 0-verify-success
-+test-1 = 1-verify-custom-reject
-+test-2 = 2-verify-custom-allow
-+test-3 = 3-noverify-success
-+test-4 = 4-noverify-ignore-custom-reject
-+test-5 = 5-noverify-accept-custom-allow
-+test-6 = 6-verify-fail-no-root
-+test-7 = 7-verify-custom-success-no-root
-+test-8 = 8-verify-custom-fail-no-root
-+# ===========================================================
-+
-+[0-verify-success]
-+ssl_conf = 0-verify-success-ssl
-+
-+[0-verify-success-ssl]
-+server = 0-verify-success-server
-+client = 0-verify-success-client
-+
-+[0-verify-success-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-verify-success-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[1-verify-custom-reject]
-+ssl_conf = 1-verify-custom-reject-ssl
-+
-+[1-verify-custom-reject-ssl]
-+server = 1-verify-custom-reject-server
-+client = 1-verify-custom-reject-client
-+
-+[1-verify-custom-reject-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-verify-custom-reject-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ClientAlert = HandshakeFailure
-+ClientVerifyCallback = RejectAll
-+ExpectedResult = ClientFail
-+
-+
-+# ===========================================================
-+
-+[2-verify-custom-allow]
-+ssl_conf = 2-verify-custom-allow-ssl
-+
-+[2-verify-custom-allow-ssl]
-+server = 2-verify-custom-allow-server
-+client = 2-verify-custom-allow-client
-+
-+[2-verify-custom-allow-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-verify-custom-allow-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ClientVerifyCallback = AcceptAll
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[3-noverify-success]
-+ssl_conf = 3-noverify-success-ssl
-+
-+[3-noverify-success-ssl]
-+server = 3-noverify-success-server
-+client = 3-noverify-success-client
-+
-+[3-noverify-success-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-noverify-success-client]
-+CipherString = DEFAULT
-+
-+[test-3]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[4-noverify-ignore-custom-reject]
-+ssl_conf = 4-noverify-ignore-custom-reject-ssl
-+
-+[4-noverify-ignore-custom-reject-ssl]
-+server = 4-noverify-ignore-custom-reject-server
-+client = 4-noverify-ignore-custom-reject-client
-+
-+[4-noverify-ignore-custom-reject-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-noverify-ignore-custom-reject-client]
-+CipherString = DEFAULT
-+
-+[test-4]
-+ClientVerifyCallback = RejectAll
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[5-noverify-accept-custom-allow]
-+ssl_conf = 5-noverify-accept-custom-allow-ssl
-+
-+[5-noverify-accept-custom-allow-ssl]
-+server = 5-noverify-accept-custom-allow-server
-+client = 5-noverify-accept-custom-allow-client
-+
-+[5-noverify-accept-custom-allow-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-noverify-accept-custom-allow-client]
-+CipherString = DEFAULT
-+
-+[test-5]
-+ClientVerifyCallback = AcceptAll
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[6-verify-fail-no-root]
-+ssl_conf = 6-verify-fail-no-root-ssl
-+
-+[6-verify-fail-no-root-ssl]
-+server = 6-verify-fail-no-root-server
-+client = 6-verify-fail-no-root-client
-+
-+[6-verify-fail-no-root-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-verify-fail-no-root-client]
-+CipherString = DEFAULT
-+VerifyMode = Peer
-+
-+[test-6]
-+ClientAlert = UnknownCA
-+ExpectedResult = ClientFail
-+
-+
-+# ===========================================================
-+
-+[7-verify-custom-success-no-root]
-+ssl_conf = 7-verify-custom-success-no-root-ssl
-+
-+[7-verify-custom-success-no-root-ssl]
-+server = 7-verify-custom-success-no-root-server
-+client = 7-verify-custom-success-no-root-client
-+
-+[7-verify-custom-success-no-root-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-verify-custom-success-no-root-client]
-+CipherString = DEFAULT
-+VerifyMode = Peer
-+
-+[test-7]
-+ClientVerifyCallback = AcceptAll
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[8-verify-custom-fail-no-root]
-+ssl_conf = 8-verify-custom-fail-no-root-ssl
-+
-+[8-verify-custom-fail-no-root-ssl]
-+server = 8-verify-custom-fail-no-root-server
-+client = 8-verify-custom-fail-no-root-client
-+
-+[8-verify-custom-fail-no-root-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-verify-custom-fail-no-root-client]
-+CipherString = DEFAULT
-+VerifyMode = Peer
-+
-+[test-8]
-+ClientAlert = HandshakeFailure
-+ClientVerifyCallback = RejectAll
-+ExpectedResult = ClientFail
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/03-custom_verify.conf.in
-@@ -0,0 +1,134 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## SSL test configurations
-+
-+package ssltests;
-+
-+our @tests = (
-+
-+ # Sanity-check that verification indeed succeeds without the
-+ # restrictive callback.
-+ {
-+ name => "verify-success",
-+ server => { },
-+ client => { },
-+ test => { "ExpectedResult" => "Success" },
-+ },
-+
-+ # Same test as above but with a custom callback that always fails.
-+ {
-+ name => "verify-custom-reject",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientVerifyCallback" => "RejectAll",
-+ "ExpectedResult" => "ClientFail",
-+ "ClientAlert" => "HandshakeFailure",
-+ },
-+ },
-+
-+ # Same test as above but with a custom callback that always succeeds.
-+ {
-+ name => "verify-custom-allow",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientVerifyCallback" => "AcceptAll",
-+ "ExpectedResult" => "Success",
-+ },
-+ },
-+
-+ # Sanity-check that verification indeed succeeds if peer verification
-+ # is not requested.
-+ {
-+ name => "noverify-success",
-+ server => { },
-+ client => {
-+ "VerifyMode" => undef,
-+ "VerifyCAFile" => undef,
-+ },
-+ test => { "ExpectedResult" => "Success" },
-+ },
-+
-+ # Same test as above but with a custom callback that always fails.
-+ # The callback return has no impact on handshake success in this mode.
-+ {
-+ name => "noverify-ignore-custom-reject",
-+ server => { },
-+ client => {
-+ "VerifyMode" => undef,
-+ "VerifyCAFile" => undef,
-+ },
-+ test => {
-+ "ClientVerifyCallback" => "RejectAll",
-+ "ExpectedResult" => "Success",
-+ },
-+ },
-+
-+ # Same test as above but with a custom callback that always succeeds.
-+ # The callback return has no impact on handshake success in this mode.
-+ {
-+ name => "noverify-accept-custom-allow",
-+ server => { },
-+ client => {
-+ "VerifyMode" => undef,
-+ "VerifyCAFile" => undef,
-+ },
-+ test => {
-+ "ClientVerifyCallback" => "AcceptAll",
-+ "ExpectedResult" => "Success",
-+ },
-+ },
-+
-+ # Sanity-check that verification indeed fails without the
-+ # permissive callback.
-+ {
-+ name => "verify-fail-no-root",
-+ server => { },
-+ client => {
-+ # Don't set up the client root file.
-+ "VerifyCAFile" => undef,
-+ },
-+ test => {
-+ "ExpectedResult" => "ClientFail",
-+ "ClientAlert" => "UnknownCA",
-+ },
-+ },
-+
-+ # Same test as above but with a custom callback that always succeeds.
-+ {
-+ name => "verify-custom-success-no-root",
-+ server => { },
-+ client => {
-+ "VerifyCAFile" => undef,
-+ },
-+ test => {
-+ "ClientVerifyCallback" => "AcceptAll",
-+ "ExpectedResult" => "Success"
-+ },
-+ },
-+
-+ # Same test as above but with a custom callback that always fails.
-+ {
-+ name => "verify-custom-fail-no-root",
-+ server => { },
-+ client => {
-+ "VerifyCAFile" => undef,
-+ },
-+ test => {
-+ "ClientVerifyCallback" => "RejectAll",
-+ "ExpectedResult" => "ClientFail",
-+ "ClientAlert" => "HandshakeFailure",
-+ },
-+ },
-+
-+
-+
-+);
---- /dev/null
-+++ b/test/ssl-tests/04-client_auth.conf
-@@ -0,0 +1,592 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 20
-+
-+test-0 = 0-server-auth-flex
-+test-1 = 1-client-auth-flex-request
-+test-2 = 2-client-auth-flex-require-fail
-+test-3 = 3-client-auth-flex-require
-+test-4 = 4-client-auth-flex-noroot
-+test-5 = 5-server-auth-TLSv1
-+test-6 = 6-client-auth-TLSv1-request
-+test-7 = 7-client-auth-TLSv1-require-fail
-+test-8 = 8-client-auth-TLSv1-require
-+test-9 = 9-client-auth-TLSv1-noroot
-+test-10 = 10-server-auth-TLSv1.1
-+test-11 = 11-client-auth-TLSv1.1-request
-+test-12 = 12-client-auth-TLSv1.1-require-fail
-+test-13 = 13-client-auth-TLSv1.1-require
-+test-14 = 14-client-auth-TLSv1.1-noroot
-+test-15 = 15-server-auth-TLSv1.2
-+test-16 = 16-client-auth-TLSv1.2-request
-+test-17 = 17-client-auth-TLSv1.2-require-fail
-+test-18 = 18-client-auth-TLSv1.2-require
-+test-19 = 19-client-auth-TLSv1.2-noroot
-+# ===========================================================
-+
-+[0-server-auth-flex]
-+ssl_conf = 0-server-auth-flex-ssl
-+
-+[0-server-auth-flex-ssl]
-+server = 0-server-auth-flex-server
-+client = 0-server-auth-flex-client
-+
-+[0-server-auth-flex-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-server-auth-flex-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[1-client-auth-flex-request]
-+ssl_conf = 1-client-auth-flex-request-ssl
-+
-+[1-client-auth-flex-request-ssl]
-+server = 1-client-auth-flex-request-server
-+client = 1-client-auth-flex-request-client
-+
-+[1-client-auth-flex-request-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Request
-+
-+[1-client-auth-flex-request-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[2-client-auth-flex-require-fail]
-+ssl_conf = 2-client-auth-flex-require-fail-ssl
-+
-+[2-client-auth-flex-require-fail-ssl]
-+server = 2-client-auth-flex-require-fail-server
-+client = 2-client-auth-flex-require-fail-client
-+
-+[2-client-auth-flex-require-fail-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Require
-+
-+[2-client-auth-flex-require-fail-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ExpectedResult = ServerFail
-+ServerAlert = HandshakeFailure
-+
-+
-+# ===========================================================
-+
-+[3-client-auth-flex-require]
-+ssl_conf = 3-client-auth-flex-require-ssl
-+
-+[3-client-auth-flex-require-ssl]
-+server = 3-client-auth-flex-require-server
-+client = 3-client-auth-flex-require-client
-+
-+[3-client-auth-flex-require-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Request
-+
-+[3-client-auth-flex-require-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[4-client-auth-flex-noroot]
-+ssl_conf = 4-client-auth-flex-noroot-ssl
-+
-+[4-client-auth-flex-noroot-ssl]
-+server = 4-client-auth-flex-noroot-server
-+client = 4-client-auth-flex-noroot-client
-+
-+[4-client-auth-flex-noroot-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Require
-+
-+[4-client-auth-flex-noroot-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+ExpectedResult = ServerFail
-+ServerAlert = UnknownCA
-+
-+
-+# ===========================================================
-+
-+[5-server-auth-TLSv1]
-+ssl_conf = 5-server-auth-TLSv1-ssl
-+
-+[5-server-auth-TLSv1-ssl]
-+server = 5-server-auth-TLSv1-server
-+client = 5-server-auth-TLSv1-client
-+
-+[5-server-auth-TLSv1-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-server-auth-TLSv1-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[6-client-auth-TLSv1-request]
-+ssl_conf = 6-client-auth-TLSv1-request-ssl
-+
-+[6-client-auth-TLSv1-request-ssl]
-+server = 6-client-auth-TLSv1-request-server
-+client = 6-client-auth-TLSv1-request-client
-+
-+[6-client-auth-TLSv1-request-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Request
-+
-+[6-client-auth-TLSv1-request-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[7-client-auth-TLSv1-require-fail]
-+ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
-+
-+[7-client-auth-TLSv1-require-fail-ssl]
-+server = 7-client-auth-TLSv1-require-fail-server
-+client = 7-client-auth-TLSv1-require-fail-client
-+
-+[7-client-auth-TLSv1-require-fail-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Require
-+
-+[7-client-auth-TLSv1-require-fail-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+ExpectedResult = ServerFail
-+ServerAlert = HandshakeFailure
-+
-+
-+# ===========================================================
-+
-+[8-client-auth-TLSv1-require]
-+ssl_conf = 8-client-auth-TLSv1-require-ssl
-+
-+[8-client-auth-TLSv1-require-ssl]
-+server = 8-client-auth-TLSv1-require-server
-+client = 8-client-auth-TLSv1-require-client
-+
-+[8-client-auth-TLSv1-require-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Request
-+
-+[8-client-auth-TLSv1-require-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[9-client-auth-TLSv1-noroot]
-+ssl_conf = 9-client-auth-TLSv1-noroot-ssl
-+
-+[9-client-auth-TLSv1-noroot-ssl]
-+server = 9-client-auth-TLSv1-noroot-server
-+client = 9-client-auth-TLSv1-noroot-client
-+
-+[9-client-auth-TLSv1-noroot-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Require
-+
-+[9-client-auth-TLSv1-noroot-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+ExpectedResult = ServerFail
-+ServerAlert = UnknownCA
-+
-+
-+# ===========================================================
-+
-+[10-server-auth-TLSv1.1]
-+ssl_conf = 10-server-auth-TLSv1.1-ssl
-+
-+[10-server-auth-TLSv1.1-ssl]
-+server = 10-server-auth-TLSv1.1-server
-+client = 10-server-auth-TLSv1.1-client
-+
-+[10-server-auth-TLSv1.1-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-server-auth-TLSv1.1-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-10]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[11-client-auth-TLSv1.1-request]
-+ssl_conf = 11-client-auth-TLSv1.1-request-ssl
-+
-+[11-client-auth-TLSv1.1-request-ssl]
-+server = 11-client-auth-TLSv1.1-request-server
-+client = 11-client-auth-TLSv1.1-request-client
-+
-+[11-client-auth-TLSv1.1-request-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Request
-+
-+[11-client-auth-TLSv1.1-request-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-11]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[12-client-auth-TLSv1.1-require-fail]
-+ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
-+
-+[12-client-auth-TLSv1.1-require-fail-ssl]
-+server = 12-client-auth-TLSv1.1-require-fail-server
-+client = 12-client-auth-TLSv1.1-require-fail-client
-+
-+[12-client-auth-TLSv1.1-require-fail-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Require
-+
-+[12-client-auth-TLSv1.1-require-fail-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-12]
-+ExpectedResult = ServerFail
-+ServerAlert = HandshakeFailure
-+
-+
-+# ===========================================================
-+
-+[13-client-auth-TLSv1.1-require]
-+ssl_conf = 13-client-auth-TLSv1.1-require-ssl
-+
-+[13-client-auth-TLSv1.1-require-ssl]
-+server = 13-client-auth-TLSv1.1-require-server
-+client = 13-client-auth-TLSv1.1-require-client
-+
-+[13-client-auth-TLSv1.1-require-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Request
-+
-+[13-client-auth-TLSv1.1-require-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-13]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[14-client-auth-TLSv1.1-noroot]
-+ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
-+
-+[14-client-auth-TLSv1.1-noroot-ssl]
-+server = 14-client-auth-TLSv1.1-noroot-server
-+client = 14-client-auth-TLSv1.1-noroot-client
-+
-+[14-client-auth-TLSv1.1-noroot-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Require
-+
-+[14-client-auth-TLSv1.1-noroot-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-14]
-+ExpectedResult = ServerFail
-+ServerAlert = UnknownCA
-+
-+
-+# ===========================================================
-+
-+[15-server-auth-TLSv1.2]
-+ssl_conf = 15-server-auth-TLSv1.2-ssl
-+
-+[15-server-auth-TLSv1.2-ssl]
-+server = 15-server-auth-TLSv1.2-server
-+client = 15-server-auth-TLSv1.2-client
-+
-+[15-server-auth-TLSv1.2-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-server-auth-TLSv1.2-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-15]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[16-client-auth-TLSv1.2-request]
-+ssl_conf = 16-client-auth-TLSv1.2-request-ssl
-+
-+[16-client-auth-TLSv1.2-request-ssl]
-+server = 16-client-auth-TLSv1.2-request-server
-+client = 16-client-auth-TLSv1.2-request-client
-+
-+[16-client-auth-TLSv1.2-request-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Request
-+
-+[16-client-auth-TLSv1.2-request-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-16]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[17-client-auth-TLSv1.2-require-fail]
-+ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
-+
-+[17-client-auth-TLSv1.2-require-fail-ssl]
-+server = 17-client-auth-TLSv1.2-require-fail-server
-+client = 17-client-auth-TLSv1.2-require-fail-client
-+
-+[17-client-auth-TLSv1.2-require-fail-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Require
-+
-+[17-client-auth-TLSv1.2-require-fail-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-17]
-+ExpectedResult = ServerFail
-+ServerAlert = HandshakeFailure
-+
-+
-+# ===========================================================
-+
-+[18-client-auth-TLSv1.2-require]
-+ssl_conf = 18-client-auth-TLSv1.2-require-ssl
-+
-+[18-client-auth-TLSv1.2-require-ssl]
-+server = 18-client-auth-TLSv1.2-require-server
-+client = 18-client-auth-TLSv1.2-require-client
-+
-+[18-client-auth-TLSv1.2-require-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-+VerifyMode = Request
-+
-+[18-client-auth-TLSv1.2-require-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-18]
-+ExpectedResult = Success
-+
-+
-+# ===========================================================
-+
-+[19-client-auth-TLSv1.2-noroot]
-+ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
-+
-+[19-client-auth-TLSv1.2-noroot-ssl]
-+server = 19-client-auth-TLSv1.2-noroot-server
-+client = 19-client-auth-TLSv1.2-noroot-client
-+
-+[19-client-auth-TLSv1.2-noroot-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+VerifyMode = Require
-+
-+[19-client-auth-TLSv1.2-noroot-client]
-+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-19]
-+ExpectedResult = ServerFail
-+ServerAlert = UnknownCA
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/04-client_auth.conf.in
-@@ -0,0 +1,125 @@
-+# -*- mode: perl; -*-
-+
-+## SSL test configurations
-+
-+package ssltests;
-+
-+use strict;
-+use warnings;
-+
-+use OpenSSL::Test;
-+use OpenSSL::Test::Utils qw(anydisabled);
-+setup("no_test_here");
-+
-+# We test version-flexible negotiation (undef) and each protocol version.
-+my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-+
-+my @is_disabled = (0);
-+push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-+
-+our @tests = ();
-+
-+my $dir_sep = $^O ne "VMS" ? "/" : "";
-+
-+sub generate_tests() {
-+
-+ foreach (0..$#protocols) {
-+ my $protocol = $protocols[$_];
-+ my $protocol_name = $protocol || "flex";
-+ my $caalert;
-+ if (!$is_disabled[$_]) {
-+ if ($protocol_name eq "SSLv3") {
-+ $caalert = "BadCertificate";
-+ } else {
-+ $caalert = "UnknownCA";
-+ }
-+ # Sanity-check simple handshake.
-+ push @tests, {
-+ name => "server-auth-${protocol_name}",
-+ server => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol
-+ },
-+ client => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol
-+ },
-+ test => { "ExpectedResult" => "Success" },
-+ };
-+
-+ # Handshake with client cert requested but not required or received.
-+ push @tests, {
-+ name => "client-auth-${protocol_name}-request",
-+ server => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol,
-+ "VerifyMode" => "Request"
-+ },
-+ client => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol
-+ },
-+ test => { "ExpectedResult" => "Success" },
-+ };
-+
-+ # Handshake with client cert required but not present.
-+ push @tests, {
-+ name => "client-auth-${protocol_name}-require-fail",
-+ server => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol,
-+ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
-+ "VerifyMode" => "Require",
-+ },
-+ client => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol
-+ },
-+ test => {
-+ "ExpectedResult" => "ServerFail",
-+ "ServerAlert" => "HandshakeFailure",
-+ },
-+ };
-+
-+ # Successful handshake with client authentication.
-+ push @tests, {
-+ name => "client-auth-${protocol_name}-require",
-+ server => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol,
-+ "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
-+ "VerifyMode" => "Request",
-+ },
-+ client => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol,
-+ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
-+ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
-+ },
-+ test => { "ExpectedResult" => "Success" },
-+ };
-+
-+ # Handshake with client authentication but without the root certificate.
-+ push @tests, {
-+ name => "client-auth-${protocol_name}-noroot",
-+ server => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol,
-+ "VerifyMode" => "Require",
-+ },
-+ client => {
-+ "MinProtocol" => $protocol,
-+ "MaxProtocol" => $protocol,
-+ "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
-+ "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
-+ },
-+ test => {
-+ "ExpectedResult" => "ServerFail",
-+ "ServerAlert" => $caalert,
-+ },
-+ };
-+ }
-+ }
-+}
-+
-+generate_tests();
---- /dev/null
-+++ b/test/ssl-tests/05-sni.conf
-@@ -0,0 +1,168 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 6
-+
-+test-0 = 0-SNI-switch-context
-+test-1 = 1-SNI-keep-context
-+test-2 = 2-SNI-no-server-support
-+test-3 = 3-SNI-no-client-support
-+test-4 = 4-SNI-bad-sni-ignore-mismatch
-+test-5 = 5-SNI-bad-sni-reject-mismatch
-+# ===========================================================
-+
-+[0-SNI-switch-context]
-+ssl_conf = 0-SNI-switch-context-ssl
-+
-+[0-SNI-switch-context-ssl]
-+server = 0-SNI-switch-context-server
-+client = 0-SNI-switch-context-client
-+server2 = 0-SNI-switch-context-server
-+
-+[0-SNI-switch-context-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-SNI-switch-context-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[1-SNI-keep-context]
-+ssl_conf = 1-SNI-keep-context-ssl
-+
-+[1-SNI-keep-context-ssl]
-+server = 1-SNI-keep-context-server
-+client = 1-SNI-keep-context-client
-+server2 = 1-SNI-keep-context-server
-+
-+[1-SNI-keep-context-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-SNI-keep-context-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[2-SNI-no-server-support]
-+ssl_conf = 2-SNI-no-server-support-ssl
-+
-+[2-SNI-no-server-support-ssl]
-+server = 2-SNI-no-server-support-server
-+client = 2-SNI-no-server-support-client
-+
-+[2-SNI-no-server-support-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-SNI-no-server-support-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ExpectedResult = Success
-+ServerName = server1
-+
-+
-+# ===========================================================
-+
-+[3-SNI-no-client-support]
-+ssl_conf = 3-SNI-no-client-support-ssl
-+
-+[3-SNI-no-client-support-ssl]
-+server = 3-SNI-no-client-support-server
-+client = 3-SNI-no-client-support-client
-+server2 = 3-SNI-no-client-support-server
-+
-+[3-SNI-no-client-support-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-SNI-no-client-support-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[4-SNI-bad-sni-ignore-mismatch]
-+ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
-+
-+[4-SNI-bad-sni-ignore-mismatch-ssl]
-+server = 4-SNI-bad-sni-ignore-mismatch-server
-+client = 4-SNI-bad-sni-ignore-mismatch-client
-+server2 = 4-SNI-bad-sni-ignore-mismatch-server
-+
-+[4-SNI-bad-sni-ignore-mismatch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-SNI-bad-sni-ignore-mismatch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = invalid
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[5-SNI-bad-sni-reject-mismatch]
-+ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
-+
-+[5-SNI-bad-sni-reject-mismatch-ssl]
-+server = 5-SNI-bad-sni-reject-mismatch-server
-+client = 5-SNI-bad-sni-reject-mismatch-client
-+server2 = 5-SNI-bad-sni-reject-mismatch-server
-+
-+[5-SNI-bad-sni-reject-mismatch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-SNI-bad-sni-reject-mismatch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+ExpectedResult = ServerFail
-+ServerAlert = UnrecognizedName
-+ServerName = invalid
-+ServerNameCallback = RejectMismatch
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/05-sni.conf.in
-@@ -0,0 +1,74 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## SSL test configurations
-+
-+use strict;
-+use warnings;
-+
-+package ssltests;
-+
-+our @tests = (
-+ {
-+ name => "SNI-switch-context",
-+ server => { },
-+ client => { },
-+ test => { "ServerName" => "server2",
-+ "ExpectedServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedResult" => "Success" },
-+ },
-+ {
-+ name => "SNI-keep-context",
-+ server => { },
-+ client => { },
-+ test => { "ServerName" => "server1",
-+ "ExpectedServerName" => "server1",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedResult" => "Success" },
-+ },
-+ {
-+ name => "SNI-no-server-support",
-+ server => { },
-+ client => { },
-+ test => { "ServerName" => "server1",
-+ "ExpectedResult" => "Success" },
-+ },
-+ {
-+ name => "SNI-no-client-support",
-+ server => { },
-+ client => { },
-+ test => {
-+ # We expect that the callback is still called
-+ # to let the application decide whether they tolerate
-+ # missing SNI (as our test callback does).
-+ "ExpectedServerName" => "server1",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedResult" => "Success"
-+ },
-+ },
-+ {
-+ name => "SNI-bad-sni-ignore-mismatch",
-+ server => { },
-+ client => { },
-+ test => { "ServerName" => "invalid",
-+ "ExpectedServerName" => "server1",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedResult" => "Success" },
-+ },
-+ {
-+ name => "SNI-bad-sni-reject-mismatch",
-+ server => { },
-+ client => { },
-+ test => { "ServerName" => "invalid",
-+ "ServerNameCallback" => "RejectMismatch",
-+ "ExpectedResult" => "ServerFail",
-+ "ServerAlert" => "UnrecognizedName"},
-+ },
-+);
---- /dev/null
-+++ b/test/ssl-tests/06-sni-ticket.conf
-@@ -0,0 +1,631 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 17
-+
-+test-0 = 0-sni-session-ticket
-+test-1 = 1-sni-session-ticket
-+test-2 = 2-sni-session-ticket
-+test-3 = 3-sni-session-ticket
-+test-4 = 4-sni-session-ticket
-+test-5 = 5-sni-session-ticket
-+test-6 = 6-sni-session-ticket
-+test-7 = 7-sni-session-ticket
-+test-8 = 8-sni-session-ticket
-+test-9 = 9-sni-session-ticket
-+test-10 = 10-sni-session-ticket
-+test-11 = 11-sni-session-ticket
-+test-12 = 12-sni-session-ticket
-+test-13 = 13-sni-session-ticket
-+test-14 = 14-sni-session-ticket
-+test-15 = 15-sni-session-ticket
-+test-16 = 16-sni-session-ticket
-+# ===========================================================
-+
-+[0-sni-session-ticket]
-+ssl_conf = 0-sni-session-ticket-ssl
-+
-+[0-sni-session-ticket-ssl]
-+server = 0-sni-session-ticket-server
-+client = 0-sni-session-ticket-client
-+server2 = 0-sni-session-ticket-server2
-+
-+[0-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ExpectedResult = Success
-+ServerName = server1
-+SessionTicketExpected = Broken
-+
-+
-+# ===========================================================
-+
-+[1-sni-session-ticket]
-+ssl_conf = 1-sni-session-ticket-ssl
-+
-+[1-sni-session-ticket-ssl]
-+server = 1-sni-session-ticket-server
-+client = 1-sni-session-ticket-client
-+server2 = 1-sni-session-ticket-server2
-+
-+[1-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[2-sni-session-ticket]
-+ssl_conf = 2-sni-session-ticket-ssl
-+
-+[2-sni-session-ticket-ssl]
-+server = 2-sni-session-ticket-server
-+client = 2-sni-session-ticket-client
-+server2 = 2-sni-session-ticket-server2
-+
-+[2-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[3-sni-session-ticket]
-+ssl_conf = 3-sni-session-ticket-ssl
-+
-+[3-sni-session-ticket-ssl]
-+server = 3-sni-session-ticket-server
-+client = 3-sni-session-ticket-client
-+server2 = 3-sni-session-ticket-server2
-+
-+[3-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[4-sni-session-ticket]
-+ssl_conf = 4-sni-session-ticket-ssl
-+
-+[4-sni-session-ticket-ssl]
-+server = 4-sni-session-ticket-server
-+client = 4-sni-session-ticket-client
-+server2 = 4-sni-session-ticket-server2
-+
-+[4-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[5-sni-session-ticket]
-+ssl_conf = 5-sni-session-ticket-ssl
-+
-+[5-sni-session-ticket-ssl]
-+server = 5-sni-session-ticket-server
-+client = 5-sni-session-ticket-client
-+server2 = 5-sni-session-ticket-server2
-+
-+[5-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[6-sni-session-ticket]
-+ssl_conf = 6-sni-session-ticket-ssl
-+
-+[6-sni-session-ticket-ssl]
-+server = 6-sni-session-ticket-server
-+client = 6-sni-session-ticket-client
-+server2 = 6-sni-session-ticket-server2
-+
-+[6-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[7-sni-session-ticket]
-+ssl_conf = 7-sni-session-ticket-ssl
-+
-+[7-sni-session-ticket-ssl]
-+server = 7-sni-session-ticket-server
-+client = 7-sni-session-ticket-client
-+server2 = 7-sni-session-ticket-server2
-+
-+[7-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[8-sni-session-ticket]
-+ssl_conf = 8-sni-session-ticket-ssl
-+
-+[8-sni-session-ticket-ssl]
-+server = 8-sni-session-ticket-server
-+client = 8-sni-session-ticket-client
-+server2 = 8-sni-session-ticket-server2
-+
-+[8-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[9-sni-session-ticket]
-+ssl_conf = 9-sni-session-ticket-ssl
-+
-+[9-sni-session-ticket-ssl]
-+server = 9-sni-session-ticket-server
-+client = 9-sni-session-ticket-client
-+server2 = 9-sni-session-ticket-server2
-+
-+[9-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[10-sni-session-ticket]
-+ssl_conf = 10-sni-session-ticket-ssl
-+
-+[10-sni-session-ticket-ssl]
-+server = 10-sni-session-ticket-server
-+client = 10-sni-session-ticket-client
-+server2 = 10-sni-session-ticket-server2
-+
-+[10-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-10]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[11-sni-session-ticket]
-+ssl_conf = 11-sni-session-ticket-ssl
-+
-+[11-sni-session-ticket-ssl]
-+server = 11-sni-session-ticket-server
-+client = 11-sni-session-ticket-client
-+server2 = 11-sni-session-ticket-server2
-+
-+[11-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-11]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[12-sni-session-ticket]
-+ssl_conf = 12-sni-session-ticket-ssl
-+
-+[12-sni-session-ticket-ssl]
-+server = 12-sni-session-ticket-server
-+client = 12-sni-session-ticket-client
-+server2 = 12-sni-session-ticket-server2
-+
-+[12-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[12-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[12-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-12]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[13-sni-session-ticket]
-+ssl_conf = 13-sni-session-ticket-ssl
-+
-+[13-sni-session-ticket-ssl]
-+server = 13-sni-session-ticket-server
-+client = 13-sni-session-ticket-client
-+server2 = 13-sni-session-ticket-server2
-+
-+[13-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[13-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[13-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-13]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[14-sni-session-ticket]
-+ssl_conf = 14-sni-session-ticket-ssl
-+
-+[14-sni-session-ticket-ssl]
-+server = 14-sni-session-ticket-server
-+client = 14-sni-session-ticket-client
-+server2 = 14-sni-session-ticket-server2
-+
-+[14-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[14-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[14-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-14]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[15-sni-session-ticket]
-+ssl_conf = 15-sni-session-ticket-ssl
-+
-+[15-sni-session-ticket-ssl]
-+server = 15-sni-session-ticket-server
-+client = 15-sni-session-ticket-client
-+server2 = 15-sni-session-ticket-server2
-+
-+[15-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-15]
-+ExpectedResult = Success
-+ExpectedServerName = server1
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
-+# ===========================================================
-+
-+[16-sni-session-ticket]
-+ssl_conf = 16-sni-session-ticket-ssl
-+
-+[16-sni-session-ticket-ssl]
-+server = 16-sni-session-ticket-server
-+client = 16-sni-session-ticket-client
-+server2 = 16-sni-session-ticket-server2
-+
-+[16-sni-session-ticket-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[16-sni-session-ticket-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[16-sni-session-ticket-client]
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-16]
-+ExpectedResult = Success
-+ExpectedServerName = server2
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = No
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/06-sni-ticket.conf.in
-@@ -0,0 +1,86 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test version negotiation
-+
-+use strict;
-+use warnings;
-+
-+package ssltests;
-+
-+
-+our @tests = ();
-+
-+sub generate_tests() {
-+ foreach my $c ("SessionTicket", "-SessionTicket") {
-+ foreach my $s1 ("SessionTicket", "-SessionTicket") {
-+ foreach my $s2 ("SessionTicket", "-SessionTicket") {
-+ foreach my $n ("server1", "server2") {
-+ my $result = expected_result($c, $s1, $s2, $n);
-+ push @tests, {
-+ "name" => "sni-session-ticket",
-+ "client" => {
-+ "Options" => $c,
-+ },
-+ "server" => {
-+ "Options" => $s1,
-+ },
-+ "server2" => {
-+ "Options" => $s2,
-+ },
-+ "test" => {
-+ "ServerName" => $n,
-+ "ExpectedServerName" => $n,
-+ # We don't test mismatch here.
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedResult" => "Success",
-+ "SessionTicketExpected" => $result,
-+ }
-+ };
-+ }
-+ }
-+ }
-+ }
-+}
-+
-+# If the client has session tickets disabled, then No support
-+# If the server initial_ctx has session tickets disabled, then No support
-+# If SNI is in use, then if the "switched-to" context has session tickets disabled,
-+# then No support
-+sub expected_result {
-+ my ($c, $s1, $s2, $n) = @_;
-+
-+ return "No" if $c eq "-SessionTicket";
-+ return "No" if $s1 eq "-SessionTicket";
-+ return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
-+
-+ return "Yes";
-+
-+}
-+
-+# Add a "Broken" case.
-+push @tests, {
-+ "name" => "sni-session-ticket",
-+ "client" => {
-+ "Options" => "SessionTicket",
-+ },
-+ "server" => {
-+ "Options" => "SessionTicket",
-+ },
-+ "server2" => {
-+ "Options" => "SessionTicket",
-+ },
-+ "test" => {
-+ "ServerName" => "server1",
-+ "ExpectedResult" => "Success",
-+ "SessionTicketExpected" => "Broken",
-+ }
-+};
-+
-+generate_tests();
---- /dev/null
-+++ b/test/ssl-tests/07-dtls-protocol-version.conf
-@@ -0,0 +1,1820 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 64
-+
-+test-0 = 0-version-negotiation
-+test-1 = 1-version-negotiation
-+test-2 = 2-version-negotiation
-+test-3 = 3-version-negotiation
-+test-4 = 4-version-negotiation
-+test-5 = 5-version-negotiation
-+test-6 = 6-version-negotiation
-+test-7 = 7-version-negotiation
-+test-8 = 8-version-negotiation
-+test-9 = 9-version-negotiation
-+test-10 = 10-version-negotiation
-+test-11 = 11-version-negotiation
-+test-12 = 12-version-negotiation
-+test-13 = 13-version-negotiation
-+test-14 = 14-version-negotiation
-+test-15 = 15-version-negotiation
-+test-16 = 16-version-negotiation
-+test-17 = 17-version-negotiation
-+test-18 = 18-version-negotiation
-+test-19 = 19-version-negotiation
-+test-20 = 20-version-negotiation
-+test-21 = 21-version-negotiation
-+test-22 = 22-version-negotiation
-+test-23 = 23-version-negotiation
-+test-24 = 24-version-negotiation
-+test-25 = 25-version-negotiation
-+test-26 = 26-version-negotiation
-+test-27 = 27-version-negotiation
-+test-28 = 28-version-negotiation
-+test-29 = 29-version-negotiation
-+test-30 = 30-version-negotiation
-+test-31 = 31-version-negotiation
-+test-32 = 32-version-negotiation
-+test-33 = 33-version-negotiation
-+test-34 = 34-version-negotiation
-+test-35 = 35-version-negotiation
-+test-36 = 36-version-negotiation
-+test-37 = 37-version-negotiation
-+test-38 = 38-version-negotiation
-+test-39 = 39-version-negotiation
-+test-40 = 40-version-negotiation
-+test-41 = 41-version-negotiation
-+test-42 = 42-version-negotiation
-+test-43 = 43-version-negotiation
-+test-44 = 44-version-negotiation
-+test-45 = 45-version-negotiation
-+test-46 = 46-version-negotiation
-+test-47 = 47-version-negotiation
-+test-48 = 48-version-negotiation
-+test-49 = 49-version-negotiation
-+test-50 = 50-version-negotiation
-+test-51 = 51-version-negotiation
-+test-52 = 52-version-negotiation
-+test-53 = 53-version-negotiation
-+test-54 = 54-version-negotiation
-+test-55 = 55-version-negotiation
-+test-56 = 56-version-negotiation
-+test-57 = 57-version-negotiation
-+test-58 = 58-version-negotiation
-+test-59 = 59-version-negotiation
-+test-60 = 60-version-negotiation
-+test-61 = 61-version-negotiation
-+test-62 = 62-version-negotiation
-+test-63 = 63-version-negotiation
-+# ===========================================================
-+
-+[0-version-negotiation]
-+ssl_conf = 0-version-negotiation-ssl
-+
-+[0-version-negotiation-ssl]
-+server = 0-version-negotiation-server
-+client = 0-version-negotiation-client
-+
-+[0-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[1-version-negotiation]
-+ssl_conf = 1-version-negotiation-ssl
-+
-+[1-version-negotiation-ssl]
-+server = 1-version-negotiation-server
-+client = 1-version-negotiation-client
-+
-+[1-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[2-version-negotiation]
-+ssl_conf = 2-version-negotiation-ssl
-+
-+[2-version-negotiation-ssl]
-+server = 2-version-negotiation-server
-+client = 2-version-negotiation-client
-+
-+[2-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[3-version-negotiation]
-+ssl_conf = 3-version-negotiation-ssl
-+
-+[3-version-negotiation-ssl]
-+server = 3-version-negotiation-server
-+client = 3-version-negotiation-client
-+
-+[3-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[4-version-negotiation]
-+ssl_conf = 4-version-negotiation-ssl
-+
-+[4-version-negotiation-ssl]
-+server = 4-version-negotiation-server
-+client = 4-version-negotiation-client
-+
-+[4-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[5-version-negotiation]
-+ssl_conf = 5-version-negotiation-ssl
-+
-+[5-version-negotiation-ssl]
-+server = 5-version-negotiation-server
-+client = 5-version-negotiation-client
-+
-+[5-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[6-version-negotiation]
-+ssl_conf = 6-version-negotiation-ssl
-+
-+[6-version-negotiation-ssl]
-+server = 6-version-negotiation-server
-+client = 6-version-negotiation-client
-+
-+[6-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+ExpectedResult = ServerFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[7-version-negotiation]
-+ssl_conf = 7-version-negotiation-ssl
-+
-+[7-version-negotiation-ssl]
-+server = 7-version-negotiation-server
-+client = 7-version-negotiation-client
-+
-+[7-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+ExpectedResult = ServerFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[8-version-negotiation]
-+ssl_conf = 8-version-negotiation-ssl
-+
-+[8-version-negotiation-ssl]
-+server = 8-version-negotiation-server
-+client = 8-version-negotiation-client
-+
-+[8-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[9-version-negotiation]
-+ssl_conf = 9-version-negotiation-ssl
-+
-+[9-version-negotiation-ssl]
-+server = 9-version-negotiation-server
-+client = 9-version-negotiation-client
-+
-+[9-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[10-version-negotiation]
-+ssl_conf = 10-version-negotiation-ssl
-+
-+[10-version-negotiation-ssl]
-+server = 10-version-negotiation-server
-+client = 10-version-negotiation-client
-+
-+[10-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-10]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[11-version-negotiation]
-+ssl_conf = 11-version-negotiation-ssl
-+
-+[11-version-negotiation-ssl]
-+server = 11-version-negotiation-server
-+client = 11-version-negotiation-client
-+
-+[11-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-11]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[12-version-negotiation]
-+ssl_conf = 12-version-negotiation-ssl
-+
-+[12-version-negotiation-ssl]
-+server = 12-version-negotiation-server
-+client = 12-version-negotiation-client
-+
-+[12-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[12-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-12]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[13-version-negotiation]
-+ssl_conf = 13-version-negotiation-ssl
-+
-+[13-version-negotiation-ssl]
-+server = 13-version-negotiation-server
-+client = 13-version-negotiation-client
-+
-+[13-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[13-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-13]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[14-version-negotiation]
-+ssl_conf = 14-version-negotiation-ssl
-+
-+[14-version-negotiation-ssl]
-+server = 14-version-negotiation-server
-+client = 14-version-negotiation-client
-+
-+[14-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[14-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-14]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[15-version-negotiation]
-+ssl_conf = 15-version-negotiation-ssl
-+
-+[15-version-negotiation-ssl]
-+server = 15-version-negotiation-server
-+client = 15-version-negotiation-client
-+
-+[15-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-15]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[16-version-negotiation]
-+ssl_conf = 16-version-negotiation-ssl
-+
-+[16-version-negotiation-ssl]
-+server = 16-version-negotiation-server
-+client = 16-version-negotiation-client
-+
-+[16-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[16-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-16]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[17-version-negotiation]
-+ssl_conf = 17-version-negotiation-ssl
-+
-+[17-version-negotiation-ssl]
-+server = 17-version-negotiation-server
-+client = 17-version-negotiation-client
-+
-+[17-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[17-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-17]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[18-version-negotiation]
-+ssl_conf = 18-version-negotiation-ssl
-+
-+[18-version-negotiation-ssl]
-+server = 18-version-negotiation-server
-+client = 18-version-negotiation-client
-+
-+[18-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[18-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-18]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[19-version-negotiation]
-+ssl_conf = 19-version-negotiation-ssl
-+
-+[19-version-negotiation-ssl]
-+server = 19-version-negotiation-server
-+client = 19-version-negotiation-client
-+
-+[19-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[19-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-19]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[20-version-negotiation]
-+ssl_conf = 20-version-negotiation-ssl
-+
-+[20-version-negotiation-ssl]
-+server = 20-version-negotiation-server
-+client = 20-version-negotiation-client
-+
-+[20-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[20-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-20]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[21-version-negotiation]
-+ssl_conf = 21-version-negotiation-ssl
-+
-+[21-version-negotiation-ssl]
-+server = 21-version-negotiation-server
-+client = 21-version-negotiation-client
-+
-+[21-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[21-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-21]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[22-version-negotiation]
-+ssl_conf = 22-version-negotiation-ssl
-+
-+[22-version-negotiation-ssl]
-+server = 22-version-negotiation-server
-+client = 22-version-negotiation-client
-+
-+[22-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[22-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-22]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[23-version-negotiation]
-+ssl_conf = 23-version-negotiation-ssl
-+
-+[23-version-negotiation-ssl]
-+server = 23-version-negotiation-server
-+client = 23-version-negotiation-client
-+
-+[23-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[23-version-negotiation-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-23]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[24-version-negotiation]
-+ssl_conf = 24-version-negotiation-ssl
-+
-+[24-version-negotiation-ssl]
-+server = 24-version-negotiation-server
-+client = 24-version-negotiation-client
-+
-+[24-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[24-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-24]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[25-version-negotiation]
-+ssl_conf = 25-version-negotiation-ssl
-+
-+[25-version-negotiation-ssl]
-+server = 25-version-negotiation-server
-+client = 25-version-negotiation-client
-+
-+[25-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[25-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-25]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[26-version-negotiation]
-+ssl_conf = 26-version-negotiation-ssl
-+
-+[26-version-negotiation-ssl]
-+server = 26-version-negotiation-server
-+client = 26-version-negotiation-client
-+
-+[26-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[26-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-26]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[27-version-negotiation]
-+ssl_conf = 27-version-negotiation-ssl
-+
-+[27-version-negotiation-ssl]
-+server = 27-version-negotiation-server
-+client = 27-version-negotiation-client
-+
-+[27-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[27-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-27]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[28-version-negotiation]
-+ssl_conf = 28-version-negotiation-ssl
-+
-+[28-version-negotiation-ssl]
-+server = 28-version-negotiation-server
-+client = 28-version-negotiation-client
-+
-+[28-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[28-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-28]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[29-version-negotiation]
-+ssl_conf = 29-version-negotiation-ssl
-+
-+[29-version-negotiation-ssl]
-+server = 29-version-negotiation-server
-+client = 29-version-negotiation-client
-+
-+[29-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[29-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-29]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[30-version-negotiation]
-+ssl_conf = 30-version-negotiation-ssl
-+
-+[30-version-negotiation-ssl]
-+server = 30-version-negotiation-server
-+client = 30-version-negotiation-client
-+
-+[30-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[30-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-30]
-+ExpectedResult = ServerFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[31-version-negotiation]
-+ssl_conf = 31-version-negotiation-ssl
-+
-+[31-version-negotiation-ssl]
-+server = 31-version-negotiation-server
-+client = 31-version-negotiation-client
-+
-+[31-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[31-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-31]
-+ExpectedResult = ServerFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[32-version-negotiation]
-+ssl_conf = 32-version-negotiation-ssl
-+
-+[32-version-negotiation-ssl]
-+server = 32-version-negotiation-server
-+client = 32-version-negotiation-client
-+
-+[32-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[32-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-32]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[33-version-negotiation]
-+ssl_conf = 33-version-negotiation-ssl
-+
-+[33-version-negotiation-ssl]
-+server = 33-version-negotiation-server
-+client = 33-version-negotiation-client
-+
-+[33-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[33-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-33]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[34-version-negotiation]
-+ssl_conf = 34-version-negotiation-ssl
-+
-+[34-version-negotiation-ssl]
-+server = 34-version-negotiation-server
-+client = 34-version-negotiation-client
-+
-+[34-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[34-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-34]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[35-version-negotiation]
-+ssl_conf = 35-version-negotiation-ssl
-+
-+[35-version-negotiation-ssl]
-+server = 35-version-negotiation-server
-+client = 35-version-negotiation-client
-+
-+[35-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[35-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-35]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[36-version-negotiation]
-+ssl_conf = 36-version-negotiation-ssl
-+
-+[36-version-negotiation-ssl]
-+server = 36-version-negotiation-server
-+client = 36-version-negotiation-client
-+
-+[36-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[36-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-36]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[37-version-negotiation]
-+ssl_conf = 37-version-negotiation-ssl
-+
-+[37-version-negotiation-ssl]
-+server = 37-version-negotiation-server
-+client = 37-version-negotiation-client
-+
-+[37-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[37-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-37]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[38-version-negotiation]
-+ssl_conf = 38-version-negotiation-ssl
-+
-+[38-version-negotiation-ssl]
-+server = 38-version-negotiation-server
-+client = 38-version-negotiation-client
-+
-+[38-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[38-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-38]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[39-version-negotiation]
-+ssl_conf = 39-version-negotiation-ssl
-+
-+[39-version-negotiation-ssl]
-+server = 39-version-negotiation-server
-+client = 39-version-negotiation-client
-+
-+[39-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[39-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-39]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[40-version-negotiation]
-+ssl_conf = 40-version-negotiation-ssl
-+
-+[40-version-negotiation-ssl]
-+server = 40-version-negotiation-server
-+client = 40-version-negotiation-client
-+
-+[40-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[40-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-40]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[41-version-negotiation]
-+ssl_conf = 41-version-negotiation-ssl
-+
-+[41-version-negotiation-ssl]
-+server = 41-version-negotiation-server
-+client = 41-version-negotiation-client
-+
-+[41-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[41-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-41]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[42-version-negotiation]
-+ssl_conf = 42-version-negotiation-ssl
-+
-+[42-version-negotiation-ssl]
-+server = 42-version-negotiation-server
-+client = 42-version-negotiation-client
-+
-+[42-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[42-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-42]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[43-version-negotiation]
-+ssl_conf = 43-version-negotiation-ssl
-+
-+[43-version-negotiation-ssl]
-+server = 43-version-negotiation-server
-+client = 43-version-negotiation-client
-+
-+[43-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[43-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-43]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1
-+
-+
-+# ===========================================================
-+
-+[44-version-negotiation]
-+ssl_conf = 44-version-negotiation-ssl
-+
-+[44-version-negotiation-ssl]
-+server = 44-version-negotiation-server
-+client = 44-version-negotiation-client
-+
-+[44-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[44-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-44]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[45-version-negotiation]
-+ssl_conf = 45-version-negotiation-ssl
-+
-+[45-version-negotiation-ssl]
-+server = 45-version-negotiation-server
-+client = 45-version-negotiation-client
-+
-+[45-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[45-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-45]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[46-version-negotiation]
-+ssl_conf = 46-version-negotiation-ssl
-+
-+[46-version-negotiation-ssl]
-+server = 46-version-negotiation-server
-+client = 46-version-negotiation-client
-+
-+[46-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[46-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-46]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[47-version-negotiation]
-+ssl_conf = 47-version-negotiation-ssl
-+
-+[47-version-negotiation-ssl]
-+server = 47-version-negotiation-server
-+client = 47-version-negotiation-client
-+
-+[47-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[47-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-47]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[48-version-negotiation]
-+ssl_conf = 48-version-negotiation-ssl
-+
-+[48-version-negotiation-ssl]
-+server = 48-version-negotiation-server
-+client = 48-version-negotiation-client
-+
-+[48-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[48-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-48]
-+ExpectedResult = ClientFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[49-version-negotiation]
-+ssl_conf = 49-version-negotiation-ssl
-+
-+[49-version-negotiation-ssl]
-+server = 49-version-negotiation-server
-+client = 49-version-negotiation-client
-+
-+[49-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[49-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-49]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[50-version-negotiation]
-+ssl_conf = 50-version-negotiation-ssl
-+
-+[50-version-negotiation-ssl]
-+server = 50-version-negotiation-server
-+client = 50-version-negotiation-client
-+
-+[50-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[50-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-50]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[51-version-negotiation]
-+ssl_conf = 51-version-negotiation-ssl
-+
-+[51-version-negotiation-ssl]
-+server = 51-version-negotiation-server
-+client = 51-version-negotiation-client
-+
-+[51-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[51-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-51]
-+ExpectedResult = ClientFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[52-version-negotiation]
-+ssl_conf = 52-version-negotiation-ssl
-+
-+[52-version-negotiation-ssl]
-+server = 52-version-negotiation-server
-+client = 52-version-negotiation-client
-+
-+[52-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[52-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-52]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[53-version-negotiation]
-+ssl_conf = 53-version-negotiation-ssl
-+
-+[53-version-negotiation-ssl]
-+server = 53-version-negotiation-server
-+client = 53-version-negotiation-client
-+
-+[53-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[53-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-53]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[54-version-negotiation]
-+ssl_conf = 54-version-negotiation-ssl
-+
-+[54-version-negotiation-ssl]
-+server = 54-version-negotiation-server
-+client = 54-version-negotiation-client
-+
-+[54-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[54-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-54]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[55-version-negotiation]
-+ssl_conf = 55-version-negotiation-ssl
-+
-+[55-version-negotiation-ssl]
-+server = 55-version-negotiation-server
-+client = 55-version-negotiation-client
-+
-+[55-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[55-version-negotiation-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-55]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[56-version-negotiation]
-+ssl_conf = 56-version-negotiation-ssl
-+
-+[56-version-negotiation-ssl]
-+server = 56-version-negotiation-server
-+client = 56-version-negotiation-client
-+
-+[56-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[56-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-56]
-+ExpectedResult = ClientFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[57-version-negotiation]
-+ssl_conf = 57-version-negotiation-ssl
-+
-+[57-version-negotiation-ssl]
-+server = 57-version-negotiation-server
-+client = 57-version-negotiation-client
-+
-+[57-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[57-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-57]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[58-version-negotiation]
-+ssl_conf = 58-version-negotiation-ssl
-+
-+[58-version-negotiation-ssl]
-+server = 58-version-negotiation-server
-+client = 58-version-negotiation-client
-+
-+[58-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[58-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-58]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[59-version-negotiation]
-+ssl_conf = 59-version-negotiation-ssl
-+
-+[59-version-negotiation-ssl]
-+server = 59-version-negotiation-server
-+client = 59-version-negotiation-client
-+
-+[59-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[59-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-59]
-+ExpectedResult = ClientFail
-+Method = DTLS
-+
-+
-+# ===========================================================
-+
-+[60-version-negotiation]
-+ssl_conf = 60-version-negotiation-ssl
-+
-+[60-version-negotiation-ssl]
-+server = 60-version-negotiation-server
-+client = 60-version-negotiation-client
-+
-+[60-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[60-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-60]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[61-version-negotiation]
-+ssl_conf = 61-version-negotiation-ssl
-+
-+[61-version-negotiation-ssl]
-+server = 61-version-negotiation-server
-+client = 61-version-negotiation-client
-+
-+[61-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[61-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-61]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[62-version-negotiation]
-+ssl_conf = 62-version-negotiation-ssl
-+
-+[62-version-negotiation-ssl]
-+server = 62-version-negotiation-server
-+client = 62-version-negotiation-client
-+
-+[62-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[62-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-62]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
-+# ===========================================================
-+
-+[63-version-negotiation]
-+ssl_conf = 63-version-negotiation-ssl
-+
-+[63-version-negotiation-ssl]
-+server = 63-version-negotiation-server
-+client = 63-version-negotiation-client
-+
-+[63-version-negotiation-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[63-version-negotiation-client]
-+CipherString = DEFAULT
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-63]
-+ExpectedResult = Success
-+Method = DTLS
-+Protocol = DTLSv1.2
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/07-dtls-protocol-version.conf.in
-@@ -0,0 +1,19 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test DTLS version negotiation
-+
-+package ssltests;
-+
-+use strict;
-+use warnings;
-+
-+use protocol_version;
-+
-+our @tests = generate_version_tests("DTLS");
---- /dev/null
-+++ b/test/ssl-tests/08-npn.conf
-@@ -0,0 +1,362 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 12
-+
-+test-0 = 0-npn-simple
-+test-1 = 1-npn-client-finds-match
-+test-2 = 2-npn-client-honours-server-pref
-+test-3 = 3-npn-client-first-pref-on-mismatch
-+test-4 = 4-npn-no-server-support
-+test-5 = 5-npn-no-client-support
-+test-6 = 6-npn-with-sni-no-context-switch
-+test-7 = 7-npn-with-sni-context-switch
-+test-8 = 8-npn-selected-sni-server-supports-npn
-+test-9 = 9-npn-selected-sni-server-does-not-support-npn
-+test-10 = 10-alpn-preferred-over-npn
-+test-11 = 11-sni-npn-preferred-over-alpn
-+# ===========================================================
-+
-+[0-npn-simple]
-+ssl_conf = 0-npn-simple-ssl
-+
-+[0-npn-simple-ssl]
-+server = 0-npn-simple-server
-+client = 0-npn-simple-client
-+
-+[0-npn-simple-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-npn-simple-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ClientNPNProtocols = foo
-+ExpectedNPNProtocol = foo
-+ServerNPNProtocols = foo
-+
-+
-+# ===========================================================
-+
-+[1-npn-client-finds-match]
-+ssl_conf = 1-npn-client-finds-match-ssl
-+
-+[1-npn-client-finds-match-ssl]
-+server = 1-npn-client-finds-match-server
-+client = 1-npn-client-finds-match-client
-+
-+[1-npn-client-finds-match-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-npn-client-finds-match-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ClientNPNProtocols = foo,bar
-+ExpectedNPNProtocol = bar
-+ServerNPNProtocols = baz,bar
-+
-+
-+# ===========================================================
-+
-+[2-npn-client-honours-server-pref]
-+ssl_conf = 2-npn-client-honours-server-pref-ssl
-+
-+[2-npn-client-honours-server-pref-ssl]
-+server = 2-npn-client-honours-server-pref-server
-+client = 2-npn-client-honours-server-pref-client
-+
-+[2-npn-client-honours-server-pref-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-npn-client-honours-server-pref-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ClientNPNProtocols = foo,bar
-+ExpectedNPNProtocol = bar
-+ServerNPNProtocols = bar,foo
-+
-+
-+# ===========================================================
-+
-+[3-npn-client-first-pref-on-mismatch]
-+ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl
-+
-+[3-npn-client-first-pref-on-mismatch-ssl]
-+server = 3-npn-client-first-pref-on-mismatch-server
-+client = 3-npn-client-first-pref-on-mismatch-client
-+
-+[3-npn-client-first-pref-on-mismatch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-npn-client-first-pref-on-mismatch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+ClientNPNProtocols = foo,bar
-+ExpectedNPNProtocol = foo
-+ServerNPNProtocols = baz
-+
-+
-+# ===========================================================
-+
-+[4-npn-no-server-support]
-+ssl_conf = 4-npn-no-server-support-ssl
-+
-+[4-npn-no-server-support-ssl]
-+server = 4-npn-no-server-support-server
-+client = 4-npn-no-server-support-client
-+
-+[4-npn-no-server-support-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-npn-no-server-support-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+ClientNPNProtocols = foo
-+
-+
-+# ===========================================================
-+
-+[5-npn-no-client-support]
-+ssl_conf = 5-npn-no-client-support-ssl
-+
-+[5-npn-no-client-support-ssl]
-+server = 5-npn-no-client-support-server
-+client = 5-npn-no-client-support-client
-+
-+[5-npn-no-client-support-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-npn-no-client-support-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+ServerNPNProtocols = foo
-+
-+
-+# ===========================================================
-+
-+[6-npn-with-sni-no-context-switch]
-+ssl_conf = 6-npn-with-sni-no-context-switch-ssl
-+
-+[6-npn-with-sni-no-context-switch-ssl]
-+server = 6-npn-with-sni-no-context-switch-server
-+client = 6-npn-with-sni-no-context-switch-client
-+server2 = 6-npn-with-sni-no-context-switch-server2
-+
-+[6-npn-with-sni-no-context-switch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-npn-with-sni-no-context-switch-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-npn-with-sni-no-context-switch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+ClientNPNProtocols = foo,bar
-+ExpectedNPNProtocol = foo
-+ExpectedServerName = server1
-+Server2NPNProtocols = bar
-+ServerNPNProtocols = foo
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[7-npn-with-sni-context-switch]
-+ssl_conf = 7-npn-with-sni-context-switch-ssl
-+
-+[7-npn-with-sni-context-switch-ssl]
-+server = 7-npn-with-sni-context-switch-server
-+client = 7-npn-with-sni-context-switch-client
-+server2 = 7-npn-with-sni-context-switch-server2
-+
-+[7-npn-with-sni-context-switch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-npn-with-sni-context-switch-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-npn-with-sni-context-switch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+ClientNPNProtocols = foo,bar
-+ExpectedNPNProtocol = bar
-+ExpectedServerName = server2
-+Server2NPNProtocols = bar
-+ServerNPNProtocols = foo
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[8-npn-selected-sni-server-supports-npn]
-+ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
-+
-+[8-npn-selected-sni-server-supports-npn-ssl]
-+server = 8-npn-selected-sni-server-supports-npn-server
-+client = 8-npn-selected-sni-server-supports-npn-client
-+server2 = 8-npn-selected-sni-server-supports-npn-server2
-+
-+[8-npn-selected-sni-server-supports-npn-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-npn-selected-sni-server-supports-npn-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-npn-selected-sni-server-supports-npn-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+ClientNPNProtocols = foo,bar
-+ExpectedNPNProtocol = bar
-+ExpectedServerName = server2
-+Server2NPNProtocols = bar
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[9-npn-selected-sni-server-does-not-support-npn]
-+ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
-+
-+[9-npn-selected-sni-server-does-not-support-npn-ssl]
-+server = 9-npn-selected-sni-server-does-not-support-npn-server
-+client = 9-npn-selected-sni-server-does-not-support-npn-client
-+server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
-+
-+[9-npn-selected-sni-server-does-not-support-npn-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-npn-selected-sni-server-does-not-support-npn-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-npn-selected-sni-server-does-not-support-npn-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+ClientNPNProtocols = foo,bar
-+ExpectedServerName = server2
-+ServerNPNProtocols = foo
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[10-alpn-preferred-over-npn]
-+ssl_conf = 10-alpn-preferred-over-npn-ssl
-+
-+[10-alpn-preferred-over-npn-ssl]
-+server = 10-alpn-preferred-over-npn-server
-+client = 10-alpn-preferred-over-npn-client
-+
-+[10-alpn-preferred-over-npn-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-alpn-preferred-over-npn-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-10]
-+ClientALPNProtocols = foo
-+ClientNPNProtocols = bar
-+ExpectedALPNProtocol = foo
-+ServerALPNProtocols = foo
-+ServerNPNProtocols = bar
-+
-+
-+# ===========================================================
-+
-+[11-sni-npn-preferred-over-alpn]
-+ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
-+
-+[11-sni-npn-preferred-over-alpn-ssl]
-+server = 11-sni-npn-preferred-over-alpn-server
-+client = 11-sni-npn-preferred-over-alpn-client
-+server2 = 11-sni-npn-preferred-over-alpn-server2
-+
-+[11-sni-npn-preferred-over-alpn-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-sni-npn-preferred-over-alpn-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-sni-npn-preferred-over-alpn-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-11]
-+ClientALPNProtocols = foo
-+ClientNPNProtocols = bar
-+ExpectedNPNProtocol = bar
-+ExpectedServerName = server2
-+Server2NPNProtocols = bar
-+ServerALPNProtocols = foo
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/08-npn.conf.in
-@@ -0,0 +1,165 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test version negotiation
-+
-+use strict;
-+use warnings;
-+
-+package ssltests;
-+
-+
-+our @tests = (
-+ {
-+ name => "npn-simple",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo",
-+ "ServerNPNProtocols" => "foo",
-+ "ExpectedNPNProtocol" => "foo",
-+ },
-+ },
-+ {
-+ name => "npn-client-finds-match",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "ServerNPNProtocols" => "baz,bar",
-+ "ExpectedNPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "npn-client-honours-server-pref",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "ServerNPNProtocols" => "bar,foo",
-+ "ExpectedNPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "npn-client-first-pref-on-mismatch",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "ServerNPNProtocols" => "baz",
-+ "ExpectedNPNProtocol" => "foo",
-+ },
-+ },
-+ {
-+ name => "npn-no-server-support",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo",
-+ "ExpectedNPNProtocol" => undef,
-+ },
-+ },
-+ {
-+ name => "npn-no-client-support",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ServerNPNProtocols" => "foo",
-+ "ExpectedNPNProtocol" => undef,
-+ },
-+ },
-+ {
-+ name => "npn-with-sni-no-context-switch",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "ServerNPNProtocols" => "foo",
-+ "Server2NPNProtocols" => "bar",
-+ "ServerName" => "server1",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server1",
-+ "ExpectedNPNProtocol" => "foo",
-+ },
-+ },
-+ {
-+ name => "npn-with-sni-context-switch",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "ServerNPNProtocols" => "foo",
-+ "Server2NPNProtocols" => "bar",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedNPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "npn-selected-sni-server-supports-npn",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "Server2NPNProtocols" => "bar",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedNPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "npn-selected-sni-server-does-not-support-npn",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientNPNProtocols" => "foo,bar",
-+ "ServerNPNProtocols" => "foo",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedNPNProtocol" => undef,
-+ },
-+ },
-+ {
-+ name => "alpn-preferred-over-npn",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo",
-+ "ClientNPNProtocols" => "bar",
-+ "ServerALPNProtocols" => "foo",
-+ "ServerNPNProtocols" => "bar",
-+ "ExpectedALPNProtocol" => "foo",
-+ "ExpectedNPNProtocol" => undef,
-+ },
-+ },
-+ {
-+ name => "sni-npn-preferred-over-alpn",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo",
-+ "ClientNPNProtocols" => "bar",
-+ "ServerALPNProtocols" => "foo",
-+ "Server2NPNProtocols" => "bar",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedALPNProtocol" => undef,
-+ "ExpectedNPNProtocol" => "bar",
-+ },
-+ },
-+);
---- /dev/null
-+++ b/test/ssl-tests/09-alpn.conf
-@@ -0,0 +1,298 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 10
-+
-+test-0 = 0-alpn-simple
-+test-1 = 1-alpn-client-finds-match
-+test-2 = 2-alpn-client-honours-server-pref
-+test-3 = 3-alpn-alert-on-mismatch
-+test-4 = 4-alpn-no-server-support
-+test-5 = 5-alpn-no-client-support
-+test-6 = 6-alpn-with-sni-no-context-switch
-+test-7 = 7-alpn-with-sni-context-switch
-+test-8 = 8-alpn-selected-sni-server-supports-alpn
-+test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
-+# ===========================================================
-+
-+[0-alpn-simple]
-+ssl_conf = 0-alpn-simple-ssl
-+
-+[0-alpn-simple-ssl]
-+server = 0-alpn-simple-server
-+client = 0-alpn-simple-client
-+
-+[0-alpn-simple-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-alpn-simple-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+ClientALPNProtocols = foo
-+ExpectedALPNProtocol = foo
-+ServerALPNProtocols = foo
-+
-+
-+# ===========================================================
-+
-+[1-alpn-client-finds-match]
-+ssl_conf = 1-alpn-client-finds-match-ssl
-+
-+[1-alpn-client-finds-match-ssl]
-+server = 1-alpn-client-finds-match-server
-+client = 1-alpn-client-finds-match-client
-+
-+[1-alpn-client-finds-match-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-alpn-client-finds-match-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+ClientALPNProtocols = foo,bar
-+ExpectedALPNProtocol = bar
-+ServerALPNProtocols = baz,bar
-+
-+
-+# ===========================================================
-+
-+[2-alpn-client-honours-server-pref]
-+ssl_conf = 2-alpn-client-honours-server-pref-ssl
-+
-+[2-alpn-client-honours-server-pref-ssl]
-+server = 2-alpn-client-honours-server-pref-server
-+client = 2-alpn-client-honours-server-pref-client
-+
-+[2-alpn-client-honours-server-pref-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-alpn-client-honours-server-pref-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+ClientALPNProtocols = foo,bar
-+ExpectedALPNProtocol = bar
-+ServerALPNProtocols = bar,foo
-+
-+
-+# ===========================================================
-+
-+[3-alpn-alert-on-mismatch]
-+ssl_conf = 3-alpn-alert-on-mismatch-ssl
-+
-+[3-alpn-alert-on-mismatch-ssl]
-+server = 3-alpn-alert-on-mismatch-server
-+client = 3-alpn-alert-on-mismatch-client
-+
-+[3-alpn-alert-on-mismatch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-alpn-alert-on-mismatch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+ClientALPNProtocols = foo,bar
-+ExpectedResult = ServerFail
-+ServerALPNProtocols = baz
-+ServerAlert = NoApplicationProtocol
-+
-+
-+# ===========================================================
-+
-+[4-alpn-no-server-support]
-+ssl_conf = 4-alpn-no-server-support-ssl
-+
-+[4-alpn-no-server-support-ssl]
-+server = 4-alpn-no-server-support-server
-+client = 4-alpn-no-server-support-client
-+
-+[4-alpn-no-server-support-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-alpn-no-server-support-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+ClientALPNProtocols = foo
-+
-+
-+# ===========================================================
-+
-+[5-alpn-no-client-support]
-+ssl_conf = 5-alpn-no-client-support-ssl
-+
-+[5-alpn-no-client-support-ssl]
-+server = 5-alpn-no-client-support-server
-+client = 5-alpn-no-client-support-client
-+
-+[5-alpn-no-client-support-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-alpn-no-client-support-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+ServerALPNProtocols = foo
-+
-+
-+# ===========================================================
-+
-+[6-alpn-with-sni-no-context-switch]
-+ssl_conf = 6-alpn-with-sni-no-context-switch-ssl
-+
-+[6-alpn-with-sni-no-context-switch-ssl]
-+server = 6-alpn-with-sni-no-context-switch-server
-+client = 6-alpn-with-sni-no-context-switch-client
-+server2 = 6-alpn-with-sni-no-context-switch-server2
-+
-+[6-alpn-with-sni-no-context-switch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-alpn-with-sni-no-context-switch-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-alpn-with-sni-no-context-switch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+ClientALPNProtocols = foo,bar
-+ExpectedALPNProtocol = foo
-+ExpectedServerName = server1
-+Server2ALPNProtocols = bar
-+ServerALPNProtocols = foo
-+ServerName = server1
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[7-alpn-with-sni-context-switch]
-+ssl_conf = 7-alpn-with-sni-context-switch-ssl
-+
-+[7-alpn-with-sni-context-switch-ssl]
-+server = 7-alpn-with-sni-context-switch-server
-+client = 7-alpn-with-sni-context-switch-client
-+server2 = 7-alpn-with-sni-context-switch-server2
-+
-+[7-alpn-with-sni-context-switch-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-alpn-with-sni-context-switch-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-alpn-with-sni-context-switch-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+ClientALPNProtocols = foo,bar
-+ExpectedALPNProtocol = bar
-+ExpectedServerName = server2
-+Server2ALPNProtocols = bar
-+ServerALPNProtocols = foo
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[8-alpn-selected-sni-server-supports-alpn]
-+ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl
-+
-+[8-alpn-selected-sni-server-supports-alpn-ssl]
-+server = 8-alpn-selected-sni-server-supports-alpn-server
-+client = 8-alpn-selected-sni-server-supports-alpn-client
-+server2 = 8-alpn-selected-sni-server-supports-alpn-server2
-+
-+[8-alpn-selected-sni-server-supports-alpn-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-alpn-selected-sni-server-supports-alpn-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-alpn-selected-sni-server-supports-alpn-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+ClientALPNProtocols = foo,bar
-+ExpectedALPNProtocol = bar
-+ExpectedServerName = server2
-+Server2ALPNProtocols = bar
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
-+# ===========================================================
-+
-+[9-alpn-selected-sni-server-does-not-support-alpn]
-+ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl
-+
-+[9-alpn-selected-sni-server-does-not-support-alpn-ssl]
-+server = 9-alpn-selected-sni-server-does-not-support-alpn-server
-+client = 9-alpn-selected-sni-server-does-not-support-alpn-client
-+server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2
-+
-+[9-alpn-selected-sni-server-does-not-support-alpn-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-alpn-selected-sni-server-does-not-support-alpn-server2]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-alpn-selected-sni-server-does-not-support-alpn-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+ClientALPNProtocols = foo,bar
-+ExpectedServerName = server2
-+ServerALPNProtocols = foo
-+ServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/09-alpn.conf.in
-@@ -0,0 +1,136 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test version negotiation
-+
-+use strict;
-+use warnings;
-+
-+package ssltests;
-+
-+
-+our @tests = (
-+ {
-+ name => "alpn-simple",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo",
-+ "ServerALPNProtocols" => "foo",
-+ "ExpectedALPNProtocol" => "foo",
-+ },
-+ },
-+ {
-+ name => "alpn-client-finds-match",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "ServerALPNProtocols" => "baz,bar",
-+ "ExpectedALPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "alpn-client-honours-server-pref",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "ServerALPNProtocols" => "bar,foo",
-+ "ExpectedALPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "alpn-alert-on-mismatch",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "ServerALPNProtocols" => "baz",
-+ "ExpectedResult" => "ServerFail",
-+ "ServerAlert" => "NoApplicationProtocol",
-+ },
-+ },
-+ {
-+ name => "alpn-no-server-support",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo",
-+ "ExpectedALPNProtocol" => undef,
-+ },
-+ },
-+ {
-+ name => "alpn-no-client-support",
-+ server => { },
-+ client => { },
-+ test => {
-+ "ServerALPNProtocols" => "foo",
-+ "ExpectedALPNProtocol" => undef,
-+ },
-+ },
-+ {
-+ name => "alpn-with-sni-no-context-switch",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "ServerALPNProtocols" => "foo",
-+ "Server2ALPNProtocols" => "bar",
-+ "ServerName" => "server1",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server1",
-+ "ExpectedALPNProtocol" => "foo",
-+ },
-+ },
-+ {
-+ name => "alpn-with-sni-context-switch",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "ServerALPNProtocols" => "foo",
-+ "Server2ALPNProtocols" => "bar",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedALPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "alpn-selected-sni-server-supports-alpn",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "Server2ALPNProtocols" => "bar",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedALPNProtocol" => "bar",
-+ },
-+ },
-+ {
-+ name => "alpn-selected-sni-server-does-not-support-alpn",
-+ server => { },
-+ server2 => { },
-+ client => { },
-+ test => {
-+ "ClientALPNProtocols" => "foo,bar",
-+ "ServerALPNProtocols" => "foo",
-+ "ServerName" => "server2",
-+ "ServerNameCallback" => "IgnoreMismatch",
-+ "ExpectedServerName" => "server2",
-+ "ExpectedALPNProtocol" => undef,
-+ },
-+ },
-+);
---- /dev/null
-+++ b/test/ssl-tests/10-resumption.conf
-@@ -0,0 +1,1336 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 36
-+
-+test-0 = 0-resumption
-+test-1 = 1-resumption
-+test-2 = 2-resumption
-+test-3 = 3-resumption
-+test-4 = 4-resumption
-+test-5 = 5-resumption
-+test-6 = 6-resumption
-+test-7 = 7-resumption
-+test-8 = 8-resumption
-+test-9 = 9-resumption
-+test-10 = 10-resumption
-+test-11 = 11-resumption
-+test-12 = 12-resumption
-+test-13 = 13-resumption
-+test-14 = 14-resumption
-+test-15 = 15-resumption
-+test-16 = 16-resumption
-+test-17 = 17-resumption
-+test-18 = 18-resumption
-+test-19 = 19-resumption
-+test-20 = 20-resumption
-+test-21 = 21-resumption
-+test-22 = 22-resumption
-+test-23 = 23-resumption
-+test-24 = 24-resumption
-+test-25 = 25-resumption
-+test-26 = 26-resumption
-+test-27 = 27-resumption
-+test-28 = 28-resumption
-+test-29 = 29-resumption
-+test-30 = 30-resumption
-+test-31 = 31-resumption
-+test-32 = 32-resumption
-+test-33 = 33-resumption
-+test-34 = 34-resumption
-+test-35 = 35-resumption
-+# ===========================================================
-+
-+[0-resumption]
-+ssl_conf = 0-resumption-ssl
-+
-+[0-resumption-ssl]
-+server = 0-resumption-server
-+client = 0-resumption-client
-+resume-server = 0-resumption-resume-server
-+resume-client = 0-resumption-client
-+
-+[0-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[1-resumption]
-+ssl_conf = 1-resumption-ssl
-+
-+[1-resumption-ssl]
-+server = 1-resumption-server
-+client = 1-resumption-client
-+resume-server = 1-resumption-resume-server
-+resume-client = 1-resumption-client
-+
-+[1-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[2-resumption]
-+ssl_conf = 2-resumption-ssl
-+
-+[2-resumption-ssl]
-+server = 2-resumption-server
-+client = 2-resumption-client
-+resume-server = 2-resumption-resume-server
-+resume-client = 2-resumption-client
-+
-+[2-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[3-resumption]
-+ssl_conf = 3-resumption-ssl
-+
-+[3-resumption-ssl]
-+server = 3-resumption-server
-+client = 3-resumption-client
-+resume-server = 3-resumption-resume-server
-+resume-client = 3-resumption-client
-+
-+[3-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[4-resumption]
-+ssl_conf = 4-resumption-ssl
-+
-+[4-resumption-ssl]
-+server = 4-resumption-server
-+client = 4-resumption-client
-+resume-server = 4-resumption-resume-server
-+resume-client = 4-resumption-client
-+
-+[4-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[5-resumption]
-+ssl_conf = 5-resumption-ssl
-+
-+[5-resumption-ssl]
-+server = 5-resumption-server
-+client = 5-resumption-client
-+resume-server = 5-resumption-resume-server
-+resume-client = 5-resumption-client
-+
-+[5-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[6-resumption]
-+ssl_conf = 6-resumption-ssl
-+
-+[6-resumption-ssl]
-+server = 6-resumption-server
-+client = 6-resumption-client
-+resume-server = 6-resumption-resume-server
-+resume-client = 6-resumption-client
-+
-+[6-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[7-resumption]
-+ssl_conf = 7-resumption-ssl
-+
-+[7-resumption-ssl]
-+server = 7-resumption-server
-+client = 7-resumption-client
-+resume-server = 7-resumption-resume-server
-+resume-client = 7-resumption-client
-+
-+[7-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[8-resumption]
-+ssl_conf = 8-resumption-ssl
-+
-+[8-resumption-ssl]
-+server = 8-resumption-server
-+client = 8-resumption-client
-+resume-server = 8-resumption-resume-server
-+resume-client = 8-resumption-client
-+
-+[8-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[9-resumption]
-+ssl_conf = 9-resumption-ssl
-+
-+[9-resumption-ssl]
-+server = 9-resumption-server
-+client = 9-resumption-client
-+resume-server = 9-resumption-resume-server
-+resume-client = 9-resumption-client
-+
-+[9-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[10-resumption]
-+ssl_conf = 10-resumption-ssl
-+
-+[10-resumption-ssl]
-+server = 10-resumption-server
-+client = 10-resumption-client
-+resume-server = 10-resumption-resume-server
-+resume-client = 10-resumption-client
-+
-+[10-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-10]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[11-resumption]
-+ssl_conf = 11-resumption-ssl
-+
-+[11-resumption-ssl]
-+server = 11-resumption-server
-+client = 11-resumption-client
-+resume-server = 11-resumption-resume-server
-+resume-client = 11-resumption-client
-+
-+[11-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-11]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[12-resumption]
-+ssl_conf = 12-resumption-ssl
-+
-+[12-resumption-ssl]
-+server = 12-resumption-server
-+client = 12-resumption-client
-+resume-server = 12-resumption-resume-server
-+resume-client = 12-resumption-client
-+
-+[12-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[12-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[12-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-12]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[13-resumption]
-+ssl_conf = 13-resumption-ssl
-+
-+[13-resumption-ssl]
-+server = 13-resumption-server
-+client = 13-resumption-client
-+resume-server = 13-resumption-resume-server
-+resume-client = 13-resumption-client
-+
-+[13-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[13-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[13-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-13]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[14-resumption]
-+ssl_conf = 14-resumption-ssl
-+
-+[14-resumption-ssl]
-+server = 14-resumption-server
-+client = 14-resumption-client
-+resume-server = 14-resumption-resume-server
-+resume-client = 14-resumption-client
-+
-+[14-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[14-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[14-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-14]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[15-resumption]
-+ssl_conf = 15-resumption-ssl
-+
-+[15-resumption-ssl]
-+server = 15-resumption-server
-+client = 15-resumption-client
-+resume-server = 15-resumption-resume-server
-+resume-client = 15-resumption-client
-+
-+[15-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-15]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[16-resumption]
-+ssl_conf = 16-resumption-ssl
-+
-+[16-resumption-ssl]
-+server = 16-resumption-server
-+client = 16-resumption-client
-+resume-server = 16-resumption-resume-server
-+resume-client = 16-resumption-client
-+
-+[16-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[16-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[16-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-16]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[17-resumption]
-+ssl_conf = 17-resumption-ssl
-+
-+[17-resumption-ssl]
-+server = 17-resumption-server
-+client = 17-resumption-client
-+resume-server = 17-resumption-resume-server
-+resume-client = 17-resumption-client
-+
-+[17-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[17-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[17-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-17]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[18-resumption]
-+ssl_conf = 18-resumption-ssl
-+
-+[18-resumption-ssl]
-+server = 18-resumption-server
-+client = 18-resumption-client
-+resume-server = 18-resumption-server
-+resume-client = 18-resumption-resume-client
-+
-+[18-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[18-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[18-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-18]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[19-resumption]
-+ssl_conf = 19-resumption-ssl
-+
-+[19-resumption-ssl]
-+server = 19-resumption-server
-+client = 19-resumption-client
-+resume-server = 19-resumption-server
-+resume-client = 19-resumption-resume-client
-+
-+[19-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[19-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[19-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-19]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[20-resumption]
-+ssl_conf = 20-resumption-ssl
-+
-+[20-resumption-ssl]
-+server = 20-resumption-server
-+client = 20-resumption-client
-+resume-server = 20-resumption-server
-+resume-client = 20-resumption-resume-client
-+
-+[20-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[20-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[20-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-20]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[21-resumption]
-+ssl_conf = 21-resumption-ssl
-+
-+[21-resumption-ssl]
-+server = 21-resumption-server
-+client = 21-resumption-client
-+resume-server = 21-resumption-server
-+resume-client = 21-resumption-resume-client
-+
-+[21-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[21-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[21-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-21]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[22-resumption]
-+ssl_conf = 22-resumption-ssl
-+
-+[22-resumption-ssl]
-+server = 22-resumption-server
-+client = 22-resumption-client
-+resume-server = 22-resumption-server
-+resume-client = 22-resumption-resume-client
-+
-+[22-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[22-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[22-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-22]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[23-resumption]
-+ssl_conf = 23-resumption-ssl
-+
-+[23-resumption-ssl]
-+server = 23-resumption-server
-+client = 23-resumption-client
-+resume-server = 23-resumption-server
-+resume-client = 23-resumption-resume-client
-+
-+[23-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[23-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+MinProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[23-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-23]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[24-resumption]
-+ssl_conf = 24-resumption-ssl
-+
-+[24-resumption-ssl]
-+server = 24-resumption-server
-+client = 24-resumption-client
-+resume-server = 24-resumption-server
-+resume-client = 24-resumption-resume-client
-+
-+[24-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[24-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[24-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-24]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[25-resumption]
-+ssl_conf = 25-resumption-ssl
-+
-+[25-resumption-ssl]
-+server = 25-resumption-server
-+client = 25-resumption-client
-+resume-server = 25-resumption-server
-+resume-client = 25-resumption-resume-client
-+
-+[25-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[25-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[25-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-25]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[26-resumption]
-+ssl_conf = 26-resumption-ssl
-+
-+[26-resumption-ssl]
-+server = 26-resumption-server
-+client = 26-resumption-client
-+resume-server = 26-resumption-server
-+resume-client = 26-resumption-resume-client
-+
-+[26-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[26-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[26-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-26]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[27-resumption]
-+ssl_conf = 27-resumption-ssl
-+
-+[27-resumption-ssl]
-+server = 27-resumption-server
-+client = 27-resumption-client
-+resume-server = 27-resumption-server
-+resume-client = 27-resumption-resume-client
-+
-+[27-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[27-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[27-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-27]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[28-resumption]
-+ssl_conf = 28-resumption-ssl
-+
-+[28-resumption-ssl]
-+server = 28-resumption-server
-+client = 28-resumption-client
-+resume-server = 28-resumption-server
-+resume-client = 28-resumption-resume-client
-+
-+[28-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[28-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[28-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-28]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[29-resumption]
-+ssl_conf = 29-resumption-ssl
-+
-+[29-resumption-ssl]
-+server = 29-resumption-server
-+client = 29-resumption-client
-+resume-server = 29-resumption-server
-+resume-client = 29-resumption-resume-client
-+
-+[29-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[29-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+MinProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[29-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-29]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[30-resumption]
-+ssl_conf = 30-resumption-ssl
-+
-+[30-resumption-ssl]
-+server = 30-resumption-server
-+client = 30-resumption-client
-+resume-server = 30-resumption-server
-+resume-client = 30-resumption-resume-client
-+
-+[30-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[30-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[30-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-30]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[31-resumption]
-+ssl_conf = 31-resumption-ssl
-+
-+[31-resumption-ssl]
-+server = 31-resumption-server
-+client = 31-resumption-client
-+resume-server = 31-resumption-server
-+resume-client = 31-resumption-resume-client
-+
-+[31-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[31-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[31-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-31]
-+HandshakeMode = Resume
-+Protocol = TLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[32-resumption]
-+ssl_conf = 32-resumption-ssl
-+
-+[32-resumption-ssl]
-+server = 32-resumption-server
-+client = 32-resumption-client
-+resume-server = 32-resumption-server
-+resume-client = 32-resumption-resume-client
-+
-+[32-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[32-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[32-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-32]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[33-resumption]
-+ssl_conf = 33-resumption-ssl
-+
-+[33-resumption-ssl]
-+server = 33-resumption-server
-+client = 33-resumption-client
-+resume-server = 33-resumption-server
-+resume-client = 33-resumption-resume-client
-+
-+[33-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[33-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[33-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-33]
-+HandshakeMode = Resume
-+Protocol = TLSv1.1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[34-resumption]
-+ssl_conf = 34-resumption-ssl
-+
-+[34-resumption-ssl]
-+server = 34-resumption-server
-+client = 34-resumption-client
-+resume-server = 34-resumption-server
-+resume-client = 34-resumption-resume-client
-+
-+[34-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[34-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[34-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-34]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[35-resumption]
-+ssl_conf = 35-resumption-ssl
-+
-+[35-resumption-ssl]
-+server = 35-resumption-server
-+client = 35-resumption-client
-+resume-server = 35-resumption-server
-+resume-client = 35-resumption-resume-client
-+
-+[35-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[35-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+MinProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[35-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = TLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-35]
-+HandshakeMode = Resume
-+Protocol = TLSv1.2
-+ResumptionExpected = Yes
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/10-resumption.conf.in
-@@ -0,0 +1,19 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test version negotiation upon resumption.
-+
-+use strict;
-+use warnings;
-+
-+package ssltests;
-+
-+use protocol_version;
-+
-+our @tests = generate_resumption_tests("TLS");
---- /dev/null
-+++ b/test/ssl-tests/11-dtls_resumption.conf
-@@ -0,0 +1,612 @@
-+# Generated with generate_ssl_tests.pl
-+
-+num_tests = 16
-+
-+test-0 = 0-resumption
-+test-1 = 1-resumption
-+test-2 = 2-resumption
-+test-3 = 3-resumption
-+test-4 = 4-resumption
-+test-5 = 5-resumption
-+test-6 = 6-resumption
-+test-7 = 7-resumption
-+test-8 = 8-resumption
-+test-9 = 9-resumption
-+test-10 = 10-resumption
-+test-11 = 11-resumption
-+test-12 = 12-resumption
-+test-13 = 13-resumption
-+test-14 = 14-resumption
-+test-15 = 15-resumption
-+# ===========================================================
-+
-+[0-resumption]
-+ssl_conf = 0-resumption-ssl
-+
-+[0-resumption-ssl]
-+server = 0-resumption-server
-+client = 0-resumption-client
-+resume-server = 0-resumption-resume-server
-+resume-client = 0-resumption-client
-+
-+[0-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[0-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-0]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[1-resumption]
-+ssl_conf = 1-resumption-ssl
-+
-+[1-resumption-ssl]
-+server = 1-resumption-server
-+client = 1-resumption-client
-+resume-server = 1-resumption-resume-server
-+resume-client = 1-resumption-client
-+
-+[1-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[1-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-1]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[2-resumption]
-+ssl_conf = 2-resumption-ssl
-+
-+[2-resumption-ssl]
-+server = 2-resumption-server
-+client = 2-resumption-client
-+resume-server = 2-resumption-resume-server
-+resume-client = 2-resumption-client
-+
-+[2-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[2-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-2]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[3-resumption]
-+ssl_conf = 3-resumption-ssl
-+
-+[3-resumption-ssl]
-+server = 3-resumption-server
-+client = 3-resumption-client
-+resume-server = 3-resumption-resume-server
-+resume-client = 3-resumption-client
-+
-+[3-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[3-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-3]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[4-resumption]
-+ssl_conf = 4-resumption-ssl
-+
-+[4-resumption-ssl]
-+server = 4-resumption-server
-+client = 4-resumption-client
-+resume-server = 4-resumption-resume-server
-+resume-client = 4-resumption-client
-+
-+[4-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[4-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-4]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[5-resumption]
-+ssl_conf = 5-resumption-ssl
-+
-+[5-resumption-ssl]
-+server = 5-resumption-server
-+client = 5-resumption-client
-+resume-server = 5-resumption-resume-server
-+resume-client = 5-resumption-client
-+
-+[5-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[5-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-5]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[6-resumption]
-+ssl_conf = 6-resumption-ssl
-+
-+[6-resumption-ssl]
-+server = 6-resumption-server
-+client = 6-resumption-client
-+resume-server = 6-resumption-resume-server
-+resume-client = 6-resumption-client
-+
-+[6-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[6-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-6]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[7-resumption]
-+ssl_conf = 7-resumption-ssl
-+
-+[7-resumption-ssl]
-+server = 7-resumption-server
-+client = 7-resumption-client
-+resume-server = 7-resumption-resume-server
-+resume-client = 7-resumption-client
-+
-+[7-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-resumption-resume-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[7-resumption-client]
-+CipherString = DEFAULT
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-7]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[8-resumption]
-+ssl_conf = 8-resumption-ssl
-+
-+[8-resumption-ssl]
-+server = 8-resumption-server
-+client = 8-resumption-client
-+resume-server = 8-resumption-server
-+resume-client = 8-resumption-resume-client
-+
-+[8-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[8-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[8-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-8]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[9-resumption]
-+ssl_conf = 9-resumption-ssl
-+
-+[9-resumption-ssl]
-+server = 9-resumption-server
-+client = 9-resumption-client
-+resume-server = 9-resumption-server
-+resume-client = 9-resumption-resume-client
-+
-+[9-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[9-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[9-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-9]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[10-resumption]
-+ssl_conf = 10-resumption-ssl
-+
-+[10-resumption-ssl]
-+server = 10-resumption-server
-+client = 10-resumption-client
-+resume-server = 10-resumption-server
-+resume-client = 10-resumption-resume-client
-+
-+[10-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[10-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[10-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-10]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[11-resumption]
-+ssl_conf = 11-resumption-ssl
-+
-+[11-resumption-ssl]
-+server = 11-resumption-server
-+client = 11-resumption-client
-+resume-server = 11-resumption-server
-+resume-client = 11-resumption-resume-client
-+
-+[11-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[11-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+MinProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[11-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-11]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[12-resumption]
-+ssl_conf = 12-resumption-ssl
-+
-+[12-resumption-ssl]
-+server = 12-resumption-server
-+client = 12-resumption-client
-+resume-server = 12-resumption-server
-+resume-client = 12-resumption-resume-client
-+
-+[12-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[12-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[12-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-12]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[13-resumption]
-+ssl_conf = 13-resumption-ssl
-+
-+[13-resumption-ssl]
-+server = 13-resumption-server
-+client = 13-resumption-client
-+resume-server = 13-resumption-server
-+resume-client = 13-resumption-resume-client
-+
-+[13-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[13-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[13-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-13]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1
-+ResumptionExpected = No
-+
-+
-+# ===========================================================
-+
-+[14-resumption]
-+ssl_conf = 14-resumption-ssl
-+
-+[14-resumption-ssl]
-+server = 14-resumption-server
-+client = 14-resumption-client
-+resume-server = 14-resumption-server
-+resume-client = 14-resumption-resume-client
-+
-+[14-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[14-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[14-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-14]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = Yes
-+
-+
-+# ===========================================================
-+
-+[15-resumption]
-+ssl_conf = 15-resumption-ssl
-+
-+[15-resumption-ssl]
-+server = 15-resumption-server
-+client = 15-resumption-client
-+resume-server = 15-resumption-server
-+resume-client = 15-resumption-resume-client
-+
-+[15-resumption-server]
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = DEFAULT
-+Options = -SessionTicket
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-+
-+[15-resumption-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+MinProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[15-resumption-resume-client]
-+CipherString = DEFAULT
-+MaxProtocol = DTLSv1.2
-+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-+VerifyMode = Peer
-+
-+[test-15]
-+HandshakeMode = Resume
-+Method = DTLS
-+Protocol = DTLSv1.2
-+ResumptionExpected = Yes
-+
-+
---- /dev/null
-+++ b/test/ssl-tests/11-dtls_resumption.conf.in
-@@ -0,0 +1,19 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test version negotiation upon resumption.
-+
-+use strict;
-+use warnings;
-+
-+package ssltests;
-+
-+use protocol_version;
-+
-+our @tests = generate_resumption_tests("DTLS");
---- /dev/null
-+++ b/test/ssl-tests/protocol_version.pm
-@@ -0,0 +1,247 @@
-+# -*- mode: perl; -*-
-+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+## Test version negotiation
-+
-+package ssltests;
-+
-+use strict;
-+use warnings;
-+
-+use List::Util qw/max min/;
-+
-+use OpenSSL::Test;
-+use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
-+setup("no_test_here");
-+
-+my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-+# undef stands for "no limit".
-+my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-+my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
-+
-+my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-+
-+my $min_tls_enabled; my $max_tls_enabled;
-+
-+# Protocol configuration works in cascades, i.e.,
-+# $no_tls1_1 disables TLSv1.1 and below.
-+#
-+# $min_enabled and $max_enabled will be correct if there is at least one
-+# protocol enabled.
-+foreach my $i (0..$#tls_protocols) {
-+ if (!$is_tls_disabled[$i]) {
-+ $min_tls_enabled = $i;
-+ last;
-+ }
-+}
-+
-+foreach my $i (0..$#tls_protocols) {
-+ if (!$is_tls_disabled[$i]) {
-+ $max_tls_enabled = $i;
-+ }
-+}
-+
-+my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
-+# undef stands for "no limit".
-+my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
-+my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
-+
-+my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
-+
-+my $min_dtls_enabled; my $max_dtls_enabled;
-+
-+# $min_enabled and $max_enabled will be correct if there is at least one
-+# protocol enabled.
-+foreach my $i (0..$#dtls_protocols) {
-+ if (!$is_dtls_disabled[$i]) {
-+ $min_dtls_enabled = $i;
-+ last;
-+ }
-+}
-+
-+foreach my $i (0..$#dtls_protocols) {
-+ if (!$is_dtls_disabled[$i]) {
-+ $max_dtls_enabled = $i;
-+ }
-+}
-+
-+sub no_tests {
-+ my ($dtls) = @_;
-+ return $dtls ? alldisabled("dtls1", "dtls1_2") :
-+ alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-+}
-+
-+sub generate_version_tests {
-+ my ($method) = @_;
-+
-+ my $dtls = $method eq "DTLS";
-+ # Don't write the redundant "Method = TLS" into the configuration.
-+ undef $method if !$dtls;
-+
-+ my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
-+ my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
-+ my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
-+ my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
-+ my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
-+
-+ if (no_tests($dtls)) {
-+ return;
-+ }
-+
-+ my @tests = ();
-+
-+ foreach my $c_min (0..$#min_protocols) {
-+ my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
-+ foreach my $c_max ($c_max_min..$#max_protocols) {
-+ foreach my $s_min (0..$#min_protocols) {
-+ my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
-+ foreach my $s_max ($s_max_min..$#max_protocols) {
-+ my ($result, $protocol) =
-+ expected_result($c_min, $c_max, $s_min, $s_max,
-+ $min_enabled, $max_enabled, \@protocols);
-+ push @tests, {
-+ "name" => "version-negotiation",
-+ "client" => {
-+ "MinProtocol" => $min_protocols[$c_min],
-+ "MaxProtocol" => $max_protocols[$c_max],
-+ },
-+ "server" => {
-+ "MinProtocol" => $min_protocols[$s_min],
-+ "MaxProtocol" => $max_protocols[$s_max],
-+ },
-+ "test" => {
-+ "ExpectedResult" => $result,
-+ "Protocol" => $protocol,
-+ "Method" => $method,
-+ }
-+ };
-+ }
-+ }
-+ }
-+ }
-+ return @tests;
-+}
-+
-+sub generate_resumption_tests {
-+ my ($method) = @_;
-+
-+ my $dtls = $method eq "DTLS";
-+ # Don't write the redundant "Method = TLS" into the configuration.
-+ undef $method if !$dtls;
-+
-+ my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
-+ my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
-+
-+ if (no_tests($dtls)) {
-+ return;
-+ }
-+
-+ my @server_tests = ();
-+ my @client_tests = ();
-+
-+ # Obtain the first session against a fixed-version server/client.
-+ foreach my $original_protocol($min_enabled..$#protocols) {
-+ # Upgrade or downgrade the server/client max version support and test
-+ # that it upgrades, downgrades or resumes the session as well.
-+ foreach my $resume_protocol($min_enabled..$#protocols) {
-+ my $resumption_expected;
-+ # We should only resume on exact version match.
-+ if ($original_protocol eq $resume_protocol) {
-+ $resumption_expected = "Yes";
-+ } else {
-+ $resumption_expected = "No";
-+ }
-+
-+ foreach my $ticket ("SessionTicket", "-SessionTicket") {
-+ # Client is flexible, server upgrades/downgrades.
-+ push @server_tests, {
-+ "name" => "resumption",
-+ "client" => { },
-+ "server" => {
-+ "MinProtocol" => $protocols[$original_protocol],
-+ "MaxProtocol" => $protocols[$original_protocol],
-+ "Options" => $ticket,
-+ },
-+ "resume_server" => {
-+ "MaxProtocol" => $protocols[$resume_protocol],
-+ },
-+ "test" => {
-+ "Protocol" => $protocols[$resume_protocol],
-+ "Method" => $method,
-+ "HandshakeMode" => "Resume",
-+ "ResumptionExpected" => $resumption_expected,
-+ }
-+ };
-+ # Server is flexible, client upgrades/downgrades.
-+ push @client_tests, {
-+ "name" => "resumption",
-+ "client" => {
-+ "MinProtocol" => $protocols[$original_protocol],
-+ "MaxProtocol" => $protocols[$original_protocol],
-+ },
-+ "server" => {
-+ "Options" => $ticket,
-+ },
-+ "resume_client" => {
-+ "MaxProtocol" => $protocols[$resume_protocol],
-+ },
-+ "test" => {
-+ "Protocol" => $protocols[$resume_protocol],
-+ "Method" => $method,
-+ "HandshakeMode" => "Resume",
-+ "ResumptionExpected" => $resumption_expected,
-+ }
-+ };
-+ }
-+ }
-+ }
-+
-+ return (@server_tests, @client_tests);
-+}
-+
-+sub expected_result {
-+ my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
-+ $protocols) = @_;
-+
-+ # Adjust for "undef" (no limit).
-+ $c_min = $c_min == 0 ? 0 : $c_min - 1;
-+ $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
-+ $s_min = $s_min == 0 ? 0 : $s_min - 1;
-+ $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
-+
-+ # We now have at least one protocol enabled, so $min_enabled and
-+ # $max_enabled are well-defined.
-+ $c_min = max $c_min, $min_enabled;
-+ $s_min = max $s_min, $min_enabled;
-+ $c_max = min $c_max, $max_enabled;
-+ $s_max = min $s_max, $max_enabled;
-+
-+ if ($c_min > $c_max) {
-+ # Client should fail to even send a hello.
-+ # This results in an internal error since the server will be
-+ # waiting for input that never arrives.
-+ return ("InternalError", undef);
-+ } elsif ($s_min > $s_max) {
-+ # Server has no protocols, should always fail.
-+ return ("ServerFail", undef);
-+ } elsif ($s_min > $c_max) {
-+ # Server doesn't support the client range.
-+ return ("ServerFail", undef);
-+ } elsif ($c_min > $s_max) {
-+ # Server will try with a version that is lower than the lowest
-+ # supported client version.
-+ return ("ClientFail", undef);
-+ } else {
-+ # Server and client ranges overlap.
-+ my $max_common = $s_max < $c_max ? $s_max : $c_max;
-+ return ("Success", $protocols->[$max_common]);
-+ }
-+}
-+
-+1;
---- a/test/ssl-tests/ssltests_base.pm
-+++ b/test/ssl-tests/ssltests_base.pm
-@@ -1,4 +1,10 @@
- # -*- mode: perl; -*-
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- ## SSL test configurations
-
---- a/test/ssl_test.c
-+++ b/test/ssl_test.c
-@@ -1,14 +1,14 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <stdio.h>
-+#include <string.h>
-
- #include <openssl/conf.h>
- #include <openssl/err.h>
-@@ -40,23 +40,23 @@ static const char *print_alert(int alert
- return alert ? SSL_alert_desc_string_long(alert) : "no alert";
- }
-
--static int check_result(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
-+static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
- {
-- if (result.result != test_ctx->expected_result) {
-+ if (result->result != test_ctx->expected_result) {
- fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n",
-- ssl_test_result_t_name(test_ctx->expected_result),
-- ssl_test_result_t_name(result.result));
-+ ssl_test_result_name(test_ctx->expected_result),
-+ ssl_test_result_name(result->result));
- return 0;
- }
- return 1;
- }
-
--static int check_alerts(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
-+static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
- {
-- if (result.client_alert_sent != result.client_alert_received) {
-+ if (result->client_alert_sent != result->client_alert_received) {
- fprintf(stderr, "Client sent alert %s but server received %s\n.",
-- print_alert(result.client_alert_sent),
-- print_alert(result.client_alert_received));
-+ print_alert(result->client_alert_sent),
-+ print_alert(result->client_alert_received));
- /*
- * We can't bail here because the peer doesn't always get far enough
- * to process a received alert. Specifically, in protocol version
-@@ -71,10 +71,10 @@ static int check_alerts(HANDSHAKE_RESULT
- /* return 0; */
- }
-
-- if (result.server_alert_sent != result.server_alert_received) {
-+ if (result->server_alert_sent != result->server_alert_received) {
- fprintf(stderr, "Server sent alert %s but client received %s\n.",
-- print_alert(result.server_alert_sent),
-- print_alert(result.server_alert_received));
-+ print_alert(result->server_alert_sent),
-+ print_alert(result->server_alert_received));
- /* return 0; */
- }
-
-@@ -85,92 +85,215 @@ static int check_alerts(HANDSHAKE_RESULT
- * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
- * where the low byte is the alert code and the high byte is other stuff.
- */
-- && (result.client_alert_sent & 0xff) != test_ctx->client_alert) {
-+ && (result->client_alert_sent & 0xff) != test_ctx->client_alert) {
- fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n",
- print_alert(test_ctx->client_alert),
-- print_alert(result.client_alert_sent));
-+ print_alert(result->client_alert_sent));
- return 0;
- }
-
- if (test_ctx->server_alert
-- && (result.server_alert_sent & 0xff) != test_ctx->server_alert) {
-+ && (result->server_alert_sent & 0xff) != test_ctx->server_alert) {
- fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n",
- print_alert(test_ctx->server_alert),
-- print_alert(result.server_alert_sent));
-+ print_alert(result->server_alert_sent));
- return 0;
- }
-
- return 1;
- }
-
--static int check_protocol(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
-+static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
- {
-- if (result.client_protocol != result.server_protocol) {
-+ if (result->client_protocol != result->server_protocol) {
- fprintf(stderr, "Client has protocol %s but server has %s\n.",
-- ssl_protocol_name(result.client_protocol),
-- ssl_protocol_name(result.server_protocol));
-+ ssl_protocol_name(result->client_protocol),
-+ ssl_protocol_name(result->server_protocol));
- return 0;
- }
-
- if (test_ctx->protocol) {
-- if (result.client_protocol != test_ctx->protocol) {
-+ if (result->client_protocol != test_ctx->protocol) {
- fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n",
- ssl_protocol_name(test_ctx->protocol),
-- ssl_protocol_name(result.client_protocol));
-+ ssl_protocol_name(result->client_protocol));
- return 0;
- }
- }
- return 1;
- }
-
-+static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
-+{
-+ if (result->servername != test_ctx->expected_servername) {
-+ fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
-+ ssl_servername_name(test_ctx->expected_servername),
-+ ssl_servername_name(result->servername));
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
-+{
-+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
-+ return 1;
-+ if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN &&
-+ result->session_ticket == SSL_TEST_SESSION_TICKET_NO)
-+ return 1;
-+ if (result->session_ticket != test_ctx->session_ticket_expected) {
-+ fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
-+ ssl_session_ticket_name(test_ctx->session_ticket_expected),
-+ ssl_session_ticket_name(result->session_ticket));
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
-+{
-+ int ret = 1;
-+ ret &= strings_equal("NPN Negotiated (client vs server)",
-+ result->client_npn_negotiated,
-+ result->server_npn_negotiated);
-+ ret &= strings_equal("ExpectedNPNProtocol",
-+ test_ctx->expected_npn_protocol,
-+ result->client_npn_negotiated);
-+ return ret;
-+}
-+
-+static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
-+{
-+ int ret = 1;
-+ ret &= strings_equal("ALPN Negotiated (client vs server)",
-+ result->client_alpn_negotiated,
-+ result->server_alpn_negotiated);
-+ ret &= strings_equal("ExpectedALPNProtocol",
-+ test_ctx->expected_alpn_protocol,
-+ result->client_alpn_negotiated);
-+ return ret;
-+}
-+#endif
-+
-+static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
-+{
-+ if (result->client_resumed != result->server_resumed) {
-+ fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n",
-+ result->client_resumed, result->server_resumed);
-+ return 0;
-+ }
-+ if (result->client_resumed != test_ctx->resumption_expected) {
-+ fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n",
-+ test_ctx->resumption_expected, result->client_resumed);
-+ return 0;
-+ }
-+ return 1;
-+}
-+
- /*
- * This could be further simplified by constructing an expected
- * HANDSHAKE_RESULT, and implementing comparison methods for
- * its fields.
- */
--static int check_test(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
-+static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
- {
- int ret = 1;
- ret &= check_result(result, test_ctx);
- ret &= check_alerts(result, test_ctx);
-- if (result.result == SSL_TEST_SUCCESS)
-+ if (result->result == SSL_TEST_SUCCESS) {
- ret &= check_protocol(result, test_ctx);
-+ ret &= check_servername(result, test_ctx);
-+ ret &= check_session_ticket(result, test_ctx);
-+ ret &= (result->session_ticket_do_not_call == 0);
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ ret &= check_npn(result, test_ctx);
-+ ret &= check_alpn(result, test_ctx);
-+#endif
-+ ret &= check_resumption(result, test_ctx);
-+ }
- return ret;
- }
-
- static int execute_test(SSL_TEST_FIXTURE fixture)
- {
- int ret = 0;
-- SSL_CTX *server_ctx = NULL, *client_ctx = NULL;
-+ SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
-+ *resume_server_ctx = NULL, *resume_client_ctx = NULL;
- SSL_TEST_CTX *test_ctx = NULL;
-- HANDSHAKE_RESULT result;
-+ HANDSHAKE_RESULT *result = NULL;
-+
-+ test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
-+ if (test_ctx == NULL)
-+ goto err;
-+
-+#ifndef OPENSSL_NO_DTLS
-+ if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
-+ server_ctx = SSL_CTX_new(DTLS_server_method());
-+ if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) {
-+ server2_ctx = SSL_CTX_new(DTLS_server_method());
-+ OPENSSL_assert(server2_ctx != NULL);
-+ }
-+ client_ctx = SSL_CTX_new(DTLS_client_method());
-+ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
-+ resume_server_ctx = SSL_CTX_new(DTLS_server_method());
-+ resume_client_ctx = SSL_CTX_new(DTLS_client_method());
-+ OPENSSL_assert(resume_server_ctx != NULL);
-+ OPENSSL_assert(resume_client_ctx != NULL);
-+ }
-+ }
-+#endif
-+ if (test_ctx->method == SSL_TEST_METHOD_TLS) {
-+ server_ctx = SSL_CTX_new(TLS_server_method());
-+ if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) {
-+ server2_ctx = SSL_CTX_new(TLS_server_method());
-+ OPENSSL_assert(server2_ctx != NULL);
-+ }
-+ client_ctx = SSL_CTX_new(TLS_client_method());
-
-- server_ctx = SSL_CTX_new(TLS_server_method());
-- client_ctx = SSL_CTX_new(TLS_client_method());
-- OPENSSL_assert(server_ctx != NULL && client_ctx != NULL);
-+ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
-+ resume_server_ctx = SSL_CTX_new(TLS_server_method());
-+ resume_client_ctx = SSL_CTX_new(TLS_client_method());
-+ OPENSSL_assert(resume_server_ctx != NULL);
-+ OPENSSL_assert(resume_client_ctx != NULL);
-+ }
-+ }
-+
-+ OPENSSL_assert(server_ctx != NULL);
-+ OPENSSL_assert(client_ctx != NULL);
-
- OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
-
- if (!SSL_CTX_config(server_ctx, "server")
-- || !SSL_CTX_config(client_ctx, "client")) {
-+ || !SSL_CTX_config(client_ctx, "client")) {
- goto err;
- }
-
-- test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
-- if (test_ctx == NULL)
-+ if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
-+ goto err;
-+ if (resume_server_ctx != NULL
-+ && !SSL_CTX_config(resume_server_ctx, "resume-server"))
-+ goto err;
-+ if (resume_client_ctx != NULL
-+ && !SSL_CTX_config(resume_client_ctx, "resume-client"))
- goto err;
-
-- result = do_handshake(server_ctx, client_ctx);
-+ result = do_handshake(server_ctx, server2_ctx, client_ctx,
-+ resume_server_ctx, resume_client_ctx, test_ctx);
-
- ret = check_test(result, test_ctx);
-
- err:
- CONF_modules_unload(0);
- SSL_CTX_free(server_ctx);
-+ SSL_CTX_free(server2_ctx);
- SSL_CTX_free(client_ctx);
-+ SSL_CTX_free(resume_server_ctx);
-+ SSL_CTX_free(resume_client_ctx);
- SSL_TEST_CTX_free(test_ctx);
- if (ret != 1)
- ERR_print_errors_fp(stderr);
-+ HANDSHAKE_RESULT_free(result);
- return ret;
- }
-
---- a/test/ssl_test.tmpl
-+++ b/test/ssl_test.tmpl
-@@ -3,22 +3,56 @@ ssl_conf = {-$testname-}-ssl
-
- [{-$testname-}-ssl]
- server = {-$testname-}-server
--client = {-$testname-}-client
-+client = {-$testname-}-client{-
-+ # The following sections are optional.
-+ $OUT = "";
-+ if (%server2) {
-+ $OUT .= "\nserver2 = $testname-server2";
-+ } elsif ($reuse_server2) {
-+ $OUT .= "\nserver2 = $testname-server";
-+ }
-+ if (%resume_server) {
-+ $OUT .= "\nresume-server = $testname-resume-server";
-+ } elsif ($reuse_resume_server) {
-+ $OUT .= "\nresume-server = $testname-server";
-+ }
-+ if (%resume_client) {
-+ $OUT .= "\nresume-client = $testname-resume-client";
-+ } elsif ($reuse_resume_client) {
-+ $OUT .= "\nresume-client = $testname-client";
-+ }
-+-}
-
- [{-$testname-}-server]
- {-
- foreach my $key (sort keys %server) {
- $OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key};
- }
-+ if (%server2) {
-+ $OUT .= "\n[$testname-server2]\n";
-+ foreach my $key (sort keys %server2) {
-+ $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
-+ }
-+ }
-+ if (%resume_server) {
-+ $OUT .= "\n[$testname-resume-server]\n";
-+ foreach my $key (sort keys %resume_server) {
-+ $OUT .= qq{$key} . " = " . qq{$resume_server{$key}\n} if defined $resume_server{$key};
-+ }
-+ }
- -}
--
- [{-$testname-}-client]
- {-
- foreach my $key (sort keys %client) {
- $OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key};
- }
-+ if (%resume_client) {
-+ $OUT .= "\n[$testname-resume-client]\n";
-+ foreach my $key (sort keys %resume_client) {
-+ $OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key};
-+ }
-+ }
- -}
--
- [test-{-$idx-}]
- {-
- foreach my $key (sort keys %test) {
---- a/test/ssl_test_ctx.c
-+++ b/test/ssl_test_ctx.c
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #include <string.h>
-@@ -71,7 +70,7 @@ static const test_enum ssl_test_results[
- return 1;
- }
-
--const char *ssl_test_result_t_name(ssl_test_result_t result)
-+const char *ssl_test_result_name(ssl_test_result_t result)
- {
- return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
- }
-@@ -82,6 +81,10 @@ const char *ssl_test_result_t_name(ssl_t
-
- static const test_enum ssl_alerts[] = {
- {"UnknownCA", SSL_AD_UNKNOWN_CA},
-+ {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
-+ {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
-+ {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
-+ {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
- };
-
- __owur static int parse_alert(int *alert, const char *value)
-@@ -113,6 +116,8 @@ static const test_enum ssl_protocols[] =
- {"TLSv1.1", TLS1_1_VERSION},
- {"TLSv1", TLS1_VERSION},
- {"SSLv3", SSL3_VERSION},
-+ {"DTLSv1", DTLS1_VERSION},
-+ {"DTLSv1.2", DTLS1_2_VERSION},
- };
-
- __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
-@@ -126,6 +131,226 @@ const char *ssl_protocol_name(int protoc
- return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
- }
-
-+/***********************/
-+/* CertVerifyCallback. */
-+/***********************/
-+
-+static const test_enum ssl_verify_callbacks[] = {
-+ {"None", SSL_TEST_VERIFY_NONE},
-+ {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
-+ {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
-+};
-+
-+__owur static int parse_client_verify_callback(SSL_TEST_CTX *test_ctx,
-+ const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
-+ &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->client_verify_callback = ret_value;
-+ return 1;
-+}
-+
-+const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
-+{
-+ return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
-+ callback);
-+}
-+
-+/**************/
-+/* ServerName */
-+/**************/
-+
-+static const test_enum ssl_servername[] = {
-+ {"None", SSL_TEST_SERVERNAME_NONE},
-+ {"server1", SSL_TEST_SERVERNAME_SERVER1},
-+ {"server2", SSL_TEST_SERVERNAME_SERVER2},
-+ {"invalid", SSL_TEST_SERVERNAME_INVALID},
-+};
-+
-+__owur static int parse_servername(SSL_TEST_CTX *test_ctx,
-+ const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
-+ &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->servername = ret_value;
-+ return 1;
-+}
-+
-+__owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
-+ const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
-+ &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->expected_servername = ret_value;
-+ return 1;
-+}
-+
-+const char *ssl_servername_name(ssl_servername_t server)
-+{
-+ return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
-+ server);
-+}
-+
-+/***********************/
-+/* ServerNameCallback. */
-+/***********************/
-+
-+static const test_enum ssl_servername_callbacks[] = {
-+ {"None", SSL_TEST_SERVERNAME_CB_NONE},
-+ {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
-+ {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
-+};
-+
-+__owur static int parse_servername_callback(SSL_TEST_CTX *test_ctx,
-+ const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_servername_callbacks,
-+ OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->servername_callback = ret_value;
-+ return 1;
-+}
-+
-+const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
-+{
-+ return enum_name(ssl_servername_callbacks,
-+ OSSL_NELEM(ssl_servername_callbacks), callback);
-+}
-+
-+/*************************/
-+/* SessionTicketExpected */
-+/*************************/
-+
-+static const test_enum ssl_session_ticket[] = {
-+ {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
-+ {"Yes", SSL_TEST_SESSION_TICKET_YES},
-+ {"No", SSL_TEST_SESSION_TICKET_NO},
-+ {"Broken", SSL_TEST_SESSION_TICKET_BROKEN},
-+};
-+
-+__owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
-+ &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->session_ticket_expected = ret_value;
-+ return 1;
-+}
-+
-+const char *ssl_session_ticket_name(ssl_session_ticket_t server)
-+{
-+ return enum_name(ssl_session_ticket,
-+ OSSL_NELEM(ssl_session_ticket),
-+ server);
-+}
-+
-+/***********************/
-+/* Method. */
-+/***********************/
-+
-+static const test_enum ssl_test_methods[] = {
-+ {"TLS", SSL_TEST_METHOD_TLS},
-+ {"DTLS", SSL_TEST_METHOD_DTLS},
-+};
-+
-+__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
-+ &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->method = ret_value;
-+ return 1;
-+}
-+
-+const char *ssl_test_method_name(ssl_test_method_t method)
-+{
-+ return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
-+}
-+
-+#define IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(field) \
-+ static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \
-+ { \
-+ OPENSSL_free(test_ctx->field); \
-+ test_ctx->field = OPENSSL_strdup(value); \
-+ OPENSSL_assert(test_ctx->field != NULL); \
-+ return 1; \
-+ }
-+
-+/************************************/
-+/* NPN and ALPN options */
-+/************************************/
-+
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_npn_protocol)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols)
-+IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol)
-+
-+/***********************/
-+/* Handshake mode */
-+/***********************/
-+
-+static const test_enum ssl_handshake_modes[] = {
-+ {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
-+ {"Resume", SSL_TEST_HANDSHAKE_RESUME},
-+ {"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE},
-+};
-+
-+__owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
-+{
-+ int ret_value;
-+ if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
-+ &ret_value, value)) {
-+ return 0;
-+ }
-+ test_ctx->handshake_mode = ret_value;
-+ return 1;
-+}
-+
-+const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
-+{
-+ return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
-+ mode);
-+}
-+
-+static int parse_boolean(const char *value, int *result)
-+{
-+ if (strcasecmp(value, "Yes") == 0) {
-+ *result = 1;
-+ return 1;
-+ }
-+ else if (strcasecmp(value, "No") == 0) {
-+ *result = 0;
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+#define IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(field) \
-+ static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \
-+ { \
-+ return parse_boolean(value, &test_ctx->field); \
-+ }
-+
-+IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(resumption_expected)
-
- /*************************************************************/
- /* Known test options and their corresponding parse methods. */
-@@ -141,9 +366,24 @@ static const ssl_test_ctx_option ssl_tes
- { "ClientAlert", &parse_client_alert },
- { "ServerAlert", &parse_server_alert },
- { "Protocol", &parse_protocol },
-+ { "ClientVerifyCallback", &parse_client_verify_callback },
-+ { "ServerName", &parse_servername },
-+ { "ExpectedServerName", &parse_expected_servername },
-+ { "ServerNameCallback", &parse_servername_callback },
-+ { "SessionTicketExpected", &parse_session_ticket },
-+ { "Method", &parse_test_method },
-+ { "ClientNPNProtocols", &parse_client_npn_protocols },
-+ { "ServerNPNProtocols", &parse_server_npn_protocols },
-+ { "Server2NPNProtocols", &parse_server2_npn_protocols },
-+ { "ExpectedNPNProtocol", &parse_expected_npn_protocol },
-+ { "ClientALPNProtocols", &parse_client_alpn_protocols },
-+ { "ServerALPNProtocols", &parse_server_alpn_protocols },
-+ { "Server2ALPNProtocols", &parse_server2_alpn_protocols },
-+ { "ExpectedALPNProtocol", &parse_expected_alpn_protocol },
-+ { "HandshakeMode", &parse_handshake_mode },
-+ { "ResumptionExpected", &parse_resumption_expected },
- };
-
--
- /*
- * Since these methods are used to create tests, we use OPENSSL_assert liberally
- * for malloc failures and other internal errors.
-@@ -153,12 +393,22 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
- SSL_TEST_CTX *ret;
- ret = OPENSSL_zalloc(sizeof(*ret));
- OPENSSL_assert(ret != NULL);
-- ret->expected_result = SSL_TEST_SUCCESS;
- return ret;
- }
-
- void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
- {
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ OPENSSL_free(ctx->client_npn_protocols);
-+ OPENSSL_free(ctx->server_npn_protocols);
-+ OPENSSL_free(ctx->server2_npn_protocols);
-+ OPENSSL_free(ctx->client_alpn_protocols);
-+ OPENSSL_free(ctx->server_alpn_protocols);
-+ OPENSSL_free(ctx->server2_alpn_protocols);
-+ OPENSSL_free(ctx->expected_npn_protocol);
-+ OPENSSL_free(ctx->expected_alpn_protocol);
-+#endif
- OPENSSL_free(ctx);
- }
-
---- a/test/ssl_test_ctx.h
-+++ b/test/ssl_test_ctx.h
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- #ifndef HEADER_SSL_TEST_CTX_H
-@@ -15,12 +14,52 @@
- #include <openssl/ssl.h>
-
- typedef enum {
-- SSL_TEST_SUCCESS, /* Default */
-+ SSL_TEST_SUCCESS = 0, /* Default */
- SSL_TEST_SERVER_FAIL,
- SSL_TEST_CLIENT_FAIL,
-- SSL_TEST_INTERNAL_ERROR
-+ SSL_TEST_INTERNAL_ERROR,
-+ /* Couldn't test resumption/renegotiation: original handshake failed. */
-+ SSL_TEST_FIRST_HANDSHAKE_FAILED
- } ssl_test_result_t;
-
-+typedef enum {
-+ SSL_TEST_VERIFY_NONE = 0, /* Default */
-+ SSL_TEST_VERIFY_ACCEPT_ALL,
-+ SSL_TEST_VERIFY_REJECT_ALL
-+} ssl_verify_callback_t;
-+
-+typedef enum {
-+ SSL_TEST_SERVERNAME_NONE = 0, /* Default */
-+ SSL_TEST_SERVERNAME_SERVER1,
-+ SSL_TEST_SERVERNAME_SERVER2,
-+ SSL_TEST_SERVERNAME_INVALID
-+} ssl_servername_t;
-+
-+typedef enum {
-+ SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */
-+ SSL_TEST_SERVERNAME_IGNORE_MISMATCH,
-+ SSL_TEST_SERVERNAME_REJECT_MISMATCH
-+} ssl_servername_callback_t;
-+
-+typedef enum {
-+ SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */
-+ SSL_TEST_SESSION_TICKET_YES,
-+ SSL_TEST_SESSION_TICKET_NO,
-+ SSL_TEST_SESSION_TICKET_BROKEN /* Special test */
-+} ssl_session_ticket_t;
-+
-+typedef enum {
-+ SSL_TEST_METHOD_TLS = 0, /* Default */
-+ SSL_TEST_METHOD_DTLS
-+} ssl_test_method_t;
-+
-+typedef enum {
-+ SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */
-+ SSL_TEST_HANDSHAKE_RESUME,
-+ /* Not yet implemented */
-+ SSL_TEST_HANDSHAKE_RENEGOTIATE
-+} ssl_handshake_mode_t;
-+
- typedef struct ssl_test_ctx {
- /* Test expectations. */
- /* Defaults to SUCCESS. */
-@@ -34,11 +73,55 @@ typedef struct ssl_test_ctx {
- /* Negotiated protocol version. 0 if no expectation. */
- /* See ssl.h for protocol versions. */
- int protocol;
-+ /* One of a number of predefined custom callbacks. */
-+ ssl_verify_callback_t client_verify_callback;
-+ /* One of a number of predefined server names use by the client */
-+ ssl_servername_t servername;
-+ /*
-+ * The expected SNI context to use.
-+ * We test server-side that the server switched to the expected context.
-+ * Set by the callback upon success, so if the callback wasn't called or
-+ * terminated with an alert, the servername will match with
-+ * SSL_TEST_SERVERNAME_NONE.
-+ * Note: in the event that the servername was accepted, the client should
-+ * also receive an empty SNI extension back but we have no way of probing
-+ * client-side via the API that this was the case.
-+ */
-+ ssl_servername_t expected_servername;
-+ ssl_servername_callback_t servername_callback;
-+ ssl_session_ticket_t session_ticket_expected;
-+ /* Whether the server/client CTX should use DTLS or TLS. */
-+ ssl_test_method_t method;
-+
-+ /*
-+ * NPN and ALPN protocols supported by the client, server, and second
-+ * (SNI) server. A comma-separated list.
-+ */
-+ char *client_npn_protocols;
-+ char *server_npn_protocols;
-+ char *server2_npn_protocols;
-+ char *expected_npn_protocol;
-+ char *client_alpn_protocols;
-+ char *server_alpn_protocols;
-+ char *server2_alpn_protocols;
-+ char *expected_alpn_protocol;
-+
-+ /* Whether to test a resumed/renegotiated handshake. */
-+ ssl_handshake_mode_t handshake_mode;
-+ /* Whether the second handshake is resumed or a full handshake (boolean). */
-+ int resumption_expected;
- } SSL_TEST_CTX;
-
--const char *ssl_test_result_t_name(ssl_test_result_t result);
-+const char *ssl_test_result_name(ssl_test_result_t result);
- const char *ssl_alert_name(int alert);
- const char *ssl_protocol_name(int protocol);
-+const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
-+const char *ssl_servername_name(ssl_servername_t server);
-+const char *ssl_servername_callback_name(ssl_servername_callback_t
-+ servername_callback);
-+const char *ssl_session_ticket_name(ssl_session_ticket_t server);
-+const char *ssl_test_method_name(ssl_test_method_t method);
-+const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode);
-
- /*
- * Load the test case context from |conf|.
---- a/test/ssl_test_ctx_test.c
-+++ b/test/ssl_test_ctx_test.c
-@@ -1,11 +1,10 @@
- /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Licensed under the OpenSSL licenses, (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
-- * or in the file LICENSE in the source distribution.
- */
-
- /*
-@@ -14,6 +13,7 @@
- */
-
- #include <stdio.h>
-+#include <string.h>
-
- #include "e_os.h"
- #include "ssl_test_ctx.h"
-@@ -37,29 +37,102 @@ static int SSL_TEST_CTX_equal(SSL_TEST_C
- {
- if (ctx->expected_result != ctx2->expected_result) {
- fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
-- ssl_test_result_t_name(ctx->expected_result),
-- ssl_test_result_t_name(ctx2->expected_result));
-+ ssl_test_result_name(ctx->expected_result),
-+ ssl_test_result_name(ctx2->expected_result));
- return 0;
- }
- if (ctx->client_alert != ctx2->client_alert) {
- fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
-- ssl_alert_name(ctx->expected_result),
-- ssl_alert_name(ctx2->expected_result));
-+ ssl_alert_name(ctx->client_alert),
-+ ssl_alert_name(ctx2->client_alert));
- return 0;
- }
- if (ctx->server_alert != ctx2->server_alert) {
- fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n",
-- ssl_alert_name(ctx->expected_result),
-- ssl_alert_name(ctx2->expected_result));
-+ ssl_alert_name(ctx->server_alert),
-+ ssl_alert_name(ctx2->server_alert));
- return 0;
- }
- if (ctx->protocol != ctx2->protocol) {
- fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
-- ssl_protocol_name(ctx->expected_result),
-- ssl_protocol_name(ctx2->expected_result));
-+ ssl_protocol_name(ctx->protocol),
-+ ssl_protocol_name(ctx2->protocol));
- return 0;
- }
-+ if (ctx->client_verify_callback != ctx2->client_verify_callback) {
-+ fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
-+ ssl_verify_callback_name(ctx->client_verify_callback),
-+ ssl_verify_callback_name(ctx2->client_verify_callback));
-+ return 0;
-+ }
-+ if (ctx->servername != ctx2->servername) {
-+ fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
-+ ssl_servername_name(ctx->servername),
-+ ssl_servername_name(ctx2->servername));
-+ return 0;
-+ }
-+ if (ctx->expected_servername != ctx2->expected_servername) {
-+ fprintf(stderr, "ExpectedServerName mismatch: %s vs %s.\n",
-+ ssl_servername_name(ctx->expected_servername),
-+ ssl_servername_name(ctx2->expected_servername));
-+ return 0;
-+ }
-+ if (ctx->servername_callback != ctx2->servername_callback) {
-+ fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n",
-+ ssl_servername_callback_name(ctx->servername_callback),
-+ ssl_servername_callback_name(ctx2->servername_callback));
-+ return 0;
-+ }
-+ if (ctx->session_ticket_expected != ctx2->session_ticket_expected) {
-+ fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
-+ ssl_session_ticket_name(ctx->session_ticket_expected),
-+ ssl_session_ticket_name(ctx2->session_ticket_expected));
-+ return 0;
-+ }
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
-+ ctx2->client_npn_protocols))
-+ return 0;
-+ if (ctx->method != ctx2->method) {
-+ fprintf(stderr, "Method mismatch: %s vs %s.\n",
-+ ssl_test_method_name(ctx->method),
-+ ssl_test_method_name(ctx2->method));
-+ return 0;
-+ }
-+ if (!strings_equal("ServerNPNProtocols", ctx->server_npn_protocols,
-+ ctx2->server_npn_protocols))
-+ return 0;
-+ if (!strings_equal("Server2NPNProtocols", ctx->server_npn_protocols,
-+ ctx2->server_npn_protocols))
-+ return 0;
-+ if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol,
-+ ctx2->expected_npn_protocol))
-+ return 0;
-+ if (!strings_equal("ClientALPNProtocols", ctx->client_alpn_protocols,
-+ ctx2->client_alpn_protocols))
-+ return 0;
-
-+ if (!strings_equal("ServerALPNProtocols", ctx->server_alpn_protocols,
-+ ctx2->server_alpn_protocols))
-+ return 0;
-+ if (!strings_equal("Server2ALPNProtocols", ctx->server_alpn_protocols,
-+ ctx2->server_alpn_protocols))
-+ return 0;
-+ if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
-+ ctx2->expected_alpn_protocol))
-+ return 0;
-+#endif
-+ if (ctx->handshake_mode != ctx2->handshake_mode) {
-+ fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
-+ ssl_handshake_mode_name(ctx->handshake_mode),
-+ ssl_handshake_mode_name(ctx2->handshake_mode));
-+ return 0;
-+ }
-+ if (ctx->resumption_expected != ctx2->resumption_expected) {
-+ fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n",
-+ ctx->resumption_expected, ctx2->resumption_expected);
-+ return 0;
-+ }
- return 1;
- }
-
-@@ -136,6 +209,21 @@ static int test_good_configuration()
- fixture.expected_ctx->client_alert = SSL_AD_UNKNOWN_CA;
- fixture.expected_ctx->server_alert = 0; /* No alert. */
- fixture.expected_ctx->protocol = TLS1_1_VERSION;
-+ fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL;
-+ fixture.expected_ctx->servername = SSL_TEST_SERVERNAME_SERVER2;
-+ fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2;
-+ fixture.expected_ctx->servername_callback =
-+ SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
-+ fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
-+ fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
-+ fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
-+ OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
-+ OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
-+#endif
-+ fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
-+ fixture.expected_ctx->resumption_expected = 1;
- EXECUTE_SSL_TEST_CTX_TEST();
- }
-
-@@ -144,6 +232,13 @@ static const char *bad_configurations[]
- "ssltest_unknown_expected_result",
- "ssltest_unknown_alert",
- "ssltest_unknown_protocol",
-+ "ssltest_unknown_verify_callback",
-+ "ssltest_unknown_servername",
-+ "ssltest_unknown_servername_callback",
-+ "ssltest_unknown_session_ticket_expected",
-+ "ssltest_unknown_method",
-+ "ssltest_unknown_handshake_mode",
-+ "ssltest_unknown_resumption_expected",
- };
-
- static int test_bad_configuration(int idx)
---- a/test/ssl_test_ctx_test.conf
-+++ b/test/ssl_test_ctx_test.conf
-@@ -4,6 +4,16 @@
- ExpectedResult = ServerFail
- ClientAlert = UnknownCA
- Protocol = TLSv1.1
-+ClientVerifyCallback = RejectAll
-+ServerName = server2
-+ExpectedServerName = server2
-+ServerNameCallback = IgnoreMismatch
-+SessionTicketExpected = Yes
-+Method = DTLS
-+ClientNPNProtocols = foo,bar
-+Server2ALPNProtocols = baz
-+HandshakeMode = Resume
-+ResumptionExpected = yes
-
- [ssltest_unknown_option]
- UnknownOption = Foo
-@@ -16,3 +26,24 @@ ServerAlert = Foo
-
- [ssltest_unknown_protocol]
- Protocol = Foo
-+
-+[ssltest_unknown_verify_callback]
-+ClientVerifyCallback = Foo
-+
-+[ssltest_unknown_servername]
-+ServerName = Foo
-+
-+[ssltest_unknown_servername_callback]
-+ServerNameCallback = Foo
-+
-+[ssltest_unknown_session_ticket_expected]
-+SessionTicketExpected = Foo
-+
-+[ssltest_unknown_method]
-+Method = TLS2
-+
-+[ssltest_unknown_handshake_mode]
-+HandshakeMode = Foo
-+
-+[ssltest_unknown_resumption_expected]
-+ResumptionExpected = Foo
---- /dev/null
-+++ b/test/sslapitest.c
-@@ -0,0 +1,601 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <openssl/opensslconf.h>
-+#include <openssl/bio.h>
-+#include <openssl/crypto.h>
-+#include <openssl/ssl.h>
-+
-+#include "ssltestlib.h"
-+#include "testutil.h"
-+
-+static char *cert = NULL;
-+static char *privkey = NULL;
-+
-+static int test_tlsext_status_type(void)
-+{
-+ SSL_CTX *ctx = NULL;
-+ SSL *con = NULL;
-+ int testresult = 0;
-+
-+ /* Test tlsext_status_type */
-+ ctx = SSL_CTX_new(TLS_method());
-+
-+ if (SSL_CTX_get_tlsext_status_type(ctx) != -1) {
-+ printf("Unexpected initial value for "
-+ "SSL_CTX_get_tlsext_status_type()\n");
-+ goto end;
-+ }
-+
-+ con = SSL_new(ctx);
-+
-+ if (SSL_get_tlsext_status_type(con) != -1) {
-+ printf("Unexpected initial value for SSL_get_tlsext_status_type()\n");
-+ goto end;
-+ }
-+
-+ if (!SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp)) {
-+ printf("Unexpected fail for SSL_set_tlsext_status_type()\n");
-+ goto end;
-+ }
-+
-+ if (SSL_get_tlsext_status_type(con) != TLSEXT_STATUSTYPE_ocsp) {
-+ printf("Unexpected result for SSL_get_tlsext_status_type()\n");
-+ goto end;
-+ }
-+
-+ SSL_free(con);
-+ con = NULL;
-+
-+ if (!SSL_CTX_set_tlsext_status_type(ctx, TLSEXT_STATUSTYPE_ocsp)) {
-+ printf("Unexpected fail for SSL_CTX_set_tlsext_status_type()\n");
-+ goto end;
-+ }
-+
-+ if (SSL_CTX_get_tlsext_status_type(ctx) != TLSEXT_STATUSTYPE_ocsp) {
-+ printf("Unexpected result for SSL_CTX_get_tlsext_status_type()\n");
-+ goto end;
-+ }
-+
-+ con = SSL_new(ctx);
-+
-+ if (SSL_get_tlsext_status_type(con) != TLSEXT_STATUSTYPE_ocsp) {
-+ printf("Unexpected result for SSL_get_tlsext_status_type() (test 2)\n");
-+ goto end;
-+ }
-+
-+ testresult = 1;
-+
-+ end:
-+ SSL_free(con);
-+ SSL_CTX_free(ctx);
-+
-+ return testresult;
-+}
-+
-+typedef struct ssl_session_test_fixture {
-+ const char *test_case_name;
-+ int use_ext_cache;
-+ int use_int_cache;
-+} SSL_SESSION_TEST_FIXTURE;
-+
-+static int new_called = 0, remove_called = 0;
-+
-+static SSL_SESSION_TEST_FIXTURE
-+ssl_session_set_up(const char *const test_case_name)
-+{
-+ SSL_SESSION_TEST_FIXTURE fixture;
-+
-+ fixture.test_case_name = test_case_name;
-+ fixture.use_ext_cache = 1;
-+ fixture.use_int_cache = 1;
-+
-+ new_called = remove_called = 0;
-+
-+ return fixture;
-+}
-+
-+static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture)
-+{
-+}
-+
-+static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
-+{
-+ new_called++;
-+
-+ return 1;
-+}
-+
-+static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
-+{
-+ remove_called++;
-+}
-+
-+static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
-+{
-+ SSL_CTX *sctx = NULL, *cctx = NULL;
-+ SSL *serverssl1 = NULL, *clientssl1 = NULL;
-+ SSL *serverssl2 = NULL, *clientssl2 = NULL;
-+ SSL *serverssl3 = NULL, *clientssl3 = NULL;
-+ SSL_SESSION *sess1 = NULL, *sess2 = NULL;
-+ int testresult = 0;
-+
-+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
-+ &cctx, cert, privkey)) {
-+ printf("Unable to create SSL_CTX pair\n");
-+ return 0;
-+ }
-+
-+#ifndef OPENSSL_NO_TLS1_2
-+ /* Only allow TLS1.2 so we can force a connection failure later */
-+ SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
-+#endif
-+
-+ /* Set up session cache */
-+ if (fix.use_ext_cache) {
-+ SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
-+ SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
-+ }
-+ if (fix.use_int_cache) {
-+ /* Also covers instance where both are set */
-+ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
-+ } else {
-+ SSL_CTX_set_session_cache_mode(cctx,
-+ SSL_SESS_CACHE_CLIENT
-+ | SSL_SESS_CACHE_NO_INTERNAL_STORE);
-+ }
-+
-+ if (!create_ssl_connection(sctx, cctx, &serverssl1, &clientssl1, NULL,
-+ NULL)) {
-+ printf("Unable to create SSL connection\n");
-+ goto end;
-+ }
-+ sess1 = SSL_get1_session(clientssl1);
-+ if (sess1 == NULL) {
-+ printf("Unexpected NULL session\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_int_cache && SSL_CTX_add_session(cctx, sess1)) {
-+ /* Should have failed because it should already be in the cache */
-+ printf("Unexpected success adding session to cache\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) {
-+ printf("Session not added to cache\n");
-+ goto end;
-+ }
-+
-+ if (!create_ssl_connection(sctx, cctx, &serverssl2, &clientssl2, NULL,
-+ NULL)) {
-+ printf("Unable to create second SSL connection\n");
-+ goto end;
-+ }
-+
-+ sess2 = SSL_get1_session(clientssl2);
-+ if (sess2 == NULL) {
-+ printf("Unexpected NULL session from clientssl2\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) {
-+ printf("Remove session callback unexpectedly called\n");
-+ goto end;
-+ }
-+
-+ /*
-+ * This should clear sess2 from the cache because it is a "bad" session. See
-+ * SSL_set_session() documentation.
-+ */
-+ if (!SSL_set_session(clientssl2, sess1)) {
-+ printf("Unexpected failure setting session\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) {
-+ printf("Failed to call callback to remove session\n");
-+ goto end;
-+ }
-+
-+
-+ if (SSL_get_session(clientssl2) != sess1) {
-+ printf("Unexpected session found\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_int_cache) {
-+ if (!SSL_CTX_add_session(cctx, sess2)) {
-+ /*
-+ * Should have succeeded because it should not already be in the cache
-+ */
-+ printf("Unexpected failure adding session to cache\n");
-+ goto end;
-+ }
-+
-+ if (!SSL_CTX_remove_session(cctx, sess2)) {
-+ printf("Unexpected failure removing session from cache\n");
-+ goto end;
-+ }
-+
-+ /* This is for the purposes of internal cache testing...ignore the
-+ * counter for external cache
-+ */
-+ if (fix.use_ext_cache)
-+ remove_called--;
-+ }
-+
-+ /* This shouldn't be in the cache so should fail */
-+ if (SSL_CTX_remove_session(cctx, sess2)) {
-+ printf("Unexpected success removing session from cache\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) {
-+ printf("Failed to call callback to remove session #2\n");
-+ goto end;
-+ }
-+
-+#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2)
-+ /* Force a connection failure */
-+ SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
-+ clientssl3 = SSL_new(cctx);
-+ if (clientssl3 == NULL) {
-+ printf("Malloc failure\n");
-+ goto end;
-+ }
-+ if (!SSL_set_session(clientssl3, sess1)) {
-+ printf("Unable to set session for third connection\n");
-+ goto end;
-+ }
-+
-+ /* This should fail because of the mismatched protocol versions */
-+ if (create_ssl_connection(sctx, cctx, &serverssl3, &clientssl3, NULL,
-+ NULL)) {
-+ printf("Unexpected success creating SSL connection\n");
-+ goto end;
-+ }
-+
-+ /* We should have automatically removed the session from the cache */
-+ if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) {
-+ printf("Failed to call callback to remove session #2\n");
-+ goto end;
-+ }
-+
-+ if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) {
-+ /*
-+ * Should have succeeded because it should not already be in the cache
-+ */
-+ printf("Unexpected failure adding session to cache #2\n");
-+ goto end;
-+ }
-+#endif
-+
-+ testresult = 1;
-+
-+ end:
-+ SSL_free(serverssl1);
-+ SSL_free(clientssl1);
-+ SSL_free(serverssl2);
-+ SSL_free(clientssl2);
-+ SSL_free(serverssl3);
-+ SSL_free(clientssl3);
-+ SSL_SESSION_free(sess1);
-+ SSL_SESSION_free(sess2);
-+ /*
-+ * Check if we need to remove any sessions up-refed for the external cache
-+ */
-+ if (new_called >= 1)
-+ SSL_SESSION_free(sess1);
-+ if (new_called >= 2)
-+ SSL_SESSION_free(sess2);
-+ SSL_CTX_free(sctx);
-+ SSL_CTX_free(cctx);
-+
-+ return testresult;
-+}
-+
-+static int test_session_with_only_int_cache(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
-+
-+ fixture.use_ext_cache = 0;
-+
-+ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
-+}
-+
-+static int test_session_with_only_ext_cache(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
-+
-+ fixture.use_int_cache = 0;
-+
-+ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
-+}
-+
-+static int test_session_with_both_cache(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up);
-+
-+ EXECUTE_TEST(execute_test_session, ssl_session_tear_down);
-+}
-+
-+#define USE_NULL 0
-+#define USE_BIO_1 1
-+#define USE_BIO_2 2
-+
-+#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
-+
-+static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
-+{
-+ switch (type) {
-+ case USE_NULL:
-+ *res = NULL;
-+ break;
-+ case USE_BIO_1:
-+ *res = bio1;
-+ break;
-+ case USE_BIO_2:
-+ *res = bio2;
-+ break;
-+ }
-+}
-+
-+static int test_ssl_set_bio(int idx)
-+{
-+ SSL_CTX *ctx = SSL_CTX_new(TLS_method());
-+ BIO *bio1 = NULL;
-+ BIO *bio2 = NULL;
-+ BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
-+ SSL *ssl = NULL;
-+ int initrbio, initwbio, newrbio, newwbio;
-+ int testresult = 0;
-+
-+ if (ctx == NULL) {
-+ printf("Failed to allocate SSL_CTX\n");
-+ goto end;
-+ }
-+
-+ ssl = SSL_new(ctx);
-+ if (ssl == NULL) {
-+ printf("Failed to allocate SSL object\n");
-+ goto end;
-+ }
-+
-+ initrbio = idx % 3;
-+ idx /= 3;
-+ initwbio = idx % 3;
-+ idx /= 3;
-+ newrbio = idx % 3;
-+ idx /= 3;
-+ newwbio = idx;
-+ OPENSSL_assert(newwbio <= 2);
-+
-+ if (initrbio == USE_BIO_1 || initwbio == USE_BIO_1 || newrbio == USE_BIO_1
-+ || newwbio == USE_BIO_1) {
-+ bio1 = BIO_new(BIO_s_mem());
-+ if (bio1 == NULL) {
-+ printf("Failed to allocate bio1\n");
-+ goto end;
-+ }
-+ }
-+
-+ if (initrbio == USE_BIO_2 || initwbio == USE_BIO_2 || newrbio == USE_BIO_2
-+ || newwbio == USE_BIO_2) {
-+ bio2 = BIO_new(BIO_s_mem());
-+ if (bio2 == NULL) {
-+ printf("Failed to allocate bio2\n");
-+ goto end;
-+ }
-+ }
-+
-+ setupbio(&irbio, bio1, bio2, initrbio);
-+ setupbio(&iwbio, bio1, bio2, initwbio);
-+
-+ /*
-+ * We want to maintain our own refs to these BIO, so do an up ref for each
-+ * BIO that will have ownersip transferred in the SSL_set_bio() call
-+ */
-+ if (irbio != NULL)
-+ BIO_up_ref(irbio);
-+ if (iwbio != NULL && iwbio != irbio)
-+ BIO_up_ref(iwbio);
-+
-+ SSL_set_bio(ssl, irbio, iwbio);
-+
-+ setupbio(&nrbio, bio1, bio2, newrbio);
-+ setupbio(&nwbio, bio1, bio2, newwbio);
-+
-+ /*
-+ * We will (maybe) transfer ownership again so do more up refs.
-+ * SSL_set_bio() has some really complicated ownership rules where BIOs have
-+ * already been set!
-+ */
-+ if (nrbio != NULL && nrbio != irbio && (nwbio != iwbio || nrbio != nwbio))
-+ BIO_up_ref(nrbio);
-+ if (nwbio != NULL && nwbio != nrbio && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
-+ BIO_up_ref(nwbio);
-+
-+ SSL_set_bio(ssl, nrbio, nwbio);
-+
-+ testresult = 1;
-+
-+ end:
-+ SSL_free(ssl);
-+ BIO_free(bio1);
-+ BIO_free(bio2);
-+ /*
-+ * This test is checking that the ref counting for SSL_set_bio is correct.
-+ * If we get here and we did too many frees then we will fail in the above
-+ * functions. If we haven't done enough then this will only be detected in
-+ * a crypto-mdebug build
-+ */
-+ SSL_CTX_free(ctx);
-+
-+ return testresult;
-+}
-+
-+typedef struct ssl_bio_test_fixture {
-+ const char *test_case_name;
-+ int pop_ssl;
-+ enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio;
-+} SSL_BIO_TEST_FIXTURE;
-+
-+static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name)
-+{
-+ SSL_BIO_TEST_FIXTURE fixture;
-+
-+ fixture.test_case_name = test_case_name;
-+ fixture.pop_ssl = 0;
-+
-+ return fixture;
-+}
-+
-+static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture)
-+{
-+}
-+
-+static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
-+{
-+ BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
-+ SSL_CTX *ctx = SSL_CTX_new(TLS_method());
-+ SSL *ssl = NULL;
-+ int testresult = 0;
-+
-+ if (ctx == NULL) {
-+ printf("Failed to allocate SSL_CTX\n");
-+ return 0;
-+ }
-+
-+ ssl = SSL_new(ctx);
-+ if (ssl == NULL) {
-+ printf("Failed to allocate SSL object\n");
-+ goto end;
-+ }
-+
-+ sslbio = BIO_new(BIO_f_ssl());
-+ membio1 = BIO_new(BIO_s_mem());
-+
-+ if (sslbio == NULL || membio1 == NULL) {
-+ printf("Malloc failure creating BIOs\n");
-+ goto end;
-+ }
-+
-+ BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
-+
-+ /*
-+ * If anything goes wrong here then we could leak memory, so this will
-+ * be caught in a crypto-mdebug build
-+ */
-+ BIO_push(sslbio, membio1);
-+
-+ /* Verify chaning the rbio/wbio directly does not cause leaks */
-+ if (fix.change_bio != NO_BIO_CHANGE) {
-+ membio2 = BIO_new(BIO_s_mem());
-+ if (membio2 == NULL) {
-+ printf("Malloc failure creating membio2\n");
-+ goto end;
-+ }
-+ if (fix.change_bio == CHANGE_RBIO)
-+ SSL_set0_rbio(ssl, membio2);
-+ else
-+ SSL_set0_wbio(ssl, membio2);
-+ }
-+ ssl = NULL;
-+
-+ if (fix.pop_ssl)
-+ BIO_pop(sslbio);
-+ else
-+ BIO_pop(membio1);
-+
-+ testresult = 1;
-+ end:
-+ BIO_free(membio1);
-+ BIO_free(sslbio);
-+ SSL_free(ssl);
-+ SSL_CTX_free(ctx);
-+
-+ return testresult;
-+}
-+
-+static int test_ssl_bio_pop_next_bio(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
-+
-+ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
-+}
-+
-+static int test_ssl_bio_pop_ssl_bio(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
-+
-+ fixture.pop_ssl = 1;
-+
-+ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
-+}
-+
-+static int test_ssl_bio_change_rbio(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
-+
-+ fixture.change_bio = CHANGE_RBIO;
-+
-+ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
-+}
-+
-+static int test_ssl_bio_change_wbio(void)
-+{
-+ SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up);
-+
-+ fixture.change_bio = CHANGE_WBIO;
-+
-+ EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
-+}
-+
-+int main(int argc, char *argv[])
-+{
-+ BIO *err = NULL;
-+ int testresult = 1;
-+
-+ if (argc != 3) {
-+ printf("Invalid argument count\n");
-+ return 1;
-+ }
-+
-+ cert = argv[1];
-+ privkey = argv[2];
-+
-+ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-+
-+ CRYPTO_set_mem_debug(1);
-+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-+
-+ ADD_TEST(test_tlsext_status_type);
-+ ADD_TEST(test_session_with_only_int_cache);
-+ ADD_TEST(test_session_with_only_ext_cache);
-+ ADD_TEST(test_session_with_both_cache);
-+ ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
-+ ADD_TEST(test_ssl_bio_pop_next_bio);
-+ ADD_TEST(test_ssl_bio_pop_ssl_bio);
-+ ADD_TEST(test_ssl_bio_change_rbio);
-+ ADD_TEST(test_ssl_bio_change_wbio);
-+
-+ testresult = run_tests(argv[0]);
-+
-+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-+ if (CRYPTO_mem_leaks(err) <= 0)
-+ testresult = 1;
-+#endif
-+ BIO_free(err);
-+
-+ if (!testresult)
-+ printf("PASS\n");
-+
-+ return testresult;
-+}
---- a/test/ssltest_old.c
-+++ b/test/ssltest_old.c
-@@ -1,112 +1,12 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- /* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
-@@ -140,8 +40,12 @@
- */
-
- /* Or gethostname won't be declared properly on Linux and GNU platforms. */
--#define _BSD_SOURCE 1
--#define _DEFAULT_SOURCE 1
-+#ifndef _BSD_SOURCE
-+# define _BSD_SOURCE 1
-+#endif
-+#ifndef _DEFAULT_SOURCE
-+# define _DEFAULT_SOURCE 1
-+#endif
-
- #include <assert.h>
- #include <errno.h>
-@@ -169,9 +73,6 @@
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
- #include <openssl/ssl.h>
--#ifndef OPENSSL_NO_ENGINE
--# include <openssl/engine.h>
--#endif
- #include <openssl/err.h>
- #include <openssl/rand.h>
- #ifndef OPENSSL_NO_RSA
-@@ -191,7 +92,6 @@
- # include <openssl/ct.h>
- #endif
-
--#include "internal/threads.h"
- #include "../ssl/ssl_locl.h"
-
- /*
-@@ -223,9 +123,6 @@ static int app_verify_callback(X509_STOR
- struct app_verify_arg {
- char *string;
- int app_verify;
-- int allow_proxy_certs;
-- char *proxy_auth;
-- char *proxy_cond;
- };
-
- #ifndef OPENSSL_NO_DH
-@@ -799,7 +696,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ss
- int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
- clock_t *c_time);
- int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
--static int do_test_cipherlist(void);
-
- static void sv_usage(void)
- {
-@@ -810,10 +706,6 @@ static void sv_usage(void)
- #endif
- fprintf(stderr, " -server_auth - check server certificate\n");
- fprintf(stderr, " -client_auth - do client authentication\n");
-- fprintf(stderr, " -proxy - allow proxy certificates\n");
-- fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
-- fprintf(stderr,
-- " -proxy_cond <val> - expression to test proxy policy rights\n");
- fprintf(stderr, " -v - more output\n");
- fprintf(stderr, " -d - debug output\n");
- fprintf(stderr, " -reuse - use session-id reuse\n");
-@@ -870,10 +762,6 @@ static void sv_usage(void)
- fprintf(stderr,
- " -time - measure processor time used by client and server\n");
- fprintf(stderr, " -zlib - use zlib compression\n");
-- fprintf(stderr,
-- " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
-- " When this option is requested, the cipherlist\n"
-- " tests are run instead of handshake tests.\n");
- #ifndef OPENSSL_NO_NEXTPROTONEG
- fprintf(stderr, " -npn_client - have client side offer NPN\n");
- fprintf(stderr, " -npn_server - have server side offer NPN\n");
-@@ -964,11 +852,11 @@ static void print_details(SSL *c_ssl, co
- SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
- cert = SSL_get_peer_certificate(c_ssl);
- if (cert != NULL) {
-- pkey = X509_get_pubkey(cert);
-- if (pkey != NULL) {
-+ EVP_PKEY* pubkey = X509_get0_pubkey(cert);
-+
-+ if (pubkey != NULL) {
- BIO_puts(bio_stdout, ", ");
-- print_key_details(bio_stdout, pkey);
-- EVP_PKEY_free(pkey);
-+ print_key_details(bio_stdout, pubkey);
- }
- X509_free(cert);
- }
-@@ -1074,7 +962,7 @@ int main(int argc, char *argv[])
- int client_auth = 0;
- int server_auth = 0, i;
- struct app_verify_arg app_verify_arg =
-- { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
-+ { APP_CALLBACK_STRING, 0 };
- char *p;
- SSL_CTX *c_ctx = NULL;
- const SSL_METHOD *meth = NULL;
-@@ -1102,7 +990,6 @@ int main(int argc, char *argv[])
- COMP_METHOD *cm = NULL;
- STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
- #endif
-- int test_cipherlist = 0;
- #ifdef OPENSSL_FIPS
- int fips_mode = 0;
- #endif
-@@ -1185,15 +1072,7 @@ int main(int argc, char *argv[])
- server_auth = 1;
- else if (strcmp(*argv, "-client_auth") == 0)
- client_auth = 1;
-- else if (strcmp(*argv, "-proxy_auth") == 0) {
-- if (--argc < 1)
-- goto bad;
-- app_verify_arg.proxy_auth = *(++argv);
-- } else if (strcmp(*argv, "-proxy_cond") == 0) {
-- if (--argc < 1)
-- goto bad;
-- app_verify_arg.proxy_cond = *(++argv);
-- } else if (strcmp(*argv, "-v") == 0)
-+ else if (strcmp(*argv, "-v") == 0)
- verbose = 1;
- else if (strcmp(*argv, "-d") == 0)
- debug = 1;
-@@ -1313,13 +1192,9 @@ int main(int argc, char *argv[])
- #endif
- else if (strcmp(*argv, "-app_verify") == 0) {
- app_verify_arg.app_verify = 1;
-- } else if (strcmp(*argv, "-proxy") == 0) {
-- app_verify_arg.allow_proxy_certs = 1;
-- } else if (strcmp(*argv, "-test_cipherlist") == 0) {
-- test_cipherlist = 1;
- }
- #ifndef OPENSSL_NO_NEXTPROTONEG
-- else if (strcmp(*argv, "-npn_client") == 0) {
-+ else if (strcmp(*argv, "-npn_client") == 0) {
- npn_client = 1;
- } else if (strcmp(*argv, "-npn_server") == 0) {
- npn_server = 1;
-@@ -1454,22 +1329,6 @@ int main(int argc, char *argv[])
- goto end;
- }
-
-- /*
-- * test_cipherlist prevails over protocol switch: we test the cipherlist
-- * for all enabled protocols.
-- */
-- if (test_cipherlist == 1) {
-- /*
-- * ensure that the cipher list are correctly sorted and exit
-- */
-- fprintf(stdout, "Testing cipherlist order only. Ignoring all "
-- "other options.\n");
-- if (do_test_cipherlist() == 0)
-- EXIT(1);
-- ret = 0;
-- goto end;
-- }
--
- if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
- fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
- "be requested.\n");
-@@ -3051,23 +2910,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long co
- return (ret);
- }
-
--static CRYPTO_ONCE proxy_auth_ex_data_once = CRYPTO_ONCE_STATIC_INIT;
--static volatile int proxy_auth_ex_data_idx = -1;
--
--static void do_get_proxy_auth_ex_data_idx(void)
--{
-- proxy_auth_ex_data_idx = X509_STORE_CTX_get_ex_new_index(0,
-- "SSLtest for verify callback",
-- NULL, NULL, NULL);
--}
--
--static int get_proxy_auth_ex_data_idx(void)
--{
-- CRYPTO_THREAD_run_once(&proxy_auth_ex_data_once,
-- do_get_proxy_auth_ex_data_idx);
-- return proxy_auth_ex_data_idx;
--}
--
- static int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char *s, buf[256];
-@@ -3100,341 +2942,13 @@ static int verify_callback(int ok, X509_
- }
- }
-
-- if (ok == 1) {
-- X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
-- if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
-- unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
-- get_proxy_auth_ex_data_idx
-- ());
--
-- if (letters) {
-- int found_any = 0;
-- int i;
-- PROXY_CERT_INFO_EXTENSION *pci =
-- X509_get_ext_d2i(xs, NID_proxyCertInfo,
-- NULL, NULL);
--
-- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
-- case NID_Independent:
-- /*
-- * Completely meaningless in this program, as there's no
-- * way to grant explicit rights to a specific PrC.
-- * Basically, using id-ppl-Independent is the perfect way
-- * to grant no rights at all.
-- */
-- fprintf(stderr, " Independent proxy certificate");
-- for (i = 0; i < 26; i++)
-- letters[i] = 0;
-- break;
-- case NID_id_ppl_inheritAll:
-- /*
-- * This is basically a NOP, we simply let the current
-- * rights stand as they are.
-- */
-- fprintf(stderr, " Proxy certificate inherits all");
-- break;
-- default:
-- s = (char *)
-- pci->proxyPolicy->policy->data;
-- i = pci->proxyPolicy->policy->length;
--
-- /*
-- * The algorithm works as follows: it is assumed that
-- * previous iterations or the initial granted rights has
-- * already set some elements of `letters'. What we need
-- * to do is to clear those that weren't granted by the
-- * current PrC as well. The easiest way to do this is to
-- * add 1 to all the elements whose letters are given with
-- * the current policy. That way, all elements that are
-- * set by the current policy and were already set by
-- * earlier policies and through the original grant of
-- * rights will get the value 2 or higher. The last thing
-- * to do is to sweep through `letters' and keep the
-- * elements having the value 2 as set, and clear all the
-- * others.
-- */
--
-- printf(" Certificate proxy rights = %*.*s", i,
-- i, s);
-- while (i-- > 0) {
-- int c = *s++;
-- if (isascii(c) && isalpha(c)) {
-- if (islower(c))
-- c = toupper(c);
-- letters[c - 'A']++;
-- }
-- }
-- for (i = 0; i < 26; i++)
-- if (letters[i] < 2)
-- letters[i] = 0;
-- else
-- letters[i] = 1;
-- }
--
-- found_any = 0;
-- printf(", resulting proxy rights = ");
-- for (i = 0; i < 26; i++)
-- if (letters[i]) {
-- printf("%c", i + 'A');
-- found_any = 1;
-- }
-- if (!found_any)
-- printf("none");
-- printf("\n");
--
-- PROXY_CERT_INFO_EXTENSION_free(pci);
-- }
-- }
-- }
--
- return (ok);
- }
-
--static void process_proxy_debug(int indent, const char *format, ...)
--{
-- /* That's 80 > */
-- static const char indentation[] =
-- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
-- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
-- char my_format[256];
-- va_list args;
--
-- BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
-- indent, indent, indentation, format);
--
-- va_start(args, format);
-- vfprintf(stderr, my_format, args);
-- va_end(args);
--}
--
--/*-
-- * Priority levels:
-- * 0 [!]var, ()
-- * 1 & ^
-- * 2 |
-- */
--static int process_proxy_cond_adders(unsigned int letters[26],
-- const char *cond, const char **cond_end,
-- int *pos, int indent);
--static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
-- const char **cond_end, int *pos, int indent)
--{
-- int c;
-- int ok = 1;
-- int negate = 0;
--
-- while (isspace((int)*cond)) {
-- cond++;
-- (*pos)++;
-- }
-- c = *cond;
--
-- if (debug)
-- process_proxy_debug(indent,
-- "Start process_proxy_cond_val at position %d: %s\n",
-- *pos, cond);
--
-- while (c == '!') {
-- negate = !negate;
-- cond++;
-- (*pos)++;
-- while (isspace((int)*cond)) {
-- cond++;
-- (*pos)++;
-- }
-- c = *cond;
-- }
--
-- if (c == '(') {
-- cond++;
-- (*pos)++;
-- ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
-- indent + 1);
-- cond = *cond_end;
-- if (ok < 0)
-- goto end;
-- while (isspace((int)*cond)) {
-- cond++;
-- (*pos)++;
-- }
-- c = *cond;
-- if (c != ')') {
-- fprintf(stderr,
-- "Weird condition character in position %d: "
-- "%c\n", *pos, c);
-- ok = -1;
-- goto end;
-- }
-- cond++;
-- (*pos)++;
-- } else if (isascii(c) && isalpha(c)) {
-- if (islower(c))
-- c = toupper(c);
-- ok = letters[c - 'A'];
-- cond++;
-- (*pos)++;
-- } else {
-- fprintf(stderr,
-- "Weird condition character in position %d: " "%c\n", *pos, c);
-- ok = -1;
-- goto end;
-- }
-- end:
-- *cond_end = cond;
-- if (ok >= 0 && negate)
-- ok = !ok;
--
-- if (debug)
-- process_proxy_debug(indent,
-- "End process_proxy_cond_val at position %d: %s, returning %d\n",
-- *pos, cond, ok);
--
-- return ok;
--}
--
--static int process_proxy_cond_multipliers(unsigned int letters[26],
-- const char *cond,
-- const char **cond_end, int *pos,
-- int indent)
--{
-- int ok;
-- char c;
--
-- if (debug)
-- process_proxy_debug(indent,
-- "Start process_proxy_cond_multipliers at position %d: %s\n",
-- *pos, cond);
--
-- ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
-- cond = *cond_end;
-- if (ok < 0)
-- goto end;
--
-- while (ok >= 0) {
-- while (isspace((int)*cond)) {
-- cond++;
-- (*pos)++;
-- }
-- c = *cond;
--
-- switch (c) {
-- case '&':
-- case '^':
-- {
-- int save_ok = ok;
--
-- cond++;
-- (*pos)++;
-- ok = process_proxy_cond_val(letters,
-- cond, cond_end, pos, indent + 1);
-- cond = *cond_end;
-- if (ok < 0)
-- break;
--
-- switch (c) {
-- case '&':
-- ok &= save_ok;
-- break;
-- case '^':
-- ok ^= save_ok;
-- break;
-- default:
-- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
-- " STOPPING\n");
-- EXIT(1);
-- }
-- }
-- break;
-- default:
-- goto end;
-- }
-- }
-- end:
-- if (debug)
-- process_proxy_debug(indent,
-- "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
-- *pos, cond, ok);
--
-- *cond_end = cond;
-- return ok;
--}
--
--static int process_proxy_cond_adders(unsigned int letters[26],
-- const char *cond, const char **cond_end,
-- int *pos, int indent)
--{
-- int ok;
-- char c;
--
-- if (debug)
-- process_proxy_debug(indent,
-- "Start process_proxy_cond_adders at position %d: %s\n",
-- *pos, cond);
--
-- ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
-- indent + 1);
-- cond = *cond_end;
-- if (ok < 0)
-- goto end;
--
-- while (ok >= 0) {
-- while (isspace((int)*cond)) {
-- cond++;
-- (*pos)++;
-- }
-- c = *cond;
--
-- switch (c) {
-- case '|':
-- {
-- int save_ok = ok;
--
-- cond++;
-- (*pos)++;
-- ok = process_proxy_cond_multipliers(letters,
-- cond, cond_end, pos,
-- indent + 1);
-- cond = *cond_end;
-- if (ok < 0)
-- break;
--
-- switch (c) {
-- case '|':
-- ok |= save_ok;
-- break;
-- default:
-- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
-- " STOPPING\n");
-- EXIT(1);
-- }
-- }
-- break;
-- default:
-- goto end;
-- }
-- }
-- end:
-- if (debug)
-- process_proxy_debug(indent,
-- "End process_proxy_cond_adders at position %d: %s, returning %d\n",
-- *pos, cond, ok);
--
-- *cond_end = cond;
-- return ok;
--}
--
--static int process_proxy_cond(unsigned int letters[26],
-- const char *cond, const char **cond_end)
--{
-- int pos = 1;
-- return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
--}
--
- static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
- {
- int ok = 1;
- struct app_verify_arg *cb_arg = arg;
-- unsigned int letters[26]; /* only used with proxy_auth */
-
- if (cb_arg->app_verify) {
- char *s = NULL, buf[256];
-@@ -3452,61 +2966,9 @@ static int app_verify_callback(X509_STOR
- }
- return (1);
- }
-- if (cb_arg->proxy_auth) {
-- int found_any = 0, i;
-- char *sp;
--
-- for (i = 0; i < 26; i++)
-- letters[i] = 0;
-- for (sp = cb_arg->proxy_auth; *sp; sp++) {
-- int c = *sp;
-- if (isascii(c) && isalpha(c)) {
-- if (islower(c))
-- c = toupper(c);
-- letters[c - 'A'] = 1;
-- }
-- }
-
-- printf(" Initial proxy rights = ");
-- for (i = 0; i < 26; i++)
-- if (letters[i]) {
-- printf("%c", i + 'A');
-- found_any = 1;
-- }
-- if (!found_any)
-- printf("none");
-- printf("\n");
--
-- X509_STORE_CTX_set_ex_data(ctx,
-- get_proxy_auth_ex_data_idx(), letters);
-- }
-- if (cb_arg->allow_proxy_certs) {
-- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-- }
- ok = X509_verify_cert(ctx);
-
-- if (cb_arg->proxy_auth) {
-- if (ok > 0) {
-- const char *cond_end = NULL;
--
-- ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
--
-- if (ok < 0)
-- EXIT(3);
-- if (*cond_end) {
-- fprintf(stderr,
-- "Stopped processing condition before it's end.\n");
-- ok = 0;
-- }
-- if (!ok)
-- fprintf(stderr,
-- "Proxy rights check with condition '%s' invalid\n",
-- cb_arg->proxy_cond);
-- else
-- printf("Proxy rights check with condition '%s' ok\n",
-- cb_arg->proxy_cond);
-- }
-- }
- return (ok);
- }
-
-@@ -3726,33 +3188,3 @@ static unsigned int psk_server_callback(
- return psk_len;
- }
- #endif
--
--static int do_test_cipherlist(void)
--{
--#ifndef OPENSSL_NO_TLS
-- int i = 0;
-- const SSL_METHOD *meth;
-- const SSL_CIPHER *ci, *tci = NULL;
--
-- /*
-- * This is required because ssltest "cheats" and uses internal headers to
-- * call functions, thus avoiding auto-init
-- */
-- OPENSSL_init_crypto(0, NULL);
-- OPENSSL_init_ssl(0, NULL);
--
-- meth = TLS_method();
-- tci = NULL;
-- while ((ci = meth->get_cipher(i++)) != NULL) {
-- if (tci != NULL)
-- if (ci->id >= tci->id) {
-- fprintf(stderr, "testing SSLv3 cipher list order: ");
-- fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
-- return 0;
-- }
-- tci = ci;
-- }
--#endif
--
-- return 1;
--}
---- /dev/null
-+++ b/test/ssltestlib.c
-@@ -0,0 +1,158 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include "ssltestlib.h"
-+
-+int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
-+ SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
-+ char *privkeyfile)
-+{
-+ SSL_CTX *serverctx = NULL;
-+ SSL_CTX *clientctx = NULL;
-+
-+ serverctx = SSL_CTX_new(sm);
-+ clientctx = SSL_CTX_new(cm);
-+ if (serverctx == NULL || clientctx == NULL) {
-+ printf("Failed to create SSL_CTX\n");
-+ goto err;
-+ }
-+
-+ if (SSL_CTX_use_certificate_file(serverctx, certfile,
-+ SSL_FILETYPE_PEM) <= 0) {
-+ printf("Failed to load server certificate\n");
-+ goto err;
-+ }
-+ if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,
-+ SSL_FILETYPE_PEM) <= 0) {
-+ printf("Failed to load server private key\n");
-+ }
-+ if (SSL_CTX_check_private_key(serverctx) <= 0) {
-+ printf("Failed to check private key\n");
-+ goto err;
-+ }
-+
-+ *sctx = serverctx;
-+ *cctx = clientctx;
-+
-+ return 1;
-+ err:
-+ SSL_CTX_free(serverctx);
-+ SSL_CTX_free(clientctx);
-+ return 0;
-+}
-+
-+#define MAXLOOPS 100000
-+
-+/*
-+ * NOTE: Transfers control of the BIOs - this function will free them on error
-+ */
-+int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
-+ SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
-+{
-+ int retc = -1, rets = -1, err, abortctr = 0;
-+ int clienterr = 0, servererr = 0;
-+ SSL *serverssl, *clientssl;
-+ BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
-+
-+ if (*sssl == NULL)
-+ serverssl = SSL_new(serverctx);
-+ else
-+ serverssl = *sssl;
-+ if (*cssl == NULL)
-+ clientssl = SSL_new(clientctx);
-+ else
-+ clientssl = *cssl;
-+
-+ if (serverssl == NULL || clientssl == NULL) {
-+ printf("Failed to create SSL object\n");
-+ goto error;
-+ }
-+
-+ s_to_c_bio = BIO_new(BIO_s_mem());
-+ c_to_s_bio = BIO_new(BIO_s_mem());
-+ if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
-+ printf("Failed to create mem BIOs\n");
-+ goto error;
-+ }
-+
-+ if (s_to_c_fbio != NULL)
-+ s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio);
-+ if (c_to_s_fbio != NULL)
-+ c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio);
-+ if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
-+ printf("Failed to create chained BIOs\n");
-+ goto error;
-+ }
-+
-+ /* Set Non-blocking IO behaviour */
-+ BIO_set_mem_eof_return(s_to_c_bio, -1);
-+ BIO_set_mem_eof_return(c_to_s_bio, -1);
-+
-+ /* Up ref these as we are passing them to two SSL objects */
-+ BIO_up_ref(s_to_c_bio);
-+ BIO_up_ref(c_to_s_bio);
-+
-+ SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
-+ SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio);
-+
-+ /* BIOs will now be freed when SSL objects are freed */
-+ s_to_c_bio = c_to_s_bio = NULL;
-+ s_to_c_fbio = c_to_s_fbio = NULL;
-+
-+ do {
-+ err = SSL_ERROR_WANT_WRITE;
-+ while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
-+ retc = SSL_connect(clientssl);
-+ if (retc <= 0)
-+ err = SSL_get_error(clientssl, retc);
-+ }
-+
-+ if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
-+ printf("SSL_connect() failed %d, %d\n", retc, err);
-+ clienterr = 1;
-+ }
-+
-+ err = SSL_ERROR_WANT_WRITE;
-+ while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
-+ rets = SSL_accept(serverssl);
-+ if (rets <= 0)
-+ err = SSL_get_error(serverssl, rets);
-+ }
-+
-+ if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) {
-+ printf("SSL_accept() failed %d, %d\n", retc, err);
-+ servererr = 1;
-+ }
-+ if (clienterr && servererr)
-+ goto error;
-+ if (++abortctr == MAXLOOPS) {
-+ printf("No progress made\n");
-+ goto error;
-+ }
-+ } while (retc <=0 || rets <= 0);
-+
-+ *sssl = serverssl;
-+ *cssl = clientssl;
-+
-+ return 1;
-+
-+ error:
-+ if (*sssl == NULL) {
-+ SSL_free(serverssl);
-+ BIO_free(s_to_c_bio);
-+ BIO_free(s_to_c_fbio);
-+ }
-+ if (*cssl == NULL) {
-+ SSL_free(clientssl);
-+ BIO_free(c_to_s_bio);
-+ BIO_free(c_to_s_fbio);
-+ }
-+
-+ return 0;
-+}
---- /dev/null
-+++ b/test/ssltestlib.h
-@@ -0,0 +1,21 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef HEADER_SSLTESTLIB_H
-+# define HEADER_SSLTESTLIB_H
-+
-+# include <openssl/ssl.h>
-+
-+int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
-+ SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
-+ char *privkeyfile);
-+int create_ssl_connection(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
-+ SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
-+
-+#endif /* HEADER_SSLTESTLIB_H */
---- a/test/test_aesni
-+++ /dev/null
-@@ -1,68 +0,0 @@
--#!/bin/sh
--
--PROG=$1
--
--if [ -x $PROG ]; then
-- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
-- :
-- else
-- echo "$PROG is not OpenSSL executable"
-- exit 1
-- fi
--else
-- echo "$PROG is not executable"
-- exit 1;
--fi
--
--if [ 1 ]; then
--
-- HASH=`cat $PROG | $PROG dgst -hex`
--
-- AES_ALGS=" aes-128-ctr aes-128-ecb aes-128-cbc aes-128-cfb aes-128-ofb \
-- aes-192-ctr aes-192-ecb aes-192-cbc aes-192-cfb aes-192-ofb \
-- aes-256-ctr aes-256-ecb aes-256-cbc aes-256-cfb aes-256-ofb"
-- BUFSIZE="16 32 48 64 80 96 128 144 999"
--
-- nerr=0
--
-- for alg in $AES_ALGS; do
-- echo $alg
-- for bufsize in $BUFSIZE; do
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
-- env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -d -k "$HASH" -$alg | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg/$bufsize encrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
-- for bufsize in $BUFSIZE; do
-- TEST=`( cat $PROG | \
-- env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -e -k "$HASH" -$alg | \
-- $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg/$bufsize decrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg | \
-- $PROG enc -d -k "$HASH" -$alg | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg en/decrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
--
-- if [ $nerr -gt 0 ]; then
-- echo "AESNI engine test failed."
-- exit 1;
-- fi
--else
-- echo "AESNI engine is not available"
--fi
--
--exit 0
---- a/test/test_padlock
-+++ /dev/null
-@@ -1,64 +0,0 @@
--#!/bin/sh
--
--PROG=$1
--
--if [ -x $PROG ]; then
-- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
-- :
-- else
-- echo "$PROG is not OpenSSL executable"
-- exit 1
-- fi
--else
-- echo "$PROG is not executable"
-- exit 1;
--fi
--
--if $PROG engine padlock | grep -v no-ACE; then
--
-- HASH=`cat $PROG | $PROG dgst -hex`
--
-- ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
-- aes-128-cbc aes-192-cbc aes-256-cbc \
-- aes-128-cfb aes-192-cfb aes-256-cfb \
-- aes-128-ofb aes-192-ofb aes-256-ofb"
--
-- nerr=0
--
-- for alg in $ACE_ALGS; do
-- echo $alg
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
-- $PROG enc -d -k "$HASH" -$alg | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg encrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg | \
-- $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg decrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg -engine padlock | \
-- $PROG enc -d -k "$HASH" -$alg -engine padlock | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg en/decrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
--
-- if [ $nerr -gt 0 ]; then
-- echo "PadLock ACE test failed."
-- exit 1;
-- fi
--else
-- echo "PadLock ACE is not available"
--fi
--
--exit 0
---- a/test/test_t4
-+++ /dev/null
-@@ -1,70 +0,0 @@
--#!/bin/sh
--
--PROG=$1
--
--if [ -x $PROG ]; then
-- if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
-- :
-- else
-- echo "$PROG is not OpenSSL executable"
-- exit 1
-- fi
--else
-- echo "$PROG is not executable"
-- exit 1;
--fi
--
--if [ 1 ]; then
--
-- HASH=`cat $PROG | $PROG dgst -hex`
--
-- AES_ALGS=" des-cbc des-ede-cbc des-ede3-cbc \
-- camellia-128-cbc camellia-128-cfb \
-- camellia-192-cbc camellia-192-cfb \
-- camellia-256-cbc camellia-256-cfb \
-- aes-128-ctr aes-128-cbc aes-128-cfb aes-128-ofb \
-- aes-192-ctr aes-192-cbc aes-192-cfb aes-192-ofb \
-- aes-256-ctr aes-256-cbc aes-256-cfb aes-256-ofb"
-- BUFSIZE="16 32 48 999"
--
-- nerr=0
--
-- for alg in $AES_ALGS; do
-- echo $alg
-- for bufsize in $BUFSIZE; do
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
-- env OPENSSL_sparcv9cap=0 $PROG enc -d -k "$HASH" -$alg | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg/$bufsize encrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
-- for bufsize in $BUFSIZE; do
-- TEST=`( cat $PROG | \
-- env OPENSSL_sparcv9cap=0 $PROG enc -e -k "$HASH" -$alg | \
-- $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg/$bufsize decrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
-- TEST=`( cat $PROG | \
-- $PROG enc -e -k "$HASH" -$alg | \
-- $PROG enc -d -k "$HASH" -$alg | \
-- $PROG dgst -hex ) 2>/dev/null`
-- if [ "$TEST" != "$HASH" ]; then
-- echo "-$alg en/decrypt test failed"
-- nerr=`expr $nerr + 1`
-- fi
-- done
--
-- if [ $nerr -gt 0 ]; then
-- echo "SPARC T4 test failed."
-- exit 1
-- fi
--fi
--
--exit 0
---- a/test/testlib/OpenSSL/Test.pm
-+++ b/test/testlib/OpenSSL/Test.pm
-@@ -1,3 +1,10 @@
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- package OpenSSL::Test;
-
- use strict;
-@@ -9,7 +16,8 @@ use Exporter;
- use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
- $VERSION = "0.8";
- @ISA = qw(Exporter);
-- at EXPORT = (@Test::More::EXPORT, qw(setup indir app perlapp test perltest run));
-+ at EXPORT = (@Test::More::EXPORT, qw(setup indir app fuzz perlapp test perltest
-+ run));
- @EXPORT_OK = (@Test::More::EXPORT_OK, qw(bldtop_dir bldtop_file
- srctop_dir srctop_file
- pipe with cmdstr quotify));
-@@ -278,6 +286,13 @@ sub app {
- return __build_cmd($num, \&__apps_file, $cmd, %opts); }
- }
-
-+sub fuzz {
-+ my $cmd = shift;
-+ my %opts = @_;
-+ return sub { my $num = shift;
-+ return __build_cmd($num, \&__fuzz_file, $cmd, %opts); }
-+}
-+
- sub test {
- my $cmd = shift;
- my %opts = @_;
-@@ -346,6 +361,18 @@ sub run {
- my $r = 0;
- my $e = 0;
-
-+ # In non-verbose, we want to shut up the command interpreter, in case
-+ # it has something to complain about. On VMS, it might complain both
-+ # on stdout and stderr
-+ my $save_STDOUT;
-+ my $save_STDERR;
-+ if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
-+ open $save_STDOUT, '>&', \*STDOUT or die "Can't dup STDOUT: $!";
-+ open $save_STDERR, '>&', \*STDERR or die "Can't dup STDERR: $!";
-+ open STDOUT, ">", devnull();
-+ open STDERR, ">", devnull();
-+ }
-+
- # The dance we do with $? is the same dance the Unix shells appear to
- # do. For example, a program that gets aborted (and therefore signals
- # SIGABRT = 6) will appear to exit with the code 134. We mimic this
-@@ -359,6 +386,13 @@ sub run {
- $r = $hooks{exit_checker}->($e);
- }
-
-+ if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) {
-+ close STDOUT;
-+ close STDERR;
-+ open STDOUT, '>&', $save_STDOUT or die "Can't restore STDOUT: $!";
-+ open STDERR, '>&', $save_STDERR or die "Can't restore STDERR: $!";
-+ }
-+
- print STDERR "$prefix$display_cmd => $e\n"
- if !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE};
-
-@@ -675,6 +709,8 @@ sub __env {
- $directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP};
- $directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps");
- $directories{SRCAPPS} = __srctop_dir("apps");
-+ $directories{BLDFUZZ} = __bldtop_dir("fuzz");
-+ $directories{SRCFUZZ} = __srctop_dir("fuzz");
- $directories{BLDTEST} = $ENV{TEST_D} || __bldtop_dir("test");
- $directories{SRCTEST} = __srctop_dir("test");
- $directories{RESULTS} = $ENV{RESULT_D} || $directories{BLDTEST};
-@@ -728,8 +764,8 @@ sub __exeext {
- sub __test_file {
- BAIL_OUT("Must run setup() first") if (! $test_name);
-
-- my $f = pop . __exeext();
-- $f = catfile($directories{BLDTEST}, at _,$f);
-+ my $f = pop;
-+ $f = catfile($directories{BLDTEST}, at _,$f . __exeext());
- $f = catfile($directories{SRCTEST}, at _,$f) unless -x $f;
- return $f;
- }
-@@ -746,12 +782,21 @@ sub __perltest_file {
- sub __apps_file {
- BAIL_OUT("Must run setup() first") if (! $test_name);
-
-- my $f = pop . __exeext();
-- $f = catfile($directories{BLDAPPS}, at _,$f);
-+ my $f = pop;
-+ $f = catfile($directories{BLDAPPS}, at _,$f . __exeext());
- $f = catfile($directories{SRCAPPS}, at _,$f) unless -x $f;
- return $f;
- }
-
-+sub __fuzz_file {
-+ BAIL_OUT("Must run setup() first") if (! $test_name);
-+
-+ my $f = pop;
-+ $f = catfile($directories{BLDFUZZ}, at _,$f . __exeext());
-+ $f = catfile($directories{SRCFUZZ}, at _,$f) unless -x $f;
-+ return $f;
-+}
-+
- sub __perlapps_file {
- BAIL_OUT("Must run setup() first") if (! $test_name);
-
-@@ -795,12 +840,10 @@ sub __cwd {
- mkpath($dir);
- }
-
-- # Should we just bail out here as well? I'm unsure.
-- return undef unless chdir($dir);
--
-- if ($opts{cleanup}) {
-- rmtree(".", { safe => 0, keep_root => 1 });
-- }
-+ # We are recalculating the directories we keep track of, but need to save
-+ # away the result for after having moved into the new directory.
-+ my %tmp_directories = ();
-+ my %tmp_ENV = ();
-
- # For each of these directory variables, figure out where they are relative
- # to the directory we want to move to if they aren't absolute (if they are,
-@@ -809,7 +852,7 @@ sub __cwd {
- foreach (@dirtags) {
- if (!file_name_is_absolute($directories{$_})) {
- my $newpath = abs2rel(rel2abs($directories{$_}), rel2abs($dir));
-- $directories{$_} = $newpath;
-+ $tmp_directories{$_} = $newpath;
- }
- }
-
-@@ -819,10 +862,27 @@ sub __cwd {
- foreach (@direnv) {
- if (!file_name_is_absolute($ENV{$_})) {
- my $newpath = abs2rel(rel2abs($ENV{$_}), rel2abs($dir));
-- $ENV{$_} = $newpath;
-+ $tmp_ENV{$_} = $newpath;
- }
- }
-
-+ # Should we just bail out here as well? I'm unsure.
-+ return undef unless chdir($dir);
-+
-+ if ($opts{cleanup}) {
-+ rmtree(".", { safe => 0, keep_root => 1 });
-+ }
-+
-+ # We put back new values carefully. Doing the obvious
-+ # %directories = ( %tmp_irectories )
-+ # will clear out any value that happens to be an absolute path
-+ foreach (keys %tmp_directories) {
-+ $directories{$_} = $tmp_directories{$_};
-+ }
-+ foreach (keys %tmp_ENV) {
-+ $ENV{$_} = $tmp_ENV{$_};
-+ }
-+
- if ($debug) {
- print STDERR "DEBUG: __cwd(), directories and files:\n";
- print STDERR " \$directories{BLDTEST} = \"$directories{BLDTEST}\"\n";
---- a/test/testlib/OpenSSL/Test/Simple.pm
-+++ b/test/testlib/OpenSSL/Test/Simple.pm
-@@ -1,3 +1,10 @@
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- package OpenSSL::Test::Simple;
-
- use strict;
---- a/test/testlib/OpenSSL/Test/Utils.pm
-+++ b/test/testlib/OpenSSL/Test/Utils.pm
-@@ -1,3 +1,10 @@
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- package OpenSSL::Test::Utils;
-
- use strict;
-@@ -131,7 +138,7 @@ sub alldisabled {
- return allof(@ret);
- }
-
--#!!! Kept for backward compatibility
-+# !!! Kept for backward compatibility
- # args:
- # single string
- sub disabled {
---- a/test/testutil.c
-+++ b/test/testutil.c
-@@ -1,58 +1,10 @@
--/*-
-- * Utilities for writing OpenSSL unit tests.
-- *
-- * More information:
-- * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
-- *
-- * Author: Mike Bland (mbland at acm.org)
-- * Date: 2014-07-15
-- * ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include "testutil.h"
-@@ -60,6 +12,7 @@
- #include <assert.h>
- #include <stdlib.h>
- #include <stdio.h>
-+#include <string.h>
- #include "e_os.h"
-
- /*
-@@ -137,3 +90,20 @@ int run_tests(const char *test_prog_name
- printf(" All tests passed.\n");
- return EXIT_SUCCESS;
- }
-+
-+static const char *print_string_maybe_null(const char *s)
-+{
-+ return s == NULL ? "(NULL)" : s;
-+}
-+
-+int strings_equal(const char *desc, const char *s1, const char *s2)
-+{
-+ if (s1 == NULL && s2 == NULL)
-+ return 1;
-+ if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) {
-+ fprintf(stderr, "%s mismatch: %s vs %s\n", desc, print_string_maybe_null(s1),
-+ print_string_maybe_null(s2));
-+ return 0;
-+ }
-+ return 1;
-+}
---- a/test/testutil.h
-+++ b/test/testutil.h
-@@ -1,58 +1,10 @@
--/*-
-- * Utilities for writing OpenSSL unit tests.
-- *
-- * More information:
-- * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
-+/*
-+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Author: Mike Bland (mbland at acm.org)
-- * Date: 2014-06-07
-- * ====================================================================
-- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing at OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #ifndef HEADER_TESTUTIL_H
-@@ -132,4 +84,13 @@ void add_test(const char *test_case_name
- void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num);
- int run_tests(const char *test_prog_name);
-
-+/*
-+ * Test assumption verification helpers.
-+ */
-+
-+/*
-+ * Returns 1 if |s1| and |s2| are both NULL or equal.
-+ * Otherwise, returns 0 and pretty-prints diagnostics using |desc|.
-+ */
-+int strings_equal(const char *desc, const char *s1, const char *s2);
- #endif /* HEADER_TESTUTIL_H */
---- a/test/threadstest.c
-+++ b/test/threadstest.c
-@@ -1,56 +1,19 @@
--/* ====================================================================
-- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
-+#if defined(_WIN32)
-+# include <windows.h>
-+#endif
-+
- #include <stdio.h>
-
- #include <openssl/crypto.h>
--#include "internal/threads.h"
-
- #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-
---- a/test/times
-+++ /dev/null
-@@ -1,113 +0,0 @@
--
--More number for the questions about SSL overheads....
--
--The following numbers were generated on a Pentium pro 200, running Linux.
--They give an indication of the SSL protocol and encryption overheads.
--
--The program that generated them is an unreleased version of ssl/ssltest.c
--which is the SSLeay ssl protocol testing program. It is a single process that
--talks both sides of the SSL protocol via a non-blocking memory buffer
--interface.
--
--How do I read this? The protocol and cipher are reasonable obvious.
--The next number is the number of connections being made. The next is the
--number of bytes exchanged between the client and server side of the protocol.
--This is the number of bytes that the client sends to the server, and then
--the server sends back. Because this is all happening in one process,
--the data is being encrypted, decrypted, encrypted and then decrypted again.
--It is a round trip of that many bytes. Because the one process performs
--both the client and server sides of the protocol and it sends this many bytes
--each direction, multiply this number by 4 to generate the number
--of bytes encrypted/decrypted/MACed. The first time value is how many seconds
--elapsed doing a full SSL handshake, the second is the cost of one
--full handshake and the rest being session-id reuse.
--
--SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
--SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
--SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
--SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
--SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
--SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
--SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
--
--SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
--SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
--SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
--SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
--SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
--SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
--
--SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
--SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
--SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
--SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
--SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
--SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
--SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
--
--SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
--SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
--SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
--SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
--SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
--SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
--SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
--
--What does this all mean? Well for a server, with no session-id reuse, with
--a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
--a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
--about 49 connections a second. Reality will be quite different :-).
--
--Remember the first number is 1000 full ssl handshakes, the second is
--1 full and 999 with session-id reuse. The RSA overheads for each exchange
--would be one public and one private operation, but the protocol/MAC/cipher
--cost would be quite similar in both the client and server.
--
--eric (adding numbers to speculation)
--
----- Appendix ---
--- The time measured is user time but these number a very rough.
--- Remember this is the cost of both client and server sides of the protocol.
--- The TCP/kernel overhead of connection establishment is normally the
-- killer in SSL. Often delays in the TCP protocol will make session-id
-- reuse look slower that new sessions, but this would not be the case on
-- a loaded server.
--- The TCP round trip latencies, while slowing individual connections,
-- would have minimal impact on throughput.
--- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
--- the required number of bytes are processed.
--- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
--- A 512bit server key was being used except where noted.
--- No server key verification was being performed on the client side of the
-- protocol. This would slow things down very little.
--- The library being used is SSLeay 0.8.x.
--- The normal measuring system was commands of the form
-- time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
-- This modified version of ssltest should be in the next public release of
-- SSLeay.
--
--The general cipher performance number for this platform are
--
--SSLeay 0.8.2a 04-Sep-1997
--built on Fri Sep 5 17:37:05 EST 1997
--options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
--C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
--The 'numbers' are in 1000s of bytes per second processed.
--type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
--md2 131.02k 368.41k 500.57k 549.21k 566.09k
--mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
--md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
--sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
--sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
--rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
--des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
--des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
--idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
--rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
--blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
-- sign verify
--rsa 512 bits 0.0100s 0.0011s
--rsa 1024 bits 0.0451s 0.0012s
--rsa 2048 bits 0.2605s 0.0086s
--rsa 4096 bits 1.6883s 0.0302s
--
---- /dev/null
-+++ b/test/v3ext.c
-@@ -0,0 +1,42 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/x509.h>
-+#include <openssl/x509v3.h>
-+#include <openssl/pem.h>
-+#include <openssl/err.h>
-+
-+int main(int ac, char **av)
-+{
-+ X509 *x = NULL;
-+ BIO *b = NULL;
-+ long pathlen;
-+ int ret = 1;
-+
-+ if (ac != 2) {
-+ fprintf(stderr, "Usage error\n");
-+ goto end;
-+ }
-+ b = BIO_new_file(av[1], "r");
-+ if (b == NULL)
-+ goto end;
-+ x = PEM_read_bio_X509(b, NULL, NULL, NULL);
-+ if (x == NULL)
-+ goto end;
-+ pathlen = X509_get_pathlen(x);
-+ if (pathlen == 6)
-+ ret = 0;
-+
-+end:
-+ ERR_print_errors_fp(stderr);
-+ BIO_free(b);
-+ X509_free(x);
-+ return ret;
-+}
---- a/test/v3nametest.c
-+++ b/test/v3nametest.c
-@@ -1,3 +1,12 @@
-+/*
-+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
- #include "../e_os.h"
---- a/test/verify_extra_test.c
-+++ b/test/verify_extra_test.c
-@@ -1,58 +1,10 @@
- /*
-- * Written by Matt Caswell for the OpenSSL project.
-- */
--/* ====================================================================
-- * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core at openssl.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay at cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh at cryptsoft.com).
-+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -170,7 +122,7 @@ static int test_alt_chains_cert_forgery(
-
- i = X509_verify_cert(sctx);
-
-- if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
-+ if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
- /* This is the result we were expecting: Test passed */
- ret = 1;
- }
---- a/test/wp_test.c
-+++ b/test/wp_test.c
-@@ -1,7 +1,12 @@
--/* ====================================================================
-- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-- * ====================================================================
-+/*
-+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-+
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -123,19 +128,6 @@ int main(int argc, char *argv[])
- int i;
- WHIRLPOOL_CTX ctx;
-
--# ifdef OPENSSL_IA32_SSE2
-- /*
-- * Alternative to this is to call OpenSSL_add_all_algorithms... The below
-- * code is retained exclusively for debugging purposes.
-- */
-- {
-- char *env;
--
-- if ((env = getenv("OPENSSL_ia32cap")))
-- OPENSSL_ia32cap = strtoul(env, NULL, 0);
-- }
--# endif
--
- fprintf(stdout, "Testing Whirlpool ");
-
- WHIRLPOOL("", 0, md);
---- /dev/null
-+++ b/test/x509aux.c
-@@ -0,0 +1,226 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL licenses, (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ * https://www.openssl.org/source/license.html
-+ * or in the file LICENSE in the source distribution.
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <errno.h>
-+
-+#include <openssl/x509.h>
-+#include <openssl/pem.h>
-+#include <openssl/conf.h>
-+#include <openssl/err.h>
-+
-+#include "../e_os.h"
-+
-+static const char *progname;
-+
-+static void test_usage(void)
-+{
-+ fprintf(stderr, "usage: %s certfile\n", progname);
-+}
-+
-+static void print_errors(void)
-+{
-+ unsigned long err;
-+ char buffer[1024];
-+ const char *file;
-+ const char *data;
-+ int line;
-+ int flags;
-+
-+ while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
-+ ERR_error_string_n(err, buffer, sizeof(buffer));
-+ if (flags & ERR_TXT_STRING)
-+ fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data);
-+ else
-+ fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line);
-+ }
-+}
-+
-+static int test_certs(BIO *fp)
-+{
-+ int count;
-+ char *name = 0;
-+ char *header = 0;
-+ unsigned char *data = 0;
-+ long len;
-+ typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
-+ typedef int (*i2d_X509_t)(X509 *, unsigned char **);
-+ int err = 0;
-+
-+ for (count = 0;
-+ !err && PEM_read_bio(fp, &name, &header, &data, &len);
-+ ++count) {
-+ int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0;
-+ d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
-+ i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
-+ X509 *cert = NULL;
-+ const unsigned char *p = data;
-+ unsigned char *buf = NULL;
-+ unsigned char *bufp;
-+ long enclen;
-+
-+ if (!trusted
-+ && strcmp(name, PEM_STRING_X509) != 0
-+ && strcmp(name, PEM_STRING_X509_OLD) != 0) {
-+ fprintf(stderr, "unexpected PEM object: %s\n", name);
-+ err = 1;
-+ goto next;
-+ }
-+ cert = d2i(NULL, &p, len);
-+
-+ if (cert == NULL || (p - data) != len) {
-+ fprintf(stderr, "error parsing input %s\n", name);
-+ err = 1;
-+ goto next;
-+ }
-+
-+ /* Test traditional 2-pass encoding into caller allocated buffer */
-+ enclen = i2d(cert, NULL);
-+ if (len != enclen) {
-+ fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
-+ enclen, name, len);
-+ err = 1;
-+ goto next;
-+ }
-+ if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
-+ perror("malloc");
-+ err = 1;
-+ goto next;
-+ }
-+ enclen = i2d(cert, &bufp);
-+ if (len != enclen) {
-+ fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
-+ enclen, name, len);
-+ err = 1;
-+ goto next;
-+ }
-+ enclen = (long) (bufp - buf);
-+ if (enclen != len) {
-+ fprintf(stderr, "unexpected buffer position after encoding %s\n",
-+ name);
-+ err = 1;
-+ goto next;
-+ }
-+ if (memcmp(buf, data, len) != 0) {
-+ fprintf(stderr, "encoded content of %s does not match input\n",
-+ name);
-+ err = 1;
-+ goto next;
-+ }
-+ OPENSSL_free(buf);
-+ buf = NULL;
-+
-+ /* Test 1-pass encoding into library allocated buffer */
-+ enclen = i2d(cert, &buf);
-+ if (len != enclen) {
-+ fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
-+ enclen, name, len);
-+ err = 1;
-+ goto next;
-+ }
-+ if (memcmp(buf, data, len) != 0) {
-+ fprintf(stderr, "encoded content of %s does not match input\n",
-+ name);
-+ err = 1;
-+ goto next;
-+ }
-+
-+ if (trusted) {
-+ /* Encode just the cert and compare with initial encoding */
-+ OPENSSL_free(buf);
-+ buf = NULL;
-+
-+ /* Test 1-pass encoding into library allocated buffer */
-+ enclen = i2d(cert, &buf);
-+ if (enclen > len) {
-+ fprintf(stderr, "encoded length %ld of %s > input length %ld\n",
-+ enclen, name, len);
-+ err = 1;
-+ goto next;
-+ }
-+ if (memcmp(buf, data, enclen) != 0) {
-+ fprintf(stderr, "encoded cert content does not match input\n");
-+ err = 1;
-+ goto next;
-+ }
-+ }
-+
-+ /*
-+ * If any of these were null, PEM_read() would have failed.
-+ */
-+ next:
-+ X509_free(cert);
-+ OPENSSL_free(buf);
-+ OPENSSL_free(name);
-+ OPENSSL_free(header);
-+ OPENSSL_free(data);
-+ }
-+
-+ if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
-+ /* Reached end of PEM file */
-+ if (count > 0) {
-+ ERR_clear_error();
-+ return 1;
-+ }
-+ }
-+
-+ /* Some other PEM read error */
-+ print_errors();
-+ return 0;
-+}
-+
-+int main(int argc, char *argv[])
-+{
-+ BIO *bio_err;
-+ const char *certfile;
-+ const char *p;
-+ int ret = 1;
-+
-+ progname = argv[0];
-+ if (argc < 2) {
-+ test_usage();
-+ EXIT(ret);
-+ }
-+
-+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-+
-+ p = getenv("OPENSSL_DEBUG_MEMORY");
-+ if (p != NULL && strcmp(p, "on") == 0)
-+ CRYPTO_set_mem_debug(1);
-+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-+
-+ while ((certfile = *++argv) != NULL) {
-+ BIO *f = BIO_new_file(certfile, "r");
-+ int ok;
-+
-+ if (f == NULL) {
-+ fprintf(stderr, "%s: Error opening cert file: '%s': %s\n",
-+ progname, certfile, strerror(errno));
-+ EXIT(ret);
-+ }
-+ ret = !(ok = test_certs(f));
-+ BIO_free(f);
-+
-+ if (!ok) {
-+ printf("%s ERROR\n", certfile);
-+ ret = 1;
-+ break;
-+ }
-+ printf("%s OK\n", certfile);
-+ }
-+
-+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-+ if (CRYPTO_mem_leaks(bio_err) <= 0)
-+ ret = 1;
-+#endif
-+ BIO_free(bio_err);
-+ EXIT(ret);
-+}
---- a/tools/Makefile.in
-+++ /dev/null
-@@ -1,62 +0,0 @@
--#
--# OpenSSL/tools/Makefile
--#
--
--DIR= tools
--TOP= ..
--CC= cc
--INCLUDES= -I$(TOP) -I../../include
--CFLAG=-g
--MAKEFILE= Makefile
--
--CFLAGS= $(INCLUDES) $(CFLAG)
--
--GENERAL=Makefile
--APPS= c_rehash
--MISC_APPS= c_hash c_info c_issuer c_name
--
--all: apps
--
--apps: $(APPS)
--
--install:
-- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-- @for i in $(APPS) ; \
-- do \
-- (cp $$i $(DESTDIR)$(INSTALLTOP)/bin/$$i.new; \
-- chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$i.new; \
-- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$i.new $(DESTDIR)$(INSTALLTOP)/bin/$$i ); \
-- done;
-- @for i in $(MISC_APPS) ; \
-- do \
-- (cp $$i $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new; \
-- chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new; \
-- mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$i.new $(DESTDIR)$(OPENSSLDIR)/misc/$$i ); \
-- done;
--
--uninstall:
-- @for i in $(APPS) ; \
-- do \
-- echo $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$i; \
-- $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$i; \
-- done;
-- @for i in $(MISC_APPS) ; \
-- do \
-- echo $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \
-- $(RM) $(DESTDIR)$(OPENSSLDIR)/misc/$$i; \
-- done;
--
--errors:
--
--depend:
--
--clean:
-- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--
--errors:
--
--c_rehash: c_rehash.in
-- $(PERL) -I$(TOP) -Mconfigdata $(TOP)/util/dofile.pl -otools/Makefile c_rehash.in > c_rehash.new
-- mv c_rehash.new c_rehash
--
--# DO NOT DELETE THIS LINE -- make depend depends on it.
---- a/tools/build.info
-+++ b/tools/build.info
-@@ -1,4 +1,7 @@
-+{- our $c_rehash_name =
-+ $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
-+ "" -}
- IF[{- !$disabled{apps} -}]
-- SCRIPTS=c_rehash
-- SOURCE[c_rehash]=c_rehash.in
-+ SCRIPTS={- $c_rehash_name -}
-+ SOURCE[{- $c_rehash_name -}]=c_rehash.in
- ENDIF
---- a/tools/c_hash
-+++ /dev/null
-@@ -1,9 +0,0 @@
--#!/bin/sh
--# print out the hash values
--#
--
--for i in $*
--do
-- h=`openssl x509 -hash -noout -in $i`
-- echo "$h.0 => $i"
--done
---- a/tools/c_info
-+++ /dev/null
-@@ -1,12 +0,0 @@
--#!/bin/sh
--#
--# print the subject
--#
--
--for i in $*
--do
-- n=`openssl x509 -subject -issuer -enddate -noout -in $i`
-- echo "$i"
-- echo "$n"
-- echo "--------"
--done
---- a/tools/c_issuer
-+++ /dev/null
-@@ -1,10 +0,0 @@
--#!/bin/sh
--#
--# print out the issuer
--#
--
--for i in $*
--do
-- n=`openssl x509 -issuer -noout -in $i`
-- echo "$i $n"
--done
---- a/tools/c_name
-+++ /dev/null
-@@ -1,10 +0,0 @@
--#!/bin/sh
--#
--# print the subject
--#
--
--for i in $*
--do
-- n=`openssl x509 -subject -noout -in $i`
-- echo "$i $n"
--done
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -1,6 +1,12 @@
--#!{- $config{perl} -}
-+#!{- $config{hashbangperl} -}
-
- # {- join("\n# ", @autowarntext) -}
-+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
-@@ -103,7 +109,7 @@ sub hash_dir {
- print "Doing $_[0]\n";
- chdir $_[0];
- opendir(DIR, ".");
-- my @flist = readdir(DIR);
-+ my @flist = sort readdir(DIR);
- closedir DIR;
- if ( $removelinks ) {
- # Delete any existing symbolic links
---- a/tools/primes.py
-+++ /dev/null
-@@ -1,21 +0,0 @@
--primes = [2, 3, 5, 7, 11]
--safe = False # Not sure if the period's right on safe primes.
--
--muliplier = 1 if not safe else 2
--for p in primes:
-- muliplier *= p
--
--offsets = []
--for x in range(3, muliplier + 3, 2):
-- prime = True
-- for p in primes:
-- if not x % p or (safe and not ((x - 1) / 2) % p):
-- prime = False
-- break
--
-- if prime:
-- offsets.append(x)
--
--print(offsets)
--print(len(offsets))
--print(muliplier)
---- a/util/TLSProxy/ClientHello.pm
-+++ b/util/TLSProxy/ClientHello.pm
-@@ -1,55 +1,9 @@
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
---- a/util/TLSProxy/Message.pm
-+++ b/util/TLSProxy/Message.pm
-@@ -1,55 +1,9 @@
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
-@@ -82,7 +36,8 @@ use constant {
-
- #Alert descriptions
- use constant {
-- AL_DESC_CLOSE_NOTIFY => 0
-+ AL_DESC_CLOSE_NOTIFY => 0,
-+ AL_DESC_UNEXPECTED_MESSAGE => 10
- };
-
- my %message_type = (
---- a/util/TLSProxy/NewSessionTicket.pm
-+++ b/util/TLSProxy/NewSessionTicket.pm
-@@ -1,54 +1,9 @@
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
---- a/util/TLSProxy/Proxy.pm
-+++ b/util/TLSProxy/Proxy.pm
-@@ -1,55 +1,9 @@
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
- use POSIX ":sys_wait_h";
-@@ -207,7 +161,7 @@ sub start
- }
- $self->serverpid($pid);
-
-- $self->clientstart;
-+ return $self->clientstart;
- }
-
- sub clientstart
-@@ -234,7 +188,8 @@ sub clientstart
- if ($proxy_sock) {
- print "Proxy started on port ".$self->proxy_port."\n";
- } else {
-- die "Failed creating proxy socket (".$proxaddr.",".$self->proxy_port."): $!\n";
-+ warn "Failed creating proxy socket (".$proxaddr.",".$self->proxy_port."): $!\n";
-+ return 0;
- }
-
- if ($self->execute) {
-@@ -259,8 +214,11 @@ sub clientstart
- }
-
- # Wait for incoming connection from client
-- my $client_sock = $proxy_sock->accept()
-- or die "Failed accepting incoming connection: $!\n";
-+ my $client_sock;
-+ if(!($client_sock = $proxy_sock->accept())) {
-+ warn "Failed accepting incoming connection: $!\n";
-+ return 0;
-+ }
-
- print "Connection opened\n";
-
-@@ -272,22 +230,27 @@ sub clientstart
- do {
- my $servaddr = $self->server_addr;
- $servaddr =~ s/[\[\]]//g; # Remove [ and ]
-- $server_sock = $IP_factory->(
-- PeerAddr => $servaddr,
-- PeerPort => $self->server_port,
-- MultiHomed => 1,
-- Proto => 'tcp'
-- );
-+ eval {
-+ $server_sock = $IP_factory->(
-+ PeerAddr => $servaddr,
-+ PeerPort => $self->server_port,
-+ MultiHomed => 1,
-+ Proto => 'tcp'
-+ );
-+ };
-
- $retry--;
-- if ($@ || !defined($server_sock)) {
-+ #Some buggy IP factories can return a defined server_sock that hasn't
-+ #actually connected, so we check peerport too
-+ if ($@ || !defined($server_sock) || !defined($server_sock->peerport)) {
- $server_sock->close() if defined($server_sock);
- undef $server_sock;
- if ($retry) {
- #Sleep for a short while
- select(undef, undef, undef, 0.1);
- } else {
-- die "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n";
-+ warn "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n";
-+ return 0;
- }
- }
- } while (!$server_sock);
-@@ -337,6 +300,7 @@ sub clientstart
- .$self->serverpid."\n";
- waitpid( $self->serverpid, 0);
- }
-+ return 1;
- }
-
- sub process_packet
---- a/util/TLSProxy/Record.pm
-+++ b/util/TLSProxy/Record.pm
-@@ -1,55 +1,9 @@
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
---- a/util/TLSProxy/ServerHello.pm
-+++ b/util/TLSProxy/ServerHello.pm
-@@ -1,55 +1,9 @@
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
---- a/util/TLSProxy/ServerKeyExchange.pm
-+++ b/util/TLSProxy/ServerKeyExchange.pm
-@@ -1,55 +1,9 @@
--# Written by Matt Caswell for the OpenSSL project.
--# ====================================================================
--# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions
--# are met:
--#
--# 1. Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# 2. Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in
--# the documentation and/or other materials provided with the
--# distribution.
--#
--# 3. All advertising materials mentioning features or use of this
--# software must display the following acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
--#
--# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
--# endorse or promote products derived from this software without
--# prior written permission. For written permission, please contact
--# openssl-core at openssl.org.
--#
--# 5. Products derived from this software may not be called "OpenSSL"
--# nor may "OpenSSL" appear in their names without prior written
--# permission of the OpenSSL Project.
--#
--# 6. Redistributions of any form whatsoever must retain the following
--# acknowledgment:
--# "This product includes software developed by the OpenSSL Project
--# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
--#
--# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
--# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
--# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
--# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
--# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
--# OF THE POSSIBILITY OF SUCH DAMAGE.
--# ====================================================================
--#
--# This product includes cryptographic software written by Eric Young
--# (eay at cryptsoft.com). This product includes software written by Tim
--# Hudson (tjh at cryptsoft.com).
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use strict;
-
---- a/util/ck_errf.pl
-+++ b/util/ck_errf.pl
-@@ -1,5 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # This is just a quick script to scan for cases where the 'error'
- # function name in a XXXerr() macro is wrong.
- #
---- a/util/copy-if-different.pl
-+++ /dev/null
-@@ -1,78 +0,0 @@
--#!/usr/local/bin/perl
--
--use strict;
--
--use Fcntl;
--
--# copy-if-different.pl
--
--# Copy to the destination if the source is not the same as it.
--
--my @filelist;
--
--foreach my $arg (@ARGV) {
-- $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
-- foreach (glob $arg)
-- {
-- push @filelist, $_;
-- }
--}
--
--my $fnum = @filelist;
--
--if ($fnum <= 1)
-- {
-- die "Need at least two filenames";
-- }
--
--my $dest = pop @filelist;
--
--if ($fnum > 2 && ! -d $dest)
-- {
-- die "Destination must be a directory";
-- }
--
--foreach (@filelist)
-- {
-- my $dfile;
-- if (-d $dest)
-- {
-- $dfile = $_;
-- $dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
-- $dfile = "$dest/$dfile";
-- }
-- else
-- {
-- $dfile = $dest;
-- }
--
-- my $buf;
-- if (-f $dfile)
-- {
-- sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
-- sysopen(OUT, $dfile, O_RDONLY|O_BINARY)
-- || die "Can't Open $dfile";
-- while (sysread IN, $buf, 10240)
-- {
-- my $b2;
-- goto copy if !sysread(OUT, $b2, 10240) || $buf ne $b2;
-- }
-- goto copy if sysread(OUT, $buf, 1);
-- close(IN);
-- close(OUT);
-- print "NOT copying: $_ to $dfile\n";
-- next;
-- }
-- copy:
-- sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
-- sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
-- || die "Can't Open $dfile";
-- while (sysread IN, $buf, 10240)
-- {
-- syswrite(OUT, $buf, length($buf));
-- }
-- close(IN);
-- close(OUT);
-- print "Copying: $_ to $dfile\n";
-- }
--
---- a/util/copy.pl
-+++ b/util/copy.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- use Fcntl;
-
-@@ -19,7 +26,7 @@ foreach $arg (@ARGV) {
- next;
- }
- $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
-- foreach (glob $arg)
-+ foreach (glob qq("$arg"))
- {
- push @filelist, $_;
- }
---- a/util/dirname.pl
-+++ /dev/null
-@@ -1,18 +0,0 @@
--#!/usr/local/bin/perl
--
--if ($#ARGV < 0) {
-- die "dirname.pl: too few arguments\n";
--} elsif ($#ARGV > 0) {
-- die "dirname.pl: too many arguments\n";
--}
--
--my $d = $ARGV[0];
--
--if ($d =~ m|.*/.*|) {
-- $d =~ s|/[^/]*$||;
--} else {
-- $d = ".";
--}
--
--print $d,"\n";
--exit(0);
---- a/util/dofile.pl
-+++ b/util/dofile.pl
-@@ -1,5 +1,11 @@
--#! /usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # Reads one or more template files and runs it through Text::Template
- #
- # It is assumed that this scripts is called with -Mconfigdata, a module
---- a/util/domd.in
-+++ /dev/null
-@@ -1,26 +0,0 @@
--#!/bin/sh
--## Wrapper to portably run makedepend or equivalent compiler built-in.
--## Runs on Makefile.in, generates Makefile
--## {- join("\n## ", @autowarntext) -}
--
--{- "MAKEDEPEND=" . quotify1($config{makedepprog}) -}
--
--case "${MAKEDEPEND}" in
--cat)
-- ;;
--makedepend)
-- ${MAKEDEPEND} $@ || exit 1
-- ;;
--*)
-- args="-Werror -MM"
-- while [ $# -gt 0 ]; do
-- if [ "$1" != '--' ] ; then
-- args="$args $1"
-- fi
-- shift
-- done
-- sed -e '/DO NOT DELETE THIS LINE/q' Makefile >Makefile.tmp
-- ${MAKEDEPEND} $args >>Makefile.tmp || exit 1
-- mv Makefile.tmp Makefile
-- ;;
--esac
---- a/util/extract-names.pl
-+++ /dev/null
-@@ -1,26 +0,0 @@
--#!/usr/bin/perl
--
--$/ = ""; # Eat a paragraph at once.
--while(<STDIN>) {
-- s|\R$||;
-- s/\n/ /gm;
-- if (/^=head1 /) {
-- $name = 0;
-- } elsif ($name) {
-- if (/ - /) {
-- s/ - .*//;
-- s/,\s+/,/g;
-- s/\s+,/,/g;
-- s/^\s+//g;
-- s/\s+$//g;
-- s/\s/_/g;
-- push @words, split ',';
-- }
-- }
-- if (/^=head1 *NAME *$/) {
-- $name = 1;
-- }
--}
--
--print join("\n", @words),"\n";
--
---- a/util/extract-section.pl
-+++ /dev/null
-@@ -1,12 +0,0 @@
--#!/usr/bin/perl
--
--while(<STDIN>) {
-- if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
-- {
-- print "$1\n";
-- exit 0;
-- }
--}
--
--print "$ARGV[0]\n";
--
---- /dev/null
-+++ b/util/find-doc-nits.pl
-@@ -0,0 +1,189 @@
-+#! /usr/bin/env perl
-+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+require 5.10.0;
-+use warnings;
-+use strict;
-+use Pod::Checker;
-+use File::Find;
-+use File::Basename;
-+use Getopt::Std;
-+
-+our($opt_s);
-+
-+my $temp = '/tmp/docnits.txt';
-+my $OUT;
-+
-+my %mandatory_sections =
-+ ( '*' => [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
-+ 1 => [ 'SYNOPSIS', '(COMMAND\s+)?OPTIONS' ],
-+ 3 => [ 'SYNOPSIS', 'RETURN\s+VALUES' ],
-+ 5 => [ ],
-+ 7 => [ ] );
-+my %default_sections =
-+ ( apps => 1,
-+ crypto => 3,
-+ ssl => 3 );
-+
-+# Cross-check functions in the NAME and SYNOPSIS section.
-+sub name_synopsis()
-+{
-+ my $id = shift;
-+ my $filename = shift;
-+ my $contents = shift;
-+
-+ # Get NAME section and all words in it.
-+ return unless $contents =~ /=head1 NAME(.*)=head1 SYNOPSIS/ms;
-+ my $tmp = $1;
-+ $tmp =~ tr/\n/ /;
-+ $tmp =~ s/-.*//g;
-+ $tmp =~ s/,//g;
-+
-+ my $dirname = dirname($filename);
-+ my $simplename = basename($filename);
-+ $simplename =~ s/.pod$//;
-+ my $foundfilename = 0;
-+ my %foundfilenames = ();
-+ my %names;
-+ foreach my $n ( split ' ', $tmp ) {
-+ $names{$n} = 1;
-+ $foundfilename++ if $n eq $simplename;
-+ $foundfilenames{$n} = 1
-+ if -f "$dirname/$n.pod" && $n ne $simplename;
-+ }
-+ print "$id the following exist as other .pod files:\n",
-+ join(" ", sort keys %foundfilenames), "\n"
-+ if %foundfilenames;
-+ print "$id $simplename (filename) missing from NAME section\n",
-+ unless $foundfilename;
-+
-+ # Find all functions in SYNOPSIS
-+ return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms;
-+ my $syn = $1;
-+ foreach my $line ( split /\n+/, $syn ) {
-+ my $sym;
-+ $line =~ s/STACK_OF\([^)]+\)/int/g;
-+ $line =~ s/__declspec\([^)]+\)//;
-+ if ( $line =~ /typedef.* (\S+);/ ) {
-+ $sym = $1;
-+ } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
-+ $sym = $1;
-+ } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
-+ $sym = $1;
-+ }
-+ else {
-+ next;
-+ }
-+ print "$id $sym missing from NAME section\n"
-+ unless defined $names{$sym};
-+ $names{$sym} = 2;
-+
-+ # Do some sanity checks on the prototype.
-+ print "$id prototype missing spaces around commas: $line\n"
-+ if ( $line =~ /[a-z0-9],[^ ]/ );
-+ }
-+
-+ foreach my $n ( keys %names ) {
-+ next if $names{$n} == 2;
-+ print "$id $n missing from SYNOPSIS\n";
-+ }
-+}
-+
-+sub check()
-+{
-+ my $filename = shift;
-+ my $dirname = basename(dirname($filename));
-+
-+ my $contents = '';
-+ {
-+ local $/ = undef;
-+ open POD, $filename or die "Couldn't open $filename, $!";
-+ $contents = <POD>;
-+ close POD;
-+ }
-+
-+ my $id = "${filename}:1:";
-+
-+ &name_synopsis($id, $filename, $contents)
-+ unless $contents =~ /=for comment generic/
-+ or $contents =~ /=for comment openssl_manual_section:7/
-+ or $filename =~ m@/apps/@;
-+
-+ print "$id doesn't start with =pod\n"
-+ if $contents !~ /^=pod/;
-+ print "$id doesn't end with =cut\n"
-+ if $contents !~ /=cut\n$/;
-+ print "$id more than one cut line.\n"
-+ if $contents =~ /=cut.*=cut/ms;
-+ print "$id missing copyright\n"
-+ if $contents !~ /Copyright .* The OpenSSL Project Authors/;
-+ print "$id copyright not last\n"
-+ if $contents =~ /head1 COPYRIGHT.*=head/ms;
-+ print "$id head2 in All uppercase\n"
-+ if $contents =~ /head2\s+[A-Z ]+\n/;
-+ print "$id extra space after head\n"
-+ if $contents =~ /=head\d\s\s+/;
-+ print "$id period in NAME section\n"
-+ if $contents =~ /=head1 NAME.*\.\n.*=head1 SYNOPSIS/ms;
-+ print "$id POD markup in NAME section\n"
-+ if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
-+
-+ # Look for multiple consecutive openssl #include lines.
-+ # Consecutive because of files like md5.pod. Sometimes it's okay
-+ # or necessary, as in ssl/SSL_set1_host.pod
-+ if ( $contents !~ /=for comment multiple includes/ ) {
-+ if ( $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms ) {
-+ my $count = 0;
-+ foreach my $line ( split /\n+/, $1 ) {
-+ if ( $line =~ m at include <openssl/@ ) {
-+ if ( ++$count == 2 ) {
-+ print "$id has multiple includes\n";
-+ }
-+ } else {
-+ $count = 0;
-+ }
-+ }
-+ }
-+ }
-+
-+ return unless $opt_s;
-+
-+ # Find what section this page is in. If run from "." assume
-+ # section 3.
-+ my $section = $default_sections{$dirname} || 3;
-+ if ($contents =~ /^=for\s+comment\s+openssl_manual_section:\s*(\d+)\s*$/m) {
-+ $section = $1;
-+ }
-+
-+ foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) {
-+ print "$id doesn't have a head1 section matching $_\n"
-+ if $contents !~ /^=head1\s+${_}\s*$/m;
-+ }
-+
-+ open my $OUT, '>', $temp
-+ or die "Can't open $temp, $!";
-+ podchecker($filename, $OUT);
-+ close $OUT;
-+ open $OUT, '<', $temp
-+ or die "Can't read $temp, $!";
-+ while ( <$OUT> ) {
-+ next if /\(section\) in.*deprecated/;
-+ print;
-+ }
-+ close $OUT;
-+ unlink $temp || warn "Can't remove $temp, $!";
-+}
-+
-+getopts('s');
-+
-+foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
-+ &check($_);
-+}
-+
-+exit;
---- /dev/null
-+++ b/util/find-undoc-api.pl
-@@ -0,0 +1,82 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use warnings;
-+
-+use File::Spec::Functions;
-+use File::Basename;
-+#use File::Copy;
-+#use File::Path;
-+use lib catdir(dirname($0), "perl");
-+use OpenSSL::Util::Pod;
-+
-+my %dups;
-+
-+sub parsenum()
-+{
-+ my $file = shift;
-+ my @apis;
-+
-+ open my $IN, '<', $file
-+ or die "Can't open $file, $!, stopped";
-+
-+ while ( <$IN> ) {
-+ next if /\sNOEXIST/;
-+ next if /EXPORT_VAR_AS_FUNC/;
-+ push @apis, $1 if /([^\s]+).\s/;
-+ }
-+
-+ close $IN;
-+
-+ print "# Found ", scalar(@apis), " in $file\n";
-+ return sort @apis;
-+}
-+
-+sub getdocced()
-+{
-+ my $dir = shift;
-+ my %return;
-+
-+ foreach my $pod ( glob("$dir/*.pod") ) {
-+ next if $pod eq 'doc/crypto/crypto.pod';
-+ next if $pod eq 'doc/ssl/ssl.pod';
-+ my %podinfo = extract_pod_info($pod);
-+ foreach my $n ( @{$podinfo{names}} ) {
-+ $return{$n} = $pod;
-+ print "# Duplicate $n in $pod and $dups{$n}\n"
-+ if defined $dups{$n};
-+ $dups{$n} = $pod;
-+ }
-+ }
-+
-+ return %return;
-+}
-+
-+sub printem()
-+{
-+ my $docdir = shift;
-+ my $numfile = shift;
-+ my %docced = &getdocced($docdir);
-+ my $count = 0;
-+
-+ foreach my $func ( &parsenum($numfile) ) {
-+ next if $docced{$func};
-+
-+ # Skip ASN1 utilities
-+ next if $func =~ /^ASN1_/;
-+
-+ print $func, "\n";
-+ $count++;
-+ }
-+ print "# Found $count missing from $numfile\n\n";
-+}
-+
-+
-+&printem('doc/crypto', 'util/libcrypto.num');
-+&printem('doc/ssl', 'util/libssl.num');
---- /dev/null
-+++ b/util/find-unused-errs
-@@ -0,0 +1,35 @@
-+#! /bin/bash
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+# Find unused error function-names and reason-codes, and edit them
-+# out of the source. Doesn't handle line-wrapping, might have to do
-+# some manual cleanups to fix compile errors.
-+
-+export X1=/tmp/f.1.$$
-+export X2=/tmp/f.2.$$
-+
-+cd include/openssl || exit 1
-+grep '_[RF]_' * | awk '{print $3;}' | sort -u >$X1
-+cd ../..
-+
-+for F in `cat $X1` ; do
-+ git grep -l --full-name -F $F >$X2
-+ NUM=`wc -l <$X2`
-+ test $NUM -gt 2 && continue
-+ if grep -q $F crypto/err/openssl.ec ; then
-+ echo Possibly unused $F found in openssl.ec
-+ continue
-+ fi
-+ echo $F
-+ for FILE in `cat $X2` ; do
-+ grep -v -w $F <$FILE >$FILE.new
-+ mv $FILE.new $FILE
-+ done
-+done
-+
-+rm $X1 $X2
---- a/util/fipslink.pl
-+++ b/util/fipslink.pl
-@@ -1,4 +1,10 @@
--#!/usr/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- sub check_env
- {
---- a/util/incore
-+++ b/util/incore
-@@ -1,7 +1,11 @@
--#!/usr/bin/env perl
--#
--# Copyright (c) 2011 The OpenSSL Project.
-+#! /usr/bin/env perl
-+# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # The script embeds fingerprint into ELF executable object, either
- # application binary or shared library.
-
---- a/util/indent.pro
-+++ b/util/indent.pro
-@@ -187,11 +187,8 @@
- -T CRYPTO_EX_DATA_FUNCS
- -T CRYPTO_EX_DATA_IMPL
- -T CRYPTO_EX_dup
---T CRYPTO_EX_dup
---T CRYPTO_EX_free
- -T CRYPTO_EX_free
- -T CRYPTO_EX_new
---T CRYPTO_EX_new
- -T CRYPTO_MEM_LEAK_CB
- -T CRYPTO_THREADID
- -T CRYPTO_dynlock_value
-@@ -574,6 +571,7 @@
- -T asn1_ps_func
- -T bio_dgram_data
- -T bio_info_cb
-+-T BIO_callack_fn
- -T char_io
- -T conf_finish_func
- -T conf_init_func
---- a/util/install.sh
-+++ /dev/null
-@@ -1,108 +0,0 @@
--#!/bin/sh
--#
--# install - install a program, script, or datafile
--# This comes from X11R5; it is not part of GNU.
--#
--# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
--#
--# This script is compatible with the BSD install script, but was written
--# from scratch.
--#
--
--
--# set DOITPROG to echo to test this script
--
--doit="${DOITPROG:-}"
--
--
--# put in absolute paths if you don't have them in your path; or use env. vars.
--
--mvprog="${MVPROG:-mv}"
--cpprog="${CPPROG:-cp}"
--chmodprog="${CHMODPROG:-chmod}"
--chownprog="${CHOWNPROG:-chown}"
--chgrpprog="${CHGRPPROG:-chgrp}"
--stripprog="${STRIPPROG:-strip}"
--rmprog="${RMPROG:-rm}"
--
--instcmd="$mvprog"
--chmodcmd=""
--chowncmd=""
--chgrpcmd=""
--stripcmd=""
--rmcmd="$rmprog -f"
--src=""
--dst=""
--
--while [ x"$1" != x ]; do
-- case $1 in
-- -c) instcmd="$cpprog"
-- shift
-- continue;;
--
-- -m) chmodcmd="$chmodprog $2"
-- shift
-- shift
-- continue;;
--
-- -o) chowncmd="$chownprog $2"
-- shift
-- shift
-- continue;;
--
-- -g) chgrpcmd="$chgrpprog $2"
-- shift
-- shift
-- continue;;
--
-- -s) stripcmd="$stripprog"
-- shift
-- continue;;
--
-- *) if [ x"$src" = x ]
-- then
-- src=$1
-- else
-- dst=$1
-- fi
-- shift
-- continue;;
-- esac
--done
--
--if [ x"$src" = x ]
--then
-- echo "install: no input file specified"
-- exit 1
--fi
--
--if [ x"$dst" = x ]
--then
-- echo "install: no destination specified"
-- exit 1
--fi
--
--
--# if destination is a directory, append the input filename; if your system
--# does not like double slashes in filenames, you may need to add some logic
--
--if [ -d $dst ]
--then
-- dst="$dst"/`basename $src`
--fi
--
--
--# get rid of the old one and mode the new one in
--
--$doit $rmcmd $dst
--$doit $instcmd $src $dst
--
--
--# and set any options; do chmod last to preserve setuid bits
--
--if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
--if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
--if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
--if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
--
--exit 0
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -1,5 +1,5 @@
- d2i_EC_PUBKEY 1 1_1_0 EXIST::FUNCTION:EC
--b2i_PVK_bio 2 1_1_0 EXIST::FUNCTION:RC4
-+b2i_PVK_bio 2 1_1_0 EXIST::FUNCTION:DSA,RC4
- PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get0_chain 4 1_1_0 EXIST::FUNCTION:
- COMP_expand_block 5 1_1_0 EXIST::FUNCTION:COMP
-@@ -18,7 +18,6 @@ i2d_ESS_ISSUER_SERIAL
- i2d_ASN1_OCTET_STRING 17 1_1_0 EXIST::FUNCTION:
- EC_KEY_set_private_key 18 1_1_0 EXIST::FUNCTION:EC
- SRP_VBASE_get_by_user 19 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
--CONF_modules_free 20 1_1_0 NOEXIST::FUNCTION:
- Camellia_cfb128_encrypt 21 1_1_0 EXIST::FUNCTION:CAMELLIA
- DES_ncbc_encrypt 22 1_1_0 EXIST::FUNCTION:DES
- TS_REQ_get_ext_count 23 1_1_0 EXIST::FUNCTION:TS
-@@ -31,7 +30,7 @@ ASN1_item_d2i_fp
- ASN1_INTEGER_get_uint64 30 1_1_0 EXIST::FUNCTION:
- EVP_DigestInit_ex 31 1_1_0 EXIST::FUNCTION:
- CTLOG_new 32 1_1_0 EXIST::FUNCTION:CT
--UI_get_result_minsize 33 1_1_0 EXIST::FUNCTION:
-+UI_get_result_minsize 33 1_1_0 EXIST::FUNCTION:UI
- EVP_PBE_alg_add_type 34 1_1_0 EXIST::FUNCTION:
- EVP_cast5_ofb 35 1_1_0 EXIST::FUNCTION:CAST
- d2i_PUBKEY_fp 36 1_1_0 EXIST::FUNCTION:STDIO
-@@ -40,16 +39,15 @@ BF_decrypt
- PEM_read_bio_PUBKEY 39 1_1_0 EXIST::FUNCTION:
- X509_NAME_delete_entry 40 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_set_verify_recover 41 1_1_0 EXIST::FUNCTION:
--UI_set_method 42 1_1_0 EXIST::FUNCTION:
-+UI_set_method 42 1_1_0 EXIST::FUNCTION:UI
- PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- EC_GROUP_method_of 44 1_1_0 EXIST::FUNCTION:EC
- RSA_blinding_on 45 1_1_0 EXIST::FUNCTION:RSA
--CRYPTO_set_dynlock_lock_callback 46 1_1_0 NOEXIST::FUNCTION:
- X509_get0_signature 47 1_1_0 EXIST::FUNCTION:
- X509_REVOKED_get0_extensions 48 1_1_0 EXIST::FUNCTION:
- NETSCAPE_SPKI_verify 49 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_RESPONSE 50 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_RESPONSE 50 1_1_0 EXIST::FUNCTION:OCSP
- ERR_peek_error 51 1_1_0 EXIST::FUNCTION:
- X509v3_asid_validate_resource_set 52 1_1_0 EXIST::FUNCTION:RFC3779
- PEM_write_bio_Parameters 53 1_1_0 EXIST::FUNCTION:
-@@ -57,7 +55,7 @@ CMS_SignerInfo_verify
- X509v3_asid_is_canonical 55 1_1_0 EXIST::FUNCTION:RFC3779
- ASN1_ENUMERATED_get 56 1_1_0 EXIST::FUNCTION:
- EVP_MD_do_all_sorted 57 1_1_0 EXIST::FUNCTION:
--OCSP_crl_reason_str 58 1_1_0 EXIST::FUNCTION:
-+OCSP_crl_reason_str 58 1_1_0 EXIST::FUNCTION:OCSP
- ENGINE_ctrl_cmd_string 59 1_1_0 EXIST::FUNCTION:ENGINE
- ENGINE_finish 60 1_1_0 EXIST::FUNCTION:ENGINE
- SRP_Calc_client_key 61 1_1_0 EXIST::FUNCTION:SRP
-@@ -68,7 +66,7 @@ EVP_idea_ofb
- EVP_PKEY_meth_get_copy 66 1_1_0 EXIST::FUNCTION:
- RSA_up_ref 67 1_1_0 EXIST::FUNCTION:RSA
- EVP_PKEY_meth_set_ctrl 68 1_1_0 EXIST::FUNCTION:
--OCSP_basic_sign 69 1_1_0 EXIST::FUNCTION:
-+OCSP_basic_sign 69 1_1_0 EXIST::FUNCTION:OCSP
- BN_GENCB_set 70 1_1_0 EXIST::FUNCTION:
- BN_generate_prime 71 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
- d2i_DSAPrivateKey_fp 72 1_1_0 EXIST::FUNCTION:DSA,STDIO
-@@ -79,7 +77,7 @@ d2i_DSAPrivateKey_fp
- CONF_set_nconf 77 1_1_0 EXIST::FUNCTION:
- RAND_set_rand_method 78 1_1_0 EXIST::FUNCTION:
- BN_GF2m_mod_mul 79 1_1_0 EXIST::FUNCTION:EC2M
--UI_add_input_boolean 80 1_1_0 EXIST::FUNCTION:
-+UI_add_input_boolean 80 1_1_0 EXIST::FUNCTION:UI
- ASN1_TIME_adj 81 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_asn1_get0_info 82 1_1_0 EXIST::FUNCTION:
- BN_add_word 83 1_1_0 EXIST::FUNCTION:
-@@ -88,14 +86,14 @@ EVP_des_ede
- ASYNC_WAIT_CTX_get_all_fds 86 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_meth_set_do_cipher 87 1_1_0 EXIST::FUNCTION:
- EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION:UI
--d2i_OCSP_RESPBYTES 89 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_RESPBYTES 89 1_1_0 EXIST::FUNCTION:OCSP
- TS_REQ_get_ext_by_NID 90 1_1_0 EXIST::FUNCTION:TS
- ASN1_item_ndef_i2d 91 1_1_0 EXIST::FUNCTION:
--OCSP_archive_cutoff_new 92 1_1_0 EXIST::FUNCTION:
-+OCSP_archive_cutoff_new 92 1_1_0 EXIST::FUNCTION:OCSP
- DSA_size 93 1_1_0 EXIST::FUNCTION:DSA
- IPAddressRange_free 94 1_1_0 EXIST::FUNCTION:RFC3779
- CMS_ContentInfo_free 95 1_1_0 EXIST::FUNCTION:CMS
--BIO_accept 96 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
-+BIO_accept 96 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
- X509_VERIFY_PARAM_set1_policies 97 1_1_0 EXIST::FUNCTION:
- SCT_set0_extensions 98 1_1_0 EXIST::FUNCTION:CT
- PKCS5_pbe2_set_scrypt 99 1_1_0 EXIST::FUNCTION:SCRYPT
-@@ -106,22 +104,22 @@ d2i_DHparams
- i2d_PKCS7_ENC_CONTENT 104 1_1_0 EXIST::FUNCTION:
- DH_generate_key 105 1_1_0 EXIST::FUNCTION:DH
- ENGINE_add_conf_module 106 1_1_0 EXIST::FUNCTION:ENGINE
--BIO_new_socket 107 1_1_0 EXIST::FUNCTION:
-+BIO_new_socket 107 1_1_0 EXIST::FUNCTION:SOCK
- ASN1_OBJECT_free 108 1_1_0 EXIST::FUNCTION:
- X509_REQ_get_extensions 109 1_1_0 EXIST::FUNCTION:
- X509_get_version 110 1_1_0 EXIST::FUNCTION:
--OCSP_CERTID_dup 111 1_1_0 EXIST::FUNCTION:
-+OCSP_CERTID_dup 111 1_1_0 EXIST::FUNCTION:OCSP
- RSA_PSS_PARAMS_free 112 1_1_0 EXIST::FUNCTION:RSA
- i2d_TS_MSG_IMPRINT 113 1_1_0 EXIST::FUNCTION:TS
- EC_POINT_mul 114 1_1_0 EXIST::FUNCTION:EC
- WHIRLPOOL_Final 115 1_1_0 EXIST::FUNCTION:WHIRLPOOL
- CMS_get1_ReceiptRequest 116 1_1_0 EXIST::FUNCTION:CMS
--BIO_sock_non_fatal_error 117 1_1_0 EXIST::FUNCTION:
-+BIO_sock_non_fatal_error 117 1_1_0 EXIST::FUNCTION:SOCK
- HMAC_Update 118 1_1_0 EXIST::FUNCTION:
- i2d_PKCS12 119 1_1_0 EXIST::FUNCTION:
- EVP_BytesToKey 120 1_1_0 EXIST::FUNCTION:
- ENGINE_set_default_pkey_asn1_meths 121 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_BASICRESP_add1_ext_i2d 122 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_add1_ext_i2d 122 1_1_0 EXIST::FUNCTION:OCSP
- EVP_camellia_128_ctr 123 1_1_0 EXIST::FUNCTION:CAMELLIA
- EVP_CIPHER_impl_ctx_size 124 1_1_0 EXIST::FUNCTION:
- X509_CRL_get_nextUpdate 125 1_1_0 EXIST::FUNCTION:
-@@ -132,22 +130,21 @@ ENGINE_set_destroy_function
- d2i_ASIdentifiers 130 1_1_0 EXIST::FUNCTION:RFC3779
- i2d_PKCS12_bio 131 1_1_0 EXIST::FUNCTION:
- X509_to_X509_REQ 132 1_1_0 EXIST::FUNCTION:
--OCSP_basic_add1_nonce 133 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_BASICRESP 134 1_1_0 EXIST::FUNCTION:
-+OCSP_basic_add1_nonce 133 1_1_0 EXIST::FUNCTION:OCSP
-+d2i_OCSP_BASICRESP 134 1_1_0 EXIST::FUNCTION:OCSP
- X509v3_add_ext 135 1_1_0 EXIST::FUNCTION:
- X509v3_addr_subset 136 1_1_0 EXIST::FUNCTION:RFC3779
- CRYPTO_strndup 137 1_1_0 EXIST::FUNCTION:
--OCSP_REQ_CTX_free 138 1_1_0 EXIST::FUNCTION:
--DSO_METHOD_dlfcn 139 1_1_0 NOEXIST::FUNCTION:
-+OCSP_REQ_CTX_free 138 1_1_0 EXIST::FUNCTION:OCSP
- X509_STORE_new 140 1_1_0 EXIST::FUNCTION:
- ASN1_TYPE_free 141 1_1_0 EXIST::FUNCTION:
- PKCS12_BAGS_new 142 1_1_0 EXIST::FUNCTION:
--CMAC_CTX_new 143 1_1_0 EXIST::FUNCTION:
-+CMAC_CTX_new 143 1_1_0 EXIST::FUNCTION:CMAC
- ASIdentifierChoice_new 144 1_1_0 EXIST::FUNCTION:RFC3779
- EVP_PKEY_asn1_set_public 145 1_1_0 EXIST::FUNCTION:
- IDEA_set_decrypt_key 146 1_1_0 EXIST::FUNCTION:IDEA
- X509_STORE_CTX_set_flags 147 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_rawmake 148 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_rawmake 148 1_1_0 EXIST::FUNCTION:SOCK
- EVP_PKEY_asn1_set_ctrl 149 1_1_0 EXIST::FUNCTION:
- EC_POINTs_mul 150 1_1_0 EXIST::FUNCTION:EC
- ASN1_get_object 151 1_1_0 EXIST::FUNCTION:
-@@ -168,7 +165,6 @@ CT_POLICY_EVAL_CTX_free
- CMS_RecipientInfo_kari_get0_ctx 166 1_1_0 EXIST::FUNCTION:CMS
- PKCS7_set_attributes 167 1_1_0 EXIST::FUNCTION:
- d2i_POLICYQUALINFO 168 1_1_0 EXIST::FUNCTION:
--CRYPTO_add_lock 169 1_1_0 NOEXIST::FUNCTION:
- EVP_MD_type 170 1_1_0 EXIST::FUNCTION:
- EVP_PKCS82PKEY 171 1_1_0 EXIST::FUNCTION:
- BN_generate_prime_ex 172 1_1_0 EXIST::FUNCTION:
-@@ -181,7 +177,7 @@ CMS_RecipientInfo_kari_get0_ctx
- EVP_CIPHER_CTX_key_length 179 1_1_0 EXIST::FUNCTION:
- BIO_clear_flags 180 1_1_0 EXIST::FUNCTION:
- i2d_DISPLAYTEXT 181 1_1_0 EXIST::FUNCTION:
--OCSP_response_status 182 1_1_0 EXIST::FUNCTION:
-+OCSP_response_status 182 1_1_0 EXIST::FUNCTION:OCSP
- i2d_ASN1_PRINTABLESTRING 183 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_set_hostflags 184 1_1_0 EXIST::FUNCTION:
- SCT_get0_log_id 185 1_1_0 EXIST::FUNCTION:CT
-@@ -201,7 +197,7 @@ TS_TST_INFO_new
- d2i_X509_ALGORS 198 1_1_0 EXIST::FUNCTION:
- EVP_PKEY2PKCS8 199 1_1_0 EXIST::FUNCTION:
- BN_nist_mod_256 200 1_1_0 EXIST::FUNCTION:
--OCSP_request_add0_id 201 1_1_0 EXIST::FUNCTION:
-+OCSP_request_add0_id 201 1_1_0 EXIST::FUNCTION:OCSP
- EVP_seed_cfb128 202 1_1_0 EXIST::FUNCTION:SEED
- BASIC_CONSTRAINTS_free 203 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_flags 204 1_1_0 EXIST::FUNCTION:
-@@ -210,13 +206,13 @@ SCT_set_version
- CMS_add1_ReceiptRequest 207 1_1_0 EXIST::FUNCTION:CMS
- d2i_CRL_DIST_POINTS 208 1_1_0 EXIST::FUNCTION:
- X509_CRL_INFO_free 209 1_1_0 EXIST::FUNCTION:
--ERR_load_UI_strings 210 1_1_0 EXIST::FUNCTION:
-+ERR_load_UI_strings 210 1_1_0 EXIST::FUNCTION:UI
- ERR_load_strings 211 1_1_0 EXIST::FUNCTION:
- RSA_X931_hash_id 212 1_1_0 EXIST::FUNCTION:RSA
- EC_KEY_set_method 213 1_1_0 EXIST::FUNCTION:EC
- PEM_write_PKCS8_PRIV_KEY_INFO 214 1_1_0 EXIST::FUNCTION:
- X509at_get0_data_by_OBJ 215 1_1_0 EXIST::FUNCTION:
--b2i_PublicKey_bio 216 1_1_0 EXIST::FUNCTION:
-+b2i_PublicKey_bio 216 1_1_0 EXIST::FUNCTION:DSA
- s2i_ASN1_OCTET_STRING 217 1_1_0 EXIST::FUNCTION:
- POLICYINFO_it 218 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- POLICYINFO_it 218 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -236,10 +232,10 @@ EC_POINT_set_Jprojective_coordinates_GFp
- X509_LOOKUP_file 232 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_set_decrypt 233 1_1_0 EXIST::FUNCTION:
- EVP_rc2_ecb 234 1_1_0 EXIST::FUNCTION:RC2
--i2b_PublicKey_bio 235 1_1_0 EXIST::FUNCTION:
-+i2b_PublicKey_bio 235 1_1_0 EXIST::FUNCTION:DSA
- d2i_ASN1_SET_ANY 236 1_1_0 EXIST::FUNCTION:
- ASN1_item_i2d 238 1_1_0 EXIST::FUNCTION:
--OCSP_copy_nonce 239 1_1_0 EXIST::FUNCTION:
-+OCSP_copy_nonce 239 1_1_0 EXIST::FUNCTION:OCSP
- OBJ_txt2nid 240 1_1_0 EXIST::FUNCTION:
- SEED_set_key 241 1_1_0 EXIST::FUNCTION:SEED
- EC_KEY_clear_flags 242 1_1_0 EXIST::FUNCTION:EC
-@@ -258,7 +254,6 @@ ENGINE_register_all_ciphers
- SXNET_new 255 1_1_0 EXIST::FUNCTION:
- EVP_camellia_256_ctr 256 1_1_0 EXIST::FUNCTION:CAMELLIA
- d2i_PKCS8_PRIV_KEY_INFO 257 1_1_0 EXIST::FUNCTION:
--OPENSSL_strncasecmp 258 1_1_0 EXIST::FUNCTION:
- EVP_md2 259 1_1_0 EXIST::FUNCTION:MD2
- RC2_ecb_encrypt 260 1_1_0 EXIST::FUNCTION:RC2
- ENGINE_register_DH 261 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -268,16 +263,16 @@ EVP_des_ede3
- PKCS7_add1_attrib_digest 265 1_1_0 EXIST::FUNCTION:
- EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:EC
- EVP_seed_ecb 267 1_1_0 EXIST::FUNCTION:SEED
--BIO_dgram_sctp_wait_for_dry 268 1_1_0 EXIST::FUNCTION:SCTP
-+BIO_dgram_sctp_wait_for_dry 268 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
- ASN1_OCTET_STRING_NDEF_it 269 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_OCTET_STRING_NDEF_it 269 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- EVP_PKEY_asn1_get_count 270 1_1_0 EXIST::FUNCTION:
- WHIRLPOOL_Init 271 1_1_0 EXIST::FUNCTION:WHIRLPOOL
- EVP_OpenInit 272 1_1_0 EXIST::FUNCTION:RSA
--OCSP_response_get1_basic 273 1_1_0 EXIST::FUNCTION:
-+OCSP_response_get1_basic 273 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_gcm128_tag 274 1_1_0 EXIST::FUNCTION:
--OCSP_parse_url 275 1_1_0 EXIST::FUNCTION:
--UI_get0_test_string 276 1_1_0 EXIST::FUNCTION:
-+OCSP_parse_url 275 1_1_0 EXIST::FUNCTION:OCSP
-+UI_get0_test_string 276 1_1_0 EXIST::FUNCTION:UI
- CRYPTO_secure_free 277 1_1_0 EXIST::FUNCTION:
- DSA_print_fp 278 1_1_0 EXIST::FUNCTION:DSA,STDIO
- X509_get_ext_d2i 279 1_1_0 EXIST::FUNCTION:
-@@ -302,59 +297,58 @@ CT_POLICY_EVAL_CTX_set0_issuer
- PEM_write_bio_DSA_PUBKEY 298 1_1_0 EXIST::FUNCTION:DSA
- PEM_X509_INFO_read_bio 299 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get0_order 300 1_1_0 EXIST::FUNCTION:EC
--OCSP_BASICRESP_delete_ext 301 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_delete_ext 301 1_1_0 EXIST::FUNCTION:OCSP
- PKCS12_get_attr_gen 302 1_1_0 EXIST::FUNCTION:
- PKCS12_SAFEBAG_get0_safes 303 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_derive 304 1_1_0 EXIST::FUNCTION:
--OCSP_BASICRESP_get_ext_by_NID 305 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_get_ext_by_NID 305 1_1_0 EXIST::FUNCTION:OCSP
- OBJ_dup 306 1_1_0 EXIST::FUNCTION:
- CMS_signed_get_attr_count 307 1_1_0 EXIST::FUNCTION:CMS
- EC_get_builtin_curves 308 1_1_0 EXIST::FUNCTION:EC
- i2d_ASN1_IA5STRING 309 1_1_0 EXIST::FUNCTION:
--OCSP_check_nonce 310 1_1_0 EXIST::FUNCTION:
-+OCSP_check_nonce 310 1_1_0 EXIST::FUNCTION:OCSP
- X509_STORE_CTX_init 311 1_1_0 EXIST::FUNCTION:
--OCSP_RESPONSE_free 312 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPONSE_free 312 1_1_0 EXIST::FUNCTION:OCSP
- ENGINE_set_DH 313 1_1_0 EXIST::FUNCTION:ENGINE
- EVP_CIPHER_CTX_set_flags 314 1_1_0 EXIST::FUNCTION:
- err_free_strings_int 315 1_1_0 EXIST::FUNCTION:
- PEM_write_bio_PKCS7_stream 316 1_1_0 EXIST::FUNCTION:
- d2i_X509_CERT_AUX 317 1_1_0 EXIST::FUNCTION:
--UI_process 318 1_1_0 EXIST::FUNCTION:
-+UI_process 318 1_1_0 EXIST::FUNCTION:UI
- X509_get_subject_name 319 1_1_0 EXIST::FUNCTION:
- DH_get_1024_160 320 1_1_0 EXIST::FUNCTION:DH
- i2d_ASN1_UNIVERSALSTRING 321 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_RESPID 322 1_1_0 EXIST::FUNCTION:
--BIO_s_accept 323 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_RESPID 322 1_1_0 EXIST::FUNCTION:OCSP
-+BIO_s_accept 323 1_1_0 EXIST::FUNCTION:SOCK
- EVP_whirlpool 324 1_1_0 EXIST::FUNCTION:WHIRLPOOL
--OCSP_ONEREQ_get1_ext_d2i 325 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_get1_ext_d2i 325 1_1_0 EXIST::FUNCTION:OCSP
- d2i_ESS_SIGNING_CERT 326 1_1_0 EXIST::FUNCTION:TS
- EC_KEY_set_default_method 327 1_1_0 EXIST::FUNCTION:EC
- X509_OBJECT_up_ref_count 328 1_1_0 EXIST::FUNCTION:
- RAND_load_file 329 1_1_0 EXIST::FUNCTION:
- BIO_ctrl_reset_read_request 330 1_1_0 EXIST::FUNCTION:
- CRYPTO_ccm128_tag 331 1_1_0 EXIST::FUNCTION:
--BIO_new_dgram_sctp 332 1_1_0 EXIST::FUNCTION:SCTP
-+BIO_new_dgram_sctp 332 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
- d2i_RSAPrivateKey_fp 333 1_1_0 EXIST::FUNCTION:RSA,STDIO
- s2i_ASN1_IA5STRING 334 1_1_0 EXIST::FUNCTION:
--UI_get_ex_data 335 1_1_0 EXIST::FUNCTION:
-+UI_get_ex_data 335 1_1_0 EXIST::FUNCTION:UI
- EVP_EncryptUpdate 336 1_1_0 EXIST::FUNCTION:
- SRP_create_verifier 337 1_1_0 EXIST::FUNCTION:SRP
- TS_TST_INFO_print_bio 338 1_1_0 EXIST::FUNCTION:TS
- X509_NAME_get_index_by_OBJ 339 1_1_0 EXIST::FUNCTION:
--BIO_get_host_ip 340 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
-+BIO_get_host_ip 340 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
- PKCS7_add_certificate 341 1_1_0 EXIST::FUNCTION:
- TS_REQ_get_ext 342 1_1_0 EXIST::FUNCTION:TS
- X509_NAME_cmp 343 1_1_0 EXIST::FUNCTION:
- DIST_POINT_it 344 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- DIST_POINT_it 344 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- PEM_read_X509_CRL 345 1_1_0 EXIST::FUNCTION:
--sk_sort 346 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_sort 346 1_1_0 EXIST::FUNCTION:
- CTLOG_STORE_load_file 347 1_1_0 EXIST::FUNCTION:CT
- ASN1_SEQUENCE_it 348 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_SEQUENCE_it 348 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- TS_RESP_CTX_get_tst_info 349 1_1_0 EXIST::FUNCTION:TS
- RC4 350 1_1_0 EXIST::FUNCTION:RC4
--DSO_get_loaded_filename 351 1_1_0 NOEXIST::FUNCTION:
- PKCS7_stream 352 1_1_0 EXIST::FUNCTION:
- i2t_ASN1_OBJECT 353 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get0_generator 354 1_1_0 EXIST::FUNCTION:EC
-@@ -378,7 +372,7 @@ SEED_ecb_encrypt
- X509_PUBKEY_get0_param 371 1_1_0 EXIST::FUNCTION:
- ASN1_i2d_fp 372 1_1_0 EXIST::FUNCTION:STDIO
- BIO_new_mem_buf 373 1_1_0 EXIST::FUNCTION:
--UI_get_input_flags 374 1_1_0 EXIST::FUNCTION:
-+UI_get_input_flags 374 1_1_0 EXIST::FUNCTION:UI
- X509V3_EXT_REQ_add_nconf 375 1_1_0 EXIST::FUNCTION:
- X509v3_asid_subset 376 1_1_0 EXIST::FUNCTION:RFC3779
- RSA_check_key_ex 377 1_1_0 EXIST::FUNCTION:RSA
-@@ -390,10 +384,9 @@ CMS_RecipientInfo_kekri_id_cmp
- ASN1_PCTX_get_oid_flags 383 1_1_0 EXIST::FUNCTION:
- CONF_free 384 1_1_0 EXIST::FUNCTION:
- DSO_get_filename 385 1_1_0 EXIST::FUNCTION:
--CRYPTO_set_id_callback 386 1_1_0 NOEXIST::FUNCTION:
- i2d_ASN1_SEQUENCE_ANY 387 1_1_0 EXIST::FUNCTION:
- OPENSSL_strlcpy 388 1_1_0 EXIST::FUNCTION:
--BIO_get_port 389 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
-+BIO_get_port 389 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
- DISPLAYTEXT_free 390 1_1_0 EXIST::FUNCTION:
- BN_div 391 1_1_0 EXIST::FUNCTION:
- RIPEMD160_Update 392 1_1_0 EXIST::FUNCTION:RMD160
-@@ -402,10 +395,10 @@ PEM_write_bio_CMS
- EVP_des_ede3_cfb8 395 1_1_0 EXIST::FUNCTION:DES
- BIO_dump_indent_fp 396 1_1_0 EXIST::FUNCTION:STDIO
- X509_NAME_ENTRY_get_data 397 1_1_0 EXIST::FUNCTION:
--BIO_socket 398 1_1_0 EXIST::FUNCTION:
-+BIO_socket 398 1_1_0 EXIST::FUNCTION:SOCK
- EVP_PKEY_meth_get_derive 399 1_1_0 EXIST::FUNCTION:
- ASN1_STRING_clear_free 400 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_REVOKEDINFO 401 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_REVOKEDINFO 401 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_STRING_print_ex_fp 402 1_1_0 EXIST::FUNCTION:STDIO
- PKCS7_SIGNED_new 403 1_1_0 EXIST::FUNCTION:
- CMS_get0_eContentType 404 1_1_0 EXIST::FUNCTION:CMS
-@@ -419,7 +412,7 @@ TS_TST_INFO_get_ordering
- d2i_DSA_PUBKEY 412 1_1_0 EXIST::FUNCTION:DSA
- BN_CTX_get 413 1_1_0 EXIST::FUNCTION:
- BN_to_montgomery 414 1_1_0 EXIST::FUNCTION:
--X509_OBJECT_free_contents 415 1_1_0 EXIST::FUNCTION:
-+X509_OBJECT_get0_X509_CRL 415 1_1_0 EXIST::FUNCTION:
- EVP_camellia_128_cfb8 416 1_1_0 EXIST::FUNCTION:CAMELLIA
- EC_KEY_METHOD_free 417 1_1_0 EXIST::FUNCTION:EC
- TS_TST_INFO_set_policy_id 418 1_1_0 EXIST::FUNCTION:TS
-@@ -448,17 +441,16 @@ DSA_free
- X509_VAL_new 441 1_1_0 EXIST::FUNCTION:
- NCONF_load 442 1_1_0 EXIST::FUNCTION:
- ASN1_put_object 443 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_RESPONSE 444 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_RESPONSE 444 1_1_0 EXIST::FUNCTION:OCSP
- d2i_PublicKey 445 1_1_0 EXIST::FUNCTION:
- ENGINE_set_ex_data 446 1_1_0 EXIST::FUNCTION:ENGINE
- X509_get_default_private_dir 447 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set0_dane 448 1_1_0 EXIST::FUNCTION:
- EVP_des_ecb 449 1_1_0 EXIST::FUNCTION:DES
--OCSP_resp_get0 450 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_new_lockid 451 1_1_0 NOEXIST::FUNCTION:
-+OCSP_resp_get0 450 1_1_0 EXIST::FUNCTION:OCSP
- RSA_X931_generate_key_ex 452 1_1_0 EXIST::FUNCTION:RSA
- X509_get_serialNumber 453 1_1_0 EXIST::FUNCTION:
--BIO_sock_should_retry 454 1_1_0 EXIST::FUNCTION:
-+BIO_sock_should_retry 454 1_1_0 EXIST::FUNCTION:SOCK
- ENGINE_get_digests 455 1_1_0 EXIST::FUNCTION:ENGINE
- TS_MSG_IMPRINT_get_algo 456 1_1_0 EXIST::FUNCTION:TS
- DH_new_method 457 1_1_0 EXIST::FUNCTION:DH
-@@ -474,9 +466,8 @@ EC_KEY_METHOD_get_init
- BUF_MEM_new 467 1_1_0 EXIST::FUNCTION:
- DSO_set_filename 468 1_1_0 EXIST::FUNCTION:
- DH_new 469 1_1_0 EXIST::FUNCTION:DH
--OCSP_RESPID_free 470 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPID_free 470 1_1_0 EXIST::FUNCTION:OCSP
- PKCS5_pbe2_set 471 1_1_0 EXIST::FUNCTION:
--CRYPTO_THREADID_get_callback 472 1_1_0 NOEXIST::FUNCTION:
- SCT_set_signature_nid 473 1_1_0 EXIST::FUNCTION:CT
- i2d_RSA_PUBKEY_fp 474 1_1_0 EXIST::FUNCTION:RSA,STDIO
- PKCS12_BAGS_it 475 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -489,7 +480,7 @@ ENGINE_register_all_RSA
- i2d_RSA_PUBKEY_bio 481 1_1_0 EXIST::FUNCTION:RSA
- ASN1_T61STRING_free 482 1_1_0 EXIST::FUNCTION:
- PEM_write_CMS 483 1_1_0 EXIST::FUNCTION:CMS
--sk_find 484 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_find 484 1_1_0 EXIST::FUNCTION:
- ENGINE_get_ciphers 485 1_1_0 EXIST::FUNCTION:ENGINE
- EVP_rc2_ofb 486 1_1_0 EXIST::FUNCTION:RC2
- EVP_PKEY_set1_RSA 487 1_1_0 EXIST::FUNCTION:RSA
-@@ -501,11 +492,11 @@ BN_GF2m_mod_sqr_arr
- ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- BIO_f_cipher 494 1_1_0 EXIST::FUNCTION:
--UI_destroy_method 495 1_1_0 EXIST::FUNCTION:
-+UI_destroy_method 495 1_1_0 EXIST::FUNCTION:UI
- BN_get_rfc3526_prime_3072 496 1_1_0 EXIST::FUNCTION:
- X509_INFO_new 497 1_1_0 EXIST::FUNCTION:
--OCSP_RESPDATA_it 498 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_RESPDATA_it 498 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_RESPDATA_it 498 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_RESPDATA_it 498 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- X509_CRL_print 499 1_1_0 EXIST::FUNCTION:
- WHIRLPOOL_Update 500 1_1_0 EXIST::FUNCTION:WHIRLPOOL
- DSA_get_ex_data 501 1_1_0 EXIST::FUNCTION:DSA
-@@ -516,18 +507,16 @@ DSA_get_ex_data
- X509_TRUST_get_trust 506 1_1_0 EXIST::FUNCTION:
- DES_string_to_key 507 1_1_0 EXIST::FUNCTION:DES
- ERR_error_string 508 1_1_0 EXIST::FUNCTION:
--BIO_new_connect 509 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_lock_name 510 1_1_0 NOEXIST::FUNCTION:
-+BIO_new_connect 509 1_1_0 EXIST::FUNCTION:SOCK
- DSA_new_method 511 1_1_0 EXIST::FUNCTION:DSA
--OCSP_CERTID_new 512 1_1_0 EXIST::FUNCTION:
-+OCSP_CERTID_new 512 1_1_0 EXIST::FUNCTION:OCSP
- X509_CRL_get_signature_nid 513 1_1_0 EXIST::FUNCTION:
- X509_policy_level_node_count 514 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_CERTSTATUS 515 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_CERTSTATUS 515 1_1_0 EXIST::FUNCTION:OCSP
- X509V3_add1_i2d 516 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_set_serial 517 1_1_0 EXIST::FUNCTION:TS
--OCSP_RESPBYTES_new 518 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_delete_ext 519 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_dynlock_lock_callback 520 1_1_0 NOEXIST::FUNCTION:
-+OCSP_RESPBYTES_new 518 1_1_0 EXIST::FUNCTION:OCSP
-+OCSP_SINGLERESP_delete_ext 519 1_1_0 EXIST::FUNCTION:OCSP
- EVP_MD_CTX_test_flags 521 1_1_0 EXIST::FUNCTION:
- X509v3_addr_validate_path 522 1_1_0 EXIST::FUNCTION:RFC3779
- BIO_new_fp 523 1_1_0 EXIST::FUNCTION:STDIO
-@@ -547,7 +536,7 @@ EC_KEY_get_flags
- ASN1_TYPE_cmp 537 1_1_0 EXIST::FUNCTION:
- i2d_RSAPublicKey 538 1_1_0 EXIST::FUNCTION:RSA
- EC_GROUP_get_trinomial_basis 539 1_1_0 EXIST::FUNCTION:EC,EC2M
--BIO_ADDRINFO_protocol 540 1_1_0 EXIST::FUNCTION:
-+BIO_ADDRINFO_protocol 540 1_1_0 EXIST::FUNCTION:SOCK
- i2d_PBKDF2PARAM 541 1_1_0 EXIST::FUNCTION:
- ENGINE_unregister_RAND 542 1_1_0 EXIST::FUNCTION:ENGINE
- PEM_write_bio_RSAPrivateKey 543 1_1_0 EXIST::FUNCTION:RSA
-@@ -561,7 +550,7 @@ d2i_X509_CRL_fp
- i2d_RSA_PUBKEY 550 1_1_0 EXIST::FUNCTION:RSA
- EVP_aes_128_ccm 551 1_1_0 EXIST::FUNCTION:
- ECParameters_print 552 1_1_0 EXIST::FUNCTION:EC
--OCSP_SINGLERESP_get1_ext_d2i 553 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get1_ext_d2i 553 1_1_0 EXIST::FUNCTION:OCSP
- RAND_status 554 1_1_0 EXIST::FUNCTION:
- EVP_ripemd160 555 1_1_0 EXIST::FUNCTION:RMD160
- EVP_MD_meth_set_final 556 1_1_0 EXIST::FUNCTION:
-@@ -585,8 +574,7 @@ SCT_verify
- d2i_X509 574 1_1_0 EXIST::FUNCTION:
- a2i_ASN1_STRING 575 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get_mont_data 576 1_1_0 EXIST::FUNCTION:EC
--CMAC_CTX_copy 577 1_1_0 EXIST::FUNCTION:
--CRYPTO_set_add_lock_callback 578 1_1_0 NOEXIST::FUNCTION:
-+CMAC_CTX_copy 577 1_1_0 EXIST::FUNCTION:CMAC
- EVP_camellia_128_cfb128 579 1_1_0 EXIST::FUNCTION:CAMELLIA
- DH_compute_key_padded 580 1_1_0 EXIST::FUNCTION:DH
- ERR_load_CONF_strings 581 1_1_0 EXIST::FUNCTION:
-@@ -640,12 +628,11 @@ ERR_load_RSA_strings
- RSA_OAEP_PARAMS_new 626 1_1_0 EXIST::FUNCTION:RSA
- X509_NAME_free 627 1_1_0 EXIST::FUNCTION:
- PKCS12_set_mac 628 1_1_0 EXIST::FUNCTION:
--UI_get0_result_string 629 1_1_0 EXIST::FUNCTION:
-+UI_get0_result_string 629 1_1_0 EXIST::FUNCTION:UI
- TS_RESP_CTX_add_policy 630 1_1_0 EXIST::FUNCTION:TS
- X509_REQ_dup 631 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_add_lock_callback 632 1_1_0 NOEXIST::FUNCTION:
- d2i_DSA_PUBKEY_fp 633 1_1_0 EXIST::FUNCTION:DSA,STDIO
--OCSP_REQ_CTX_nbio_d2i 634 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_nbio_d2i 634 1_1_0 EXIST::FUNCTION:OCSP
- d2i_X509_REQ_fp 635 1_1_0 EXIST::FUNCTION:STDIO
- DH_OpenSSL 636 1_1_0 EXIST::FUNCTION:DH
- BN_get_rfc3526_prime_8192 637 1_1_0 EXIST::FUNCTION:
-@@ -654,26 +641,25 @@ DH_OpenSSL
- CRYPTO_THREAD_write_lock 639 1_1_0 EXIST::FUNCTION:
- X509V3_NAME_from_section 640 1_1_0 EXIST::FUNCTION:
- EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:EC
--OCSP_SINGLERESP_get0_id 642 1_1_0 EXIST::FUNCTION:
--UI_add_info_string 643 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get0_id 642 1_1_0 EXIST::FUNCTION:OCSP
-+UI_add_info_string 643 1_1_0 EXIST::FUNCTION:UI
- OBJ_NAME_remove 644 1_1_0 EXIST::FUNCTION:
--UI_get_method 645 1_1_0 EXIST::FUNCTION:
-+UI_get_method 645 1_1_0 EXIST::FUNCTION:UI
- CONF_modules_unload 646 1_1_0 EXIST::FUNCTION:
- CRYPTO_ccm128_encrypt_ccm64 647 1_1_0 EXIST::FUNCTION:
- CRYPTO_secure_malloc_init 648 1_1_0 EXIST::FUNCTION:
- DSAparams_dup 649 1_1_0 EXIST::FUNCTION:DSA
- PKCS8_PRIV_KEY_INFO_new 650 1_1_0 EXIST::FUNCTION:
--CRYPTO_THREADID_hash 651 1_1_0 NOEXIST::FUNCTION:
- TS_RESP_verify_token 652 1_1_0 EXIST::FUNCTION:TS
- PEM_read_bio_CMS 653 1_1_0 EXIST::FUNCTION:CMS
- PEM_get_EVP_CIPHER_INFO 654 1_1_0 EXIST::FUNCTION:
- X509V3_EXT_print 655 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_SINGLERESP 656 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_SINGLERESP 656 1_1_0 EXIST::FUNCTION:OCSP
- ESS_CERT_ID_free 657 1_1_0 EXIST::FUNCTION:TS
- PEM_SignInit 658 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_CTX_set_key_length 659 1_1_0 EXIST::FUNCTION:
- X509_delete_ext 660 1_1_0 EXIST::FUNCTION:
--OCSP_resp_get0_produced_at 661 1_1_0 EXIST::FUNCTION:
-+OCSP_resp_get0_produced_at 661 1_1_0 EXIST::FUNCTION:OCSP
- IDEA_encrypt 662 1_1_0 EXIST::FUNCTION:IDEA
- CRYPTO_nistcts128_encrypt_block 663 1_1_0 EXIST::FUNCTION:
- EVP_MD_do_all 664 1_1_0 EXIST::FUNCTION:
-@@ -686,8 +672,8 @@ ENGINE_set_table_flags
- ENGINE_get_table_flags 671 1_1_0 EXIST::FUNCTION:ENGINE
- PKCS12_MAC_DATA_new 672 1_1_0 EXIST::FUNCTION:
- X509_chain_up_ref 673 1_1_0 EXIST::FUNCTION:
--OCSP_REQINFO_it 674 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_REQINFO_it 674 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_REQINFO_it 674 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_REQINFO_it 674 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- PKCS12_add_localkeyid 675 1_1_0 EXIST::FUNCTION:
- PKCS12_SAFEBAG_get0_type 676 1_1_0 EXIST::FUNCTION:
- X509_TRUST_set_default 677 1_1_0 EXIST::FUNCTION:
-@@ -704,11 +690,11 @@ TS_REQ_get_ext_d2i
- d2i_SXNET 687 1_1_0 EXIST::FUNCTION:
- CTLOG_get0_log_id 688 1_1_0 EXIST::FUNCTION:CT
- CMS_RecipientInfo_ktri_get0_signer_id 689 1_1_0 EXIST::FUNCTION:CMS
--OCSP_REQUEST_add1_ext_i2d 690 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_add1_ext_i2d 690 1_1_0 EXIST::FUNCTION:OCSP
- EVP_PBE_CipherInit 691 1_1_0 EXIST::FUNCTION:
- DSA_dup_DH 692 1_1_0 EXIST::FUNCTION:DH,DSA
- CONF_imodule_get_value 693 1_1_0 EXIST::FUNCTION:
--OCSP_id_issuer_cmp 694 1_1_0 EXIST::FUNCTION:
-+OCSP_id_issuer_cmp 694 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_INTEGER_free 695 1_1_0 EXIST::FUNCTION:
- BN_get0_nist_prime_224 696 1_1_0 EXIST::FUNCTION:
- OPENSSL_isservice 697 1_1_0 EXIST::FUNCTION:
-@@ -727,16 +713,15 @@ d2i_ASIdOrRange
- X509_add1_reject_object 710 1_1_0 EXIST::FUNCTION:
- ERR_set_mark 711 1_1_0 EXIST::FUNCTION:
- d2i_ASN1_VISIBLESTRING 712 1_1_0 EXIST::FUNCTION:
--CRYPTO_set_dynlock_create_callback 713 1_1_0 NOEXIST::FUNCTION:
- X509_NAME_ENTRY_dup 714 1_1_0 EXIST::FUNCTION:
- X509_certificate_type 715 1_1_0 EXIST::FUNCTION:
- PKCS7_add_signature 716 1_1_0 EXIST::FUNCTION:
- OBJ_ln2nid 717 1_1_0 EXIST::FUNCTION:
- CRYPTO_128_unwrap 718 1_1_0 EXIST::FUNCTION:
- BIO_new_PKCS7 719 1_1_0 EXIST::FUNCTION:
--UI_get0_user_data 720 1_1_0 EXIST::FUNCTION:
-+UI_get0_user_data 720 1_1_0 EXIST::FUNCTION:UI
- TS_RESP_get_token 721 1_1_0 EXIST::FUNCTION:TS
--OCSP_RESPID_new 722 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPID_new 722 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_SET_ANY_it 723 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_SET_ANY_it 723 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- d2i_TS_RESP_bio 724 1_1_0 EXIST::FUNCTION:TS
-@@ -746,22 +731,22 @@ EC_POINT_hex2point
- X509v3_get_ext_by_critical 728 1_1_0 EXIST::FUNCTION:
- ENGINE_get_default_RSA 729 1_1_0 EXIST::FUNCTION:ENGINE
- DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DSA
--sk_new_null 731 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_new_null 731 1_1_0 EXIST::FUNCTION:
- PEM_read_PKCS8 732 1_1_0 EXIST::FUNCTION:
- BN_mod_sqr 733 1_1_0 EXIST::FUNCTION:
- CAST_ofb64_encrypt 734 1_1_0 EXIST::FUNCTION:CAST
- TXT_DB_write 735 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_get1_ext_d2i 736 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_get1_ext_d2i 736 1_1_0 EXIST::FUNCTION:OCSP
- CMS_unsigned_add1_attr_by_NID 737 1_1_0 EXIST::FUNCTION:CMS
- BN_mod_exp_mont 738 1_1_0 EXIST::FUNCTION:
- d2i_DHxparams 739 1_1_0 EXIST::FUNCTION:DH
- DH_size 740 1_1_0 EXIST::FUNCTION:DH
- CONF_imodule_get_name 741 1_1_0 EXIST::FUNCTION:
- ENGINE_get_pkey_meth_engine 742 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_BASICRESP_free 743 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_free 743 1_1_0 EXIST::FUNCTION:OCSP
- BN_set_params 744 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
- BN_add 745 1_1_0 EXIST::FUNCTION:
--sk_free 746 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_free 746 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_get_ext_d2i 747 1_1_0 EXIST::FUNCTION:TS
- RSA_check_key 748 1_1_0 EXIST::FUNCTION:RSA
- TS_MSG_IMPRINT_set_algo 749 1_1_0 EXIST::FUNCTION:TS
-@@ -774,22 +759,22 @@ CTLOG_STORE_new
- d2i_PKCS12_SAFEBAG 756 1_1_0 EXIST::FUNCTION:
- EVP_MD_pkey_type 757 1_1_0 EXIST::FUNCTION:
- X509_policy_node_get0_qualifiers 758 1_1_0 EXIST::FUNCTION:
--OCSP_cert_status_str 759 1_1_0 EXIST::FUNCTION:
-+OCSP_cert_status_str 759 1_1_0 EXIST::FUNCTION:OCSP
- EVP_MD_meth_get_flags 760 1_1_0 EXIST::FUNCTION:
- ASN1_ENUMERATED_set 761 1_1_0 EXIST::FUNCTION:
--UI_UTIL_read_pw 762 1_1_0 EXIST::FUNCTION:
-+UI_UTIL_read_pw 762 1_1_0 EXIST::FUNCTION:UI
- PKCS7_ENC_CONTENT_free 763 1_1_0 EXIST::FUNCTION:
- CMS_RecipientInfo_type 764 1_1_0 EXIST::FUNCTION:CMS
--OCSP_BASICRESP_get_ext 765 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_get_ext 765 1_1_0 EXIST::FUNCTION:OCSP
- BN_lebin2bn 766 1_1_0 EXIST::FUNCTION:
- AES_decrypt 767 1_1_0 EXIST::FUNCTION:
- BIO_fd_should_retry 768 1_1_0 EXIST::FUNCTION:
- ASN1_STRING_new 769 1_1_0 EXIST::FUNCTION:
- ENGINE_init 770 1_1_0 EXIST::FUNCTION:ENGINE
- TS_RESP_CTX_add_flags 771 1_1_0 EXIST::FUNCTION:TS
--BIO_gethostbyname 772 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
-+BIO_gethostbyname 772 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
- X509V3_EXT_add 773 1_1_0 EXIST::FUNCTION:
--UI_add_verify_string 774 1_1_0 EXIST::FUNCTION:
-+UI_add_verify_string 774 1_1_0 EXIST::FUNCTION:UI
- EVP_rc5_32_12_16_cfb64 775 1_1_0 EXIST::FUNCTION:RC5
- PKCS7_dataVerify 776 1_1_0 EXIST::FUNCTION:
- PKCS7_SIGNER_INFO_free 777 1_1_0 EXIST::FUNCTION:
-@@ -810,7 +795,6 @@ CRYPTO_ocb128_encrypt
- EXTENDED_KEY_USAGE_new 792 1_1_0 EXIST::FUNCTION:
- EVP_EncryptFinal 793 1_1_0 EXIST::FUNCTION:
- PEM_write_ECPrivateKey 794 1_1_0 EXIST::FUNCTION:EC
--DSO_bind_var 795 1_1_0 NOEXIST::FUNCTION:
- EVP_CIPHER_meth_set_get_asn1_params 796 1_1_0 EXIST::FUNCTION:
- PKCS7_dataInit 797 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_CTX_set_app_data 798 1_1_0 EXIST::FUNCTION:
-@@ -834,7 +818,7 @@ EVP_PKEY_set1_EC_KEY
- ECPKParameters_print_fp 816 1_1_0 EXIST::FUNCTION:EC,STDIO
- GENERAL_SUBTREE_free 817 1_1_0 EXIST::FUNCTION:
- RSA_blinding_off 818 1_1_0 EXIST::FUNCTION:RSA
--i2d_OCSP_REVOKEDINFO 819 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_REVOKEDINFO 819 1_1_0 EXIST::FUNCTION:OCSP
- X509V3_add_standard_extensions 820 1_1_0 EXIST::FUNCTION:
- PEM_write_bio_RSA_PUBKEY 821 1_1_0 EXIST::FUNCTION:RSA
- i2d_ASN1_UTF8STRING 822 1_1_0 EXIST::FUNCTION:
-@@ -842,10 +826,10 @@ TS_REQ_delete_ext
- PKCS7_DIGEST_free 824 1_1_0 EXIST::FUNCTION:
- OBJ_nid2ln 825 1_1_0 EXIST::FUNCTION:
- COMP_CTX_new 826 1_1_0 EXIST::FUNCTION:COMP
--BIO_ADDR_family 827 1_1_0 EXIST::FUNCTION:
--OCSP_RESPONSE_it 828 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_RESPONSE_it 828 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--BIO_ADDRINFO_socktype 829 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_family 827 1_1_0 EXIST::FUNCTION:SOCK
-+OCSP_RESPONSE_it 828 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_RESPONSE_it 828 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
-+BIO_ADDRINFO_socktype 829 1_1_0 EXIST::FUNCTION:SOCK
- d2i_X509_REQ_bio 830 1_1_0 EXIST::FUNCTION:
- EVP_PBE_cleanup 831 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get0_current_crl 832 1_1_0 EXIST::FUNCTION:
-@@ -854,20 +838,19 @@ CMS_get0_SignerInfos
- PEM_write_PKCS8PrivateKey_nid 835 1_1_0 EXIST::FUNCTION:STDIO
- PKCS7_ATTR_VERIFY_it 836 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS7_ATTR_VERIFY_it 836 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--OCSP_response_status_str 837 1_1_0 EXIST::FUNCTION:
-+OCSP_response_status_str 837 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_gcm128_new 838 1_1_0 EXIST::FUNCTION:
- SMIME_read_PKCS7 839 1_1_0 EXIST::FUNCTION:
- EC_GROUP_copy 840 1_1_0 EXIST::FUNCTION:EC
- ENGINE_set_ciphers 841 1_1_0 EXIST::FUNCTION:ENGINE
--lh_doall_arg 842 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_get_ext_by_NID 843 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_doall_arg 842 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_get_ext_by_NID 843 1_1_0 EXIST::FUNCTION:OCSP
- X509_REQ_get_attr_by_NID 844 1_1_0 EXIST::FUNCTION:
- PBE2PARAM_new 845 1_1_0 EXIST::FUNCTION:
- DES_ecb_encrypt 846 1_1_0 EXIST::FUNCTION:DES
- EVP_camellia_256_ecb 847 1_1_0 EXIST::FUNCTION:CAMELLIA
- PEM_read_RSA_PUBKEY 848 1_1_0 EXIST::FUNCTION:RSA
- d2i_NETSCAPE_SPKAC 849 1_1_0 EXIST::FUNCTION:
--DSO_set_default_method 850 1_1_0 NOEXIST::FUNCTION:
- ASN1_TIME_check 851 1_1_0 EXIST::FUNCTION:
- PKCS7_DIGEST_new 852 1_1_0 EXIST::FUNCTION:
- i2d_TS_TST_INFO_fp 853 1_1_0 EXIST::FUNCTION:STDIO,TS
-@@ -881,12 +864,12 @@ ECDSA_sign_ex
- EC_POINTs_make_affine 861 1_1_0 EXIST::FUNCTION:EC
- RSA_padding_add_PKCS1_PSS 862 1_1_0 EXIST::FUNCTION:RSA
- BF_options 863 1_1_0 EXIST::FUNCTION:BF
--OCSP_BASICRESP_it 864 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_BASICRESP_it 864 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_BASICRESP_it 864 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_BASICRESP_it 864 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- X509_VERIFY_PARAM_get0_name 865 1_1_0 EXIST::FUNCTION:
- TS_RESP_CTX_set_signer_digest 866 1_1_0 EXIST::FUNCTION:TS
- X509_VERIFY_PARAM_set1_email 867 1_1_0 EXIST::FUNCTION:
--BIO_sock_error 868 1_1_0 EXIST::FUNCTION:
-+BIO_sock_error 868 1_1_0 EXIST::FUNCTION:SOCK
- RSA_set_default_method 869 1_1_0 EXIST::FUNCTION:RSA
- BN_GF2m_mod_sqrt_arr 870 1_1_0 EXIST::FUNCTION:EC2M
- X509_get0_extensions 871 1_1_0 EXIST::FUNCTION:
-@@ -901,7 +884,6 @@ EC_KEY_METHOD_set_compute_key
- CMS_ReceiptRequest_create0 879 1_1_0 EXIST::FUNCTION:CMS
- EVP_MD_meth_set_cleanup 880 1_1_0 EXIST::FUNCTION:
- EVP_aes_128_xts 881 1_1_0 EXIST::FUNCTION:
--CRYPTO_set_dynlock_destroy_callback 882 1_1_0 NOEXIST::FUNCTION:
- TS_RESP_verify_signature 883 1_1_0 EXIST::FUNCTION:TS
- ENGINE_set_pkey_meths 884 1_1_0 EXIST::FUNCTION:ENGINE
- CMS_EncryptedData_decrypt 885 1_1_0 EXIST::FUNCTION:CMS
-@@ -920,10 +902,10 @@ EVP_bf_cfb64
- PKCS7_sign_add_signer 897 1_1_0 EXIST::FUNCTION:
- X509_print_ex 898 1_1_0 EXIST::FUNCTION:
- PKCS7_add_recipient 899 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_add_ext 900 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_add_ext 900 1_1_0 EXIST::FUNCTION:OCSP
- d2i_X509_SIG 901 1_1_0 EXIST::FUNCTION:
- X509_NAME_set 902 1_1_0 EXIST::FUNCTION:
--sk_pop 903 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_pop 903 1_1_0 EXIST::FUNCTION:
- ENGINE_register_ciphers 904 1_1_0 EXIST::FUNCTION:ENGINE
- PKCS5_pbe2_set_iv 905 1_1_0 EXIST::FUNCTION:
- ASN1_add_stable_module 906 1_1_0 EXIST::FUNCTION:
-@@ -935,7 +917,7 @@ DES_encrypt1
- BN_mod_lshift1_quick 912 1_1_0 EXIST::FUNCTION:
- BN_get_rfc3526_prime_6144 913 1_1_0 EXIST::FUNCTION:
- OBJ_obj2txt 914 1_1_0 EXIST::FUNCTION:
--UI_set_result 915 1_1_0 EXIST::FUNCTION:
-+UI_set_result 915 1_1_0 EXIST::FUNCTION:UI
- EVP_EncodeUpdate 916 1_1_0 EXIST::FUNCTION:
- PEM_write_bio_X509_CRL 917 1_1_0 EXIST::FUNCTION:
- BN_cmp 918 1_1_0 EXIST::FUNCTION:
-@@ -943,7 +925,6 @@ CT_POLICY_EVAL_CTX_get0_log_store
- CONF_set_default_method 920 1_1_0 EXIST::FUNCTION:
- ASN1_PCTX_get_nm_flags 921 1_1_0 EXIST::FUNCTION:
- X509_add1_ext_i2d 922 1_1_0 EXIST::FUNCTION:
--CRYPTO_THREADID_set_pointer 923 1_1_0 NOEXIST::FUNCTION:
- i2d_PKCS7_RECIP_INFO 924 1_1_0 EXIST::FUNCTION:
- PKCS1_MGF1 925 1_1_0 EXIST::FUNCTION:RSA
- BIO_vsnprintf 926 1_1_0 EXIST::FUNCTION:
-@@ -965,7 +946,6 @@ i2d_X509_CRL_fp
- X509_STORE_CTX_set_ex_data 941 1_1_0 EXIST::FUNCTION:
- TS_VERIFY_CTS_set_certs 942 1_1_0 EXIST::FUNCTION:TS
- BN_MONT_CTX_copy 943 1_1_0 EXIST::FUNCTION:
--CRYPTO_cleanup_all_ex_data 944 1_1_0 NOEXIST::FUNCTION:
- OPENSSL_INIT_new 945 1_1_0 EXIST::FUNCTION:
- TS_ACCURACY_dup 946 1_1_0 EXIST::FUNCTION:TS
- i2d_ECPrivateKey 947 1_1_0 EXIST::FUNCTION:EC
-@@ -977,7 +957,7 @@ TS_VERIFY_CTX_cleanup
- EVP_VerifyFinal 952 1_1_0 EXIST::FUNCTION:
- TS_ASN1_INTEGER_print_bio 953 1_1_0 EXIST::FUNCTION:TS
- X509_NAME_ENTRY_set_object 954 1_1_0 EXIST::FUNCTION:
--BIO_s_socket 955 1_1_0 EXIST::FUNCTION:
-+BIO_s_socket 955 1_1_0 EXIST::FUNCTION:SOCK
- EVP_rc5_32_12_16_ecb 956 1_1_0 EXIST::FUNCTION:RC5
- i2d_PKCS8_bio 957 1_1_0 EXIST::FUNCTION:
- v2i_ASN1_BIT_STRING 958 1_1_0 EXIST::FUNCTION:
-@@ -1000,8 +980,7 @@ d2i_DSAPublicKey
- ENGINE_get_name 973 1_1_0 EXIST::FUNCTION:ENGINE
- CRYPTO_THREAD_read_lock 974 1_1_0 EXIST::FUNCTION:
- ASIdentifierChoice_free 975 1_1_0 EXIST::FUNCTION:RFC3779
--BIO_dgram_sctp_msg_waiting 976 1_1_0 EXIST::FUNCTION:SCTP
--CRYPTO_get_dynlock_value 977 1_1_0 NOEXIST::FUNCTION:
-+BIO_dgram_sctp_msg_waiting 976 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
- BN_is_bit_set 978 1_1_0 EXIST::FUNCTION:
- AES_ofb128_encrypt 979 1_1_0 EXIST::FUNCTION:
- X509_STORE_add_lookup 980 1_1_0 EXIST::FUNCTION:
-@@ -1015,7 +994,7 @@ i2d_TS_STATUS_INFO
- ASN1_UTCTIME_free 988 1_1_0 EXIST::FUNCTION:
- ERR_load_TS_strings 989 1_1_0 EXIST::FUNCTION:TS
- BN_nist_mod_func 990 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_new 991 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_new 991 1_1_0 EXIST::FUNCTION:OCSP
- DSA_SIG_new 992 1_1_0 EXIST::FUNCTION:DSA
- DH_get_default_method 993 1_1_0 EXIST::FUNCTION:DH
- PEM_proc_type 994 1_1_0 EXIST::FUNCTION:
-@@ -1028,11 +1007,11 @@ SEED_cfb128_encrypt
- ASN1_BIT_STRING_it 1000 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- PKCS12_decrypt_skey 1001 1_1_0 EXIST::FUNCTION:
- ENGINE_register_EC 1002 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_RESPONSE_new 1003 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPONSE_new 1003 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_cbc128_encrypt 1004 1_1_0 EXIST::FUNCTION:
- i2d_RSAPublicKey_bio 1005 1_1_0 EXIST::FUNCTION:RSA
- X509_chain_check_suiteb 1006 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_REQUEST 1007 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_REQUEST 1007 1_1_0 EXIST::FUNCTION:OCSP
- BN_X931_generate_Xpq 1008 1_1_0 EXIST::FUNCTION:
- ASN1_item_digest 1009 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_set_trust 1010 1_1_0 EXIST::FUNCTION:
-@@ -1043,13 +1022,12 @@ i2d_RSAPublicKey_bio
- i2d_DSA_PUBKEY_fp 1014 1_1_0 EXIST::FUNCTION:DSA,STDIO
- X509at_get_attr_by_OBJ 1015 1_1_0 EXIST::FUNCTION:
- EVP_MD_CTX_copy_ex 1016 1_1_0 EXIST::FUNCTION:
--UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION:
--lh_num_items 1018 1_1_0 EXIST::FUNCTION:
--ERR_get_err_state_table 1019 1_1_0 NOEXIST::FUNCTION:
-+UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION:UI
-+OPENSSL_LH_num_items 1018 1_1_0 EXIST::FUNCTION:
- ASN1_INTEGER_cmp 1020 1_1_0 EXIST::FUNCTION:
- X509_NAME_entry_count 1021 1_1_0 EXIST::FUNCTION:
--UI_method_set_closer 1022 1_1_0 EXIST::FUNCTION:
--lh_get_down_load 1023 1_1_0 EXIST::FUNCTION:
-+UI_method_set_closer 1022 1_1_0 EXIST::FUNCTION:UI
-+OPENSSL_LH_get_down_load 1023 1_1_0 EXIST::FUNCTION:
- EVP_md4 1024 1_1_0 EXIST::FUNCTION:MD4
- X509_set_subject_name 1025 1_1_0 EXIST::FUNCTION:
- i2d_PKCS8PrivateKey_nid_bio 1026 1_1_0 EXIST::FUNCTION:
-@@ -1069,7 +1047,6 @@ TS_REQ_set_msg_imprint
- BN_mod_sub_quick 1038 1_1_0 EXIST::FUNCTION:
- SMIME_write_CMS 1039 1_1_0 EXIST::FUNCTION:CMS
- i2d_DSAPublicKey 1040 1_1_0 EXIST::FUNCTION:DSA
--DES_enc_write 1041 1_1_0 EXIST::FUNCTION:DES
- SMIME_text 1042 1_1_0 EXIST::FUNCTION:
- PKCS7_add_recipient_info 1043 1_1_0 EXIST::FUNCTION:
- BN_get_word 1044 1_1_0 EXIST::FUNCTION:
-@@ -1103,7 +1080,7 @@ CRYPTO_mem_debug_malloc
- ENGINE_get_EC 1072 1_1_0 EXIST::FUNCTION:ENGINE
- ASN1_STRING_copy 1073 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_encrypt_old 1074 1_1_0 EXIST::FUNCTION:
--lh_free 1075 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_free 1075 1_1_0 EXIST::FUNCTION:
- DES_is_weak_key 1076 1_1_0 EXIST::FUNCTION:DES
- EVP_PKEY_verify 1077 1_1_0 EXIST::FUNCTION:
- ERR_load_BIO_strings 1078 1_1_0 EXIST::FUNCTION:
-@@ -1125,7 +1102,7 @@ X509_print_ex_fp
- ERR_load_PEM_strings 1094 1_1_0 EXIST::FUNCTION:
- ENGINE_unregister_pkey_asn1_meths 1095 1_1_0 EXIST::FUNCTION:ENGINE
- IPAddressFamily_free 1096 1_1_0 EXIST::FUNCTION:RFC3779
--UI_method_get_prompt_constructor 1097 1_1_0 EXIST::FUNCTION:
-+UI_method_get_prompt_constructor 1097 1_1_0 EXIST::FUNCTION:UI
- ASN1_NULL_it 1098 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_NULL_it 1098 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- X509_REQ_get_pubkey 1099 1_1_0 EXIST::FUNCTION:
-@@ -1149,7 +1126,7 @@ BIO_s_datagram
- X509_STORE_CTX_get0_store 1117 1_1_0 EXIST::FUNCTION:
- PKCS12_pack_p7data 1118 1_1_0 EXIST::FUNCTION:
- RSA_print_fp 1119 1_1_0 EXIST::FUNCTION:RSA,STDIO
--OPENSSL_INIT_set_config_filename 1120 1_1_0 EXIST::FUNCTION:STDIO
-+OPENSSL_INIT_set_config_appname 1120 1_1_0 EXIST::FUNCTION:STDIO
- EC_KEY_print_fp 1121 1_1_0 EXIST::FUNCTION:EC,STDIO
- BIO_dup_chain 1122 1_1_0 EXIST::FUNCTION:
- PKCS8_PRIV_KEY_INFO_it 1123 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1160,7 +1137,7 @@ RSA_OAEP_PARAMS_free
- RC2_encrypt 1127 1_1_0 EXIST::FUNCTION:RC2
- PEM_write 1128 1_1_0 EXIST::FUNCTION:STDIO
- EVP_CIPHER_meth_get_get_asn1_params 1129 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_RESPBYTES 1130 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_RESPBYTES 1130 1_1_0 EXIST::FUNCTION:OCSP
- d2i_ASN1_UTF8STRING 1131 1_1_0 EXIST::FUNCTION:
- EXTENDED_KEY_USAGE_it 1132 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- EXTENDED_KEY_USAGE_it 1132 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -1175,8 +1152,8 @@ RSA_new
- PEM_write_bio_PKCS7 1141 1_1_0 EXIST::FUNCTION:
- MDC2_Final 1142 1_1_0 EXIST::FUNCTION:MDC2
- SMIME_crlf_copy 1143 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_get_ext_count 1144 1_1_0 EXIST::FUNCTION:
--OCSP_REQ_CTX_new 1145 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_get_ext_count 1144 1_1_0 EXIST::FUNCTION:OCSP
-+OCSP_REQ_CTX_new 1145 1_1_0 EXIST::FUNCTION:OCSP
- X509_load_cert_crl_file 1146 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_new_mac_key 1147 1_1_0 EXIST::FUNCTION:
- DIST_POINT_new 1148 1_1_0 EXIST::FUNCTION:
-@@ -1187,7 +1164,7 @@ PKCS5_v2_scrypt_keyivgen
- DES_check_key_parity 1153 1_1_0 EXIST::FUNCTION:DES
- EVP_aes_256_ocb 1154 1_1_0 EXIST::FUNCTION:OCB
- X509_VAL_free 1155 1_1_0 EXIST::FUNCTION:
--X509_STORE_get1_certs 1156 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get1_certs 1156 1_1_0 EXIST::FUNCTION:
- PEM_write_RSA_PUBKEY 1157 1_1_0 EXIST::FUNCTION:RSA
- PKCS12_SAFEBAG_get0_p8inf 1158 1_1_0 EXIST::FUNCTION:
- X509_CRL_set_issuer_name 1159 1_1_0 EXIST::FUNCTION:
-@@ -1211,7 +1188,7 @@ TS_TST_INFO_get_serial
- X509_LOOKUP_hash_dir 1176 1_1_0 EXIST::FUNCTION:
- ASN1_BIT_STRING_check 1177 1_1_0 EXIST::FUNCTION:
- ENGINE_set_default_RAND 1178 1_1_0 EXIST::FUNCTION:ENGINE
--BIO_connect 1179 1_1_0 EXIST::FUNCTION:
-+BIO_connect 1179 1_1_0 EXIST::FUNCTION:SOCK
- TS_TST_INFO_add_ext 1180 1_1_0 EXIST::FUNCTION:TS
- EVP_aes_192_ccm 1181 1_1_0 EXIST::FUNCTION:
- X509V3_add_value 1182 1_1_0 EXIST::FUNCTION:
-@@ -1241,7 +1218,7 @@ EVP_cast5_cfb64
- SCT_validation_status_string 1206 1_1_0 EXIST::FUNCTION:CT
- PKCS7_add_attribute 1207 1_1_0 EXIST::FUNCTION:
- ENGINE_register_DSA 1208 1_1_0 EXIST::FUNCTION:ENGINE
--lh_node_stats 1209 1_1_0 EXIST::FUNCTION:STDIO
-+OPENSSL_LH_node_stats 1209 1_1_0 EXIST::FUNCTION:STDIO
- X509_policy_tree_free 1210 1_1_0 EXIST::FUNCTION:
- EC_GFp_simple_method 1211 1_1_0 EXIST::FUNCTION:EC
- X509_it 1212 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1251,10 +1228,10 @@ MDC2_Update
- EC_KEY_new_by_curve_name 1215 1_1_0 EXIST::FUNCTION:EC
- X509_CRL_free 1216 1_1_0 EXIST::FUNCTION:
- i2d_PKCS7_SIGN_ENVELOPE 1217 1_1_0 EXIST::FUNCTION:
--OCSP_CERTSTATUS_it 1218 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_CERTSTATUS_it 1218 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_CERTSTATUS_it 1218 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_CERTSTATUS_it 1218 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- BIO_f_reliable 1219 1_1_0 EXIST::FUNCTION:
--OCSP_resp_count 1220 1_1_0 EXIST::FUNCTION:
-+OCSP_resp_count 1220 1_1_0 EXIST::FUNCTION:OCSP
- i2d_X509_AUX 1221 1_1_0 EXIST::FUNCTION:
- RSA_verify_PKCS1_PSS_mgf1 1222 1_1_0 EXIST::FUNCTION:RSA
- X509_time_adj 1223 1_1_0 EXIST::FUNCTION:
-@@ -1281,24 +1258,22 @@ PEM_read_bio_DSAparams
- DSO_METHOD_openssl 1244 1_1_0 EXIST::FUNCTION:
- d2i_PrivateKey_fp 1245 1_1_0 EXIST::FUNCTION:STDIO
- i2d_NETSCAPE_CERT_SEQUENCE 1246 1_1_0 EXIST::FUNCTION:
--COMP_zlib_cleanup 1247 1_1_0 NOEXIST::FUNCTION:
- EC_POINT_oct2point 1248 1_1_0 EXIST::FUNCTION:EC
- EVP_CIPHER_CTX_buf_noconst 1249 1_1_0 EXIST::FUNCTION:
- OPENSSL_DIR_read 1250 1_1_0 EXIST::FUNCTION:
- CMS_add_smimecap 1251 1_1_0 EXIST::FUNCTION:CMS
- X509_check_email 1252 1_1_0 EXIST::FUNCTION:
- CRYPTO_cts128_decrypt_block 1253 1_1_0 EXIST::FUNCTION:
--UI_method_get_opener 1254 1_1_0 EXIST::FUNCTION:
-+UI_method_get_opener 1254 1_1_0 EXIST::FUNCTION:UI
- EVP_aes_192_gcm 1255 1_1_0 EXIST::FUNCTION:
- TS_CONF_set_tsa_name 1256 1_1_0 EXIST::FUNCTION:TS
- X509_email_free 1257 1_1_0 EXIST::FUNCTION:
- BIO_get_callback 1258 1_1_0 EXIST::FUNCTION:
--sk_shift 1259 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_shift 1259 1_1_0 EXIST::FUNCTION:
- i2d_X509_REVOKED 1260 1_1_0 EXIST::FUNCTION:
- CMS_sign 1261 1_1_0 EXIST::FUNCTION:CMS
- X509_STORE_add_cert 1262 1_1_0 EXIST::FUNCTION:
- EC_GROUP_precompute_mult 1263 1_1_0 EXIST::FUNCTION:EC
--SCT_LIST_set_source 1264 1_1_0 NOEXIST::FUNCTION:
- d2i_DISPLAYTEXT 1265 1_1_0 EXIST::FUNCTION:
- HMAC_CTX_copy 1266 1_1_0 EXIST::FUNCTION:
- CRYPTO_gcm128_init 1267 1_1_0 EXIST::FUNCTION:
-@@ -1319,15 +1294,15 @@ CONF_dump_fp
- i2o_SCT_LIST 1282 1_1_0 EXIST::FUNCTION:CT
- AES_encrypt 1283 1_1_0 EXIST::FUNCTION:
- MD5_Init 1284 1_1_0 EXIST::FUNCTION:MD5
--UI_add_error_string 1285 1_1_0 EXIST::FUNCTION:
-+UI_add_error_string 1285 1_1_0 EXIST::FUNCTION:UI
- X509_TRUST_cleanup 1286 1_1_0 EXIST::FUNCTION:
- PEM_read_X509 1287 1_1_0 EXIST::FUNCTION:
- EC_KEY_new_method 1288 1_1_0 EXIST::FUNCTION:EC
- i2d_RSAPublicKey_fp 1289 1_1_0 EXIST::FUNCTION:RSA,STDIO
- CRYPTO_ctr128_encrypt_ctr32 1290 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_move_peername 1291 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_it 1292 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_SINGLERESP_it 1292 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_SINGLERESP_it 1292 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_SINGLERESP_it 1292 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- BN_num_bits 1293 1_1_0 EXIST::FUNCTION:
- X509_CRL_METHOD_free 1294 1_1_0 EXIST::FUNCTION:
- PEM_read_NETSCAPE_CERT_SEQUENCE 1295 1_1_0 EXIST::FUNCTION:
-@@ -1342,11 +1317,11 @@ PEM_write_DSA_PUBKEY
- i2d_PKCS7_ENVELOPE 1304 1_1_0 EXIST::FUNCTION:
- PBKDF2PARAM_it 1305 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PBKDF2PARAM_it 1305 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--UI_get_result_maxsize 1306 1_1_0 EXIST::FUNCTION:
-+UI_get_result_maxsize 1306 1_1_0 EXIST::FUNCTION:UI
- PBEPARAM_it 1307 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PBEPARAM_it 1307 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- TS_ACCURACY_set_seconds 1308 1_1_0 EXIST::FUNCTION:TS
--UI_get0_action_string 1309 1_1_0 EXIST::FUNCTION:
-+UI_get0_action_string 1309 1_1_0 EXIST::FUNCTION:UI
- RC2_decrypt 1310 1_1_0 EXIST::FUNCTION:RC2
- OPENSSL_atexit 1311 1_1_0 EXIST::FUNCTION:
- CMS_add_standard_smimecap 1312 1_1_0 EXIST::FUNCTION:CMS
-@@ -1355,11 +1330,11 @@ CMS_add_standard_smimecap
- ERR_peek_last_error 1315 1_1_0 EXIST::FUNCTION:
- ENGINE_set_cmd_defns 1316 1_1_0 EXIST::FUNCTION:ENGINE
- d2i_ASN1_NULL 1317 1_1_0 EXIST::FUNCTION:
--RAND_event 1318 1_1_0 EXIST:WIN32:FUNCTION:
-+RAND_event 1318 1_1_0 EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
- i2d_PKCS12_fp 1319 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_get_init 1320 1_1_0 EXIST::FUNCTION:
- X509_check_trust 1321 1_1_0 EXIST::FUNCTION:
--b2i_PrivateKey 1322 1_1_0 EXIST::FUNCTION:
-+b2i_PrivateKey 1322 1_1_0 EXIST::FUNCTION:DSA
- HMAC_Init_ex 1323 1_1_0 EXIST::FUNCTION:
- SMIME_read_CMS 1324 1_1_0 EXIST::FUNCTION:CMS
- X509_subject_name_cmp 1325 1_1_0 EXIST::FUNCTION:
-@@ -1387,8 +1362,8 @@ PEM_write_bio_CMS_stream
- BIO_f_linebuffer 1346 1_1_0 EXIST::FUNCTION:
- ASN1_item_d2i_bio 1347 1_1_0 EXIST::FUNCTION:
- ENGINE_get_flags 1348 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_resp_find 1349 1_1_0 EXIST::FUNCTION:
--lh_node_usage_stats_bio 1350 1_1_0 EXIST::FUNCTION:
-+OCSP_resp_find 1349 1_1_0 EXIST::FUNCTION:OCSP
-+OPENSSL_LH_node_usage_stats_bio 1350 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_encrypt 1351 1_1_0 EXIST::FUNCTION:
- CRYPTO_cfb128_8_encrypt 1352 1_1_0 EXIST::FUNCTION:
- SXNET_get_id_INTEGER 1353 1_1_0 EXIST::FUNCTION:
-@@ -1397,7 +1372,6 @@ ENGINE_get_flags
- PKCS7_ENC_CONTENT_new 1356 1_1_0 EXIST::FUNCTION:
- CRYPTO_realloc 1357 1_1_0 EXIST::FUNCTION:
- BIO_ctrl_pending 1358 1_1_0 EXIST::FUNCTION:
--DSO_set_method 1359 1_1_0 NOEXIST::FUNCTION:
- EVP_MD_meth_new 1360 1_1_0 EXIST::FUNCTION:
- X509_sign_ctx 1361 1_1_0 EXIST::FUNCTION:
- BN_is_odd 1362 1_1_0 EXIST::FUNCTION:
-@@ -1407,11 +1381,9 @@ ENGINE_get_flags
- X509_get_default_cert_file_env 1366 1_1_0 EXIST::FUNCTION:
- X509v3_addr_validate_resource_set 1367 1_1_0 EXIST::FUNCTION:RFC3779
- d2i_X509_VAL 1368 1_1_0 EXIST::FUNCTION:
--_shadow_DES_rw_mode 1369 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
--_shadow_DES_rw_mode 1369 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
- CRYPTO_gcm128_decrypt_ctr32 1370 1_1_0 EXIST::FUNCTION:
- DHparams_print 1371 1_1_0 EXIST::FUNCTION:DH
--sk_unshift 1372 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_unshift 1372 1_1_0 EXIST::FUNCTION:
- BN_GENCB_set_old 1373 1_1_0 EXIST::FUNCTION:
- PEM_write_bio_X509 1374 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_asn1_free 1375 1_1_0 EXIST::FUNCTION:
-@@ -1421,18 +1393,16 @@ ENGINE_unregister_DH
- CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 EXIST::FUNCTION:CT
- X509_NAME_hash 1379 1_1_0 EXIST::FUNCTION:
- SCT_set_timestamp 1380 1_1_0 EXIST::FUNCTION:CT
--UI_new 1381 1_1_0 EXIST::FUNCTION:
-+UI_new 1381 1_1_0 EXIST::FUNCTION:UI
- TS_REQ_get_msg_imprint 1382 1_1_0 EXIST::FUNCTION:TS
- i2d_PKCS12_BAGS 1383 1_1_0 EXIST::FUNCTION:
--RSA_memory_lock 1384 1_1_0 EXIST::FUNCTION:RSA
- CERTIFICATEPOLICIES_free 1385 1_1_0 EXIST::FUNCTION:
- X509V3_get_section 1386 1_1_0 EXIST::FUNCTION:
--BIO_parse_hostserv 1387 1_1_0 EXIST::FUNCTION:
-+BIO_parse_hostserv 1387 1_1_0 EXIST::FUNCTION:SOCK
- EVP_PKEY_meth_set_cleanup 1388 1_1_0 EXIST::FUNCTION:
- PROXY_CERT_INFO_EXTENSION_free 1389 1_1_0 EXIST::FUNCTION:
- X509_dup 1390 1_1_0 EXIST::FUNCTION:
- EDIPARTYNAME_free 1391 1_1_0 EXIST::FUNCTION:
--DSO_new_method 1392 1_1_0 NOEXIST::FUNCTION:
- X509_CRL_add0_revoked 1393 1_1_0 EXIST::FUNCTION:
- GENERAL_NAME_set0_value 1394 1_1_0 EXIST::FUNCTION:
- X509_ATTRIBUTE_dup 1395 1_1_0 EXIST::FUNCTION:
-@@ -1442,7 +1412,7 @@ EC_GROUP_check_discriminant
- d2i_PKCS7_ENCRYPT 1399 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_CTX_ctrl 1400 1_1_0 EXIST::FUNCTION:
- X509_REQ_set_pubkey 1401 1_1_0 EXIST::FUNCTION:
--UI_create_method 1402 1_1_0 EXIST::FUNCTION:
-+UI_create_method 1402 1_1_0 EXIST::FUNCTION:UI
- X509_REQ_add_extensions_nid 1403 1_1_0 EXIST::FUNCTION:
- PEM_X509_INFO_write_bio 1404 1_1_0 EXIST::FUNCTION:
- BIO_dump_cb 1405 1_1_0 EXIST::FUNCTION:
-@@ -1455,7 +1425,7 @@ SRP_Calc_server_key
- SHA512 1412 1_1_0 EXIST:!VMSVAX:FUNCTION:
- X509_STORE_CTX_get_explicit_policy 1413 1_1_0 EXIST::FUNCTION:
- EVP_DecodeBlock 1414 1_1_0 EXIST::FUNCTION:
--OCSP_REQ_CTX_http 1415 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_http 1415 1_1_0 EXIST::FUNCTION:OCSP
- EVP_MD_CTX_reset 1416 1_1_0 EXIST::FUNCTION:
- X509_NAME_new 1417 1_1_0 EXIST::FUNCTION:
- ASN1_item_pack 1418 1_1_0 EXIST::FUNCTION:
-@@ -1469,11 +1439,11 @@ d2i_RSA_PUBKEY_fp
- CONF_modules_finish 1426 1_1_0 EXIST::FUNCTION:
- BN_value_one 1427 1_1_0 EXIST::FUNCTION:
- RSA_padding_add_SSLv23 1428 1_1_0 EXIST::FUNCTION:RSA
--OCSP_RESPBYTES_it 1429 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_RESPBYTES_it 1429 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_RESPBYTES_it 1429 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_RESPBYTES_it 1429 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- EVP_aes_192_wrap 1430 1_1_0 EXIST::FUNCTION:
--OCSP_CERTID_it 1431 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_CERTID_it 1431 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_CERTID_it 1431 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_CERTID_it 1431 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- ENGINE_get_RSA 1432 1_1_0 EXIST::FUNCTION:ENGINE
- RAND_get_rand_method 1433 1_1_0 EXIST::FUNCTION:
- ERR_load_DSA_strings 1434 1_1_0 EXIST::FUNCTION:DSA
-@@ -1485,22 +1455,21 @@ i2d_ECPrivateKey_bio
- BN_GENCB_free 1440 1_1_0 EXIST::FUNCTION:
- HMAC_size 1441 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_get0_DH 1442 1_1_0 EXIST::FUNCTION:DH
--d2i_OCSP_CRLID 1443 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_CRLID 1443 1_1_0 EXIST::FUNCTION:OCSP
- EVP_CIPHER_CTX_set_padding 1444 1_1_0 EXIST::FUNCTION:
- CTLOG_new_from_base64 1445 1_1_0 EXIST::FUNCTION:CT
- AES_bi_ige_encrypt 1446 1_1_0 EXIST::FUNCTION:
- ERR_pop_to_mark 1447 1_1_0 EXIST::FUNCTION:
--DSO_METHOD_win32 1448 1_1_0 NOEXIST::FUNCTION:
- CRL_DIST_POINTS_new 1449 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_get0_asn1 1450 1_1_0 EXIST::FUNCTION:
- EVP_camellia_192_ctr 1451 1_1_0 EXIST::FUNCTION:CAMELLIA
- EVP_PKEY_free 1452 1_1_0 EXIST::FUNCTION:
- X509_ATTRIBUTE_count 1453 1_1_0 EXIST::FUNCTION:
--BIO_new_dgram 1454 1_1_0 EXIST::FUNCTION:
-+BIO_new_dgram 1454 1_1_0 EXIST::FUNCTION:DGRAM
- CMS_RecipientInfo_kari_get0_reks 1455 1_1_0 EXIST::FUNCTION:CMS
- BASIC_CONSTRAINTS_new 1456 1_1_0 EXIST::FUNCTION:
- PEM_read_bio_X509_REQ 1457 1_1_0 EXIST::FUNCTION:
--BIO_sock_init 1458 1_1_0 EXIST::FUNCTION:
-+BIO_sock_init 1458 1_1_0 EXIST::FUNCTION:SOCK
- BN_nist_mod_192 1459 1_1_0 EXIST::FUNCTION:
- i2d_PKCS7_ISSUER_AND_SERIAL 1460 1_1_0 EXIST::FUNCTION:
- X509V3_EXT_nconf 1461 1_1_0 EXIST::FUNCTION:
-@@ -1514,22 +1483,22 @@ TS_CONF_get_tsa_section
- EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION:UI
- BN_bn2bin 1470 1_1_0 EXIST::FUNCTION:
- d2i_ASN1_BIT_STRING 1471 1_1_0 EXIST::FUNCTION:
--OCSP_CERTSTATUS_new 1472 1_1_0 EXIST::FUNCTION:
-+OCSP_CERTSTATUS_new 1472 1_1_0 EXIST::FUNCTION:OCSP
- ENGINE_register_RAND 1473 1_1_0 EXIST::FUNCTION:ENGINE
- X509V3_section_free 1474 1_1_0 EXIST::FUNCTION:
- CRYPTO_mem_debug_free 1475 1_1_0 EXIST::FUNCTION:CRYPTO_MDEBUG
--d2i_OCSP_REQUEST 1476 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_REQUEST 1476 1_1_0 EXIST::FUNCTION:OCSP
- ENGINE_get_cipher_engine 1477 1_1_0 EXIST::FUNCTION:ENGINE
- SHA384_Final 1478 1_1_0 EXIST:!VMSVAX:FUNCTION:
- TS_RESP_CTX_set_certs 1479 1_1_0 EXIST::FUNCTION:TS
- BN_MONT_CTX_free 1480 1_1_0 EXIST::FUNCTION:
- BN_GF2m_mod_solve_quad_arr 1481 1_1_0 EXIST::FUNCTION:EC2M
--UI_add_input_string 1482 1_1_0 EXIST::FUNCTION:
-+UI_add_input_string 1482 1_1_0 EXIST::FUNCTION:UI
- TS_TST_INFO_get_version 1483 1_1_0 EXIST::FUNCTION:TS
--BIO_accept_ex 1484 1_1_0 EXIST::FUNCTION:
-+BIO_accept_ex 1484 1_1_0 EXIST::FUNCTION:SOCK
- CRYPTO_get_mem_functions 1485 1_1_0 EXIST::FUNCTION:
- PEM_read_bio 1486 1_1_0 EXIST::FUNCTION:
--OCSP_BASICRESP_get_ext_by_critical 1487 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_get_ext_by_critical 1487 1_1_0 EXIST::FUNCTION:OCSP
- SXNET_it 1488 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- SXNET_it 1488 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- BIO_indent 1489 1_1_0 EXIST::FUNCTION:
-@@ -1541,7 +1510,7 @@ i2d_TS_REQ_bio
- EVP_PKEY_CTX_get_operation 1495 1_1_0 EXIST::FUNCTION:
- EVP_MD_meth_set_ctrl 1496 1_1_0 EXIST::FUNCTION:
- X509_EXTENSION_set_critical 1497 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_clear 1498 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_clear 1498 1_1_0 EXIST::FUNCTION:SOCK
- ENGINE_get_DSA 1499 1_1_0 EXIST::FUNCTION:ENGINE
- ASYNC_get_wait_ctx 1500 1_1_0 EXIST::FUNCTION:
- ENGINE_set_load_privkey_function 1501 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -1553,7 +1522,7 @@ ENGINE_set_load_privkey_function
- AES_set_encrypt_key 1507 1_1_0 EXIST::FUNCTION:
- ASN1_UTCTIME_new 1508 1_1_0 EXIST::FUNCTION:
- AES_cbc_encrypt 1509 1_1_0 EXIST::FUNCTION:
--OCSP_RESPDATA_free 1510 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPDATA_free 1510 1_1_0 EXIST::FUNCTION:OCSP
- EVP_PKEY_asn1_find 1511 1_1_0 EXIST::FUNCTION:
- d2i_ASN1_GENERALIZEDTIME 1512 1_1_0 EXIST::FUNCTION:
- OPENSSL_cleanup 1513 1_1_0 EXIST::FUNCTION:
-@@ -1565,7 +1534,7 @@ SCT_get_source
- i2d_X509_ALGOR 1519 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set0_crls 1520 1_1_0 EXIST::FUNCTION:
- ASYNC_pause_job 1521 1_1_0 EXIST::FUNCTION:
--OCSP_BASICRESP_new 1522 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_new 1522 1_1_0 EXIST::FUNCTION:OCSP
- EVP_camellia_256_ofb 1523 1_1_0 EXIST::FUNCTION:CAMELLIA
- PKCS12_item_i2d_encrypt 1524 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_set_copy 1525 1_1_0 EXIST::FUNCTION:
-@@ -1590,13 +1559,13 @@ CMS_get0_content
- BN_is_word 1544 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_key_length 1545 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_asn1_to_param 1546 1_1_0 EXIST::FUNCTION:
--OCSP_request_onereq_get0 1547 1_1_0 EXIST::FUNCTION:
-+OCSP_request_onereq_get0 1547 1_1_0 EXIST::FUNCTION:OCSP
- ERR_load_PKCS7_strings 1548 1_1_0 EXIST::FUNCTION:
- X509_PUBKEY_get 1549 1_1_0 EXIST::FUNCTION:
- EC_KEY_free 1550 1_1_0 EXIST::FUNCTION:EC
- BIO_read 1551 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_get_attr_by_NID 1552 1_1_0 EXIST::FUNCTION:
--BIO_get_accept_socket 1553 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
-+BIO_get_accept_socket 1553 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
- CMS_SignerInfo_sign 1554 1_1_0 EXIST::FUNCTION:CMS
- ASN1_item_i2d_bio 1555 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_CTX_block_size 1556 1_1_0 EXIST::FUNCTION:
-@@ -1607,7 +1576,7 @@ TS_CONF_set_default_engine
- DSO_free 1561 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_get_tsa 1562 1_1_0 EXIST::FUNCTION:TS
- EC_GROUP_check 1563 1_1_0 EXIST::FUNCTION:EC
--sk_delete 1564 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_delete 1564 1_1_0 EXIST::FUNCTION:
- TS_RESP_CTX_set_extension_cb 1565 1_1_0 EXIST::FUNCTION:TS
- EVP_CIPHER_CTX_nid 1566 1_1_0 EXIST::FUNCTION:
- TS_RESP_CTX_add_md 1567 1_1_0 EXIST::FUNCTION:TS
-@@ -1616,8 +1585,8 @@ DES_set_key
- PEM_do_header 1570 1_1_0 EXIST::FUNCTION:
- i2d_re_X509_CRL_tbs 1571 1_1_0 EXIST::FUNCTION:
- BIO_method_name 1572 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_CRLID 1573 1_1_0 EXIST::FUNCTION:
--OCSP_request_set1_name 1574 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_CRLID 1573 1_1_0 EXIST::FUNCTION:OCSP
-+OCSP_request_set1_name 1574 1_1_0 EXIST::FUNCTION:OCSP
- d2i_X509_NAME_ENTRY 1575 1_1_0 EXIST::FUNCTION:
- X509_trusted 1576 1_1_0 EXIST::FUNCTION:
- X509_TRUST_get_flags 1577 1_1_0 EXIST::FUNCTION:
-@@ -1626,15 +1595,14 @@ DES_set_key
- CONF_imodule_set_usr_data 1580 1_1_0 EXIST::FUNCTION:
- d2i_TS_RESP_fp 1581 1_1_0 EXIST::FUNCTION:STDIO,TS
- X509_policy_tree_get0_user_policies 1582 1_1_0 EXIST::FUNCTION:
--SCT_LIST_set0_logs 1583 1_1_0 NOEXIST::FUNCTION:
- DSA_do_sign 1584 1_1_0 EXIST::FUNCTION:DSA
- EVP_CIPHER_CTX_reset 1585 1_1_0 EXIST::FUNCTION:
--OCSP_REVOKEDINFO_new 1586 1_1_0 EXIST::FUNCTION:
-+OCSP_REVOKEDINFO_new 1586 1_1_0 EXIST::FUNCTION:OCSP
- SRP_Verify_A_mod_N 1587 1_1_0 EXIST::FUNCTION:SRP
- SRP_VBASE_free 1588 1_1_0 EXIST::FUNCTION:SRP
- PKCS7_add0_attrib_signing_time 1589 1_1_0 EXIST::FUNCTION:
- X509_STORE_set_flags 1590 1_1_0 EXIST::FUNCTION:
--UI_get0_output_string 1591 1_1_0 EXIST::FUNCTION:
-+UI_get0_output_string 1591 1_1_0 EXIST::FUNCTION:UI
- ERR_get_error_line_data 1592 1_1_0 EXIST::FUNCTION:
- CTLOG_get0_name 1593 1_1_0 EXIST::FUNCTION:CT
- ASN1_TBOOLEAN_it 1594 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1642,7 +1610,6 @@ CTLOG_get0_name
- RC2_set_key 1595 1_1_0 EXIST::FUNCTION:RC2
- X509_REVOKED_get_ext_by_NID 1596 1_1_0 EXIST::FUNCTION:
- RSA_padding_add_none 1597 1_1_0 EXIST::FUNCTION:RSA
--CRYPTO_THREADID_cmp 1598 1_1_0 NOEXIST::FUNCTION:
- EVP_rc5_32_12_16_cbc 1599 1_1_0 EXIST::FUNCTION:RC5
- PEM_dek_info 1600 1_1_0 EXIST::FUNCTION:
- ASN1_SCTX_get_template 1601 1_1_0 EXIST::FUNCTION:
-@@ -1655,18 +1622,17 @@ TS_ext_print_bio
- SCT_set1_log_id 1608 1_1_0 EXIST::FUNCTION:CT
- X509_get0_pubkey_bitstr 1609 1_1_0 EXIST::FUNCTION:
- ENGINE_register_all_RAND 1610 1_1_0 EXIST::FUNCTION:ENGINE
--BN_BLINDING_thread_id 1611 1_1_0 NOEXIST::FUNCTION:
- EVP_MD_meth_get_result_size 1612 1_1_0 EXIST::FUNCTION:
--BIO_ADDRINFO_address 1613 1_1_0 EXIST::FUNCTION:
-+BIO_ADDRINFO_address 1613 1_1_0 EXIST::FUNCTION:SOCK
- ASN1_STRING_print_ex 1614 1_1_0 EXIST::FUNCTION:
- i2d_CMS_ReceiptRequest 1615 1_1_0 EXIST::FUNCTION:CMS
- d2i_TS_REQ_fp 1616 1_1_0 EXIST::FUNCTION:STDIO,TS
--OCSP_REQ_CTX_i2d 1617 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_i2d 1617 1_1_0 EXIST::FUNCTION:OCSP
- EVP_PKEY_get_default_digest_nid 1618 1_1_0 EXIST::FUNCTION:
- ASIdOrRange_new 1619 1_1_0 EXIST::FUNCTION:RFC3779
- ASN1_SCTX_new 1620 1_1_0 EXIST::FUNCTION:
- X509V3_EXT_get 1621 1_1_0 EXIST::FUNCTION:
--OCSP_id_cmp 1622 1_1_0 EXIST::FUNCTION:
-+OCSP_id_cmp 1622 1_1_0 EXIST::FUNCTION:OCSP
- NCONF_dump_bio 1623 1_1_0 EXIST::FUNCTION:
- X509_NAME_get_entry 1624 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_get1_DH 1625 1_1_0 EXIST::FUNCTION:DH
-@@ -1677,18 +1643,18 @@ CRYPTO_ocb128_cleanup
- EVP_des_ede_cbc 1630 1_1_0 EXIST::FUNCTION:DES
- i2d_ASN1_TIME 1631 1_1_0 EXIST::FUNCTION:
- ENGINE_register_all_pkey_asn1_meths 1632 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_set_max_response_length 1633 1_1_0 EXIST::FUNCTION:
-+OCSP_set_max_response_length 1633 1_1_0 EXIST::FUNCTION:OCSP
- d2i_ISSUING_DIST_POINT 1634 1_1_0 EXIST::FUNCTION:
- CMS_RecipientInfo_set0_key 1635 1_1_0 EXIST::FUNCTION:CMS
- NCONF_new 1636 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_free 1637 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_free 1637 1_1_0 EXIST::FUNCTION:OCSP
- PKCS7_ENCRYPT_free 1638 1_1_0 EXIST::FUNCTION:
- i2d_DIST_POINT 1639 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_paramgen_init 1640 1_1_0 EXIST::FUNCTION:
- TS_MSG_IMPRINT_dup 1641 1_1_0 EXIST::FUNCTION:TS
- CMS_ContentInfo_it 1642 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
- CMS_ContentInfo_it 1642 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
--OCSP_resp_get0_signature 1643 1_1_0 EXIST::FUNCTION:
-+OCSP_resp_get0_signature 1643 1_1_0 EXIST::FUNCTION:OCSP
- X509_STORE_CTX_get1_issuer 1644 1_1_0 EXIST::FUNCTION:
- EVP_Digest 1645 1_1_0 EXIST::FUNCTION:
- CRYPTO_set_ex_data 1646 1_1_0 EXIST::FUNCTION:
-@@ -1697,7 +1663,6 @@ CMS_ContentInfo_it
- i2d_EDIPARTYNAME 1649 1_1_0 EXIST::FUNCTION:
- X509_policy_tree_get0_policies 1650 1_1_0 EXIST::FUNCTION:
- X509at_add1_attr 1651 1_1_0 EXIST::FUNCTION:
--CRYPTO_num_locks 1652 1_1_0 NOEXIST::FUNCTION:
- X509_get_ex_data 1653 1_1_0 EXIST::FUNCTION:
- RSA_set_method 1654 1_1_0 EXIST::FUNCTION:RSA
- X509_REVOKED_dup 1655 1_1_0 EXIST::FUNCTION:
-@@ -1711,15 +1676,14 @@ EC_GROUP_free
- X509_VERIFY_PARAM_clear_flags 1663 1_1_0 EXIST::FUNCTION:
- X509_NAME_add_entry_by_txt 1664 1_1_0 EXIST::FUNCTION:
- DES_ede3_cfb_encrypt 1665 1_1_0 EXIST::FUNCTION:DES
--CRYPTO_destroy_dynlockid 1666 1_1_0 NOEXIST::FUNCTION:
- i2d_CMS_bio_stream 1667 1_1_0 EXIST::FUNCTION:CMS
- DES_quad_cksum 1668 1_1_0 EXIST::FUNCTION:DES
- X509_ATTRIBUTE_create_by_NID 1669 1_1_0 EXIST::FUNCTION:
- TS_VERIFY_CTX_free 1670 1_1_0 EXIST::FUNCTION:TS
- EC_KEY_up_ref 1671 1_1_0 EXIST::FUNCTION:EC
- EC_GROUP_get_basis_type 1672 1_1_0 EXIST::FUNCTION:EC
--OCSP_crlID_new 1673 1_1_0 EXIST:!VMS:FUNCTION:
--OCSP_crlID2_new 1673 1_1_0 EXIST:VMS:FUNCTION:
-+OCSP_crlID_new 1673 1_1_0 EXIST:!VMS:FUNCTION:OCSP
-+OCSP_crlID2_new 1673 1_1_0 EXIST:VMS:FUNCTION:OCSP
- PEM_write_PKCS7 1674 1_1_0 EXIST::FUNCTION:
- PKCS7_add_signer 1675 1_1_0 EXIST::FUNCTION:
- X509_SIG_it 1676 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1737,7 +1701,7 @@ CMS_EncryptedData_set1_key
- OBJ_find_sigid_by_algs 1687 1_1_0 EXIST::FUNCTION:
- ASN1_generate_nconf 1688 1_1_0 EXIST::FUNCTION:
- CMS_add0_recipient_password 1689 1_1_0 EXIST::FUNCTION:CMS
--UI_get_string_type 1690 1_1_0 EXIST::FUNCTION:
-+UI_get_string_type 1690 1_1_0 EXIST::FUNCTION:UI
- PEM_read_bio_ECPrivateKey 1691 1_1_0 EXIST::FUNCTION:EC
- EVP_PKEY_get_attr 1692 1_1_0 EXIST::FUNCTION:
- PEM_read_bio_ECPKParameters 1693 1_1_0 EXIST::FUNCTION:EC
-@@ -1747,7 +1711,7 @@ ENGINE_ctrl_cmd
- TS_CONF_set_digests 1697 1_1_0 EXIST::FUNCTION:TS
- PKCS7_SIGNED_it 1698 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS7_SIGNED_it 1698 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--b2i_PublicKey 1699 1_1_0 EXIST::FUNCTION:
-+b2i_PublicKey 1699 1_1_0 EXIST::FUNCTION:DSA
- X509_PURPOSE_cleanup 1700 1_1_0 EXIST::FUNCTION:
- ESS_SIGNING_CERT_dup 1701 1_1_0 EXIST::FUNCTION:TS
- ENGINE_set_default_DSA 1702 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -1758,7 +1722,7 @@ RSA_padding_check_PKCS1_OAEP_mgf1
- ASN1_parse_dump 1708 1_1_0 EXIST::FUNCTION:
- BIO_vfree 1709 1_1_0 EXIST::FUNCTION:
- CRYPTO_cbc128_decrypt 1710 1_1_0 EXIST::FUNCTION:
--UI_dup_verify_string 1711 1_1_0 EXIST::FUNCTION:
-+UI_dup_verify_string 1711 1_1_0 EXIST::FUNCTION:UI
- d2i_PKCS7_bio 1712 1_1_0 EXIST::FUNCTION:
- ENGINE_set_default_digests 1713 1_1_0 EXIST::FUNCTION:ENGINE
- i2d_PublicKey 1714 1_1_0 EXIST::FUNCTION:
-@@ -1775,8 +1739,8 @@ EVP_cast5_ecb
- BIO_nwrite0 1725 1_1_0 EXIST::FUNCTION:
- CAST_encrypt 1726 1_1_0 EXIST::FUNCTION:CAST
- a2d_ASN1_OBJECT 1727 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_delete_ext 1728 1_1_0 EXIST::FUNCTION:
--UI_method_get_reader 1729 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_delete_ext 1728 1_1_0 EXIST::FUNCTION:OCSP
-+UI_method_get_reader 1729 1_1_0 EXIST::FUNCTION:UI
- CMS_unsigned_get_attr 1730 1_1_0 EXIST::FUNCTION:CMS
- EVP_aes_256_cbc 1731 1_1_0 EXIST::FUNCTION:
- X509_check_ip_asc 1732 1_1_0 EXIST::FUNCTION:
-@@ -1787,7 +1751,7 @@ TS_MSG_IMPRINT_new
- BIO_f_base64 1737 1_1_0 EXIST::FUNCTION:
- CMS_verify 1738 1_1_0 EXIST::FUNCTION:CMS
- i2d_PrivateKey 1739 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_ONEREQ 1740 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_ONEREQ 1740 1_1_0 EXIST::FUNCTION:OCSP
- OPENSSL_issetugid 1741 1_1_0 EXIST::FUNCTION:
- d2i_ASN1_OBJECT 1742 1_1_0 EXIST::FUNCTION:
- EVP_MD_meth_set_flags 1743 1_1_0 EXIST::FUNCTION:
-@@ -1796,14 +1760,14 @@ EC_POINT_cmp
- ASN1_buf_print 1746 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_CTX_hex2ctrl 1747 1_1_0 EXIST::FUNCTION:
- PEM_write_bio_PKCS8PrivateKey 1748 1_1_0 EXIST::FUNCTION:
--CMAC_Update 1749 1_1_0 EXIST::FUNCTION:
-+CMAC_Update 1749 1_1_0 EXIST::FUNCTION:CMAC
- d2i_ASN1_UTCTIME 1750 1_1_0 EXIST::FUNCTION:
--sk_insert 1751 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_insert 1751 1_1_0 EXIST::FUNCTION:
- DSO_up_ref 1752 1_1_0 EXIST::FUNCTION:
- EVP_rc2_cbc 1753 1_1_0 EXIST::FUNCTION:RC2
- i2d_NETSCAPE_SPKI 1754 1_1_0 EXIST::FUNCTION:
- ASYNC_init_thread 1755 1_1_0 EXIST::FUNCTION:
--OCSP_BASICRESP_get_ext_by_OBJ 1756 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_get_ext_by_OBJ 1756 1_1_0 EXIST::FUNCTION:OCSP
- X509_reject_clear 1757 1_1_0 EXIST::FUNCTION:
- DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH
- LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1822,8 +1786,6 @@ TS_TST_INFO_get_exts
- PKCS7_RECIP_INFO_free 1771 1_1_0 EXIST::FUNCTION:
- ASN1_tag2bit 1772 1_1_0 EXIST::FUNCTION:
- TS_REQ_add_ext 1773 1_1_0 EXIST::FUNCTION:TS
--CRYPTO_get_new_dynlockid 1774 1_1_0 NOEXIST::FUNCTION:
--RAND_cleanup 1775 1_1_0 NOEXIST::FUNCTION:
- X509_digest 1776 1_1_0 EXIST::FUNCTION:
- CRYPTO_THREAD_cleanup_local 1777 1_1_0 EXIST::FUNCTION:
- NETSCAPE_CERT_SEQUENCE_it 1778 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -1850,11 +1812,11 @@ RAND_set_rand_engine
- ECDSA_size 1797 1_1_0 EXIST::FUNCTION:EC
- X509_ALGOR_get0 1798 1_1_0 EXIST::FUNCTION:
- d2i_ACCESS_DESCRIPTION 1799 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_get_ext_by_NID 1800 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get_ext_by_NID 1800 1_1_0 EXIST::FUNCTION:OCSP
- a2i_IPADDRESS_NC 1801 1_1_0 EXIST::FUNCTION:
- CTLOG_STORE_load_default_file 1802 1_1_0 EXIST::FUNCTION:CT
- PKCS12_SAFEBAG_create_pkcs8_encrypt 1803 1_1_0 EXIST::FUNCTION:
--RAND_screen 1804 1_1_0 EXIST:WIN32:FUNCTION:
-+RAND_screen 1804 1_1_0 EXIST:_WIN32:FUNCTION:DEPRECATEDIN_1_1_0
- CONF_get_string 1805 1_1_0 EXIST::FUNCTION:
- X509_cmp_current_time 1806 1_1_0 EXIST::FUNCTION:
- i2d_DSAPrivateKey 1807 1_1_0 EXIST::FUNCTION:DSA
-@@ -1862,13 +1824,13 @@ i2d_DSAPrivateKey
- BIO_new_file 1809 1_1_0 EXIST::FUNCTION:
- PKCS7_SIGNER_INFO_get0_algs 1810 1_1_0 EXIST::FUNCTION:
- TS_RESP_set_status_info 1811 1_1_0 EXIST::FUNCTION:TS
--lh_delete 1812 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_delete 1812 1_1_0 EXIST::FUNCTION:
- TS_STATUS_INFO_dup 1813 1_1_0 EXIST::FUNCTION:TS
- X509v3_addr_get_range 1814 1_1_0 EXIST::FUNCTION:RFC3779
- X509_EXTENSION_get_data 1815 1_1_0 EXIST::FUNCTION:
- RC5_32_encrypt 1816 1_1_0 EXIST::FUNCTION:RC5
- DIST_POINT_set_dpname 1817 1_1_0 EXIST::FUNCTION:
--BIO_sock_info 1818 1_1_0 EXIST::FUNCTION:
-+BIO_sock_info 1818 1_1_0 EXIST::FUNCTION:SOCK
- OPENSSL_hexstr2buf 1819 1_1_0 EXIST::FUNCTION:
- EVP_add_cipher 1820 1_1_0 EXIST::FUNCTION:
- X509V3_EXT_add_list 1821 1_1_0 EXIST::FUNCTION:
-@@ -1877,7 +1839,7 @@ CMS_compress
- ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION:
- ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--sk_find_ex 1826 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_find_ex 1826 1_1_0 EXIST::FUNCTION:
- ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION:
- X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION:
- i2d_AUTHORITY_KEYID 1829 1_1_0 EXIST::FUNCTION:
-@@ -1886,10 +1848,9 @@ TS_TST_INFO_get_time
- ASN1_VISIBLESTRING_it 1831 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- X509V3_EXT_REQ_add_conf 1832 1_1_0 EXIST::FUNCTION:
- ASN1_STRING_to_UTF8 1833 1_1_0 EXIST::FUNCTION:
--DSO_METHOD_null 1834 1_1_0 NOEXIST::FUNCTION:
- EVP_MD_meth_set_update 1835 1_1_0 EXIST::FUNCTION:
- EVP_camellia_192_cbc 1836 1_1_0 EXIST::FUNCTION:CAMELLIA
--lh_stats_bio 1837 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_stats_bio 1837 1_1_0 EXIST::FUNCTION:
- PKCS7_set_signed_attributes 1838 1_1_0 EXIST::FUNCTION:
- EC_KEY_priv2buf 1839 1_1_0 EXIST::FUNCTION:EC
- BN_BLINDING_free 1840 1_1_0 EXIST::FUNCTION:
-@@ -1908,11 +1869,11 @@ TS_RESP_CTX_set_serial_cb
- POLICY_MAPPING_it 1852 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- POLICY_MAPPING_it 1852 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- ERR_load_KDF_strings 1853 1_1_0 EXIST::FUNCTION:
--UI_method_set_reader 1854 1_1_0 EXIST::FUNCTION:
-+UI_method_set_reader 1854 1_1_0 EXIST::FUNCTION:UI
- BIO_next 1855 1_1_0 EXIST::FUNCTION:
- ASN1_STRING_set_default_mask_asc 1856 1_1_0 EXIST::FUNCTION:
- X509_CRL_new 1857 1_1_0 EXIST::FUNCTION:
--i2b_PrivateKey_bio 1858 1_1_0 EXIST::FUNCTION:
-+i2b_PrivateKey_bio 1858 1_1_0 EXIST::FUNCTION:DSA
- ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION:
- PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:
- PKCS7_digest_from_attributes 1861 1_1_0 EXIST::FUNCTION:
-@@ -1928,38 +1889,37 @@ DSA_generate_key
- PBEPARAM_new 1870 1_1_0 EXIST::FUNCTION:
- EVP_aes_128_cbc 1871 1_1_0 EXIST::FUNCTION:
- CRYPTO_dup_ex_data 1872 1_1_0 EXIST::FUNCTION:
--OCSP_single_get0_status 1873 1_1_0 EXIST::FUNCTION:
-+OCSP_single_get0_status 1873 1_1_0 EXIST::FUNCTION:OCSP
- d2i_AUTHORITY_INFO_ACCESS 1874 1_1_0 EXIST::FUNCTION:
- PEM_read_RSAPrivateKey 1875 1_1_0 EXIST::FUNCTION:RSA
--BIO_closesocket 1876 1_1_0 EXIST::FUNCTION:
-+BIO_closesocket 1876 1_1_0 EXIST::FUNCTION:SOCK
- RSA_verify_ASN1_OCTET_STRING 1877 1_1_0 EXIST::FUNCTION:RSA
- SCT_set_log_entry_type 1878 1_1_0 EXIST::FUNCTION:CT
- BN_new 1879 1_1_0 EXIST::FUNCTION:
- X509_OBJECT_retrieve_by_subject 1880 1_1_0 EXIST::FUNCTION:
- MD5_Final 1881 1_1_0 EXIST::FUNCTION:MD5
- X509_STORE_set_verify_cb 1882 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_print 1883 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_print 1883 1_1_0 EXIST::FUNCTION:OCSP
- CMS_add1_crl 1884 1_1_0 EXIST::FUNCTION:CMS
- d2i_EDIPARTYNAME 1885 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set0_trusted_stack 1886 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_service_string 1887 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_service_string 1887 1_1_0 EXIST::FUNCTION:SOCK
- ASN1_BOOLEAN_it 1888 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_BOOLEAN_it 1888 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- TS_RESP_CTX_set_time_cb 1889 1_1_0 EXIST::FUNCTION:TS
- IDEA_cbc_encrypt 1890 1_1_0 EXIST::FUNCTION:IDEA
- BN_CTX_secure_new 1891 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_add_ext 1892 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_add_ext 1892 1_1_0 EXIST::FUNCTION:OCSP
- CMS_uncompress 1893 1_1_0 EXIST::FUNCTION:CMS
- CRYPTO_mem_debug_pop 1895 1_1_0 EXIST::FUNCTION:CRYPTO_MDEBUG
- EVP_aes_192_cfb128 1896 1_1_0 EXIST::FUNCTION:
--OCSP_REQ_CTX_nbio 1897 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_nbio 1897 1_1_0 EXIST::FUNCTION:OCSP
- EVP_CIPHER_CTX_copy 1898 1_1_0 EXIST::FUNCTION:
- CRYPTO_secure_allocated 1899 1_1_0 EXIST::FUNCTION:
--UI_UTIL_read_pw_string 1900 1_1_0 EXIST::FUNCTION:
-+UI_UTIL_read_pw_string 1900 1_1_0 EXIST::FUNCTION:UI
- NOTICEREF_free 1901 1_1_0 EXIST::FUNCTION:
- AES_cfb1_encrypt 1902 1_1_0 EXIST::FUNCTION:
- X509v3_get_ext 1903 1_1_0 EXIST::FUNCTION:
--BN_BLINDING_set_thread_id 1904 1_1_0 NOEXIST::FUNCTION:
- CRYPTO_gcm128_encrypt_ctr32 1905 1_1_0 EXIST::FUNCTION:
- SCT_set1_signature 1906 1_1_0 EXIST::FUNCTION:CT
- CONF_imodule_get_module 1907 1_1_0 EXIST::FUNCTION:
-@@ -1969,7 +1929,7 @@ SRP_Calc_B
- CMS_decrypt_set1_key 1911 1_1_0 EXIST::FUNCTION:CMS
- EC_GROUP_get_degree 1912 1_1_0 EXIST::FUNCTION:EC
- X509_ALGOR_set0 1913 1_1_0 EXIST::FUNCTION:
--lh_set_down_load 1914 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_set_down_load 1914 1_1_0 EXIST::FUNCTION:
- X509v3_asid_inherits 1915 1_1_0 EXIST::FUNCTION:RFC3779
- EVP_MD_meth_get_app_datasize 1916 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get_num_untrusted 1917 1_1_0 EXIST::FUNCTION:
-@@ -1993,7 +1953,7 @@ RSA_flags
- EVP_CIPHER_get_asn1_iv 1936 1_1_0 EXIST::FUNCTION:
- i2d_RSAPrivateKey_bio 1937 1_1_0 EXIST::FUNCTION:RSA
- PKCS5_PBE_keyivgen 1938 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_SERVICELOC 1939 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_SERVICELOC 1939 1_1_0 EXIST::FUNCTION:OCSP
- EC_POINT_copy 1940 1_1_0 EXIST::FUNCTION:EC
- X509V3_EXT_CRL_add_nconf 1941 1_1_0 EXIST::FUNCTION:
- SHA256_Init 1942 1_1_0 EXIST::FUNCTION:
-@@ -2009,7 +1969,7 @@ EVP_seed_cbc
- ECDSA_sign 1952 1_1_0 EXIST::FUNCTION:EC
- d2i_PKCS12_fp 1953 1_1_0 EXIST::FUNCTION:
- CMS_unsigned_get_attr_by_NID 1954 1_1_0 EXIST::FUNCTION:CMS
--UI_add_user_data 1955 1_1_0 EXIST::FUNCTION:
-+UI_add_user_data 1955 1_1_0 EXIST::FUNCTION:UI
- BN_bntest_rand 1956 1_1_0 EXIST::FUNCTION:
- X509_get_pubkey 1957 1_1_0 EXIST::FUNCTION:
- i2d_X509_NAME 1958 1_1_0 EXIST::FUNCTION:
-@@ -2029,7 +1989,7 @@ EC_POINT_get_affine_coordinates_GF2m
- EVP_ENCODE_CTX_num 1971 1_1_0 EXIST::FUNCTION:
- Camellia_cfb1_encrypt 1972 1_1_0 EXIST::FUNCTION:CAMELLIA
- NCONF_load_fp 1973 1_1_0 EXIST::FUNCTION:STDIO
--i2d_OCSP_REQINFO 1974 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_REQINFO 1974 1_1_0 EXIST::FUNCTION:OCSP
- EVP_PKEY_sign 1975 1_1_0 EXIST::FUNCTION:
- TS_REQ_get_ext_by_critical 1976 1_1_0 EXIST::FUNCTION:TS
- EC_KEY_key2buf 1977 1_1_0 EXIST::FUNCTION:EC
-@@ -2068,33 +2028,33 @@ TS_REQ_get_version
- BN_exp 2007 1_1_0 EXIST::FUNCTION:
- i2d_SXNET 2008 1_1_0 EXIST::FUNCTION:
- OBJ_bsearch_ 2009 1_1_0 EXIST::FUNCTION:
--lh_new 2010 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_new 2010 1_1_0 EXIST::FUNCTION:
- ENGINE_register_all_pkey_meths 2011 1_1_0 EXIST::FUNCTION:ENGINE
- ENGINE_get_init_function 2012 1_1_0 EXIST::FUNCTION:ENGINE
- EC_POINT_point2hex 2013 1_1_0 EXIST::FUNCTION:EC
- ENGINE_get_default_DSA 2014 1_1_0 EXIST::FUNCTION:ENGINE
- ENGINE_register_all_complete 2015 1_1_0 EXIST::FUNCTION:ENGINE
- SRP_get_default_gN 2016 1_1_0 EXIST::FUNCTION:SRP
--UI_dup_input_boolean 2017 1_1_0 EXIST::FUNCTION:
-+UI_dup_input_boolean 2017 1_1_0 EXIST::FUNCTION:UI
- PKCS7_dup 2018 1_1_0 EXIST::FUNCTION:
- i2d_TS_REQ_fp 2019 1_1_0 EXIST::FUNCTION:STDIO,TS
- i2d_OTHERNAME 2020 1_1_0 EXIST::FUNCTION:
- EC_KEY_get0_private_key 2021 1_1_0 EXIST::FUNCTION:EC
- SCT_get0_extensions 2022 1_1_0 EXIST::FUNCTION:CT
--lh_node_stats_bio 2023 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_node_stats_bio 2023 1_1_0 EXIST::FUNCTION:
- i2d_DIRECTORYSTRING 2024 1_1_0 EXIST::FUNCTION:
- BN_X931_derive_prime_ex 2025 1_1_0 EXIST::FUNCTION:
- ENGINE_get_pkey_asn1_meth_str 2026 1_1_0 EXIST::FUNCTION:ENGINE
- PKCS7_signatureVerify 2027 1_1_0 EXIST::FUNCTION:
- CRYPTO_ocb128_new 2028 1_1_0 EXIST::FUNCTION:OCB
- EC_curve_nist2nid 2029 1_1_0 EXIST::FUNCTION:EC
--UI_get0_result 2030 1_1_0 EXIST::FUNCTION:
--OCSP_request_add1_nonce 2031 1_1_0 EXIST::FUNCTION:
--UI_construct_prompt 2032 1_1_0 EXIST::FUNCTION:
-+UI_get0_result 2030 1_1_0 EXIST::FUNCTION:UI
-+OCSP_request_add1_nonce 2031 1_1_0 EXIST::FUNCTION:OCSP
-+UI_construct_prompt 2032 1_1_0 EXIST::FUNCTION:UI
- ENGINE_unregister_RSA 2033 1_1_0 EXIST::FUNCTION:ENGINE
- EC_GROUP_order_bits 2034 1_1_0 EXIST::FUNCTION:EC
- d2i_CMS_bio 2035 1_1_0 EXIST::FUNCTION:CMS
--sk_num 2036 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_num 2036 1_1_0 EXIST::FUNCTION:
- _shadow_DES_check_key 2037 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
- _shadow_DES_check_key 2037 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
- CMS_RecipientInfo_set0_pkey 2038 1_1_0 EXIST::FUNCTION:CMS
-@@ -2112,17 +2072,17 @@ ASN1_d2i_fp
- o2i_ECPublicKey 2048 1_1_0 EXIST::FUNCTION:EC
- ERR_load_BUF_strings 2049 1_1_0 EXIST::FUNCTION:
- PEM_read_bio_RSA_PUBKEY 2050 1_1_0 EXIST::FUNCTION:RSA
--OCSP_SINGLERESP_new 2051 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_new 2051 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_SCTX_free 2052 1_1_0 EXIST::FUNCTION:
- i2d_ECPrivateKey_fp 2053 1_1_0 EXIST::FUNCTION:EC,STDIO
- EVP_CIPHER_CTX_original_iv 2054 1_1_0 EXIST::FUNCTION:
- PKCS7_SIGNED_free 2055 1_1_0 EXIST::FUNCTION:
- X509_TRUST_get0_name 2056 1_1_0 EXIST::FUNCTION:
- ENGINE_get_load_pubkey_function 2057 1_1_0 EXIST::FUNCTION:ENGINE
--UI_get_default_method 2058 1_1_0 EXIST::FUNCTION:
-+UI_get_default_method 2058 1_1_0 EXIST::FUNCTION:UI
- PKCS12_add_CSPName_asc 2059 1_1_0 EXIST::FUNCTION:
- PEM_write_PUBKEY 2060 1_1_0 EXIST::FUNCTION:
--UI_method_set_prompt_constructor 2061 1_1_0 EXIST::FUNCTION:
-+UI_method_set_prompt_constructor 2061 1_1_0 EXIST::FUNCTION:UI
- OBJ_length 2062 1_1_0 EXIST::FUNCTION:
- BN_GENCB_get_arg 2063 1_1_0 EXIST::FUNCTION:
- EVP_MD_CTX_clear_flags 2064 1_1_0 EXIST::FUNCTION:
-@@ -2130,7 +2090,7 @@ ENGINE_get_load_pubkey_function
- CT_POLICY_EVAL_CTX_get0_cert 2066 1_1_0 EXIST::FUNCTION:CT
- PEM_write_DHparams 2067 1_1_0 EXIST::FUNCTION:DH
- DH_set_ex_data 2068 1_1_0 EXIST::FUNCTION:DH
--OCSP_SIGNATURE_free 2069 1_1_0 EXIST::FUNCTION:
-+OCSP_SIGNATURE_free 2069 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_128_unwrap_pad 2070 1_1_0 EXIST::FUNCTION:
- BIO_new_CMS 2071 1_1_0 EXIST::FUNCTION:CMS
- i2d_ASN1_ENUMERATED 2072 1_1_0 EXIST::FUNCTION:
-@@ -2150,7 +2110,7 @@ d2i_RSAPublicKey
- POLICYQUALINFO_new 2086 1_1_0 EXIST::FUNCTION:
- PKCS7_RECIP_INFO_get0_alg 2087 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_base_id 2088 1_1_0 EXIST::FUNCTION:
--UI_method_set_opener 2089 1_1_0 EXIST::FUNCTION:
-+UI_method_set_opener 2089 1_1_0 EXIST::FUNCTION:UI
- X509v3_get_ext_by_NID 2090 1_1_0 EXIST::FUNCTION:
- TS_CONF_set_policies 2091 1_1_0 EXIST::FUNCTION:TS
- CMS_SignerInfo_cert_cmp 2092 1_1_0 EXIST::FUNCTION:CMS
-@@ -2168,7 +2128,7 @@ SCT_new
- CRYPTO_cts128_decrypt 2104 1_1_0 EXIST::FUNCTION:
- ASYNC_WAIT_CTX_get_fd 2105 1_1_0 EXIST::FUNCTION:
- i2d_TS_REQ 2106 1_1_0 EXIST::FUNCTION:TS
--OCSP_ONEREQ_add1_ext_i2d 2107 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_add1_ext_i2d 2107 1_1_0 EXIST::FUNCTION:OCSP
- ENGINE_register_pkey_meths 2108 1_1_0 EXIST::FUNCTION:ENGINE
- ENGINE_load_public_key 2109 1_1_0 EXIST::FUNCTION:ENGINE
- ASIdOrRange_it 2110 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-@@ -2193,14 +2153,14 @@ ENGINE_get_destroy_function
- EVP_mdc2 2127 1_1_0 EXIST::FUNCTION:MDC2
- EVP_des_cfb64 2128 1_1_0 EXIST::FUNCTION:DES
- PKCS7_sign 2129 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_get_ext_by_critical 2130 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get_ext_by_critical 2130 1_1_0 EXIST::FUNCTION:OCSP
- EDIPARTYNAME_it 2131 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- EDIPARTYNAME_it 2131 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- ERR_print_errors_fp 2132 1_1_0 EXIST::FUNCTION:STDIO
- BN_GF2m_mod_div_arr 2133 1_1_0 EXIST::FUNCTION:EC2M
- PKCS12_SAFEBAG_get0_attr 2134 1_1_0 EXIST::FUNCTION:
- BIO_s_mem 2135 1_1_0 EXIST::FUNCTION:
--OCSP_RESPDATA_new 2136 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPDATA_new 2136 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_item_i2d_fp 2137 1_1_0 EXIST::FUNCTION:STDIO
- BN_GF2m_mod_sqr 2138 1_1_0 EXIST::FUNCTION:EC2M
- ASN1_PRINTABLE_new 2139 1_1_0 EXIST::FUNCTION:
-@@ -2217,7 +2177,7 @@ i2d_PKCS8PrivateKey_nid_fp
- d2i_IPAddressChoice 2149 1_1_0 EXIST::FUNCTION:RFC3779
- IPAddressFamily_it 2150 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
- IPAddressFamily_it 2150 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
--ERR_load_OCSP_strings 2151 1_1_0 EXIST::FUNCTION:
-+ERR_load_OCSP_strings 2151 1_1_0 EXIST::FUNCTION:OCSP
- BIO_push 2152 1_1_0 EXIST::FUNCTION:
- ASN1_BMPSTRING_new 2153 1_1_0 EXIST::FUNCTION:
- COMP_get_type 2154 1_1_0 EXIST::FUNCTION:COMP
-@@ -2228,8 +2188,8 @@ d2i_ASIdentifierChoice
- BN_CTX_free 2159 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:EC,EC2M
- EVP_MD_flags 2161 1_1_0 EXIST::FUNCTION:
--sk_set 2162 1_1_0 EXIST::FUNCTION:
--OCSP_request_sign 2163 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_set 2162 1_1_0 EXIST::FUNCTION:
-+OCSP_request_sign 2163 1_1_0 EXIST::FUNCTION:OCSP
- BN_GF2m_mod_solve_quad 2164 1_1_0 EXIST::FUNCTION:EC2M
- EC_POINT_method_of 2165 1_1_0 EXIST::FUNCTION:EC
- PKCS7_ENCRYPT_it 2166 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2239,14 +2199,13 @@ EC_POINT_method_of
- X509_EXTENSION_create_by_NID 2168 1_1_0 EXIST::FUNCTION:
- i2d_RSAPrivateKey 2169 1_1_0 EXIST::FUNCTION:RSA
- d2i_CERTIFICATEPOLICIES 2170 1_1_0 EXIST::FUNCTION:
--CMAC_CTX_get0_cipher_ctx 2171 1_1_0 EXIST::FUNCTION:
-+CMAC_CTX_get0_cipher_ctx 2171 1_1_0 EXIST::FUNCTION:CMAC
- X509_STORE_load_locations 2172 1_1_0 EXIST::FUNCTION:
- OBJ_find_sigid_algs 2173 1_1_0 EXIST::FUNCTION:
- TS_RESP_CTX_set_accuracy 2174 1_1_0 EXIST::FUNCTION:TS
- NETSCAPE_SPKI_get_pubkey 2175 1_1_0 EXIST::FUNCTION:
- ECDSA_do_sign_ex 2176 1_1_0 EXIST::FUNCTION:EC
--OCSP_ONEREQ_get_ext 2177 1_1_0 EXIST::FUNCTION:
--DES_read_password 2178 1_1_0 EXIST::FUNCTION:DES,UI
-+OCSP_ONEREQ_get_ext 2177 1_1_0 EXIST::FUNCTION:OCSP
- BN_get_rfc3526_prime_4096 2179 1_1_0 EXIST::FUNCTION:
- d2i_PKCS7_fp 2180 1_1_0 EXIST::FUNCTION:STDIO
- PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 1_1_0 EXIST::FUNCTION:
-@@ -2257,13 +2216,12 @@ CMS_RecipientInfo_kari_orig_id_cmp
- NETSCAPE_SPKI_b64_encode 2185 1_1_0 EXIST::FUNCTION:
- d2i_PrivateKey 2186 1_1_0 EXIST::FUNCTION:
- EVP_MD_CTX_new 2187 1_1_0 EXIST::FUNCTION:
--OPENSSL_strcasecmp 2188 1_1_0 EXIST::FUNCTION:
- X509_get0_tbs_sigalg 2189 1_1_0 EXIST::FUNCTION:
- ASN1_GENERALIZEDTIME_new 2190 1_1_0 EXIST::FUNCTION:
- d2i_ECDSA_SIG 2191 1_1_0 EXIST::FUNCTION:EC
- d2i_OTHERNAME 2192 1_1_0 EXIST::FUNCTION:
- i2d_TS_RESP_fp 2193 1_1_0 EXIST::FUNCTION:STDIO,TS
--OCSP_BASICRESP_get_ext_count 2194 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_get_ext_count 2194 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_T61STRING_new 2195 1_1_0 EXIST::FUNCTION:
- BN_kronecker 2196 1_1_0 EXIST::FUNCTION:
- i2d_ACCESS_DESCRIPTION 2197 1_1_0 EXIST::FUNCTION:
-@@ -2272,7 +2230,7 @@ EVP_camellia_192_cfb8
- X509v3_delete_ext 2200 1_1_0 EXIST::FUNCTION:
- ASN1_STRING_set0 2201 1_1_0 EXIST::FUNCTION:
- BN_GF2m_add 2202 1_1_0 EXIST::FUNCTION:EC2M
--CMAC_resume 2203 1_1_0 EXIST::FUNCTION:
-+CMAC_resume 2203 1_1_0 EXIST::FUNCTION:CMAC
- TS_ACCURACY_set_millis 2204 1_1_0 EXIST::FUNCTION:TS
- X509V3_EXT_conf 2205 1_1_0 EXIST::FUNCTION:
- i2d_DHxparams 2206 1_1_0 EXIST::FUNCTION:DH
-@@ -2283,7 +2241,7 @@ i2d_TS_ACCURACY
- ASN1_VISIBLESTRING_free 2211 1_1_0 EXIST::FUNCTION:
- NCONF_load_bio 2212 1_1_0 EXIST::FUNCTION:
- DSA_get_default_method 2213 1_1_0 EXIST::FUNCTION:DSA
--lh_retrieve 2214 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_retrieve 2214 1_1_0 EXIST::FUNCTION:
- CRYPTO_ccm128_decrypt_ccm64 2215 1_1_0 EXIST::FUNCTION:
- TS_RESP_CTX_set_clock_precision_digits 2216 1_1_0 EXIST::FUNCTION:TS
- SCT_LIST_validate 2217 1_1_0 EXIST::FUNCTION:CT
-@@ -2312,7 +2270,7 @@ EC_GROUP_set_curve_GF2m
- ENGINE_load_builtin_engines 2240 1_1_0 EXIST::FUNCTION:ENGINE
- SRP_VBASE_init 2241 1_1_0 EXIST::FUNCTION:SRP
- SHA224_Final 2242 1_1_0 EXIST::FUNCTION:
--OCSP_CERTSTATUS_free 2243 1_1_0 EXIST::FUNCTION:
-+OCSP_CERTSTATUS_free 2243 1_1_0 EXIST::FUNCTION:OCSP
- d2i_TS_TST_INFO 2244 1_1_0 EXIST::FUNCTION:TS
- IPAddressOrRange_it 2245 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
- IPAddressOrRange_it 2245 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-@@ -2320,14 +2278,14 @@ ENGINE_get_cipher
- TS_TST_INFO_delete_ext 2247 1_1_0 EXIST::FUNCTION:TS
- TS_OBJ_print_bio 2248 1_1_0 EXIST::FUNCTION:TS
- X509_time_adj_ex 2249 1_1_0 EXIST::FUNCTION:
--OCSP_request_add1_cert 2250 1_1_0 EXIST::FUNCTION:
-+OCSP_request_add1_cert 2250 1_1_0 EXIST::FUNCTION:OCSP
- ERR_load_X509_strings 2251 1_1_0 EXIST::FUNCTION:
- SHA1_Transform 2252 1_1_0 EXIST::FUNCTION:
- CMS_signed_get_attr_by_NID 2253 1_1_0 EXIST::FUNCTION:CMS
--X509_STORE_get_by_subject 2254 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_by_subject 2254 1_1_0 EXIST::FUNCTION:
- ASN1_OCTET_STRING_it 2255 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_OCTET_STRING_it 2255 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--sk_set_cmp_func 2256 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_set_cmp_func 2256 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_table_cleanup 2257 1_1_0 EXIST::FUNCTION:
- i2d_re_X509_REQ_tbs 2258 1_1_0 EXIST::FUNCTION:
- CONF_load_bio 2259 1_1_0 EXIST::FUNCTION:
-@@ -2378,7 +2336,7 @@ ESS_ISSUER_SERIAL_free
- RSA_private_encrypt 2303 1_1_0 EXIST::FUNCTION:RSA
- X509_LOOKUP_shutdown 2304 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_set_accuracy 2305 1_1_0 EXIST::FUNCTION:TS
--OCSP_basic_verify 2306 1_1_0 EXIST::FUNCTION:
-+OCSP_basic_verify 2306 1_1_0 EXIST::FUNCTION:OCSP
- X509at_add1_attr_by_OBJ 2307 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_asn1_add0 2308 1_1_0 EXIST::FUNCTION:
- PKCS12_SAFEBAG_get1_crl 2309 1_1_0 EXIST::FUNCTION:
-@@ -2400,7 +2358,6 @@ EVP_camellia_192_ofb
- DH_get_2048_256 2325 1_1_0 EXIST::FUNCTION:DH
- X509at_delete_attr 2326 1_1_0 EXIST::FUNCTION:
- PEM_write_bio 2327 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_locking_callback 2328 1_1_0 NOEXIST::FUNCTION:
- CMS_signed_get_attr_by_OBJ 2329 1_1_0 EXIST::FUNCTION:CMS
- X509_REVOKED_add_ext 2330 1_1_0 EXIST::FUNCTION:
- EVP_CipherUpdate 2331 1_1_0 EXIST::FUNCTION:
-@@ -2409,12 +2366,12 @@ Camellia_cfb8_encrypt
- EVP_DigestSignFinal 2334 1_1_0 EXIST::FUNCTION:
- ASN1_STRING_cmp 2335 1_1_0 EXIST::FUNCTION:
- EVP_chacha20_poly1305 2336 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305
--sk_zero 2337 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_zero 2337 1_1_0 EXIST::FUNCTION:
- ASN1_PRINTABLE_type 2338 1_1_0 EXIST::FUNCTION:
- TS_CONF_set_ess_cert_id_chain 2339 1_1_0 EXIST::FUNCTION:TS
- PEM_read_DSAPrivateKey 2340 1_1_0 EXIST::FUNCTION:DSA
- DH_generate_parameters_ex 2341 1_1_0 EXIST::FUNCTION:DH
--UI_dup_input_string 2342 1_1_0 EXIST::FUNCTION:
-+UI_dup_input_string 2342 1_1_0 EXIST::FUNCTION:UI
- X509_keyid_set1 2343 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_set1 2344 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get_asn1_flag 2345 1_1_0 EXIST::FUNCTION:EC
-@@ -2439,12 +2396,12 @@ DES_decrypt3
- OTHERNAME_it 2363 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- X509at_add1_attr_by_txt 2364 1_1_0 EXIST::FUNCTION:
- PKCS7_SIGN_ENVELOPE_free 2365 1_1_0 EXIST::FUNCTION:
--BIO_dgram_is_sctp 2366 1_1_0 EXIST::FUNCTION:SCTP
-+BIO_dgram_is_sctp 2366 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
- DH_check 2367 1_1_0 EXIST::FUNCTION:DH
- Camellia_set_key 2368 1_1_0 EXIST::FUNCTION:CAMELLIA
- X509_LOOKUP_by_issuer_serial 2369 1_1_0 EXIST::FUNCTION:
- ASN1_BMPSTRING_free 2370 1_1_0 EXIST::FUNCTION:
--BIO_new_accept 2371 1_1_0 EXIST::FUNCTION:
-+BIO_new_accept 2371 1_1_0 EXIST::FUNCTION:SOCK
- GENERAL_NAME_new 2372 1_1_0 EXIST::FUNCTION:
- DES_encrypt3 2373 1_1_0 EXIST::FUNCTION:DES
- PKCS7_get_signer_info 2374 1_1_0 EXIST::FUNCTION:
-@@ -2455,7 +2412,7 @@ DES_encrypt3
- ASN1_SCTX_set_app_data 2378 1_1_0 EXIST::FUNCTION:
- CMS_add0_cert 2379 1_1_0 EXIST::FUNCTION:CMS
- i2d_GENERAL_NAME 2380 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_new 2381 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_new 2381 1_1_0 EXIST::FUNCTION:SOCK
- ENGINE_get_pkey_asn1_meth_engine 2382 1_1_0 EXIST::FUNCTION:ENGINE
- d2i_ASN1_BMPSTRING 2383 1_1_0 EXIST::FUNCTION:
- PKCS12_SAFEBAG_create0_p8inf 2384 1_1_0 EXIST::FUNCTION:
-@@ -2472,7 +2429,6 @@ TS_TST_INFO_set_time
- OPENSSL_die 2395 1_1_0 EXIST::FUNCTION:
- X509_LOOKUP_by_alias 2396 1_1_0 EXIST::FUNCTION:
- EC_KEY_set_conv_form 2397 1_1_0 EXIST::FUNCTION:EC
--CRYPTO_lock 2398 1_1_0 NOEXIST::FUNCTION:
- X509_TRUST_get_count 2399 1_1_0 EXIST::FUNCTION:
- IPAddressOrRange_free 2400 1_1_0 EXIST::FUNCTION:RFC3779
- RSA_padding_add_PKCS1_OAEP 2401 1_1_0 EXIST::FUNCTION:RSA
-@@ -2490,19 +2446,18 @@ EVP_rc5_32_12_16_ofb
- ASN1_PCTX_set_nm_flags 2413 1_1_0 EXIST::FUNCTION:
- BIO_ctrl 2414 1_1_0 EXIST::FUNCTION:
- X509_CRL_set_default_method 2415 1_1_0 EXIST::FUNCTION:
--DSO_pathbyaddr 2416 1_1_0 NOEXIST::FUNCTION:
- d2i_RSAPublicKey_fp 2417 1_1_0 EXIST::FUNCTION:RSA,STDIO
--UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION:
-+UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION:UI
- EC_POINT_dbl 2419 1_1_0 EXIST::FUNCTION:EC
- i2d_X509_CRL_INFO 2420 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_CERTSTATUS 2421 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_CERTSTATUS 2421 1_1_0 EXIST::FUNCTION:OCSP
- X509_REVOKED_get0_revocationDate 2422 1_1_0 EXIST::FUNCTION:
- PKCS7_add_crl 2423 1_1_0 EXIST::FUNCTION:
- ECDSA_do_sign 2424 1_1_0 EXIST::FUNCTION:EC
- ASN1_GENERALIZEDTIME_it 2425 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_GENERALIZEDTIME_it 2425 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- PKCS8_pkey_get0 2426 1_1_0 EXIST::FUNCTION:
--OCSP_sendreq_new 2427 1_1_0 EXIST::FUNCTION:
-+OCSP_sendreq_new 2427 1_1_0 EXIST::FUNCTION:OCSP
- EVP_aes_256_cfb128 2428 1_1_0 EXIST::FUNCTION:
- RSA_set_ex_data 2429 1_1_0 EXIST::FUNCTION:RSA
- BN_GENCB_call 2430 1_1_0 EXIST::FUNCTION:
-@@ -2514,8 +2469,8 @@ i2d_TS_MSG_IMPRINT_fp
- X509_CRL_get_lastUpdate 2436 1_1_0 EXIST::FUNCTION:
- OBJ_create_objects 2437 1_1_0 EXIST::FUNCTION:
- EVP_enc_null 2438 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_get_ext_by_critical 2439 1_1_0 EXIST::FUNCTION:
--OCSP_request_onereq_count 2440 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_get_ext_by_critical 2439 1_1_0 EXIST::FUNCTION:OCSP
-+OCSP_request_onereq_count 2440 1_1_0 EXIST::FUNCTION:OCSP
- BN_hex2bn 2441 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_meth_set_impl_ctx_size 2442 1_1_0 EXIST::FUNCTION:
- ASIdentifiers_new 2443 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -2542,12 +2497,12 @@ BIO_s_datagram_sctp
- SXNET_add_id_asc 2462 1_1_0 EXIST::FUNCTION:
- X509_print_fp 2463 1_1_0 EXIST::FUNCTION:STDIO
- TS_REQ_set_version 2464 1_1_0 EXIST::FUNCTION:TS
--OCSP_REQINFO_new 2465 1_1_0 EXIST::FUNCTION:
-+OCSP_REQINFO_new 2465 1_1_0 EXIST::FUNCTION:OCSP
- Camellia_decrypt 2466 1_1_0 EXIST::FUNCTION:CAMELLIA
- X509_signature_print 2467 1_1_0 EXIST::FUNCTION:
- EVP_camellia_128_ecb 2468 1_1_0 EXIST::FUNCTION:CAMELLIA
- MD2_Final 2469 1_1_0 EXIST::FUNCTION:MD2
--OCSP_REQ_CTX_add1_header 2470 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_add1_header 2470 1_1_0 EXIST::FUNCTION:OCSP
- NETSCAPE_SPKAC_it 2471 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- NETSCAPE_SPKAC_it 2471 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- ASIdOrRange_free 2472 1_1_0 EXIST::FUNCTION:RFC3779
-@@ -2561,7 +2516,7 @@ TS_VERIFY_CTX_set_data
- ASN1_T61STRING_it 2480 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_T61STRING_it 2480 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- ENGINE_get_prev 2481 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_accept_responses_new 2482 1_1_0 EXIST::FUNCTION:
-+OCSP_accept_responses_new 2482 1_1_0 EXIST::FUNCTION:OCSP
- ERR_load_EC_strings 2483 1_1_0 EXIST::FUNCTION:EC
- X509V3_string_free 2484 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_set_paramgen 2485 1_1_0 EXIST::FUNCTION:
-@@ -2609,7 +2564,6 @@ CRYPTO_mem_leaks
- DSA_sign 2527 1_1_0 EXIST::FUNCTION:DSA
- RAND_egd 2528 1_1_0 EXIST::FUNCTION:EGD
- ASN1_d2i_bio 2529 1_1_0 EXIST::FUNCTION:
--CRYPTO_THREADID_current 2530 1_1_0 NOEXIST::FUNCTION:
- X509_REQ_digest 2531 1_1_0 EXIST::FUNCTION:
- X509_set_notAfter 2532 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_type 2533 1_1_0 EXIST::FUNCTION:
-@@ -2620,8 +2574,7 @@ CMS_signed_get0_data_by_OBJ
- PKCS7_ENVELOPE_free 2538 1_1_0 EXIST::FUNCTION:
- PKCS12_key_gen_uni 2539 1_1_0 EXIST::FUNCTION:
- WHIRLPOOL 2540 1_1_0 EXIST::FUNCTION:WHIRLPOOL
--a2i_ipadd 2541 1_1_0 EXIST::FUNCTION:
--UI_set_default_method 2542 1_1_0 EXIST::FUNCTION:
-+UI_set_default_method 2542 1_1_0 EXIST::FUNCTION:UI
- EC_POINT_is_at_infinity 2543 1_1_0 EXIST::FUNCTION:EC
- i2d_NOTICEREF 2544 1_1_0 EXIST::FUNCTION:
- EC_KEY_new 2545 1_1_0 EXIST::FUNCTION:EC
-@@ -2641,25 +2594,25 @@ EC_GROUP_new_by_curve_name
- d2i_ASN1_UINTEGER 2559 1_1_0 EXIST::FUNCTION:
- i2s_ASN1_INTEGER 2560 1_1_0 EXIST::FUNCTION:
- d2i_EC_PUBKEY_fp 2561 1_1_0 EXIST::FUNCTION:EC,STDIO
--i2d_OCSP_SIGNATURE 2562 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_SIGNATURE 2562 1_1_0 EXIST::FUNCTION:OCSP
- i2d_X509_EXTENSION 2563 1_1_0 EXIST::FUNCTION:
- PEM_read_bio_X509 2564 1_1_0 EXIST::FUNCTION:
- DES_key_sched 2565 1_1_0 EXIST::FUNCTION:DES
- GENERAL_NAME_dup 2566 1_1_0 EXIST::FUNCTION:
--X509_STORE_get1_crls 2567 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get1_crls 2567 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_set_verify 2568 1_1_0 EXIST::FUNCTION:
- EVP_sha256 2569 1_1_0 EXIST::FUNCTION:
- CMS_unsigned_delete_attr 2570 1_1_0 EXIST::FUNCTION:CMS
- EVP_md5_sha1 2571 1_1_0 EXIST::FUNCTION:MD5
- EVP_PKEY_sign_init 2572 1_1_0 EXIST::FUNCTION:
--lh_insert 2573 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_insert 2573 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_meth_get_cleanup 2574 1_1_0 EXIST::FUNCTION:
- ASN1_item_ex_d2i 2575 1_1_0 EXIST::FUNCTION:
- EVP_MD_meth_free 2576 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_new 2577 1_1_0 EXIST::FUNCTION:
- RSA_padding_check_PKCS1_OAEP 2578 1_1_0 EXIST::FUNCTION:RSA
--OCSP_SERVICELOC_it 2579 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_SERVICELOC_it 2579 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_SERVICELOC_it 2579 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_SERVICELOC_it 2579 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- PKCS12_SAFEBAG_get_nid 2580 1_1_0 EXIST::FUNCTION:
- EVP_MD_CTX_set_update_fn 2581 1_1_0 EXIST::FUNCTION:
- BIO_f_asn1 2582 1_1_0 EXIST::FUNCTION:
-@@ -2693,11 +2646,11 @@ ENGINE_register_complete
- ENGINE_get_default_RAND 2610 1_1_0 EXIST::FUNCTION:ENGINE
- ERR_peek_last_error_line 2611 1_1_0 EXIST::FUNCTION:
- ENGINE_get_ssl_client_cert_function 2612 1_1_0 EXIST::FUNCTION:ENGINE
--lh_node_usage_stats 2613 1_1_0 EXIST::FUNCTION:STDIO
-+OPENSSL_LH_node_usage_stats 2613 1_1_0 EXIST::FUNCTION:STDIO
- DIRECTORYSTRING_it 2614 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- DIRECTORYSTRING_it 2614 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- BIO_write 2615 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_get_ext_by_OBJ 2616 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_get_ext_by_OBJ 2616 1_1_0 EXIST::FUNCTION:OCSP
- SEED_encrypt 2617 1_1_0 EXIST::FUNCTION:SEED
- IPAddressRange_it 2618 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
- IPAddressRange_it 2618 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-@@ -2728,7 +2681,6 @@ EC_GROUP_clear_free
- ERR_load_COMP_strings 2641 1_1_0 EXIST::FUNCTION:COMP
- EVP_PKEY_meth_add0 2642 1_1_0 EXIST::FUNCTION:
- EVP_rc4_40 2643 1_1_0 EXIST::FUNCTION:RC4
--BN_BLINDING_get_thread_id 2644 1_1_0 NOEXIST::FUNCTION:
- RSA_bits 2645 1_1_0 EXIST::FUNCTION:RSA
- ASN1_item_dup 2646 1_1_0 EXIST::FUNCTION:
- GENERAL_NAMES_it 2647 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2741,7 +2693,7 @@ MD4_Init
- SCT_validate 2653 1_1_0 EXIST::FUNCTION:CT
- EC_GROUP_dup 2654 1_1_0 EXIST::FUNCTION:EC
- EVP_sha1 2655 1_1_0 EXIST::FUNCTION:
--sk_new 2656 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_new 2656 1_1_0 EXIST::FUNCTION:
- BN_dup 2657 1_1_0 EXIST::FUNCTION:
- TS_MSG_IMPRINT_print_bio 2658 1_1_0 EXIST::FUNCTION:TS
- CONF_module_set_usr_data 2659 1_1_0 EXIST::FUNCTION:
-@@ -2751,8 +2703,7 @@ EC_KEY_generate_key
- EVP_aes_128_ofb 2663 1_1_0 EXIST::FUNCTION:
- CMS_data 2664 1_1_0 EXIST::FUNCTION:CMS
- X509_load_cert_file 2665 1_1_0 EXIST::FUNCTION:
--CRYPTO_THREADID_cpy 2666 1_1_0 NOEXIST::FUNCTION:
--EC_GFp_nistp521_method 2667 1_1_0 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
-+EC_GFp_nistp521_method 2667 1_1_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
- ECDSA_SIG_free 2668 1_1_0 EXIST::FUNCTION:EC
- d2i_PKCS12_BAGS 2669 1_1_0 EXIST::FUNCTION:
- RSA_public_encrypt 2670 1_1_0 EXIST::FUNCTION:RSA
-@@ -2769,7 +2720,7 @@ d2i_CMS_ReceiptRequest
- X509_CRL_INFO_it 2681 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_CRL_INFO_it 2681 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- BUF_reverse 2682 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_SIGNATURE 2683 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_SIGNATURE 2683 1_1_0 EXIST::FUNCTION:OCSP
- X509_REQ_delete_attr 2684 1_1_0 EXIST::FUNCTION:
- TS_RESP_CTX_set_signer_cert 2685 1_1_0 EXIST::FUNCTION:TS
- X509V3_EXT_d2i 2686 1_1_0 EXIST::FUNCTION:
-@@ -2777,7 +2728,7 @@ TS_RESP_CTX_set_signer_cert
- ASN1_GENERALSTRING_it 2687 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- POLICYQUALINFO_free 2688 1_1_0 EXIST::FUNCTION:
- EC_KEY_set_group 2689 1_1_0 EXIST::FUNCTION:EC
--OCSP_check_validity 2690 1_1_0 EXIST::FUNCTION:
-+OCSP_check_validity 2690 1_1_0 EXIST::FUNCTION:OCSP
- PEM_write_ECPKParameters 2691 1_1_0 EXIST::FUNCTION:EC
- X509_VERIFY_PARAM_lookup 2692 1_1_0 EXIST::FUNCTION:
- X509_LOOKUP_by_fingerprint 2693 1_1_0 EXIST::FUNCTION:
-@@ -2787,7 +2738,7 @@ d2i_ECPrivateKey_fp
- TS_CONF_set_ordering 2697 1_1_0 EXIST::FUNCTION:TS
- X509_CRL_get_ext 2698 1_1_0 EXIST::FUNCTION:
- X509_CRL_get_ext_by_OBJ 2699 1_1_0 EXIST::FUNCTION:
--OCSP_basic_add1_cert 2700 1_1_0 EXIST::FUNCTION:
-+OCSP_basic_add1_cert 2700 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_PRINTABLESTRING_new 2701 1_1_0 EXIST::FUNCTION:
- i2d_PBEPARAM 2702 1_1_0 EXIST::FUNCTION:
- NETSCAPE_SPKI_new 2703 1_1_0 EXIST::FUNCTION:
-@@ -2821,8 +2772,8 @@ CMS_ContentInfo_print_ctx
- d2i_PKCS7_SIGNED 2731 1_1_0 EXIST::FUNCTION:
- GENERAL_NAMES_free 2732 1_1_0 EXIST::FUNCTION:
- SCT_get_timestamp 2733 1_1_0 EXIST::FUNCTION:CT
--OCSP_SIGNATURE_it 2734 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_SIGNATURE_it 2734 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_SIGNATURE_it 2734 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_SIGNATURE_it 2734 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- CMS_verify_receipt 2735 1_1_0 EXIST::FUNCTION:CMS
- CRYPTO_THREAD_lock_new 2736 1_1_0 EXIST::FUNCTION:
- BIO_get_ex_data 2737 1_1_0 EXIST::FUNCTION:
-@@ -2835,9 +2786,9 @@ d2i_IPAddressRange
- ERR_remove_state 2744 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_0_0
- X509_CRL_print_fp 2745 1_1_0 EXIST::FUNCTION:STDIO
- TS_CONF_load_key 2746 1_1_0 EXIST::FUNCTION:TS
--d2i_OCSP_REQINFO 2747 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_REQINFO 2747 1_1_0 EXIST::FUNCTION:OCSP
- d2i_X509_CINF 2748 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_get_ext_by_critical 2749 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_get_ext_by_critical 2749 1_1_0 EXIST::FUNCTION:OCSP
- X509_REQ_to_X509 2750 1_1_0 EXIST::FUNCTION:
- EVP_aes_192_wrap_pad 2751 1_1_0 EXIST::FUNCTION:
- PKCS7_SIGN_ENVELOPE_new 2752 1_1_0 EXIST::FUNCTION:
-@@ -2848,18 +2799,18 @@ CT_POLICY_EVAL_CTX_new
- NETSCAPE_SPKI_it 2757 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- NETSCAPE_SPKI_it 2757 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- CRYPTO_THREAD_unlock 2758 1_1_0 EXIST::FUNCTION:
--UI_method_set_writer 2759 1_1_0 EXIST::FUNCTION:
--UI_dup_info_string 2760 1_1_0 EXIST::FUNCTION:
-+UI_method_set_writer 2759 1_1_0 EXIST::FUNCTION:UI
-+UI_dup_info_string 2760 1_1_0 EXIST::FUNCTION:UI
- OPENSSL_init 2761 1_1_0 EXIST::FUNCTION:
- TS_RESP_get_tst_info 2762 1_1_0 EXIST::FUNCTION:TS
- X509_VERIFY_PARAM_get_depth 2763 1_1_0 EXIST::FUNCTION:
- EVP_SealFinal 2764 1_1_0 EXIST::FUNCTION:RSA
--BIO_set 2765 1_1_0 EXIST::FUNCTION:
-+BIO_set 2765 1_1_0 NOEXIST::FUNCTION:
- CONF_imodule_set_flags 2766 1_1_0 EXIST::FUNCTION:
- i2d_ASN1_SET_ANY 2767 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_decrypt 2768 1_1_0 EXIST::FUNCTION:
--OCSP_RESPID_it 2769 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_RESPID_it 2769 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_RESPID_it 2769 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_RESPID_it 2769 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- EVP_des_ede3_cbc 2770 1_1_0 EXIST::FUNCTION:DES
- X509_up_ref 2771 1_1_0 EXIST::FUNCTION:
- OBJ_NAME_do_all_sorted 2772 1_1_0 EXIST::FUNCTION:
-@@ -2872,8 +2823,7 @@ RSAPrivateKey_it
- RSAPrivateKey_it 2777 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
- X509_NAME_ENTRY_free 2778 1_1_0 EXIST::FUNCTION:
- BIO_new_fd 2779 1_1_0 EXIST::FUNCTION:
--ENGINE_cleanup 2780 1_1_0 NOEXIST::FUNCTION:
--sk_value 2781 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_value 2781 1_1_0 EXIST::FUNCTION:
- NCONF_get_section 2782 1_1_0 EXIST::FUNCTION:
- PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS12_MAC_DATA_it 2783 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2885,12 +2835,11 @@ CMS_RecipientInfo_encrypt
- PEM_read_bio_PKCS7 2789 1_1_0 EXIST::FUNCTION:
- SHA512_Final 2790 1_1_0 EXIST:!VMSVAX:FUNCTION:
- X509_VERIFY_PARAM_set1_host 2791 1_1_0 EXIST::FUNCTION:
--OCSP_resp_find_status 2792 1_1_0 EXIST::FUNCTION:
-+OCSP_resp_find_status 2792 1_1_0 EXIST::FUNCTION:OCSP
- d2i_ASN1_T61STRING 2793 1_1_0 EXIST::FUNCTION:
- DES_pcbc_encrypt 2794 1_1_0 EXIST::FUNCTION:DES
- EVP_PKEY_print_params 2795 1_1_0 EXIST::FUNCTION:
- BN_get0_nist_prime_192 2796 1_1_0 EXIST::FUNCTION:
--OPENSSL_ia32cap_loc 2797 1_1_0 EXIST::FUNCTION:
- EVP_SealInit 2798 1_1_0 EXIST::FUNCTION:RSA
- X509_REQ_get0_signature 2799 1_1_0 EXIST::FUNCTION:
- PKEY_USAGE_PERIOD_free 2800 1_1_0 EXIST::FUNCTION:
-@@ -2907,8 +2856,8 @@ ENGINE_register_all_DH
- ERR_clear_error 2810 1_1_0 EXIST::FUNCTION:
- EC_KEY_dup 2811 1_1_0 EXIST::FUNCTION:EC
- X509_LOOKUP_init 2812 1_1_0 EXIST::FUNCTION:
--i2b_PVK_bio 2813 1_1_0 EXIST::FUNCTION:RC4
--OCSP_ONEREQ_free 2814 1_1_0 EXIST::FUNCTION:
-+i2b_PVK_bio 2813 1_1_0 EXIST::FUNCTION:DSA,RC4
-+OCSP_ONEREQ_free 2814 1_1_0 EXIST::FUNCTION:OCSP
- X509V3_EXT_print_fp 2815 1_1_0 EXIST::FUNCTION:STDIO
- OBJ_bsearch_ex_ 2816 1_1_0 EXIST::FUNCTION:
- DES_ofb64_encrypt 2817 1_1_0 EXIST::FUNCTION:DES
-@@ -2922,11 +2871,10 @@ SCT_free
- TS_TST_INFO_get_msg_imprint 2825 1_1_0 EXIST::FUNCTION:TS
- X509v3_addr_add_range 2826 1_1_0 EXIST::FUNCTION:RFC3779
- PKCS12_get_friendlyname 2827 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_id_callback 2828 1_1_0 NOEXIST::FUNCTION:
- X509_CRL_add_ext 2829 1_1_0 EXIST::FUNCTION:
- X509_REQ_get_signature_nid 2830 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_get_ext 2831 1_1_0 EXIST::FUNCTION:TS
--i2d_OCSP_RESPID 2832 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_RESPID 2832 1_1_0 EXIST::FUNCTION:OCSP
- EVP_camellia_256_cfb8 2833 1_1_0 EXIST::FUNCTION:CAMELLIA
- EC_KEY_get0_public_key 2834 1_1_0 EXIST::FUNCTION:EC
- SRP_Calc_x 2835 1_1_0 EXIST::FUNCTION:SRP
-@@ -2954,19 +2902,18 @@ CRYPTO_mem_debug_realloc
- ASN1_UTCTIME_check 2856 1_1_0 EXIST::FUNCTION:
- ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ACCESS_DESCRIPTION_it 2857 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--check_defer 2858 1_1_0 NOEXIST::FUNCTION:
- TS_MSG_IMPRINT_get_msg 2859 1_1_0 EXIST::FUNCTION:TS
- PKCS8_add_keyusage 2860 1_1_0 EXIST::FUNCTION:
- X509_EXTENSION_dup 2861 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_asn1_new 2862 1_1_0 EXIST::FUNCTION:
--BIO_socket_nbio 2863 1_1_0 EXIST::FUNCTION:
-+BIO_socket_nbio 2863 1_1_0 EXIST::FUNCTION:SOCK
- EVP_CIPHER_set_asn1_iv 2864 1_1_0 EXIST::FUNCTION:
--EC_GFp_nistp224_method 2865 1_1_0 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
-+EC_GFp_nistp224_method 2865 1_1_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
- BN_swap 2866 1_1_0 EXIST::FUNCTION:
- d2i_ECParameters 2867 1_1_0 EXIST::FUNCTION:EC
- X509_NAME_add_entry_by_OBJ 2868 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_get_ext_count 2869 1_1_0 EXIST::FUNCTION:TS
--i2d_OCSP_CERTID 2870 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_CERTID 2870 1_1_0 EXIST::FUNCTION:OCSP
- BN_CTX_start 2871 1_1_0 EXIST::FUNCTION:
- BN_print 2872 1_1_0 EXIST::FUNCTION:
- EC_KEY_set_flags 2873 1_1_0 EXIST::FUNCTION:EC
-@@ -2981,10 +2928,10 @@ SCT_set0_signature
- TS_CONF_set_accuracy 2881 1_1_0 EXIST::FUNCTION:TS
- DES_crypt 2882 1_1_0 EXIST::FUNCTION:DES
- BN_BLINDING_create_param 2883 1_1_0 EXIST::FUNCTION:
--OCSP_SERVICELOC_free 2884 1_1_0 EXIST::FUNCTION:
-+OCSP_SERVICELOC_free 2884 1_1_0 EXIST::FUNCTION:OCSP
- DIST_POINT_NAME_free 2885 1_1_0 EXIST::FUNCTION:
--BIO_listen 2886 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_path_string 2887 1_1_0 EXIST::FUNCTION:
-+BIO_listen 2886 1_1_0 EXIST::FUNCTION:SOCK
-+BIO_ADDR_path_string 2887 1_1_0 EXIST::FUNCTION:SOCK
- POLICY_CONSTRAINTS_it 2888 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- POLICY_CONSTRAINTS_it 2888 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- NCONF_free_data 2889 1_1_0 EXIST::FUNCTION:
-@@ -3012,7 +2959,7 @@ EVP_des_ede3_cfb1
- TS_REQ_to_TS_VERIFY_CTX 2910 1_1_0 EXIST::FUNCTION:TS
- d2i_PBEPARAM 2911 1_1_0 EXIST::FUNCTION:
- BN_get0_nist_prime_521 2912 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_get_ext_by_NID 2913 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_get_ext_by_NID 2913 1_1_0 EXIST::FUNCTION:OCSP
- X509_PUBKEY_get0 2914 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get0_parent_ctx 2915 1_1_0 EXIST::FUNCTION:
- EC_GROUP_set_seed 2916 1_1_0 EXIST::FUNCTION:EC
-@@ -3025,7 +2972,7 @@ RC5_32_decrypt
- i2d_X509_REQ_INFO 2922 1_1_0 EXIST::FUNCTION:
- EVP_des_cfb1 2923 1_1_0 EXIST::FUNCTION:DES
- OBJ_NAME_cleanup 2924 1_1_0 EXIST::FUNCTION:
--OCSP_BASICRESP_get1_ext_d2i 2925 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_get1_ext_d2i 2925 1_1_0 EXIST::FUNCTION:OCSP
- DES_cfb64_encrypt 2926 1_1_0 EXIST::FUNCTION:DES
- CAST_cfb64_encrypt 2927 1_1_0 EXIST::FUNCTION:CAST
- EVP_PKEY_asn1_set_param 2928 1_1_0 EXIST::FUNCTION:
-@@ -3042,9 +2989,8 @@ ENGINE_by_id
- EC_POINT_point2oct 2939 1_1_0 EXIST::FUNCTION:EC
- EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:EC
- ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_strdup 2943 1_1_0 EXIST::FUNCTION:
--DSO_get_default_method 2944 1_1_0 NOEXIST::FUNCTION:
- i2d_X509_CRL_bio 2945 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_asn1_set_item 2946 1_1_0 EXIST::FUNCTION:
- CRYPTO_ccm128_encrypt 2947 1_1_0 EXIST::FUNCTION:
-@@ -3052,7 +2998,7 @@ X509v3_addr_get_afi
- X509_STORE_CTX_get0_param 2949 1_1_0 EXIST::FUNCTION:
- EVP_add_alg_module 2950 1_1_0 EXIST::FUNCTION:
- X509_check_purpose 2951 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_delete_ext 2952 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_delete_ext 2952 1_1_0 EXIST::FUNCTION:OCSP
- X509_PURPOSE_get_count 2953 1_1_0 EXIST::FUNCTION:
- d2i_PKCS12_bio 2954 1_1_0 EXIST::FUNCTION:
- ASN1_item_free 2955 1_1_0 EXIST::FUNCTION:
-@@ -3114,14 +3060,12 @@ PEM_read_bio_RSAPublicKey
- EVP_PKEY_asn1_set_private 3010 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_get0_RSA 3011 1_1_0 EXIST::FUNCTION:RSA
- DES_ede3_cfb64_encrypt 3012 1_1_0 EXIST::FUNCTION:DES
--DSO_METHOD_vms 3013 1_1_0 NOEXIST::FUNCTION:
- POLICY_MAPPING_free 3014 1_1_0 EXIST::FUNCTION:
- EVP_aes_128_gcm 3015 1_1_0 EXIST::FUNCTION:
--BIO_dgram_non_fatal_error 3016 1_1_0 EXIST::FUNCTION:
--OCSP_request_is_signed 3017 1_1_0 EXIST::FUNCTION:
-+BIO_dgram_non_fatal_error 3016 1_1_0 EXIST::FUNCTION:DGRAM
-+OCSP_request_is_signed 3017 1_1_0 EXIST::FUNCTION:OCSP
- i2d_BASIC_CONSTRAINTS 3018 1_1_0 EXIST::FUNCTION:
- EC_KEY_get_method 3019 1_1_0 EXIST::FUNCTION:EC
--CRYPTO_get_dynlock_destroy_callback 3020 1_1_0 NOEXIST::FUNCTION:
- EC_POINT_bn2point 3021 1_1_0 EXIST::FUNCTION:EC
- PBE2PARAM_it 3022 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PBE2PARAM_it 3022 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -3140,7 +3084,7 @@ RC4_set_key
- PKCS7_it 3034 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- CMS_unsigned_get_attr_by_OBJ 3035 1_1_0 EXIST::FUNCTION:CMS
- BN_clear 3036 1_1_0 EXIST::FUNCTION:
--BIO_socket_ioctl 3037 1_1_0 EXIST::FUNCTION:
-+BIO_socket_ioctl 3037 1_1_0 EXIST::FUNCTION:SOCK
- GENERAL_NAME_cmp 3038 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set_purpose 3039 1_1_0 EXIST::FUNCTION:
- X509_REVOKED_get_ext_d2i 3040 1_1_0 EXIST::FUNCTION:
-@@ -3148,7 +3092,7 @@ CMS_unsigned_get_attr_by_OBJ
- PKCS7_ENC_CONTENT_it 3042 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS7_ENC_CONTENT_it 3042 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- PKCS12_item_pack_safebag 3043 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_RESPDATA 3044 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_RESPDATA 3044 1_1_0 EXIST::FUNCTION:OCSP
- i2d_X509_PUBKEY 3045 1_1_0 EXIST::FUNCTION:
- EVP_DecryptUpdate 3046 1_1_0 EXIST::FUNCTION:
- CAST_cbc_encrypt 3047 1_1_0 EXIST::FUNCTION:CAST
-@@ -3202,12 +3146,12 @@ d2i_ECPrivateKey_bio
- BIO_s_secmem 3095 1_1_0 EXIST::FUNCTION:
- ENGINE_get_default_EC 3096 1_1_0 EXIST::FUNCTION:ENGINE
- TS_RESP_create_response 3097 1_1_0 EXIST::FUNCTION:TS
--BIO_ADDR_rawaddress 3098 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_rawaddress 3098 1_1_0 EXIST::FUNCTION:SOCK
- PKCS7_ENCRYPT_new 3099 1_1_0 EXIST::FUNCTION:
- i2d_PKCS8PrivateKey_fp 3100 1_1_0 EXIST::FUNCTION:STDIO
- SRP_user_pwd_free 3101 1_1_0 EXIST::FUNCTION:SRP
- Camellia_encrypt 3102 1_1_0 EXIST::FUNCTION:CAMELLIA
--BIO_ADDR_hostname_string 3103 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_hostname_string 3103 1_1_0 EXIST::FUNCTION:SOCK
- USERNOTICE_new 3104 1_1_0 EXIST::FUNCTION:
- POLICY_MAPPING_new 3105 1_1_0 EXIST::FUNCTION:
- CRYPTO_gcm128_release 3106 1_1_0 EXIST::FUNCTION:
-@@ -3218,9 +3162,9 @@ PEM_read_DSA_PUBKEY
- X509_get0_subject_key_id 3111 1_1_0 EXIST::FUNCTION:
- i2s_ASN1_ENUMERATED 3112 1_1_0 EXIST::FUNCTION:
- X509v3_get_ext_by_OBJ 3113 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_free 3114 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_free 3114 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_ocb128_aad 3115 1_1_0 EXIST::FUNCTION:OCB
--sk_deep_copy 3116 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_deep_copy 3116 1_1_0 EXIST::FUNCTION:
- i2d_RSA_PSS_PARAMS 3117 1_1_0 EXIST::FUNCTION:RSA
- EVP_aes_128_wrap_pad 3118 1_1_0 EXIST::FUNCTION:
- ASN1_BIT_STRING_set 3119 1_1_0 EXIST::FUNCTION:
-@@ -3248,16 +3192,16 @@ CONF_load_fp
- ASN1_STRING_set 3140 1_1_0 EXIST::FUNCTION:
- d2i_ESS_CERT_ID 3141 1_1_0 EXIST::FUNCTION:TS
- EVP_PKEY_meth_set_derive 3142 1_1_0 EXIST::FUNCTION:
--lh_stats 3143 1_1_0 EXIST::FUNCTION:STDIO
-+OPENSSL_LH_stats 3143 1_1_0 EXIST::FUNCTION:STDIO
- NCONF_dump_fp 3144 1_1_0 EXIST::FUNCTION:STDIO
- TS_STATUS_INFO_print_bio 3145 1_1_0 EXIST::FUNCTION:TS
--sk_dup 3146 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_dup 3146 1_1_0 EXIST::FUNCTION:
- BF_cfb64_encrypt 3147 1_1_0 EXIST::FUNCTION:BF
- ASN1_GENERALIZEDTIME_adj 3148 1_1_0 EXIST::FUNCTION:
- ECDSA_verify 3149 1_1_0 EXIST::FUNCTION:EC
- EVP_camellia_256_cfb128 3150 1_1_0 EXIST::FUNCTION:CAMELLIA
--CMAC_Init 3151 1_1_0 EXIST::FUNCTION:
--OCSP_basic_add1_status 3152 1_1_0 EXIST::FUNCTION:
-+CMAC_Init 3151 1_1_0 EXIST::FUNCTION:CMAC
-+OCSP_basic_add1_status 3152 1_1_0 EXIST::FUNCTION:OCSP
- X509_CRL_get0_by_cert 3153 1_1_0 EXIST::FUNCTION:
- TS_TST_INFO_set_tsa 3154 1_1_0 EXIST::FUNCTION:TS
- i2d_ASN1_GENERALIZEDTIME 3155 1_1_0 EXIST::FUNCTION:
-@@ -3268,11 +3212,11 @@ TS_TST_INFO_set_tsa
- BN_reciprocal 3160 1_1_0 EXIST::FUNCTION:
- d2i_PKCS7_SIGN_ENVELOPE 3161 1_1_0 EXIST::FUNCTION:
- X509_NAME_digest 3162 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_SERVICELOC 3163 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_SERVICELOC 3163 1_1_0 EXIST::FUNCTION:OCSP
- GENERAL_NAME_print 3164 1_1_0 EXIST::FUNCTION:
- CMS_ReceiptRequest_get0_values 3165 1_1_0 EXIST::FUNCTION:CMS
- a2i_ASN1_INTEGER 3166 1_1_0 EXIST::FUNCTION:
--OCSP_sendreq_bio 3167 1_1_0 EXIST::FUNCTION:
-+OCSP_sendreq_bio 3167 1_1_0 EXIST::FUNCTION:OCSP
- PKCS12_SAFEBAG_create_crl 3168 1_1_0 EXIST::FUNCTION:
- d2i_X509_NAME 3169 1_1_0 EXIST::FUNCTION:
- IDEA_cfb64_encrypt 3170 1_1_0 EXIST::FUNCTION:IDEA
-@@ -3282,24 +3226,23 @@ HMAC_Init
- EVP_MD_CTX_update_fn 3174 1_1_0 EXIST::FUNCTION:
- EVP_aes_128_ecb 3175 1_1_0 EXIST::FUNCTION:
- i2d_PKCS7_bio_stream 3176 1_1_0 EXIST::FUNCTION:
--CRYPTO_get_dynlock_create_callback 3177 1_1_0 NOEXIST::FUNCTION:
- i2a_ACCESS_DESCRIPTION 3178 1_1_0 EXIST::FUNCTION:
- EC_KEY_set_enc_flags 3179 1_1_0 EXIST::FUNCTION:EC
- i2d_PUBKEY_fp 3180 1_1_0 EXIST::FUNCTION:STDIO
--b2i_PrivateKey_bio 3181 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_add_ext 3182 1_1_0 EXIST::FUNCTION:
-+b2i_PrivateKey_bio 3181 1_1_0 EXIST::FUNCTION:DSA
-+OCSP_REQUEST_add_ext 3182 1_1_0 EXIST::FUNCTION:OCSP
- SXNET_add_id_INTEGER 3183 1_1_0 EXIST::FUNCTION:
- CTLOG_get0_public_key 3184 1_1_0 EXIST::FUNCTION:CT
--OCSP_REQUEST_get_ext_by_OBJ 3185 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_get_ext_by_OBJ 3185 1_1_0 EXIST::FUNCTION:OCSP
- X509_NAME_oneline 3186 1_1_0 EXIST::FUNCTION:
- X509V3_set_nconf 3187 1_1_0 EXIST::FUNCTION:
- RSAPrivateKey_dup 3188 1_1_0 EXIST::FUNCTION:RSA
- BN_mod_add 3189 1_1_0 EXIST::FUNCTION:
- EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:EC
- X509_get_default_cert_file 3191 1_1_0 EXIST::FUNCTION:
--UI_method_set_flusher 3192 1_1_0 EXIST::FUNCTION:
-+UI_method_set_flusher 3192 1_1_0 EXIST::FUNCTION:UI
- RSA_new_method 3193 1_1_0 EXIST::FUNCTION:RSA
--OCSP_request_verify 3194 1_1_0 EXIST::FUNCTION:
-+OCSP_request_verify 3194 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_THREAD_run_once 3195 1_1_0 EXIST::FUNCTION:
- TS_REQ_print_bio 3196 1_1_0 EXIST::FUNCTION:TS
- SCT_get_version 3197 1_1_0 EXIST::FUNCTION:CT
-@@ -3307,7 +3250,7 @@ IDEA_set_encrypt_key
- ENGINE_get_DH 3199 1_1_0 EXIST::FUNCTION:ENGINE
- i2d_ASIdentifierChoice 3200 1_1_0 EXIST::FUNCTION:RFC3779
- SRP_Calc_A 3201 1_1_0 EXIST::FUNCTION:SRP
--OCSP_BASICRESP_add_ext 3202 1_1_0 EXIST::FUNCTION:
-+OCSP_BASICRESP_add_ext 3202 1_1_0 EXIST::FUNCTION:OCSP
- EVP_idea_cfb64 3203 1_1_0 EXIST::FUNCTION:IDEA
- PKCS12_newpass 3204 1_1_0 EXIST::FUNCTION:
- EVP_aes_256_cbc_hmac_sha256 3205 1_1_0 EXIST::FUNCTION:
-@@ -3321,11 +3264,11 @@ X509_issuer_name_hash_old
- MD4_Final 3213 1_1_0 EXIST::FUNCTION:MD4
- EVP_PKEY_id 3214 1_1_0 EXIST::FUNCTION:
- CMS_RecipientInfo_get0_pkey_ctx 3215 1_1_0 EXIST::FUNCTION:CMS
--OCSP_REQINFO_free 3216 1_1_0 EXIST::FUNCTION:
-+OCSP_REQINFO_free 3216 1_1_0 EXIST::FUNCTION:OCSP
- AUTHORITY_KEYID_new 3217 1_1_0 EXIST::FUNCTION:
- i2d_DIST_POINT_NAME 3218 1_1_0 EXIST::FUNCTION:
- OpenSSL_version_num 3219 1_1_0 EXIST::FUNCTION:
--OCSP_CERTID_free 3220 1_1_0 EXIST::FUNCTION:
-+OCSP_CERTID_free 3220 1_1_0 EXIST::FUNCTION:OCSP
- BIO_hex_string 3221 1_1_0 EXIST::FUNCTION:
- X509_REQ_sign_ctx 3222 1_1_0 EXIST::FUNCTION:
- CRYPTO_ocb128_init 3223 1_1_0 EXIST::FUNCTION:OCB
-@@ -3364,7 +3307,7 @@ EVP_read_pw_string_min
- X509_set_notBefore 3255 1_1_0 EXIST::FUNCTION:
- MD4 3256 1_1_0 EXIST::FUNCTION:MD4
- EVP_PKEY_CTX_dup 3257 1_1_0 EXIST::FUNCTION:
--ENGINE_setup_bsd_cryptodev 3258 1_1_0 EXIST:__FreeBSD__:FUNCTION:ENGINE
-+ENGINE_setup_bsd_cryptodev 3258 1_1_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
- PEM_read_bio_DHparams 3259 1_1_0 EXIST::FUNCTION:DH
- CMS_SharedInfo_encode 3260 1_1_0 EXIST::FUNCTION:CMS
- ASN1_OBJECT_create 3261 1_1_0 EXIST::FUNCTION:
-@@ -3377,10 +3320,9 @@ ENGINE_set_load_pubkey_function
- CMS_RecipientInfo_decrypt 3268 1_1_0 EXIST::FUNCTION:CMS
- RSA_generate_key 3269 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA
- PKCS7_set0_type_other 3270 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_new 3271 1_1_0 EXIST::FUNCTION:
--BIO_lookup 3272 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_new 3271 1_1_0 EXIST::FUNCTION:OCSP
-+BIO_lookup 3272 1_1_0 EXIST::FUNCTION:SOCK
- EC_GROUP_get0_cofactor 3273 1_1_0 EXIST::FUNCTION:EC
--CRYPTO_THREADID_set_numeric 3274 1_1_0 NOEXIST::FUNCTION:
- SCT_print 3275 1_1_0 EXIST::FUNCTION:CT
- X509_PUBKEY_set 3276 1_1_0 EXIST::FUNCTION:
- POLICY_CONSTRAINTS_free 3277 1_1_0 EXIST::FUNCTION:
-@@ -3390,9 +3332,9 @@ d2i_DSA_PUBKEY_bio
- RSA_padding_check_none 3281 1_1_0 EXIST::FUNCTION:RSA
- CRYPTO_set_mem_debug 3282 1_1_0 EXIST::FUNCTION:
- TS_VERIFY_CTX_init 3283 1_1_0 EXIST::FUNCTION:TS
--OCSP_cert_id_new 3284 1_1_0 EXIST::FUNCTION:
-+OCSP_cert_id_new 3284 1_1_0 EXIST::FUNCTION:OCSP
- GENERAL_SUBTREE_new 3285 1_1_0 EXIST::FUNCTION:
--sk_push 3286 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_push 3286 1_1_0 EXIST::FUNCTION:
- X509_LOOKUP_ctrl 3287 1_1_0 EXIST::FUNCTION:
- SRP_check_known_gN_param 3288 1_1_0 EXIST::FUNCTION:SRP
- d2i_DIST_POINT 3289 1_1_0 EXIST::FUNCTION:
-@@ -3412,7 +3354,7 @@ DSA_SIG_free
- BIO_asn1_set_suffix 3302 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_set_type_str 3303 1_1_0 EXIST::FUNCTION:
- i2d_X509_SIG 3304 1_1_0 EXIST::FUNCTION:
--lh_strhash 3305 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_strhash 3305 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_set_trust 3306 1_1_0 EXIST::FUNCTION:
- TS_ACCURACY_set_micros 3307 1_1_0 EXIST::FUNCTION:TS
- EVP_DigestFinal_ex 3308 1_1_0 EXIST::FUNCTION:
-@@ -3436,24 +3378,23 @@ CTLOG_free
- EVP_CIPHER_meth_dup 3326 1_1_0 EXIST::FUNCTION:
- CMS_get1_crls 3327 1_1_0 EXIST::FUNCTION:CMS
- X509_aux_print 3328 1_1_0 EXIST::FUNCTION:
--DSO_set_name_converter 3329 1_1_0 NOEXIST::FUNCTION:
- OPENSSL_thread_stop 3330 1_1_0 EXIST::FUNCTION:
- X509_policy_node_get0_parent 3331 1_1_0 EXIST::FUNCTION:
- X509_PKEY_free 3332 1_1_0 EXIST::FUNCTION:
--OCSP_CRLID_new 3333 1_1_0 EXIST::FUNCTION:
-+OCSP_CRLID_new 3333 1_1_0 EXIST::FUNCTION:OCSP
- CONF_dump_bio 3334 1_1_0 EXIST::FUNCTION:
- d2i_PKCS8PrivateKey_fp 3335 1_1_0 EXIST::FUNCTION:STDIO
- RSA_setup_blinding 3336 1_1_0 EXIST::FUNCTION:RSA
- ERR_peek_error_line 3337 1_1_0 EXIST::FUNCTION:
- d2i_PKCS7 3338 1_1_0 EXIST::FUNCTION:
- ERR_reason_error_string 3339 1_1_0 EXIST::FUNCTION:
--ERR_remove_thread_state 3340 1_1_0 EXIST::FUNCTION:
-+ERR_remove_thread_state 3340 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
- PEM_write_PrivateKey 3341 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_CTX_str2ctrl 3342 1_1_0 EXIST::FUNCTION:
- CMS_SignerInfo_verify_content 3343 1_1_0 EXIST::FUNCTION:CMS
- ASN1_INTEGER_get_int64 3344 1_1_0 EXIST::FUNCTION:
- ASN1_item_sign 3345 1_1_0 EXIST::FUNCTION:
--OCSP_SERVICELOC_new 3346 1_1_0 EXIST::FUNCTION:
-+OCSP_SERVICELOC_new 3346 1_1_0 EXIST::FUNCTION:OCSP
- ASN1_VISIBLESTRING_new 3347 1_1_0 EXIST::FUNCTION:
- BN_set_flags 3348 1_1_0 EXIST::FUNCTION:
- d2i_PrivateKey_bio 3349 1_1_0 EXIST::FUNCTION:
-@@ -3461,8 +3402,8 @@ CMS_SignerInfo_verify_content
- ASN1_SEQUENCE_ANY_it 3350 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- ASN1_UTCTIME_adj 3351 1_1_0 EXIST::FUNCTION:
- BN_mod_sqrt 3352 1_1_0 EXIST::FUNCTION:
--sk_is_sorted 3353 1_1_0 EXIST::FUNCTION:
--OCSP_SIGNATURE_new 3354 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_is_sorted 3353 1_1_0 EXIST::FUNCTION:
-+OCSP_SIGNATURE_new 3354 1_1_0 EXIST::FUNCTION:OCSP
- EVP_PKEY_meth_get_paramgen 3355 1_1_0 EXIST::FUNCTION:
- X509_ATTRIBUTE_create_by_OBJ 3356 1_1_0 EXIST::FUNCTION:
- RSA_generate_key_ex 3357 1_1_0 EXIST::FUNCTION:RSA
-@@ -3471,7 +3412,7 @@ CMS_SignerInfo_get0_algs
- ESS_SIGNING_CERT_free 3360 1_1_0 EXIST::FUNCTION:TS
- SCT_new_from_base64 3361 1_1_0 EXIST::FUNCTION:CT
- OpenSSL_version 3362 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_get_ext_by_OBJ 3363 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get_ext_by_OBJ 3363 1_1_0 EXIST::FUNCTION:OCSP
- ECDSA_SIG_get0 3364 1_1_0 EXIST::FUNCTION:EC
- BN_set_word 3365 1_1_0 EXIST::FUNCTION:
- ENGINE_set_flags 3366 1_1_0 EXIST::FUNCTION:ENGINE
-@@ -3489,21 +3430,19 @@ RSA_padding_check_SSLv23
- EC_KEY_set_public_key_affine_coordinates 3377 1_1_0 EXIST::FUNCTION:EC
- EVP_EncryptInit_ex 3378 1_1_0 EXIST::FUNCTION:
- ENGINE_add 3379 1_1_0 EXIST::FUNCTION:ENGINE
--lh_error 3380 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_error 3380 1_1_0 EXIST::FUNCTION:
- PKCS7_DIGEST_it 3381 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS7_DIGEST_it 3381 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- X509_CINF_new 3382 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_keygen_init 3383 1_1_0 EXIST::FUNCTION:
- EVP_aes_192_ocb 3384 1_1_0 EXIST::FUNCTION:OCB
- EVP_camellia_256_cfb1 3385 1_1_0 EXIST::FUNCTION:CAMELLIA
--DES_read_2passwords 3386 1_1_0 EXIST::FUNCTION:DES,UI
- CRYPTO_secure_actual_size 3387 1_1_0 EXIST::FUNCTION:
- COMP_CTX_free 3388 1_1_0 EXIST::FUNCTION:COMP
- i2d_PBE2PARAM 3389 1_1_0 EXIST::FUNCTION:
- EC_POINT_make_affine 3390 1_1_0 EXIST::FUNCTION:EC
- DSA_generate_parameters 3391 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,DSA
- ASN1_BIT_STRING_num_asc 3392 1_1_0 EXIST::FUNCTION:
--ERR_release_err_state_table 3393 1_1_0 NOEXIST::FUNCTION:
- X509_INFO_free 3394 1_1_0 EXIST::FUNCTION:
- d2i_PKCS8_PRIV_KEY_INFO_fp 3395 1_1_0 EXIST::FUNCTION:STDIO
- X509_OBJECT_retrieve_match 3396 1_1_0 EXIST::FUNCTION:
-@@ -3511,13 +3450,13 @@ d2i_PKCS8_PRIV_KEY_INFO_fp
- EVP_PBE_find 3398 1_1_0 EXIST::FUNCTION:
- SHA512_Transform 3399 1_1_0 EXIST:!VMSVAX:FUNCTION:
- ERR_add_error_vdata 3400 1_1_0 EXIST::FUNCTION:
--OCSP_REQUEST_get_ext 3401 1_1_0 EXIST::FUNCTION:
-+OCSP_REQUEST_get_ext 3401 1_1_0 EXIST::FUNCTION:OCSP
- NETSCAPE_SPKAC_new 3402 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_meth_get_verify 3403 1_1_0 EXIST::FUNCTION:
- CRYPTO_128_wrap 3404 1_1_0 EXIST::FUNCTION:
--X509_STORE_set_lookup_crls_cb 3405 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_lookup_crls 3405 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_meth_get_ctrl 3406 1_1_0 EXIST::FUNCTION:
--OCSP_REQ_CTX_set1_req 3407 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_set1_req 3407 1_1_0 EXIST::FUNCTION:OCSP
- CONF_imodule_get_usr_data 3408 1_1_0 EXIST::FUNCTION:
- CRYPTO_new_ex_data 3409 1_1_0 EXIST::FUNCTION:
- PEM_read_PKCS8_PRIV_KEY_INFO 3410 1_1_0 EXIST::FUNCTION:
-@@ -3531,7 +3470,7 @@ DH_check_pub_key
- PKCS7_set_type 3418 1_1_0 EXIST::FUNCTION:
- BIO_gets 3419 1_1_0 EXIST::FUNCTION:
- RSA_padding_check_PKCS1_type_1 3420 1_1_0 EXIST::FUNCTION:RSA
--UI_ctrl 3421 1_1_0 EXIST::FUNCTION:
-+UI_ctrl 3421 1_1_0 EXIST::FUNCTION:UI
- i2d_X509_REQ_fp 3422 1_1_0 EXIST::FUNCTION:STDIO
- BN_BLINDING_convert_ex 3423 1_1_0 EXIST::FUNCTION:
- ASN1_GENERALIZEDTIME_print 3424 1_1_0 EXIST::FUNCTION:
-@@ -3540,15 +3479,15 @@ PEM_ASN1_read
- SCT_get_log_entry_type 3427 1_1_0 EXIST::FUNCTION:CT
- EVP_CIPHER_meth_get_init 3428 1_1_0 EXIST::FUNCTION:
- X509_ALGOR_free 3429 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_get_ext_count 3430 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_get_ext_count 3430 1_1_0 EXIST::FUNCTION:OCSP
- EC_POINT_free 3431 1_1_0 EXIST::FUNCTION:EC
- EVP_OpenFinal 3432 1_1_0 EXIST::FUNCTION:RSA
- RAND_egd_bytes 3433 1_1_0 EXIST::FUNCTION:EGD
--UI_method_get_writer 3434 1_1_0 EXIST::FUNCTION:
-+UI_method_get_writer 3434 1_1_0 EXIST::FUNCTION:UI
- BN_secure_new 3435 1_1_0 EXIST::FUNCTION:
- CTLOG_new_null 3436 1_1_0 EXIST::FUNCTION:CT
- SHA1_Update 3437 1_1_0 EXIST::FUNCTION:
--BIO_s_connect 3438 1_1_0 EXIST::FUNCTION:
-+BIO_s_connect 3438 1_1_0 EXIST::FUNCTION:SOCK
- EVP_MD_meth_get_init 3439 1_1_0 EXIST::FUNCTION:
- ASN1_BIT_STRING_free 3440 1_1_0 EXIST::FUNCTION:
- i2d_PROXY_CERT_INFO_EXTENSION 3441 1_1_0 EXIST::FUNCTION:
-@@ -3557,10 +3496,10 @@ CTLOG_new_null
- EVP_EncodeFinal 3444 1_1_0 EXIST::FUNCTION:
- X509_set_ex_data 3445 1_1_0 EXIST::FUNCTION:
- ERR_get_next_error_library 3446 1_1_0 EXIST::FUNCTION:
--OCSP_RESPONSE_print 3447 1_1_0 EXIST::FUNCTION:
-+OCSP_RESPONSE_print 3447 1_1_0 EXIST::FUNCTION:OCSP
- BN_get_rfc3526_prime_2048 3448 1_1_0 EXIST::FUNCTION:
- BIO_new_bio_pair 3449 1_1_0 EXIST::FUNCTION:
--EC_GFp_nistp256_method 3450 1_1_0 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
-+EC_GFp_nistp256_method 3450 1_1_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
- BIO_method_type 3451 1_1_0 EXIST::FUNCTION:
- ECPKParameters_print 3452 1_1_0 EXIST::FUNCTION:EC
- EVP_rc4 3453 1_1_0 EXIST::FUNCTION:RC4
-@@ -3588,14 +3527,14 @@ RIPEMD160_Init
- EVP_PKEY_save_parameters 3475 1_1_0 EXIST::FUNCTION:
- SCT_set_source 3476 1_1_0 EXIST::FUNCTION:CT
- DES_set_odd_parity 3477 1_1_0 EXIST::FUNCTION:DES
--CMAC_CTX_free 3478 1_1_0 EXIST::FUNCTION:
-+CMAC_CTX_free 3478 1_1_0 EXIST::FUNCTION:CMAC
- d2i_ESS_ISSUER_SERIAL 3479 1_1_0 EXIST::FUNCTION:TS
- HMAC_CTX_set_flags 3480 1_1_0 EXIST::FUNCTION:
- d2i_PKCS8_bio 3481 1_1_0 EXIST::FUNCTION:
--OCSP_ONEREQ_get_ext_count 3482 1_1_0 EXIST::FUNCTION:
-+OCSP_ONEREQ_get_ext_count 3482 1_1_0 EXIST::FUNCTION:OCSP
- PEM_read_bio_PKCS8_PRIV_KEY_INFO 3483 1_1_0 EXIST::FUNCTION:
--i2d_OCSP_BASICRESP 3484 1_1_0 EXIST::FUNCTION:
--CMAC_Final 3485 1_1_0 EXIST::FUNCTION:
-+i2d_OCSP_BASICRESP 3484 1_1_0 EXIST::FUNCTION:OCSP
-+CMAC_Final 3485 1_1_0 EXIST::FUNCTION:CMAC
- X509V3_EXT_add_alias 3486 1_1_0 EXIST::FUNCTION:
- BN_get_params 3487 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
- PKCS5_pbkdf2_set 3488 1_1_0 EXIST::FUNCTION:
-@@ -3613,7 +3552,7 @@ ENGINE_register_digests
- EVP_rc4_hmac_md5 3500 1_1_0 EXIST::FUNCTION:MD5,RC4
- OPENSSL_strlcat 3501 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_new 3502 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_rawport 3503 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_rawport 3503 1_1_0 EXIST::FUNCTION:SOCK
- BUF_MEM_grow_clean 3504 1_1_0 EXIST::FUNCTION:
- X509_NAME_print_ex_fp 3505 1_1_0 EXIST::FUNCTION:STDIO
- X509_check_host 3506 1_1_0 EXIST::FUNCTION:
-@@ -3663,7 +3602,6 @@ i2o_SCT_signature
- CMS_decrypt 3550 1_1_0 EXIST::FUNCTION:CMS
- BN_mpi2bn 3551 1_1_0 EXIST::FUNCTION:
- EVP_aes_128_cfb128 3552 1_1_0 EXIST::FUNCTION:
--EVP_cleanup 3553 1_1_0 NOEXIST::FUNCTION:
- RC5_32_ecb_encrypt 3554 1_1_0 EXIST::FUNCTION:RC5
- EVP_CIPHER_meth_new 3555 1_1_0 EXIST::FUNCTION:
- i2d_RSA_OAEP_PARAMS 3556 1_1_0 EXIST::FUNCTION:RSA
-@@ -3671,19 +3609,17 @@ i2d_RSA_OAEP_PARAMS
- BIO_get_callback_arg 3558 1_1_0 EXIST::FUNCTION:
- ENGINE_register_RSA 3559 1_1_0 EXIST::FUNCTION:ENGINE
- i2v_GENERAL_NAMES 3560 1_1_0 EXIST::FUNCTION:
--EVP_CIPHER_CTX_cipher_data 3561 1_1_0 NOEXIST::FUNCTION:
- PKCS7_decrypt 3562 1_1_0 EXIST::FUNCTION:
- X509_STORE_set1_param 3563 1_1_0 EXIST::FUNCTION:
- RAND_file_name 3564 1_1_0 EXIST::FUNCTION:
--DSO_METHOD_dl 3565 1_1_0 NOEXIST::FUNCTION:
- EVP_CipherInit_ex 3566 1_1_0 EXIST::FUNCTION:
--BIO_dgram_sctp_notification_cb 3567 1_1_0 EXIST::FUNCTION:SCTP
-+BIO_dgram_sctp_notification_cb 3567 1_1_0 EXIST::FUNCTION:DGRAM,SCTP
- ERR_load_RAND_strings 3568 1_1_0 EXIST::FUNCTION:
- X509_ATTRIBUTE_it 3569 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_ATTRIBUTE_it 3569 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- X509_ALGOR_it 3570 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_ALGOR_it 3570 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
--OCSP_CRLID_free 3571 1_1_0 EXIST::FUNCTION:
-+OCSP_CRLID_free 3571 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_ccm128_aad 3572 1_1_0 EXIST::FUNCTION:
- IPAddressFamily_new 3573 1_1_0 EXIST::FUNCTION:RFC3779
- d2i_TS_ACCURACY 3574 1_1_0 EXIST::FUNCTION:TS
-@@ -3693,7 +3629,7 @@ EVP_camellia_256_cbc
- i2d_PROXY_POLICY 3578 1_1_0 EXIST::FUNCTION:
- X509_subject_name_hash_old 3579 1_1_0 EXIST::FUNCTION:MD5
- PEM_read_bio_DSA_PUBKEY 3580 1_1_0 EXIST::FUNCTION:DSA
--OCSP_cert_to_id 3581 1_1_0 EXIST::FUNCTION:
-+OCSP_cert_to_id 3581 1_1_0 EXIST::FUNCTION:OCSP
- PEM_write_DSAparams 3582 1_1_0 EXIST::FUNCTION:DSA
- ASN1_TIME_to_generalizedtime 3583 1_1_0 EXIST::FUNCTION:
- X509_CRL_get_ext_by_critical 3584 1_1_0 EXIST::FUNCTION:
-@@ -3703,17 +3639,16 @@ PEM_write_RSAPublicKey
- EVP_MD_meth_dup 3588 1_1_0 EXIST::FUNCTION:
- ENGINE_unregister_ciphers 3589 1_1_0 EXIST::FUNCTION:ENGINE
- X509_issuer_and_serial_cmp 3590 1_1_0 EXIST::FUNCTION:
--OCSP_response_create 3591 1_1_0 EXIST::FUNCTION:
-+OCSP_response_create 3591 1_1_0 EXIST::FUNCTION:OCSP
- SHA224 3592 1_1_0 EXIST::FUNCTION:
- MD2_options 3593 1_1_0 EXIST::FUNCTION:MD2
--CRYPTO_set_locking_callback 3594 1_1_0 NOEXIST::FUNCTION:
- X509_REQ_it 3595 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_REQ_it 3595 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- RAND_bytes 3596 1_1_0 EXIST::FUNCTION:
- PKCS7_free 3597 1_1_0 EXIST::FUNCTION:
- X509_NAME_ENTRY_create_by_txt 3598 1_1_0 EXIST::FUNCTION:
- DES_cbc_cksum 3599 1_1_0 EXIST::FUNCTION:DES
--UI_free 3600 1_1_0 EXIST::FUNCTION:
-+UI_free 3600 1_1_0 EXIST::FUNCTION:UI
- BN_is_prime 3601 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
- CMS_get0_signers 3602 1_1_0 EXIST::FUNCTION:CMS
- i2d_PrivateKey_fp 3603 1_1_0 EXIST::FUNCTION:STDIO
-@@ -3736,11 +3671,10 @@ TS_CONF_set_signer_digest
- OBJ_new_nid 3620 1_1_0 EXIST::FUNCTION:
- CMS_ReceiptRequest_new 3621 1_1_0 EXIST::FUNCTION:CMS
- SRP_VBASE_get1_by_user 3622 1_1_0 EXIST::FUNCTION:SRP
--UI_method_get_closer 3623 1_1_0 EXIST::FUNCTION:
-+UI_method_get_closer 3623 1_1_0 EXIST::FUNCTION:UI
- ENGINE_get_ex_data 3624 1_1_0 EXIST::FUNCTION:ENGINE
- BN_print_fp 3625 1_1_0 EXIST::FUNCTION:STDIO
- MD2_Update 3626 1_1_0 EXIST::FUNCTION:MD2
--CRYPTO_THREADID_set_callback 3627 1_1_0 NOEXIST::FUNCTION:
- ENGINE_free 3628 1_1_0 EXIST::FUNCTION:ENGINE
- d2i_X509_ATTRIBUTE 3629 1_1_0 EXIST::FUNCTION:
- TS_RESP_free 3630 1_1_0 EXIST::FUNCTION:TS
-@@ -3781,22 +3715,21 @@ ERR_load_DH_strings
- EVP_MD_block_size 3665 1_1_0 EXIST::FUNCTION:
- TS_X509_ALGOR_print_bio 3666 1_1_0 EXIST::FUNCTION:TS
- d2i_PKCS7_ENVELOPE 3667 1_1_0 EXIST::FUNCTION:
--OBJ_cleanup 3668 1_1_0 NOEXIST::FUNCTION:
- ESS_CERT_ID_new 3669 1_1_0 EXIST::FUNCTION:TS
- EC_POINT_invert 3670 1_1_0 EXIST::FUNCTION:EC
- CAST_set_key 3671 1_1_0 EXIST::FUNCTION:CAST
- ENGINE_get_pkey_meth 3672 1_1_0 EXIST::FUNCTION:ENGINE
--BIO_ADDRINFO_free 3673 1_1_0 EXIST::FUNCTION:
-+BIO_ADDRINFO_free 3673 1_1_0 EXIST::FUNCTION:SOCK
- DES_ede3_cbc_encrypt 3674 1_1_0 EXIST::FUNCTION:DES
- X509v3_asid_canonize 3675 1_1_0 EXIST::FUNCTION:RFC3779
- i2d_ASIdOrRange 3676 1_1_0 EXIST::FUNCTION:RFC3779
--OCSP_url_svcloc_new 3677 1_1_0 EXIST::FUNCTION:
-+OCSP_url_svcloc_new 3677 1_1_0 EXIST::FUNCTION:OCSP
- CRYPTO_mem_ctrl 3678 1_1_0 EXIST::FUNCTION:
- ASN1_verify 3679 1_1_0 EXIST::FUNCTION:
- DSA_generate_parameters_ex 3680 1_1_0 EXIST::FUNCTION:DSA
- X509_sign 3681 1_1_0 EXIST::FUNCTION:
- SHA256_Transform 3682 1_1_0 EXIST::FUNCTION:
--BIO_ADDR_free 3683 1_1_0 EXIST::FUNCTION:
-+BIO_ADDR_free 3683 1_1_0 EXIST::FUNCTION:SOCK
- ASN1_STRING_free 3684 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_inherit 3685 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get_curve_name 3686 1_1_0 EXIST::FUNCTION:EC
-@@ -3806,20 +3739,20 @@ RSA_print
- ASN1_UTCTIME_cmp_time_t 3690 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_set1_ip 3691 1_1_0 EXIST::FUNCTION:
- OTHERNAME_free 3692 1_1_0 EXIST::FUNCTION:
--OCSP_REVOKEDINFO_free 3693 1_1_0 EXIST::FUNCTION:
-+OCSP_REVOKEDINFO_free 3693 1_1_0 EXIST::FUNCTION:OCSP
- EVP_CIPHER_CTX_encrypting 3694 1_1_0 EXIST::FUNCTION:
- EC_KEY_can_sign 3695 1_1_0 EXIST::FUNCTION:EC
- PEM_write_bio_RSAPublicKey 3696 1_1_0 EXIST::FUNCTION:RSA
- X509_CRL_set_lastUpdate 3697 1_1_0 EXIST::FUNCTION:
--OCSP_sendreq_nbio 3698 1_1_0 EXIST::FUNCTION:
-+OCSP_sendreq_nbio 3698 1_1_0 EXIST::FUNCTION:OCSP
- PKCS8_encrypt 3699 1_1_0 EXIST::FUNCTION:
- i2d_PKCS7_fp 3700 1_1_0 EXIST::FUNCTION:STDIO
- i2d_X509_REQ 3701 1_1_0 EXIST::FUNCTION:
--OCSP_CRLID_it 3702 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_CRLID_it 3702 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_CRLID_it 3702 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_CRLID_it 3702 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- PEM_ASN1_write_bio 3703 1_1_0 EXIST::FUNCTION:
- X509_get0_reject_objects 3704 1_1_0 EXIST::FUNCTION:
--BIO_set_tcp_ndelay 3705 1_1_0 EXIST::FUNCTION:
-+BIO_set_tcp_ndelay 3705 1_1_0 EXIST::FUNCTION:SOCK
- CMS_add0_CertificateChoices 3706 1_1_0 EXIST::FUNCTION:CMS
- POLICYINFO_new 3707 1_1_0 EXIST::FUNCTION:
- X509_CRL_get0_by_serial 3708 1_1_0 EXIST::FUNCTION:
-@@ -3832,15 +3765,15 @@ ENGINE_register_all_digests
- X509_REQ_get_version 3714 1_1_0 EXIST::FUNCTION:
- i2d_ASN1_UTCTIME 3715 1_1_0 EXIST::FUNCTION:
- TS_STATUS_INFO_new 3716 1_1_0 EXIST::FUNCTION:TS
--UI_set_ex_data 3717 1_1_0 EXIST::FUNCTION:
-+UI_set_ex_data 3717 1_1_0 EXIST::FUNCTION:UI
- ASN1_TIME_set 3718 1_1_0 EXIST::FUNCTION:
- TS_RESP_verify_response 3719 1_1_0 EXIST::FUNCTION:TS
- X509_REVOKED_get0_serialNumber 3720 1_1_0 EXIST::FUNCTION:
- X509_VERIFY_PARAM_free 3721 1_1_0 EXIST::FUNCTION:
- ASN1_TYPE_new 3722 1_1_0 EXIST::FUNCTION:
--CMAC_CTX_cleanup 3723 1_1_0 EXIST::FUNCTION:
-+CMAC_CTX_cleanup 3723 1_1_0 EXIST::FUNCTION:CMAC
- i2d_PKCS7_NDEF 3724 1_1_0 EXIST::FUNCTION:
--sk_pop_free 3725 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_pop_free 3725 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get0_policy_tree 3726 1_1_0 EXIST::FUNCTION:
- DES_set_key_checked 3727 1_1_0 EXIST::FUNCTION:DES
- EVP_PKEY_meth_free 3728 1_1_0 EXIST::FUNCTION:
-@@ -3869,9 +3802,9 @@ DES_fcrypt
- TS_REQ_get_nonce 3751 1_1_0 EXIST::FUNCTION:TS
- ENGINE_unregister_EC 3752 1_1_0 EXIST::FUNCTION:ENGINE
- X509v3_get_ext_count 3753 1_1_0 EXIST::FUNCTION:
--UI_OpenSSL 3754 1_1_0 EXIST::FUNCTION:
-+UI_OpenSSL 3754 1_1_0 EXIST::FUNCTION:UI
- CRYPTO_ccm128_decrypt 3755 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_RESPDATA 3756 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_RESPDATA 3756 1_1_0 EXIST::FUNCTION:OCSP
- BIO_set_callback 3757 1_1_0 EXIST::FUNCTION:
- BN_GF2m_poly2arr 3758 1_1_0 EXIST::FUNCTION:EC2M
- CMS_unsigned_get_attr_count 3759 1_1_0 EXIST::FUNCTION:CMS
-@@ -3881,18 +3814,17 @@ ECDH_compute_key
- ASN1_TIME_print 3763 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_CTX_get0_peerkey 3764 1_1_0 EXIST::FUNCTION:
- BN_mod_lshift1 3765 1_1_0 EXIST::FUNCTION:
--BIO_ADDRINFO_family 3766 1_1_0 EXIST::FUNCTION:
-+BIO_ADDRINFO_family 3766 1_1_0 EXIST::FUNCTION:SOCK
- PEM_write_DHxparams 3767 1_1_0 EXIST::FUNCTION:DH
- BN_mod_exp2_mont 3768 1_1_0 EXIST::FUNCTION:
- ASN1_PRINTABLE_free 3769 1_1_0 EXIST::FUNCTION:
--CRYPTO_thread_id 3770 1_1_0 NOEXIST::FUNCTION:
- PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS7_ATTR_SIGN_it 3771 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- EVP_MD_CTX_copy 3772 1_1_0 EXIST::FUNCTION:
- ENGINE_set_ctrl_function 3773 1_1_0 EXIST::FUNCTION:ENGINE
--OCSP_id_get0_info 3774 1_1_0 EXIST::FUNCTION:
--BIO_ADDRINFO_next 3775 1_1_0 EXIST::FUNCTION:
--OCSP_RESPBYTES_free 3776 1_1_0 EXIST::FUNCTION:
-+OCSP_id_get0_info 3774 1_1_0 EXIST::FUNCTION:OCSP
-+BIO_ADDRINFO_next 3775 1_1_0 EXIST::FUNCTION:SOCK
-+OCSP_RESPBYTES_free 3776 1_1_0 EXIST::FUNCTION:OCSP
- EC_KEY_METHOD_set_init 3777 1_1_0 EXIST::FUNCTION:EC
- EVP_PKEY_asn1_copy 3778 1_1_0 EXIST::FUNCTION:
- RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-@@ -3900,7 +3832,7 @@ RSA_PSS_PARAMS_it
- X509_STORE_CTX_get_error_depth 3780 1_1_0 EXIST::FUNCTION:
- ASN1_GENERALIZEDTIME_set_string 3781 1_1_0 EXIST::FUNCTION:
- EC_GROUP_new_curve_GFp 3782 1_1_0 EXIST::FUNCTION:EC
--UI_new_method 3783 1_1_0 EXIST::FUNCTION:
-+UI_new_method 3783 1_1_0 EXIST::FUNCTION:UI
- Camellia_ofb128_encrypt 3784 1_1_0 EXIST::FUNCTION:CAMELLIA
- X509_new 3785 1_1_0 EXIST::FUNCTION:
- EC_KEY_get_conv_form 3786 1_1_0 EXIST::FUNCTION:EC
-@@ -3931,15 +3863,14 @@ CMS_signed_delete_attr
- PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKEY_USAGE_PERIOD_it 3810 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- BN_mul_word 3811 1_1_0 EXIST::FUNCTION:
--DES_enc_read 3812 1_1_0 EXIST::FUNCTION:DES
- i2d_IPAddressRange 3813 1_1_0 EXIST::FUNCTION:RFC3779
- CMS_unsigned_add1_attr_by_txt 3814 1_1_0 EXIST::FUNCTION:CMS
- d2i_RSA_PUBKEY 3815 1_1_0 EXIST::FUNCTION:RSA
- PKCS12_gen_mac 3816 1_1_0 EXIST::FUNCTION:
- ERR_load_ENGINE_strings 3817 1_1_0 EXIST::FUNCTION:ENGINE
- ERR_load_CT_strings 3818 1_1_0 EXIST::FUNCTION:CT
--OCSP_ONEREQ_it 3819 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_ONEREQ_it 3819 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_ONEREQ_it 3819 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_ONEREQ_it 3819 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- X509_PURPOSE_get_by_sname 3820 1_1_0 EXIST::FUNCTION:
- X509_PURPOSE_set 3821 1_1_0 EXIST::FUNCTION:
- BN_mod_inverse 3822 1_1_0 EXIST::FUNCTION:
-@@ -3961,20 +3892,20 @@ BN_GF2m_mod_inv_arr
- X509_REQ_get1_email 3838 1_1_0 EXIST::FUNCTION:
- EC_KEY_print 3839 1_1_0 EXIST::FUNCTION:EC
- i2d_ASN1_INTEGER 3840 1_1_0 EXIST::FUNCTION:
--OCSP_SINGLERESP_add1_ext_i2d 3841 1_1_0 EXIST::FUNCTION:
-+OCSP_SINGLERESP_add1_ext_i2d 3841 1_1_0 EXIST::FUNCTION:OCSP
- PKCS7_add_signed_attribute 3842 1_1_0 EXIST::FUNCTION:
- i2d_PrivateKey_bio 3843 1_1_0 EXIST::FUNCTION:
- RSA_padding_add_PKCS1_type_1 3844 1_1_0 EXIST::FUNCTION:RSA
- i2d_re_X509_tbs 3845 1_1_0 EXIST::FUNCTION:
- EVP_CIPHER_iv_length 3846 1_1_0 EXIST::FUNCTION:
--OCSP_REQ_CTX_get0_mem_bio 3847 1_1_0 EXIST::FUNCTION:
-+OCSP_REQ_CTX_get0_mem_bio 3847 1_1_0 EXIST::FUNCTION:OCSP
- i2d_PKCS8PrivateKeyInfo_bio 3848 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_CERTID 3849 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_CERTID 3849 1_1_0 EXIST::FUNCTION:OCSP
- EVP_CIPHER_meth_set_init 3850 1_1_0 EXIST::FUNCTION:
- RIPEMD160_Final 3851 1_1_0 EXIST::FUNCTION:RMD160
- NETSCAPE_SPKI_free 3852 1_1_0 EXIST::FUNCTION:
- BIO_asn1_get_prefix 3853 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_ONEREQ 3854 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_ONEREQ 3854 1_1_0 EXIST::FUNCTION:OCSP
- EVP_PKEY_asn1_set_security_bits 3855 1_1_0 EXIST::FUNCTION:
- i2d_CERTIFICATEPOLICIES 3856 1_1_0 EXIST::FUNCTION:
- i2d_X509_CERT_AUX 3857 1_1_0 EXIST::FUNCTION:
-@@ -3982,8 +3913,8 @@ i2o_ECPublicKey
- PKCS12_SAFEBAG_create0_pkcs8 3859 1_1_0 EXIST::FUNCTION:
- OBJ_get0_data 3860 1_1_0 EXIST::FUNCTION:
- EC_GROUP_get0_seed 3861 1_1_0 EXIST::FUNCTION:EC
--OCSP_REQUEST_it 3862 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_REQUEST_it 3862 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_REQUEST_it 3862 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_REQUEST_it 3862 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- ASRange_it 3863 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
- ASRange_it 3863 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
- i2d_TS_RESP 3864 1_1_0 EXIST::FUNCTION:TS
-@@ -3997,17 +3928,15 @@ RSA_OAEP_PARAMS_it
- RSA_OAEP_PARAMS_it 3871 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
- BN_bn2mpi 3872 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_cleanup 3873 1_1_0 EXIST::FUNCTION:
--OCSP_onereq_get0_id 3874 1_1_0 EXIST::FUNCTION:
-+OCSP_onereq_get0_id 3874 1_1_0 EXIST::FUNCTION:OCSP
- X509_get_default_cert_dir 3875 1_1_0 EXIST::FUNCTION:
--DSO_get_method 3876 1_1_0 NOEXIST::FUNCTION:
- PROXY_POLICY_free 3877 1_1_0 EXIST::FUNCTION:
- PEM_write_DSAPrivateKey 3878 1_1_0 EXIST::FUNCTION:DSA
--sk_delete_ptr 3879 1_1_0 EXIST::FUNCTION:
-+OPENSSL_sk_delete_ptr 3879 1_1_0 EXIST::FUNCTION:
- CMS_add0_RevocationInfoChoice 3880 1_1_0 EXIST::FUNCTION:CMS
- ASN1_PCTX_get_flags 3881 1_1_0 EXIST::FUNCTION:
- EVP_MD_meth_set_result_size 3882 1_1_0 EXIST::FUNCTION:
- i2d_X509_CRL 3883 1_1_0 EXIST::FUNCTION:
--BIO_sock_cleanup 3884 1_1_0 NOEXIST::FUNCTION:
- ASN1_INTEGER_it 3885 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- ASN1_INTEGER_it 3885 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- TS_ACCURACY_new 3886 1_1_0 EXIST::FUNCTION:TS
-@@ -4019,19 +3948,19 @@ TS_RESP_CTX_set_status_info_cond
- ENGINE_set_RSA 3892 1_1_0 EXIST::FUNCTION:ENGINE
- i2d_X509_ATTRIBUTE 3893 1_1_0 EXIST::FUNCTION:
- PKCS7_ctrl 3894 1_1_0 EXIST::FUNCTION:
--OCSP_REVOKEDINFO_it 3895 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
--OCSP_REVOKEDINFO_it 3895 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-+OCSP_REVOKEDINFO_it 3895 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP
-+OCSP_REVOKEDINFO_it 3895 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:OCSP
- X509V3_set_ctx 3896 1_1_0 EXIST::FUNCTION:
- ASN1_ENUMERATED_set_int64 3897 1_1_0 EXIST::FUNCTION:
- o2i_SCT 3898 1_1_0 EXIST::FUNCTION:CT
- CRL_DIST_POINTS_free 3899 1_1_0 EXIST::FUNCTION:
--d2i_OCSP_SINGLERESP 3900 1_1_0 EXIST::FUNCTION:
-+d2i_OCSP_SINGLERESP 3900 1_1_0 EXIST::FUNCTION:OCSP
- EVP_CIPHER_CTX_num 3901 1_1_0 EXIST::FUNCTION:
- EVP_PKEY_verify_recover_init 3902 1_1_0 EXIST::FUNCTION:
- SHA512_Init 3903 1_1_0 EXIST:!VMSVAX:FUNCTION:
- TS_MSG_IMPRINT_set_msg 3904 1_1_0 EXIST::FUNCTION:TS
- CMS_unsigned_add1_attr 3905 1_1_0 EXIST::FUNCTION:CMS
--lh_doall 3906 1_1_0 EXIST::FUNCTION:
-+OPENSSL_LH_doall 3906 1_1_0 EXIST::FUNCTION:
- PKCS8_pkey_get0_attrs 3907 1_1_0 EXIST::FUNCTION:
- PKCS8_pkey_add1_attr_by_NID 3908 1_1_0 EXIST::FUNCTION:
- ASYNC_is_capable 3909 1_1_0 EXIST::FUNCTION:
-@@ -4194,16 +4123,70 @@ DH_meth_set_generate_key
- DH_meth_free 4068 1_1_0 EXIST::FUNCTION:DH
- DH_meth_get_generate_key 4069 1_1_0 EXIST::FUNCTION:DH
- DH_set_flags 4070 1_1_0 EXIST::FUNCTION:DH
--X509_STORE_get_X509_by_subject 4071 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_obj_by_subject 4071 1_1_0 EXIST::FUNCTION:
- X509_OBJECT_free 4072 1_1_0 EXIST::FUNCTION:
- X509_OBJECT_get0_X509 4073 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get0_untrusted 4074 1_1_0 EXIST::FUNCTION:
--X509_STORE_CTX_set0_chain 4075 1_1_0 NOEXIST::FUNCTION:
-+X509_STORE_CTX_set_error_depth 4075 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get0_cert 4076 1_1_0 EXIST::FUNCTION:
--X509_STORE_CTX_set_verify 4077 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_set_verify 4077 1_1_0 NOEXIST::FUNCTION:
-+X509_STORE_CTX_set_current_cert 4078 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get_verify 4079 1_1_0 EXIST::FUNCTION:
- X509_STORE_CTX_get_verify_cb 4080 1_1_0 EXIST::FUNCTION:
--X509_STORE_CTX_get_cert 4081 1_1_0 NOEXIST::FUNCTION:
--X509_STORE_CTX_set0_verified_chain 4082 1_1_0 EXIST::FUNCTION:
--X509_STORE_CTX_set0_untrusted 4083 1_1_0 EXIST::FUNCTION:
--OPENSSL_hexchar2int 4084 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_set0_verified_chain 4081 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_set0_untrusted 4082 1_1_0 EXIST::FUNCTION:
-+OPENSSL_hexchar2int 4083 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_ex_data 4084 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_ex_data 4085 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get0_objects 4086 1_1_0 EXIST::FUNCTION:
-+X509_OBJECT_get_type 4087 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_verify 4088 1_1_0 EXIST::FUNCTION:
-+X509_OBJECT_new 4089 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get0_param 4090 1_1_0 EXIST::FUNCTION:
-+PEM_write_bio_PrivateKey_traditional 4091 1_1_0 EXIST::FUNCTION:
-+X509_get_pathlen 4092 1_1_0 EXIST::FUNCTION:
-+ECDSA_SIG_set0 4093 1_1_0 EXIST::FUNCTION:EC
-+DSA_SIG_set0 4094 1_1_0 EXIST::FUNCTION:DSA
-+EVP_PKEY_get0_hmac 4095 1_1_0 EXIST::FUNCTION:
-+HMAC_CTX_get_md 4096 1_1_0 EXIST::FUNCTION:
-+NAME_CONSTRAINTS_check_CN 4097 1_1_0 EXIST::FUNCTION:
-+OCSP_resp_get0_id 4098 1_1_0 EXIST::FUNCTION:OCSP
-+OCSP_resp_get0_certs 4099 1_1_0 EXIST::FUNCTION:OCSP
-+X509_set_proxy_flag 4100 1_1_0 EXIST::FUNCTION:
-+EVP_ENCODE_CTX_copy 4101 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_check_issued 4102 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_lookup_certs 4103 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_check_crl 4104 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_cleanup 4105 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_lookup_crls 4106 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_cert_crl 4107 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_lookup_certs 4108 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_check_revocation 4109 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_get_crl 4110 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_check_issued 4111 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_check_policy 4112 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_check_crl 4113 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_check_crl 4114 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_check_issued 4115 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_get_issuer 4116 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_get_crl 4117 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_get_issuer 4118 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_cleanup 4119 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_cleanup 4120 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_get_crl 4121 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_check_revocation 4122 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_cert_crl 4123 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_lookup_certs 4124 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_check_policy 4125 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_get_issuer 4126 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_check_policy 4127 1_1_0 EXIST::FUNCTION:
-+X509_STORE_set_cert_crl 4128 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_check_revocation 4129 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_verify_cb 4130 1_1_0 EXIST::FUNCTION:
-+X509_STORE_CTX_get_lookup_crls 4131 1_1_0 EXIST::FUNCTION:
-+X509_STORE_get_verify 4132 1_1_0 EXIST::FUNCTION:
-+X509_STORE_unlock 4133 1_1_0 EXIST::FUNCTION:
-+X509_STORE_lock 4134 1_1_0 EXIST::FUNCTION:
-+X509_set_proxy_pathlen 4135 1_1_0 EXIST::FUNCTION:
-+X509_get_proxy_pathlen 4136 1_1_0 EXIST::FUNCTION:
-+DSA_bits 4137 1_1_0 EXIST::FUNCTION:DSA
---- a/util/libssl.num
-+++ b/util/libssl.num
-@@ -7,7 +7,6 @@ SSL_CTX_set_srp_client_pwd_callback
- SSL_CTX_set_srp_password 7 1_1_0 EXIST::FUNCTION:SRP
- SSL_shutdown 8 1_1_0 EXIST::FUNCTION:
- SSL_CTX_set_msg_callback 9 1_1_0 EXIST::FUNCTION:
--SSL_COMP_free_compression_methods 10 1_1_0 NOEXIST::FUNCTION:
- SSL_SESSION_get0_ticket 11 1_1_0 EXIST::FUNCTION:
- SSL_get1_supported_ciphers 12 1_1_0 EXIST::FUNCTION:
- SSL_state_string_long 13 1_1_0 EXIST::FUNCTION:
-@@ -157,7 +156,7 @@ SSL_CTX_set_tmp_dh_callback
- SSL_CTX_get_default_passwd_cb 157 1_1_0 EXIST::FUNCTION:
- TLSv1_server_method 158 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
- DTLS_server_method 159 1_1_0 EXIST::FUNCTION:
--SSL_set_rbio 160 1_1_0 EXIST::FUNCTION:
-+SSL_set0_rbio 160 1_1_0 EXIST::FUNCTION:
- SSL_CTX_set_options 161 1_1_0 EXIST::FUNCTION:
- SSL_set_msg_callback 162 1_1_0 EXIST::FUNCTION:
- SSL_CONF_CTX_free 163 1_1_0 EXIST::FUNCTION:
-@@ -237,7 +236,7 @@ DTLSv1_server_method
- SSL_set_fd 237 1_1_0 EXIST::FUNCTION:SOCK
- SSL_use_certificate 238 1_1_0 EXIST::FUNCTION:
- DTLSv1_method 239 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
--SSL_set_wbio 240 1_1_0 EXIST::FUNCTION:
-+SSL_set0_wbio 240 1_1_0 EXIST::FUNCTION:
- SSL_read 241 1_1_0 EXIST::FUNCTION:
- SSL_CTX_get_options 242 1_1_0 EXIST::FUNCTION:
- SSL_CTX_set_ssl_version 243 1_1_0 EXIST::FUNCTION:
-@@ -394,3 +393,10 @@ SSL_enable_ct
- SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT
- SSL_CTX_get_ciphers 395 1_1_0 EXIST::FUNCTION:
- SSL_SESSION_get0_hostname 396 1_1_0 EXIST::FUNCTION:
-+SSL_client_version 397 1_1_0 EXIST::FUNCTION:
-+SSL_SESSION_get_protocol_version 398 1_1_0 EXIST::FUNCTION:
-+SSL_is_dtls 399 1_1_0 EXIST::FUNCTION:
-+SSL_CTX_dane_set_flags 400 1_1_0 EXIST::FUNCTION:
-+SSL_dane_set_flags 401 1_1_0 EXIST::FUNCTION:
-+SSL_CTX_dane_clear_flags 402 1_1_0 EXIST::FUNCTION:
-+SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION:
---- a/util/mkbuildinf.pl
-+++ b/util/mkbuildinf.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl
-+#! /usr/bin/env perl
-+# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-
- my ($cflags, $platform) = @ARGV;
-
---- a/util/mkdef.pl
-+++ b/util/mkdef.pl
-@@ -1,4 +1,11 @@
--#!/usr/local/bin/perl -w
-+#! /usr/bin/env perl
-+# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- #
- # generate a .def file
- #
-@@ -66,7 +73,7 @@ my $linux=0;
- my $safe_stack_def = 0;
-
- my @known_platforms = ( "__FreeBSD__", "PERL5",
-- "EXPORT_VAR_AS_FUNCTION", "ZLIB"
-+ "EXPORT_VAR_AS_FUNCTION", "ZLIB", "_WIN32"
- );
- my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" );
- my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
-@@ -122,6 +129,7 @@ my @known_algorithms = ( "RC2", "RC4", "
- "TS",
- # OCB mode
- "OCB",
-+ "CMAC",
- # APPLINK (win build feature?)
- "APPLINK"
- );
-@@ -239,7 +247,6 @@ my $ssl="include/openssl/ssl.h";
- my $crypto ="include/openssl/crypto.h";
- $crypto.=" include/internal/o_dir.h";
- $crypto.=" include/internal/o_str.h";
--$crypto.=" include/internal/threads.h";
- $crypto.=" include/internal/err.h";
- $crypto.=" include/openssl/des.h" ; # unless $no_des;
- $crypto.=" include/openssl/idea.h" ; # unless $no_idea;
-@@ -1114,6 +1121,7 @@ sub is_valid
- if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
- if ($keyword eq "VMS" && $VMS) { return 1; }
- if ($keyword eq "WIN32" && $W32) { return 1; }
-+ if ($keyword eq "_WIN32" && $W32) { return 1; }
- if ($keyword eq "WINNT" && $NT) { return 1; }
- # Special platforms:
- # EXPORT_VAR_AS_FUNCTION means that global variables
-@@ -1317,11 +1325,11 @@ EOF
- print OUT $symline;
- $symvtextcount += length($symline) - 2;
- } elsif($v) {
-- printf OUT " %s%-39s @%-8d DATA\n",
-- ($W32)?"":"_",$s2,$n;
-+ printf OUT " %s%-39s DATA\n",
-+ ($W32)?"":"_",$s2;
- } else {
-- printf OUT " %s%-39s @%d\n",
-- ($W32)?"":"_",$s2,$n;
-+ printf OUT " %s%s\n",
-+ ($W32)?"":"_",$s2;
- }
- }
- }
---- a/util/mkdir-p.pl
-+++ b/util/mkdir-p.pl
-@@ -1,6 +1,10 @@
--#!/usr/local/bin/perl
--
--# mkdir-p.pl
-+#! /usr/bin/env perl
-+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- # On some systems, the -p option to mkdir (= also create any missing parent
- # directories) is not available.
-@@ -29,6 +33,12 @@ sub do_mkdir_p {
- do_mkdir_p($parent);
- }
-
-- mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
-+ unless (mkdir($dir, 0777)) {
-+ if (-d $dir) {
-+ # We raced against another instance doing the same thing.
-+ return;
-+ }
-+ die "Cannot create directory $dir: $!\n";
-+ }
- print "created directory `$dir'\n";
- }
---- a/util/mkerr.pl
-+++ b/util/mkerr.pl
-@@ -1,7 +1,12 @@
--#!/usr/local/bin/perl -w
-+#! /usr/bin/env perl
-+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- my $config = "crypto/err/openssl.ec";
--my $hprefix = "openssl/";
- my $debug = 0;
- my $unref = 0;
- my $rebuild = 0;
-@@ -10,6 +15,8 @@ my $recurse = 0;
- my $reindex = 0;
- my $dowrite = 0;
- my $staticloader = "";
-+my @t = localtime();
-+my $YEAR = @t[5] + 1900;
-
- my $pack_errcode;
- my $load_errcode;
-@@ -62,6 +69,8 @@ mkerr.pl [options] ...
- -hprefix P Prepend the filenames in generated #include <header>
- statements with prefix P. Default: 'openssl/' (without
- the quotes, naturally)
-+ NOTE: not used any more because our include directory
-+ structure has changed.
-
- -debug Turn on debugging verbose output on stderr.
-
-@@ -165,8 +174,8 @@ close IN;
- while (($hdr, $lib) = each %libinc)
- {
- next if($hdr eq "NONE");
-- print STDERR "Scanning header file $hdr\n" if $debug;
-- my $line = "", $def= "", $linenr = 0, $gotfile = 0;
-+ print STDERR "Scanning header file $hdr\n" if $debug;
-+ my $line = "", $def= "", $linenr = 0, $gotfile = 0, $cpp = 0;
- if (open(IN, "<$hdr")) {
- $gotfile = 1;
- while(<IN>) {
-@@ -401,75 +410,37 @@ foreach $lib (keys %csrc)
-
- # Rewrite the header file
-
-+ $cpp = 0;
-+ $cplusplus = 0;
- if (open(IN, "<$hfile")) {
- # Copy across the old file
- while(<IN>) {
-+ $cplusplus = $cpp if /^#.*ifdef.*cplusplus/;
-+ $cpp++ if /^#\s*if/;
-+ $cpp-- if /^#\s*endif/;
- push @out, $_;
- last if (/BEGIN ERROR CODES/);
- }
- close IN;
- } else {
-+ $cpp = 1;
-+ $cplusplus = 1;
- push @out,
--"/* ====================================================================\n",
--" * Copyright (c) 2001-$year The OpenSSL Project. All rights reserved.\n",
--" *\n",
--" * Redistribution and use in source and binary forms, with or without\n",
--" * modification, are permitted provided that the following conditions\n",
--" * are met:\n",
--" *\n",
--" * 1. Redistributions of source code must retain the above copyright\n",
--" * notice, this list of conditions and the following disclaimer. \n",
--" *\n",
--" * 2. Redistributions in binary form must reproduce the above copyright\n",
--" * notice, this list of conditions and the following disclaimer in\n",
--" * the documentation and/or other materials provided with the\n",
--" * distribution.\n",
--" *\n",
--" * 3. All advertising materials mentioning features or use of this\n",
--" * software must display the following acknowledgment:\n",
--" * \"This product includes software developed by the OpenSSL Project\n",
--" * for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
--" *\n",
--" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
--" * endorse or promote products derived from this software without\n",
--" * prior written permission. For written permission, please contact\n",
--" * openssl-core\@openssl.org.\n",
--" *\n",
--" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
--" * nor may \"OpenSSL\" appear in their names without prior written\n",
--" * permission of the OpenSSL Project.\n",
--" *\n",
--" * 6. Redistributions of any form whatsoever must retain the following\n",
--" * acknowledgment:\n",
--" * \"This product includes software developed by the OpenSSL Project\n",
--" * for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
--" *\n",
--" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
--" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
--" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
--" * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
--" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
--" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
--" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
--" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
--" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
--" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
--" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
--" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
--" * ====================================================================\n",
--" *\n",
--" * This product includes cryptographic software written by Eric Young\n",
--" * (eay\@cryptsoft.com). This product includes software written by Tim\n",
--" * Hudson (tjh\@cryptsoft.com).\n",
-+"/*\n",
-+" * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.\n",
- " *\n",
-+" * Licensed under the OpenSSL license (the \"License\"). You may not use\n",
-+" * this file except in compliance with the License. You can obtain a copy\n",
-+" * in the file LICENSE in the source distribution or at\n",
-+" * https://www.openssl.org/source/license.html\n",
- " */\n",
- "\n",
- "#ifndef HEADER_${lib}_ERR_H\n",
--"#define HEADER_${lib}_ERR_H\n",
-+"# define HEADER_${lib}_ERR_H\n",
- "\n",
--"#ifdef __cplusplus\n",
-+"# ifdef __cplusplus\n",
- "extern \"C\" {\n",
--"#endif\n",
-+"# endif\n",
- "\n",
- "/* BEGIN ERROR CODES */\n";
- }
-@@ -482,15 +453,16 @@ foreach $lib (keys %csrc)
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-+
- EOF
- if($static) {
- print OUT <<"EOF";
--${staticloader}void ERR_load_${lib}_strings(void);
-+${staticloader}int ERR_load_${lib}_strings(void);
-
- EOF
- } else {
- print OUT <<"EOF";
--${staticloader}void ERR_load_${lib}_strings(void);
-+${staticloader}int ERR_load_${lib}_strings(void);
- ${staticloader}void ERR_unload_${lib}_strings(void);
- ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
- # define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE)
-@@ -542,11 +514,17 @@ EOF
- }
- print OUT <<"EOF";
-
--#ifdef __cplusplus
--}
--#endif
--#endif
- EOF
-+ do {
-+ if ($cplusplus == $cpp) {
-+ print OUT "#", " "x$cpp, "ifdef __cplusplus\n";
-+ print OUT "}\n";
-+ print OUT "#", " "x$cpp, "endif\n";
-+ }
-+ if ($cpp-- > 0) {
-+ print OUT "#", " "x$cpp, "endif\n";
-+ }
-+ } while ($cpp);
- close OUT;
-
- # Rewrite the C source file containing the error details.
-@@ -578,8 +556,13 @@ EOF
-
- my $hincf;
- if($static) {
-- $hfile =~ /([^\/]+)$/;
-- $hincf = "<${hprefix}$1>";
-+ $hincf = $hfile;
-+ $hincf =~ s|.*include/||;
-+ if ($hincf =~ m|^openssl/|) {
-+ $hincf = "<${hincf}>";
-+ } else {
-+ $hincf = "\"${hincf}\"";
-+ }
- } else {
- $hincf = "\"$hfile\"";
- }
-@@ -602,64 +585,14 @@ EOF
- open (OUT,">$cfile") || die "Can't open $cfile for writing";
-
- print OUT <<"EOF";
--/* ====================================================================
-- * Copyright (c) 1999-$year The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * openssl-core\@OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay\@cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh\@cryptsoft.com).
-- *
-- */
--
- /*
-- * NOTE: this file was auto generated by the mkerr.pl script: any changes
-- * made to it will be overwritten when the script next updates this file,
-- * only reason strings will be preserved.
-+ * Generated by util/mkerr.pl DO NOT EDIT
-+ * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
- */
-
- #include <stdio.h>
-@@ -683,7 +616,7 @@ EOF
- $fn = $ftrans{$fn};
- }
- # print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
-- if(length($i) + length($fn) > 58) {
-+ if(length($i) + length($fn) > 57) {
- print OUT " {ERR_FUNC($i),\n \"$fn\"},\n";
- } else {
- print OUT " {ERR_FUNC($i), \"$fn\"},\n";
-@@ -706,7 +639,7 @@ EOF
- $rn = $1;
- $rn =~ tr/_[A-Z]/ [a-z]/;
- }
-- if(length($i) + length($rn) > 56) {
-+ if(length($i) + length($rn) > 55) {
- print OUT " {${rstr},\n \"$rn\"},\n";
- } else {
- print OUT " {${rstr}, \"$rn\"},\n";
-@@ -719,7 +652,7 @@ if($static) {
-
- #endif
-
--${staticloader}void ERR_load_${lib}_strings(void)
-+${staticloader}int ERR_load_${lib}_strings(void)
- {
- #ifndef OPENSSL_NO_ERR
-
-@@ -728,6 +661,7 @@ if($static) {
- ERR_load_strings($load_errcode, ${lib}_str_reasons);
- }
- #endif
-+ return 1;
- }
- EOF
- } else {
-@@ -747,7 +681,7 @@ static ERR_STRING_DATA ${lib}_lib_name[]
- static int ${lib}_lib_error_code = 0;
- static int ${lib}_error_init = 1;
-
--${staticloader}void ERR_load_${lib}_strings(void)
-+${staticloader}int ERR_load_${lib}_strings(void)
- {
- if (${lib}_lib_error_code == 0)
- ${lib}_lib_error_code = ERR_get_next_error_library();
-@@ -764,6 +698,7 @@ static int ${lib}_error_init = 1;
- ERR_load_strings(0, ${lib}_lib_name);
- #endif
- }
-+ return 1;
- }
-
- ${staticloader}void ERR_unload_${lib}_strings(void)
---- a/util/mkrc.pl
-+++ b/util/mkrc.pl
-@@ -1,5 +1,10 @@
--#!/bin/env perl
-+#! /usr/bin/env perl
-+# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- use lib ".";
- use configdata;
-@@ -64,7 +69,7 @@ BEGIN
- VALUE "ProductVersion", "$version\\0"
- // Optional:
- //VALUE "Comments", "\\0"
-- VALUE "LegalCopyright", "Copyright © 1998-2015 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
-+ VALUE "LegalCopyright", "Copyright 1998-2016 The OpenSSL Authors. All rights reserved.\\0"
- //VALUE "LegalTrademarks", "\\0"
- //VALUE "PrivateBuild", "\\0"
- //VALUE "SpecialBuild", "\\0"
---- a/util/openssl-format-source
-+++ b/util/openssl-format-source
-@@ -1,5 +1,13 @@
- #!/bin/sh
- #
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+#
- # openssl-format-source
- # - format source tree according to OpenSSL coding style using indent
- #
---- /dev/null
-+++ b/util/perl/OpenSSL/Util/Pod.pm
-@@ -0,0 +1,158 @@
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+package OpenSSL::Util::Pod;
-+
-+use strict;
-+use warnings;
-+
-+use Exporter;
-+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-+$VERSION = "0.1";
-+ at ISA = qw(Exporter);
-+ at EXPORT = qw(extract_pod_info);
-+ at EXPORT_OK = qw();
-+
-+=head1 NAME
-+
-+OpenSSL::Util::Pod - utilities to manipulate .pod files
-+
-+=head1 SYNOPSIS
-+
-+ use OpenSSL::Util::Pod;
-+
-+ my %podinfo = extract_pod_info("foo.pod");
-+
-+ # or if the file is already opened... Note that this consumes the
-+ # remainder of the file.
-+
-+ my %podinfo = extract_pod_info(\*STDIN);
-+
-+=head1 DESCRIPTION
-+
-+=over
-+
-+=item B<extract_pod_info "FILENAME", HASHREF>
-+
-+=item B<extract_pod_info "FILENAME">
-+
-+=item B<extract_pod_info GLOB, HASHREF>
-+
-+=item B<extract_pod_info GLOB>
-+
-+Extracts information from a .pod file, given a STRING (file name) or a
-+GLOB (a file handle). The result is given back as a hash table.
-+
-+The additional hash is for extra parameters:
-+
-+=over
-+
-+=item B<section =E<gt> N>
-+
-+The value MUST be a number, and will be the default man section number
-+to be used with the given .pod file. This number can be altered if
-+the .pod file has a line like this:
-+
-+ =for comment openssl_manual_section: 4
-+
-+=item B<debug =E<gt> 0|1>
-+
-+If set to 1, extra debug text will be printed on STDERR
-+
-+=back
-+
-+=back
-+
-+=head1 RETURN VALUES
-+
-+=over
-+
-+=item B<extract_pod_info> returns a hash table with the following
-+items:
-+
-+=over
-+
-+=item B<section =E<gt> N>
-+
-+The man section number this .pod file belongs to. Often the same as
-+was given as input.
-+
-+=item B<names =E<gt> [ "name", ... ]>
-+
-+All the names extracted from the NAME section.
-+
-+=back
-+
-+=back
-+
-+=cut
-+
-+sub extract_pod_info {
-+ my $input = shift;
-+ my $defaults_ref = shift || {};
-+ my %defaults = ( debug => 0, section => 0, %$defaults_ref );
-+ my $fh = undef;
-+ my $filename = undef;
-+
-+ # If not a file handle, then it's assume to be a file path (a string)
-+ unless (ref $input eq "GLOB") {
-+ $filename = $input;
-+ open $fh, $input or die "Trying to read $filename: $!\n";
-+ print STDERR "DEBUG: Reading $input\n" if $defaults{debug};
-+ $input = $fh;
-+ }
-+
-+ my %podinfo = ( section => $defaults{section});
-+ while(<$input>) {
-+ s|\R$||;
-+ if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) {
-+ print STDERR "DEBUG: Found man section number $1\n"
-+ if $defaults{debug};
-+ $podinfo{section} = $1;
-+ }
-+
-+ # Stop reading when we have reached past the NAME section.
-+ last if (m|^=head1|
-+ && defined $podinfo{lastsect}
-+ && $podinfo{lastsect} eq "NAME");
-+
-+ # Collect the section name
-+ if (m|^=head1\s*(.*)|) {
-+ $podinfo{lastsect} = $1;
-+ $podinfo{lastsect} =~ s/\s+$//;
-+ print STDERR "DEBUG: Found new pod section $1\n"
-+ if $defaults{debug};
-+ print STDERR "DEBUG: Clearing pod section text\n"
-+ if $defaults{debug};
-+ $podinfo{lastsecttext} = "";
-+ }
-+
-+ next if (m|^=| || m|^\s*$|);
-+
-+ # Collect the section text
-+ print STDERR "DEBUG: accumulating pod section text \"$_\"\n"
-+ if $defaults{debug};
-+ $podinfo{lastsecttext} .= " " if $podinfo{lastsecttext};
-+ $podinfo{lastsecttext} .= $_;
-+ }
-+
-+
-+ if (defined $fh) {
-+ close $fh;
-+ print STDERR "DEBUG: Done reading $filename\n" if $defaults{debug};
-+ }
-+
-+ $podinfo{lastsecttext} =~ s| - .*$||;
-+
-+ my @names =
-+ map { s|\s+||g; $_ }
-+ split(m|,|, $podinfo{lastsecttext});
-+
-+ return ( section => $podinfo{section}, names => [ @names ] );
-+}
-+
-+1;
---- a/util/perlpath.pl
-+++ /dev/null
-@@ -1,35 +0,0 @@
--#!/usr/local/bin/perl
--#
--# modify the '#!/usr/local/bin/perl'
--# line in all scripts that rely on perl.
--#
--
--require "find.pl";
--
--$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
--&find(".");
--
--sub wanted
-- {
-- return unless /\.pl$/ || /^[Cc]onfigur/;
--
-- open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
-- @a=<IN>;
-- close(IN);
--
-- if (-d $ARGV[0]) {
-- $a[0]="#!$ARGV[0]/perl\n";
-- }
-- else {
-- $a[0]="#!$ARGV[0]\n";
-- }
--
-- # Playing it safe...
-- $new="$_.new";
-- open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
-- print OUT @a;
-- close(OUT);
--
-- rename($new,$_) || die "unable to rename $dir/$new:$!\n";
-- chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
-- }
---- /dev/null
-+++ b/util/process_docs.pl
-@@ -0,0 +1,235 @@
-+#! /usr/bin/env perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+use strict;
-+use warnings;
-+
-+use File::Spec::Functions;
-+use File::Basename;
-+use File::Copy;
-+use File::Path;
-+use if $^O ne "VMS", 'File::Glob' => qw/glob/;
-+use Getopt::Long;
-+use Pod::Usage;
-+
-+use lib '.';
-+use configdata;
-+
-+# We know we are in the 'util' directory and that our perl modules are
-+# in util/perl
-+use lib catdir(dirname($0), "perl");
-+use OpenSSL::Util::Pod;
-+
-+my %options = ();
-+GetOptions(\%options,
-+ 'sourcedir=s', # Source directory
-+ 'subdir=s%', # Subdirectories to look through,
-+ # with associated section numbers
-+ 'destdir=s', # Destination directory
-+ #'in=s@', # Explicit files to process (ignores sourcedir)
-+ #'section=i', # Default section used for --in files
-+ 'type=s', # The result type, 'man' or 'html'
-+ 'remove', # To remove files rather than writing them
-+ 'dry-run|n', # Only output file names on STDOUT
-+ 'debug|D+',
-+ );
-+
-+unless ($options{subdir}) {
-+ $options{subdir} = { apps => '1',
-+ crypto => '3',
-+ ssl => '3' };
-+}
-+unless ($options{sourcedir}) {
-+ $options{sourcedir} = catdir($config{sourcedir}, "doc");
-+}
-+pod2usage(1) unless ( defined $options{subdir}
-+ && defined $options{sourcedir}
-+ && defined $options{destdir}
-+ && defined $options{type}
-+ && ($options{type} eq 'man'
-+ || $options{type} eq 'html') );
-+
-+if ($options{debug}) {
-+ print STDERR "DEBUG: options:\n";
-+ print STDERR "DEBUG: --sourcedir = $options{sourcedir}\n"
-+ if defined $options{sourcedir};
-+ print STDERR "DEBUG: --destdir = $options{destdir}\n"
-+ if defined $options{destdir};
-+ print STDERR "DEBUG: --type = $options{type}\n"
-+ if defined $options{type};
-+ foreach (keys %{$options{subdir}}) {
-+ print STDERR "DEBUG: --subdir = $_=$options{subdir}->{$_}\n";
-+ }
-+ print STDERR "DEBUG: --remove = $options{remove}\n"
-+ if defined $options{remove};
-+ print STDERR "DEBUG: --debug = $options{debug}\n"
-+ if defined $options{debug};
-+ print STDERR "DEBUG: --dry-run = $options{\"dry-run\"}\n"
-+ if defined $options{"dry-run"};
-+}
-+
-+my $symlink_exists = eval { symlink("",""); 1 };
-+
-+foreach my $subdir (keys %{$options{subdir}}) {
-+ my $section = $options{subdir}->{$subdir};
-+ my $podsourcedir = catfile($options{sourcedir}, $subdir);
-+ my $podglob = catfile($podsourcedir, "*.pod");
-+
-+ foreach my $podfile (glob $podglob) {
-+ my $podname = basename($podfile, ".pod");
-+ my $podpath = catfile($podfile);
-+ my %podinfo = extract_pod_info($podpath,
-+ { debug => $options{debug},
-+ section => $section });
-+ my @podfiles = grep { $_ ne $podname } @{$podinfo{names}};
-+
-+ my $updir = updir();
-+ my $name = uc $podname;
-+ my $suffix = { man => ".$podinfo{section}",
-+ html => ".html" } -> {$options{type}};
-+ my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
-+ html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=apps:crypto:ssl \"--infile=$podpath\" \"--title=$podname\""
-+ } -> {$options{type}};
-+ my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
-+ my $output_file = $podname . $suffix;
-+ my $output_path = catfile($output_dir, $output_file);
-+
-+ if (! $options{remove}) {
-+ my @output;
-+ print STDERR "DEBUG: Processing, using \"$generate\"\n"
-+ if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ @output = `$generate`;
-+ map { s|href="http://man\.he\.net/man|href="../man|g; } @output
-+ if $options{type} eq "html";
-+ }
-+ print STDERR "DEBUG: Done processing\n" if $options{debug};
-+
-+ if (! -d $output_dir) {
-+ print STDERR "DEBUG: Creating directory $output_dir\n" if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ mkpath $output_dir
-+ or die "Trying to create directory $output_dir: $!\n";
-+ }
-+ }
-+ print STDERR "DEBUG: Writing $output_path\n" if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ open my $output_fh, '>', $output_path
-+ or die "Trying to write to $output_path: $!\n";
-+ foreach (@output) {
-+ print $output_fh $_;
-+ }
-+ close $output_fh;
-+ }
-+ print STDERR "DEBUG: Done writing $output_path\n" if $options{debug};
-+ } else {
-+ print STDERR "DEBUG: Removing $output_path\n" if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ while (unlink $output_path) {}
-+ }
-+ }
-+ print "$output_path\n";
-+
-+ foreach (@podfiles) {
-+ my $link_file = $_ . $suffix;
-+ my $link_path = catfile($output_dir, $link_file);
-+ if (! $options{remove}) {
-+ if ($symlink_exists) {
-+ print STDERR "DEBUG: Linking $link_path -> $output_file\n"
-+ if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ symlink $output_file, $link_path;
-+ }
-+ } else {
-+ print STDERR "DEBUG: Copying $output_path to link_path\n"
-+ if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ copy $output_path, $link_path;
-+ }
-+ }
-+ } else {
-+ print STDERR "DEBUG: Removing $link_path\n" if $options{debug};
-+ unless ($options{"dry-run"}) {
-+ while (unlink $link_path) {}
-+ }
-+ }
-+ print "$link_path -> $output_path\n";
-+ }
-+ }
-+}
-+
-+__END__
-+
-+=pod
-+
-+=head1 NAME
-+
-+process_docs.pl - A script to process OpenSSL docs
-+
-+=head1 SYNOPSIS
-+
-+B<process_docs.pl>
-+[B<--sourcedir>=I<dir>]
-+B<--destdir>=I<dir>
-+B<--type>=B<man>|B<html>
-+[B<--remove>]
-+[B<--dry-run>|B<-n>]
-+[B<--debug>|B<-D>]
-+
-+=head1 DESCRIPTION
-+
-+This script looks for .pod files in the subdirectories 'apps', 'crypto'
-+and 'ssl' under the given source directory.
-+
-+The OpenSSL configuration data file F<configdata.pm> I<must> reside in
-+the current directory, I<or> perl must have the directory it resides in
-+in its inclusion array. For the latter variant, a call like this would
-+work:
-+
-+ perl -I../foo util/process_docs.pl {options ...}
-+
-+=head1 OPTIONS
-+
-+=over 4
-+
-+=item B<--sourcedir>=I<dir>
-+
-+Top directory where the source files are found.
-+
-+=item B<--destdir>=I<dir>
-+
-+Top directory where the resulting files should end up
-+
-+=item B<--type>=B<man>|B<html>
-+
-+Type of output to produce. Currently supported are man pages and HTML files.
-+
-+=item B<--remove>
-+
-+Instead of writing the files, remove them.
-+
-+=item B<--dry-run>|B<-n>
-+
-+Do not perform any file writing, directory creation or file removal.
-+
-+=item B<--debug>|B<-D>
-+
-+Print extra debugging output.
-+
-+=back
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+https://www.openssl.org/source/license.html
-+
-+=cut
---- a/util/selftest.pl
-+++ b/util/selftest.pl
-@@ -1,7 +1,12 @@
--#!/usr/local/bin/perl -w
-+#! /usr/bin/env perl
-+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- # Run the test suite and generate a report
--#
-
- if (! -f "Configure") {
- print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
---- a/util/su-filter.pl
-+++ b/util/su-filter.pl
-@@ -1,7 +1,11 @@
--#!/usr/bin/env perl
--#
--# su-filter.pl
-+#! /usr/bin/env perl
-+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- #
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
- use strict;
-
- my $in_su = 0;
---- a/util/toutf8.sh
-+++ /dev/null
-@@ -1,17 +0,0 @@
--#! /bin/sh
--#
--# Very simple script to detect and convert files that we want to re-encode to UTF8
--
--git ls-tree -r --name-only HEAD | \
-- while read F; do
-- charset=`file -bi "$F" | sed -e 's|.*charset=||'`
-- if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then
-- iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \
-- ( cmp -s "$F" "$F.utf8" || \
-- ( echo "$F"
-- mv "$F" "$F.iso-8859-1"
-- mv "$F.utf8" "$F"
-- )
-- )
-- fi
-- done
---- a/util/with_fallback.pm
-+++ b/util/with_fallback.pm
-@@ -1,4 +1,9 @@
--#! /usr/bin/perl
-+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-
- package with_fallback;
-
Modified: openssl/branches/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2016-08-02 20:05:58 UTC (rev 816)
+++ openssl/branches/1.1.0/debian/patches/series 2016-08-04 16:31:42 UTC (rev 817)
@@ -1,4 +1,3 @@
-openssl_snapshot.patch
config-hurd.patch
debian-targets.patch
man-section.patch
More information about the Pkg-openssl-changes
mailing list